Re: ACS Appliance and WIN External Authentication

oguarisco · ‎03-17-2004

Hi,

I've a problem using WIN as External DB for auth.

I've setup an Appliance, with a Remote Agent which is a member server of the domain (still NT).

Then I've configured the steps to delegate the auth to the External DB but every time I tried to test with a login on the switch, the Failed Attempt log on the ACS states:

"Windows logon type not granted" !!!!

If I change the WIN Auth Configuration on ACS setting the domain LOCAL (local to the server on which is installed the Remote Agent) instead of the real domain...using the local ADMIN account I've been able to login...

Any ideas are appreciated

Omar

umedryk · ‎03-23-2004

Omar,

Most-likely reason for the error, "windows logon type not granted" is because the users had not been configured with access rights to authenticate against this server.

oguarisco · ‎03-23-2004

Hi,

Thanks..in effect yesterday I've checked the winagent log on the Agent ACS on my W2K machine and I've find out some error regarding that authentication was successful but the dial-in permission could not have been read (this was the cause of the windows logon type no granted)

Instead of associating the process CSAgent to a common user...as it is stated on the Installation and configuration Guide of ACS Agent...I've used a user that have Administrative rights and all is working correctly...

see also this link (problem known also on ACS for Windows)

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00800b1583.shtml

Saluti

Omar