Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACS authentication problem with tacacs

My organisation had been using ACS with AD to authenticate users for accessing Network devices.

But lately it doesnt work. There have been no known changes.

Can someone help to point possible issues or any links to see how the actual config on ACS should be done or look like for this to work.

Apologies if this is naive question, as am not so easy with ACS.

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACS authentication problem with tacacs

Hi,

There are two ways to fix the 'windows dialin permission required' message. You can either add dialin permissions on the user accounts on your Windows database, or you can remove the 'Require Dialin Permissions' option in ACS. To do this, go to "External User Databases" and select "Database Configuration". Then go into your Windows database and click 'configure'. The very first option is a

checkbox giving you the option to 'Verify that grant dialin permission is checked'.

Checking this box will cause the error that you are receiving if your windows users do not have dialin permission. If you uncheck this box, it should clear up the issue.

HTH

JK

~Jatin Katyal
6 REPLIES
Cisco Employee

Re: ACS authentication problem with tacacs

Hi,

Did you check the authentication with ACS local user account? was that working?

Please go to ACS > reports and activity > failed attempts > and check the error message.

Also, Is this ACS for windows or Solution engine? If ACS windows, where we have this installed (member server or DC)?

From the NAS devices, please jelp me with the following debugs:

#debug aaa authentication

#debug tacacs

HTH

JK

Plz rate helpful posts.

~Jatin Katyal
Community Member

Re: ACS authentication problem with tacacs

message says "windows dialing permission required"

i didnt check the authentication with ACS using local account...can i know how to check that?

this ACS is for windows & installed on a member server with remote agent running on the server.

i can see the remote agent in acs under network configuration.

Thanks!

Cisco Employee

Re: ACS authentication problem with tacacs

Hi,

There are two ways to fix the 'windows dialin permission required' message. You can either add dialin permissions on the user accounts on your Windows database, or you can remove the 'Require Dialin Permissions' option in ACS. To do this, go to "External User Databases" and select "Database Configuration". Then go into your Windows database and click 'configure'. The very first option is a

checkbox giving you the option to 'Verify that grant dialin permission is checked'.

Checking this box will cause the error that you are receiving if your windows users do not have dialin permission. If you uncheck this box, it should clear up the issue.

HTH

JK

~Jatin Katyal
Community Member

Re: ACS authentication problem with tacacs

Thanks..that helped to get over the problem.

But i hope removing that option from ACS doesnt affect any other service.

Cisco Employee

Re: ACS authentication problem with tacacs

Hi,

Thats correct, it won't hault any other service of ACS.

~Jatin Katyal
Community Member

Re: ACS authentication problem with tacacs

Thank You!

939
Views
3
Helpful
6
Replies
CreatePlease to create content