Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Active Directory Authentication issues

I have the following equipment:

Cisco 3005 Conc.

Cisco ACS 3.3

MS Windows 2003 Active Directory

We are using VPN Client 4.8.

On 3005:

Group:XXXXX is set to point at ACS server for Authentication and Posture Validation via RADIUS.


External database points to Windows DC with ACS agent running.

All works as designed except:

User can ping everywhere on internal network.

When user attempts to access file shares on any domain computer it acts as though he is not authenticated to the domain. It prompts for credentials again. If credentials are given then all is well, but I woud think that the authentication to the domain was automatic via ACS. I am not expecting to run login scripts or anything. I don;t have hte option to put the COnnect before login options in place. Shouldn't the ACS connection to MS AD provide the user with an authenticated session? Have I missed something in ACS or 3005? I have seen this work before so I know it is possible, but not sure ewhat I have done to break it.


New Member

Re: Active Directory Authentication issues

Question. Are the machines in question part of the domain, or are they users home computers. I have the same issue but it is only with users who are using their home PC.

New Member

Re: Active Directory Authentication issues

I hadn't thought of that. It appears now that I look into it, that it is happening only those machines that are not members of the domain as in your case. If I try it from my work laptop, which is a member of the domain it works fine. If I try it from my home PC, whic is actually a member of a different domain, it doesn't work.

New Member

Re: Active Directory Authentication issues

Cisco TAC states the following:

"Your users need to authenticate to the domain for them to be able to access the domain resources".

Apparently since I am using the Cisco ACS RADIUS server this is not automatic.

The bottom line is that I think I will need to provide a script that prompts for the users domain credentials after they connect tot he network.

CreatePlease login to create content