Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.1/AD user account issue

hello all

Running ACS 4.1 for windows. AD environment. Using Odyssey client with Leap auth. Having an issue with some user names working and then others are not. User accounts are basic domain user accounts. Created a new user account and made sure it matched exactly as an account that is working. Checked the ACS log and it states auth failed and the reason code is Internal error. I am stumped as to why some accounts work and other accounts do not. Anyone come across this or have any ideas on this? I have checked to make certain the account is set for dial-in access.

Thanks for all your help!


Re: ACS 4.1/AD user account issue

Are the accounts that are not working use Username and Domain . Then this might not work depending on the ACS version. Try upgrading the ACS version.

New Member

Re: ACS 4.1/AD user account issue

Actually i found out what was going on here. Yes the accounts are setup in ACS with Domain\username We are running the latest version of ACS. In ACS under external user databases\database configuration\windows database there is a setting Verify that "Grant dialin permission to user". However this was not working for all accounts. Even though the account was definately set for dial-in access it would fail with an error "internal error" Since i am using a special account for our wireless LEAP authentication i removed the check mark from the ACS setting so that it did not verify if account had been set for dial-in access and it has been working fine since. If anyone else runs into this problem give that setting a shot and see if that helps.

CreatePlease to create content