Re: Cisco ACS and LDAP

a.kiprawih · ‎08-15-2002

Scenario:

Got 2 identical ACS Servers (same hardware, OS), running on v.2.6.3 (same configuration), and both talking to the same LDAP server. LDAP provide database for all users.

These ACS Servers are not in load-balance or clustering mode, but standalone.

Problem:

Test with 'radtest' from the 1st Server always successful - user abc123 authenticated.

Test with 'radtest' from the 2nb Server only successful for the first test. All subsequent tests will result "server too busy".

Both ACS servers and LDAP allow unlimited login/session.

Log file captured on the 2nd server :

a. ACS2RDS.LOG :

RDS 07/25/2002 13:31:22 P 2128 2384 User:usr001 - External database reported error during authentication

RDS 07/25/2002 13:31:22 E 2153 2384 Error -1087 authenticating usr001 - no NAS response sent.

b. ACS2AUTH.LOG :

AUTH 07/25/2002 13:31:22 A 0259 2204 External DB [DServDll.dll]: Bind Failed to LDAP server: 49

AUTH 07/25/2002 13:31:22 A 0259 2204 External DB [DServDll.dll]: retry using anon bind LDAP server: 0

AUTH 07/25/2002 13:31:22 A 0259 2204 External DB [DServDll.dll]: Connect FAILED

AUTH 07/25/2002 13:31:22 A 0259 2204 External DB [DServDll.dll]: External DS User usr001 PW [----] failed authentication: fffffbc1

Is this a problem with the 2nd server or LDAP? Or could it be the 1st server locked the LDAP database?

Thank you.

murabi · ‎08-23-2002

Try clearing out all of the LDAP configs, restart CSAdmin, then put them back in. There have been known issues with this, look into an upgrade to 3.0 if the problem persists.