Re: Authentication Issues with ACS Win Agent (Error 1300L)

mnlatif · ‎04-20-2006

Hi,

We have a ACS appliance that is being integrated into Windows AD to use AD Authentication.

The Windows CSAgent is installed on a member server. The service is running with the Domain Admin account.

I can get the list of the Domain and AD Group (within the domain) on the ACS Server, so this means that the Service account for the CSAgent is fine.

However the user authentication is failing with a 1300L error.

Below is the message

++++++++++++++++++++++++++++++++

CSWinAgent 04/20/2006 13:58:56 A 0371 3068 RPC: NT_MSCHAPAuthenticateUser received

CSWinAgent 04/20/2006 13:58:56 A 0048 3068 NTLIB: Attempting Windows authentication for user sampson.shelton

CSWinAgent 04/20/2006 13:58:56 A 0048 3068 NTLIB: Windows authentication FAILED (error 1300L)

CSWinAgent 04/20/2006 13:58:56 A 0433 3068 RPC: NT_MSCHAPAuthenticateUser reply sent

+++++++++++++++++++++++++++

Any ideas, what could be the problem here ?

Thanks,

Naman

dominic.caron · ‎04-20-2006

The 1300L Message lead to this...

Indicates not all privileges

referenced are assigned to the

caller. This allows, for

example, all privileges to be

disabled without having to

know exactly which privileges

are assigned.

To debug...

Use the domain administrator account to start the service. If it work's, (It did for me) create a account for your service with all right and remove them 1 by 1 until you have only what you need left.

review this link

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#349

mnlatif · ‎04-21-2006

Hi,

Thanks for the reply.

But the service is already running under the Domain\Admin account. And the Domain Admin is able to logon to the box (member server running the CSAgent) but the ACS authentication is still failing...

Thanks,

Naman