Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

External DB account restriction Error

Can anyone tell me what the following ACS error means: "External DB account restriction". We're using ACS 3.0(3) for Windows NT/2000. I'm trying to access certain equipment within our network via https & telnet using AAA and I keep getting this error. I have been unable to find this specific error code on the Cisco Support Site. Thanks in advance for your help.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: External DB account restriction Error

This usually means the NT account has some restrictions on it. Do you have "Grant Dialin permission to user" checked either under the NT user account and/or under the External User Database - NT/2000 - Configure section, they need to match.

check also that you don't have specific permissions set on the NT account like where they can login from, times they can login, etc, this is usually the culprit.

5 REPLIES
New Member

Re: External DB account restriction Error

Hello,

can you give me the configuration of the device your telnetting to?

Is the error shown in ACS or as bebug message on the device?

Greetings,

Rene

New Member

Re: External DB account restriction Error

I'm getting the same error - it's coming up in ACS.

Cisco Employee

Re: External DB account restriction Error

This usually means the NT account has some restrictions on it. Do you have "Grant Dialin permission to user" checked either under the NT user account and/or under the External User Database - NT/2000 - Configure section, they need to match.

check also that you don't have specific permissions set on the NT account like where they can login from, times they can login, etc, this is usually the culprit.

New Member

Re: External DB account restriction Error

Thanks for all your help. This seems to have solved the issue.

New Member

Re: External DB account restriction Error

We have a network with various ACS (appliance version 3.2) with a local DB and a central Agent(Cisco Secure ACS remote Agent) that collect the accounting logs.

We do not use an external DB but we have this Authentication failure code:

Authen-Failure-Code: External DB account Restriction

Thanks

Saverio

511
Views
0
Helpful
5
Replies
CreatePlease to create content