04-20-2006 11:10 AM - edited 03-10-2019 02:33 PM
Hi,
We have a ACS appliance that is being integrated into Windows AD to use AD Authentication.
The Windows CSAgent is installed on a member server. The service is running with the Domain Admin account.
I can get the list of the Domain and AD Group (within the domain) on the ACS Server, so this means that the Service account for the CSAgent is fine.
However the user authentication is failing with a 1300L error.
Below is the message
++++++++++++++++++++++++++++++++
CSWinAgent 04/20/2006 13:58:56 A 0371 3068 RPC: NT_MSCHAPAuthenticateUser received
CSWinAgent 04/20/2006 13:58:56 A 0048 3068 NTLIB: Attempting Windows authentication for user sampson.shelton
CSWinAgent 04/20/2006 13:58:56 A 0048 3068 NTLIB: Windows authentication FAILED (error 1300L)
CSWinAgent 04/20/2006 13:58:56 A 0433 3068 RPC: NT_MSCHAPAuthenticateUser reply sent
+++++++++++++++++++++++++++
Any ideas, what could be the problem here ?
Thanks,
Naman
04-20-2006 01:24 PM
The 1300L Message lead to this...
Indicates not all privileges
referenced are assigned to the
caller. This allows, for
example, all privileges to be
disabled without having to
know exactly which privileges
are assigned.
To debug...
Use the domain administrator account to start the service. If it work's, (It did for me) create a account for your service with all right and remove them 1 by 1 until you have only what you need left.
review this link
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#349
04-21-2006 05:55 AM
Hi,
Thanks for the reply.
But the service is already running under the Domain\Admin account. And the Domain Admin is able to logon to the box (member server running the CSAgent) but the ACS authentication is still failing...
Thanks,
Naman
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide