I have an ACS 3.3(2)b2 what authenticates users from external ADs. All the authentication is succeful from its own domain and from several trusted domain.
Now I'd like to add a new domain to the system, but when I try to authenticate from this domain it fails. In the "Failed Attempts" report the error message is the following: "External DB account restriction"
Ext. User DBs --> DB Configuration --> Windows DB --> Configure --> I put it to the "Domain List" column in the "Configure Domain List" section.
The "... Grant Dialin Permission ..." checkbox is empty.
I have a valid group mapping also.
I found a bug in this version:
"Authentication succeeded only when The EAP-TLS client authenticate to the DC which connected directly to the ACS, but when the user is in the Trusted DC (only in the trusted DC) which connected to the first DC, the authentication didn't succeed and the Fail Attempts message was: "External DB account Restriction."
Same message occurred whether enabling the domain stripping in Windows external database settings or not. "
I could accept this bug if there wasn't many well working domains in the system.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...