Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS External Windows Authentication: Pre-Windows 2000 name only works

Hello. I have attempted to map ACS to Windows AD 2003 as an External Database. That works, but only if I authenticate using the Pre-Windows 2000 name (sometimes called the "down-level" name).

If I use the Windows 2003 login name, I get a 529 error in the event viewer, stating the username/password is incorrect. This error appears on the Windows 2003 SP1 server running ACS.

Curiously, if I authenticate using the down-level name, the successful event shows the same authentication package (MICROSOFT_AUTHENTICATION_PACKAGE_V1_0) and "Workstation" and "Login Process" name (CISCO).

I cannot determine if this is an ACS or Windows problem. Any one have a clue?

2 REPLIES
New Member

Re: ACS External Windows Authentication: Pre-Windows 2000 name o

Can you provide an example of the W2K3 AND W2K usernames you are using? This shouldn't be an issue.

New Member

Re: ACS External Windows Authentication: Pre-Windows 2000 name o

Win2003 logon name: bob.smith@company.com

A Pre-Windows2000 name: bsmith@company.com

Interestingly, the down-level name will authenticate, but the "up-level" name will not.

Here are excerpts from AUTH.log:

Failed up-level name:

---------------------

AUTH 01/19/2006 07:52:04 I 4817 3604 Attempting authentication for Unknown User 'bob.smith@company.com'

AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Starting authentication for user [bob.smith@company.com]

AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bob.smith

AUTH 01/19/2006 07:52:04 E 0365 3604 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Reattempting authentication at domain COMPANY

AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bob.smith

AUTH 01/19/2006 07:52:04 E 0365 3604 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

AUTH 01/19/2006 07:52:04 I 2124 3604 Unknown User 'bob.smith@company.com' was not authenticated

Passed down-level name:

-----------------------

AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Starting authentication for user [bsmith@company.com]

AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bsmith

AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Windows authentication SUCCESSFUL (by WINDC02)

AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Obtaining RAS information for user bsmith from WINDC02

168
Views
0
Helpful
2
Replies
CreatePlease login to create content