Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACS 4.0 to NT Domain with NTLMv2 problem.

I am trying to authenticate users from a VPN Concentrator (3030) to our NT Domain. We are not running AD yet but we are required to use NTLMv2 authentication on the Domain.

I want to use ACS4.0 to authenticate Radius w/Expiry from the VPN concentrator and let ACS handle the NTLMv2 part.

In ACS I have defined my Domain in the External Users Database, I have defined the Unknown User Policy to use the Windows Database, and I have defined the Group Mapping to point to the default group.

When I run the Authentication test from the VPN setup screen I get a failed request.

In the CSAuth log I am getting:

AUTH 02/16/2006 15:13:42 E 0376 1572 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

AUTH 02/16/2006 15:13:42 E 0376 1572 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

With NTLMv2 turned off and running ACS 3.2 this setup is working (My production network) My only reason for upgrading to ACS4.0 was the NTLMv2 portion.

Does anyone have any advise? thanks!

1 REPLY
Community Member

Re: ACS 4.0 to NT Domain with NTLMv2 problem.

Please make sure you read this Field Notice:

http://www-tac.cisco.com/Support_Library/field_alerts/fn62167.html

Note that, despite the Windows URL mentioning only 2003 server, the 2000 server also supports NTLMv2. Therefore, the following scenarios apply:

- DC on Win 2003 SP1 - don't require any hotfix since it's included in SP1

- DC on Win 2000 SP4 - don't require any hotfix since it's included in SP4

- DC on Win 2003 - require hotfix KB893318

238
Views
0
Helpful
1
Replies
CreatePlease to create content