Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS V3.2,

i have many accounts on my ACS V3.2,which is on win 2k server,the authentication is using domain.

some users are complaining that they cannot connect but some users can connect the same time.

when i receive the call i usually connect from my home and stop/restart the ACS Service and it works.

i want to know why is that and how i can resolve it.

now i am facing it every day or two.

  • AAA Identity and NAC
4 REPLIES
New Member

Re: ACS V3.2,

Hi,

what are the error messages when the problem occur? you can look at reports and activity tab, and check especially failed attemps report.

New Member

Re: ACS V3.2,

It's possible that accounts are being disabled as a result of a policy (in the domain or in ACS).

Check the group settings of those users who can't connect.

Is this happening to all users or only some ?

Which ACS Service do you restart ? look at the appropriate log file (tcs.log for T+ , rds.log for Radius and auth.log for external DB info).

New Member

Re: ACS V3.2,

those are normal users who access the RAS,they get "error 691 access was denied because the username and or password was invalid on the domain"

when i see failed attempts in ACS it shows "External DB user invalid or bad password" in the failure authentication code.

after restart of the ACS service from the system configuration tab service control it will work fine for those users.please suggest me !!!!

New Member

Re: ACS V3.2,

Check the event log on the server where you have the Acs software installed. Under the security section of the event log it should show the failed attempts. We had a similar problem and the ACS software was trying to authenticate the users to the wrong domain. I know that the ACS software should check all domains listed but it still was not working. The only fix that we have foung is to have the users precede their username with their domains. If you do find a fix for this problem please let me know as well.

Thanks, Billy

161
Views
0
Helpful
4
Replies
This widget could not be displayed.