03-17-2004 02:47 AM - edited 03-10-2019 07:42 AM
Hi,
I've a problem using WIN as External DB for auth.
I've setup an Appliance, with a Remote Agent which is a member server of the domain (still NT).
Then I've configured the steps to delegate the auth to the External DB but every time I tried to test with a login on the switch, the Failed Attempt log on the ACS states:
"Windows logon type not granted" !!!!
If I change the WIN Auth Configuration on ACS setting the domain LOCAL (local to the server on which is installed the Remote Agent) instead of the real domain...using the local ADMIN account I've been able to login...
Any ideas are appreciated
Omar
03-23-2004 06:44 AM
Omar,
Most-likely reason for the error, "windows logon type not granted" is because the users had not been configured with access rights to authenticate against this server.
03-23-2004 11:38 PM
Hi,
Thanks..in effect yesterday I've checked the winagent log on the Agent ACS on my W2K machine and I've find out some error regarding that authentication was successful but the dial-in permission could not have been read (this was the cause of the windows logon type no granted)
Instead of associating the process CSAgent to a common user...as it is stated on the Installation and configuration Guide of ACS Agent...I've used a user that have Administrative rights and all is working correctly...
see also this link (problem known also on ACS for Windows)
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00800b1583.shtml
Saluti
Omar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide