Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Windows Authentication Fails

We are running ACS 4.1.(4) Build 13 on a member server within a 2003 AD Domain.

We get the following errors in the CSAuth.log file:

AUTH 05/03/2008 17:21:15 E 0384 6180 0x24 External DB [NTAuthenDLL.dll]: NetUserGetLocalGroups failed with result [5]

AUTH 05/03/2008 17:21:15 E 2169 6180 0x24 External DB [NTAuthenDLL.dll]: nt_GetUsersNTGroups failed

AUTH 05/03/2008 17:21:15 E 0384 6180 0x24 External DB [NTAuthenDLL.dll]: NetUserGetLocalGroups failed with result [5]

AUTH 05/03/2008 17:21:15 E 2169 6180 0x24 External DB [NTAuthenDLL.dll]: nt_GetUsersNTGroups failed.

It appears that ACS cannot determine group membership of the AD account. I have setup the mappings of AD Groups to ACS Groups.

Any ideas?

1 REPLY

Re: Windows Authentication Fails

Ensure that you have followed *all* the steps mentioned in this link,

Configuring for Member Server Authentication:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/installation/guide/windows/postin.html#wp1041304

Also, install Patch 6 for ACS version 4.1(4) Build 13 from,

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

- Acs-4.1.4.13.6-SW.zip

- Acs-4.1.4.13.6-SW-Readme.txt

Regards,

Prem

239
Views
0
Helpful
1
Replies