cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
578
Views
0
Helpful
1
Replies

ACS 4.0 to NT Domain with NTLMv2 problem.

beitzell
Level 1
Level 1

I am trying to authenticate users from a VPN Concentrator (3030) to our NT Domain. We are not running AD yet but we are required to use NTLMv2 authentication on the Domain.

I want to use ACS4.0 to authenticate Radius w/Expiry from the VPN concentrator and let ACS handle the NTLMv2 part.

In ACS I have defined my Domain in the External Users Database, I have defined the Unknown User Policy to use the Windows Database, and I have defined the Group Mapping to point to the default group.

When I run the Authentication test from the VPN setup screen I get a failed request.

In the CSAuth log I am getting:

AUTH 02/16/2006 15:13:42 E 0376 1572 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

AUTH 02/16/2006 15:13:42 E 0376 1572 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

With NTLMv2 turned off and running ACS 3.2 this setup is working (My production network) My only reason for upgrading to ACS4.0 was the NTLMv2 portion.

Does anyone have any advise? thanks!

1 Reply 1

jhillend
Level 1
Level 1

Please make sure you read this Field Notice:

http://www-tac.cisco.com/Support_Library/field_alerts/fn62167.html

Note that, despite the Windows URL mentioning only 2003 server, the 2000 server also supports NTLMv2. Therefore, the following scenarios apply:

- DC on Win 2003 SP1 - don't require any hotfix since it's included in SP1

- DC on Win 2000 SP4 - don't require any hotfix since it's included in SP4

- DC on Win 2003 - require hotfix KB893318

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: