Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Active Directory and ACS 5.3 failure

I am receiving a RADIUS authentication failure stating user must change password; however, password has been changed in AD and is not requiring change password any longer on the AD side.

Is there a cache on the ACS that needs to be cleared?

AD connection from ACS to domain is fine.  All other accounts authenticate.

It appears that if a user lets their account expire is when this happens.  Account has been reenabled in AD and password has been changed.  Still will not authenticate via ACS.

1 REPLY
Cisco Employee

Active Directory and ACS 5.3 failure

Is this happening just for one account? What kind of session are we authenticating vpn or administrative?

Did you notice if users from the same group are authenticating fine?

Make sure for this user we've not checked "user must change password at next login" under account properties. Do you also see some error in the AD event viewer logs?

If it's happening with just a single account then please delete it from AD and readd it.

Regards,

Jatin

~Jatin Katyal
498
Views
0
Helpful
1
Replies
CreatePlease to create content