Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS Appliance and WIN External Authentication


I've a problem using WIN as External DB for auth.

I've setup an Appliance, with a Remote Agent which is a member server of the domain (still NT).

Then I've configured the steps to delegate the auth to the External DB but every time I tried to test with a login on the switch, the Failed Attempt log on the ACS states:

"Windows logon type not granted" !!!!

If I change the WIN Auth Configuration on ACS setting the domain LOCAL (local to the server on which is installed the Remote Agent) instead of the real domain...using the local ADMIN account I've been able to login...

Any ideas are appreciated


  • AAA Identity and NAC

Re: ACS Appliance and WIN External Authentication


Most-likely reason for the error, "windows logon type not granted" is because the users had not been configured with access rights to authenticate against this server.

New Member

Re: ACS Appliance and WIN External Authentication

Hi, effect yesterday I've checked the winagent log on the Agent ACS on my W2K machine and I've find out some error regarding that authentication was successful but the dial-in permission could not have been read (this was the cause of the windows logon type no granted)

Instead of associating the process CSAgent to a common it is stated on the Installation and configuration Guide of ACS Agent...I've used a user that have Administrative rights and all is working correctly...

see also this link (problem known also on ACS for Windows)



This widget could not be displayed.