02-14-2006 07:03 AM - edited 03-10-2019 02:28 PM
Hello. I have attempted to map ACS 4.0 to Windows AD 2003 as an External Database.
This all works fine. The only weird thing is that ACS doesn't accept user passwords containing german special characters (such as ä,ö,ü).
From the file "C:\Program Files\CiscoSecure ACS v4.0\CSAuth\Logs\AUTH.log" I get the following information:
AUTH 14/02/2006 14:35:13 I 1554 2088 pvAuthenticateUser: authenticate 'testuser1' against Windows Database
AUTH 14/02/2006 14:35:13 I 0376 2088 External DB [NTAuthenDLL.dll]: Starting authentication for user [testuser1]
AUTH 14/02/2006 14:35:13 I 0376 2088 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user testuser1
AUTH 14/02/2006 14:35:13 E 0376 2088 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)
AUTH 14/02/2006 14:35:13 I 0376 2088 External DB [NTAuthenDLL.dll]: Reattempting authentication at domain TESTDOMAIN1
AUTH 14/02/2006 14:35:13 I 0376 2088 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user testuser1
AUTH 14/02/2006 14:35:13 E 0376 2088 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)
AUTH 14/02/2006 14:35:13 I 0376 2088 External DB [NTAuthenDLL.dll]: Reattempting authentication at domain TESTDOMAIN2
AUTH 14/02/2006 14:35:13 I 0376 2088 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user testuser12
AUTH 14/02/2006 14:35:13 E 0376 2088 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)
AUTH 14/02/2006 14:35:13 I 0143 2088 [PDE]: PolicyMgr::TerminateContext: context id=1 is deleted
AUTH 14/02/2006 14:35:13 I 5081 2088 Done RQ1026, client 2, status -2052
When I set the user password (on the AD Server 2003) without an german umlaut (ä, ö..) the authentication process works fine:
AUTH 14/02/2006 15:46:35 I 1554 1840 pvAuthenticateUser: authenticate 'testuser1' against Windows Database
AUTH 14/02/2006 15:46:35 I 0376 1840 External DB [NTAuthenDLL.dll]: Starting authentication for user [testuser1]
AUTH 14/02/2006 15:46:35 I 0376 1840 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user testuser1
AUTH 14/02/2006 15:46:35 I 0376 1840 External DB [NTAuthenDLL.dll]: Windows authentication SUCCESSFUL (by TESTSRV01)
AUTH 14/02/2006 15:46:35 I 0376 1840 External DB [NTAuthenDLL.dll]: User mapped to ACS group id [5]
AUTH 14/02/2006 15:46:35 I 0143 1840 [PDE]: PdeAttributeSet::addAttribute: PDE-Group-ID-16=5
AUTH 14/02/2006 15:46:35 I 0143 1840 [PDE]: PolicyMgr::Process: request type=4; context id=1; applied default profiles (0) - do nothing
AUTH 14/02/2006 15:46:35 I 0143 1840 [PDE]: PolicyMgr::TerminateContext: context id=1 is deleted
AUTH 14/02/2006 15:46:35 I 5081 1840 Done RQ1026, client 2, status 0
Any ideas ?
Is this an known issue in this release ? At the moment we map ACS 2.6 to Windows NT 4 as an External Database. In this configuration the
authentication process works as well with german password characters!!!
Thanks for help!
Best Regards
Matthias Enderle
02-15-2006 06:30 AM
Hi
Looks like you are doing PAP, if you switch to MSCHAP then ACS will never see the password (only a hash created by the supplicant)
This will tell you whether the problem is ACS or AD.
Darran
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: