"Windows Workstation not allowed" when AD user is restricted

d.eberwein · ‎06-15-2007

When we restrict in Active Directory a User to which Workstation he is allowed to connect, we get the Error Message on the ACS." Windows Workstation is not allowd" Authentication failed.

Have you got an idea to solve the Problem. In the allowed wokstation we have got the DC and the ACS-server.

Thanks

Jagdeep Gambhir · ‎06-15-2007

Hi,

To satisfy Windows requirements for authentication requests, Cisco Secure ACS must specify the Windows workstation that the user is attempting to log into. Because Cisco Secure ACS cannot determine this information from authentication requests sent by AAA clients, it uses a generic workstation name for all requests. The workstation name used is "CISCO".

In the local domain and in each trusted domain and child domain that Cisco Secure ACS will

use to authenticate users, ensure both of the following:

?A computer account named "CISCO" exists.

?All users to be authenticated by Windows have permission to log into the computer named

"CISCO".

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs

33/install/inst02.htm#wp981718

Hope that helps !

Regards,

Jagdeep

Note :If that answers your question, then please mark this thread as resolved, so that others can benefit from it.

d.eberwein · ‎06-18-2007

Thank you for fast answering.

I think your solution is only correct,when the ACS ist not am member of the Domain.

In my scenario,the ACS is a member of the Active Directory.

Have you got another solution?

Thanks

Jagdeep Gambhir · ‎06-18-2007

Hi,

You need it even if acs is a part of domain.

Please test it , let me know how that goes.

Regards,