A-7
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Appendix A Troubleshooting Information for Cisco Secure ACS
Dial-in Connection Issues
A dial-in user is
unable to connect to
the AAA client.
The
Windows NT/2000
user database is
being used for
authentication.
A record of a failed
attempt appears in
the Failed Attempts
Report (in the
Reports & Activity
section, click Failed
Attempts).
The user information is not correctly configured for authentication in
Windows NT/2000 or Cisco Secure ACS.
From the Windows NT User Manager or Windows 2000 Active Directory Users
and Computers, confirm the following:
• The username and password are configured in the Windows NT User
Manager or Windows 2000 Active Directory Users and Computers.
• The User Properties window does not have User Must Change Password at
Login enabled.
• The User Properties window does not have Account Disabled selected.
• The User Properties for the dial-in window does not have Grant dial-in
permission to user disabled, if Cisco Secure ACS is using this option for
authenticating.
From within the Cisco Secure ACS confirm the following:
• If the username has already been entered into Cisco Secure ACS, a
Windows NT/2000 database configuration is selected in the Password
Authentication list in User Setup for the user.
• If the username has already been entered into Cisco Secure ACS, the
Cisco Secure ACS group to which the user is assigned has the correct
authorization enabled (such as IP/PPP, IPX/PPP or Exec/Telnet). Be sure to
click Submit + Restart if a change has been made.
• The user expiration information in the Windows NT/2000 database has not
caused failed authentication. For troubleshooting purposes, disable
password expiry for the user in the Windows NT/2000 database.
Click External User Databases, and click List All Databases Configured, and
then make sure that the database configuration for Windows NT/2000 is listed.
Check the Unknown User Policy to make sure that Fail the Attempt is not
selected.
Select the Selected Databases check box in the Unknown User Policy page in
the External User Databases section.
Verify that the Windows NT/2000 group that the user belongs to has not been
mapped to No Access.
Condition Recovery Action
To Next Page
Loading...
Need help?
General