Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
1
Replies

ACS 4.0 New Administrative users can't log in.

Go to solution
RICH FRUEH
Level 1
Level 1

‎05-24-2006 09:15 AM - edited ‎03-10-2019 02:35 PM

We just migrated from 3.3 something to 4.0 a few weeks ago. On the old system, we had two administrative users: administrator (with full rights) and hd (with rights only to see logged in users and failed attempts). After the conversion, and moving to a new server, all of which worked flawlessly, the administrator user works fine. However, the hd user gets a "login failed" every time someone tries to log in, even with a good password. (I've reset the password to easy things, removed the password, etc.)

Also, if I edit the hd user, and click on "Grant All" for access, hd can log in. I've tried going through the items a few at a time to see if there is one that can be turned on and allow it to work, but haven't found one, and it's extremely time-consuming to go through attributes one at a time, log out, and log back in to troubleshoot. This happens with a brand new administrator as well - if it hasn't got full rights, it can't og in.

The administration audit log is not very helpful, only listing:

05/24/2006 10:36:26 -SECURITY- 192.168.11.95 Administrator 'hd' login failed.

This worked fine before the upgrade, allowing the help desk members to check which employees were in, on which machines (VPN or dial), and why they were failing if they were.

Is this a bug?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ovanjara
Cisco Employee
Cisco Employee

‎05-24-2006 01:20 PM

Hi Rich,

I tried this in the lab and it works fine (access to only failed attempts and logged in users) with ACS 4.0. I am not sure if this is specific to an upgrade.

BTW, have you tried to delete the admin "hd" and add another admin using a different username with only rights to failed and logged in users ?

How about adding an admin without any priviliges ? Can he sucessfully log in ?

Obaid.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
ovanjara
Cisco Employee
Cisco Employee

‎05-24-2006 01:20 PM

Hi Rich,

I tried this in the lab and it works fine (access to only failed attempts and logged in users) with ACS 4.0. I am not sure if this is specific to an upgrade.

BTW, have you tried to delete the admin "hd" and add another admin using a different username with only rights to failed and logged in users ?

How about adding an admin without any priviliges ? Can he sucessfully log in ?

Obaid.

0 Helpful
Customers Also Viewed These Support Documents