Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS w/ AD - auth failure due to case sensitive input of username

I've got a very interesting issue. I have ACS 3.2 configured with Windows Domain Database. The primary use is for Auth on Wireless with PEAP. I have one user account that was failing due to "External DB account Restriction" After hacking away at the issue I realized I was logging in with the username all lower case and within AD the username begam with a Capital letter. When logging in using the cap the auth was accepted. AD is not case sensitive, I have other users connecting showing the name with caps on the account. I cannot seem to replicate the issue with any other account and I cannot seem to fix it with this one.I also tried from multiple workstations. Any Ideas?

** Note - tested Auth to a MS IAS box with the user account and did not experience the problem.

4 REPLIES
Cisco Employee

Re: ACS w/ AD - auth failure due to case sensitive input of user

Hi,

It is very strange because neither AD nor ACS are case sensetive regarding user names.

It would be intresting to see the auth.log for this attempt

One thing you can try is delete the dynamic entry for this user on ACS and then try to login again.

Regards,

Vivek

New Member

Re: ACS w/ AD - auth failure due to case sensitive input of user

I have actually tried removing the user and allowing it to repopulate from the external database. The Auth.log just shows Authentication failed.

Cisco Employee

Re: ACS w/ AD - auth failure due to case sensitive input of user

Hi,

We will need the Logging to be full (System Configuration->Service Control) when this user is trying to authenticate.

Regards,

Vivek

New Member

Re: ACS w/ AD - auth failure due to case sensitive input of user

I've done that now. Further research shows that the problem exists with all user accounts.

Within AD under a user account profile there are two attributes.

user login name: JBlow

User login name (Pre-Windows 2000)

RIVERSIDE\ & JBlow

It looks like if you have the pre-windows 2000 login lower case then it works. Users typically enter crendentials lower case. I have thousands of accounts that are entered into the system like the example above and therefore will fail login.

I'm grabbing logs to show.

332
Views
0
Helpful
4
Replies
CreatePlease login to create content