https://community.cisco.com/t5/network-access-control/acs-v3-3-and-cs-user-unknown/m-p/433832#M428315 <HTML><HEAD></HEAD><BODY><P>I think some required configuration must be missed out.For further configuration information look at the following url;</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_configuration_guide09186a008046dc81.html#wp998632" target="_blank">http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_configuration_guide09186a008046dc81.html#wp998632</A></P></BODY></HTML> Wed, 26 Oct 2005 13:54:46 GMT smalkeric 2005-10-26T13:54:46Z https://community.cisco.com/t5/network-access-control/acs-v3-3-and-cs-user-unknown/m-p/433831#M428309 <P>Hi,</P><P></P><P>Got a server running ACS v3.3 talking to a SecurID ACE server. When I set a user up to use SecurID, ACS always reports "CS user unknown" - when the user is plainly in the database. If I change user back to use Internal auth - it works a treat. </P><P></P><P>If tried using the "Unknown user policy" to force all requests to SecurID - this works OK - but doesn't collect any attributes from the users account in ACS.</P><P></P><P>v3.1 seems to work fine - is there a bug with v3.3 ?</P><P></P><P>Cheers,</P><P>Tim.</P> Sun, 10 Mar 2019 21:20:56 GMT https://community.cisco.com/t5/network-access-control/acs-v3-3-and-cs-user-unknown/m-p/433831#M428309 tjenkin2 2019-03-10T21:20:56Z https://community.cisco.com/t5/network-access-control/acs-v3-3-and-cs-user-unknown/m-p/433832#M428315 <HTML><HEAD></HEAD><BODY><P>I think some required configuration must be missed out.For further configuration information look at the following url;</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_configuration_guide09186a008046dc81.html#wp998632" target="_blank">http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_configuration_guide09186a008046dc81.html#wp998632</A></P></BODY></HTML> Wed, 26 Oct 2005 13:54:46 GMT https://community.cisco.com/t5/network-access-control/acs-v3-3-and-cs-user-unknown/m-p/433832#M428315 smalkeric 2005-10-26T13:54:46Z https://community.cisco.com/t5/network-access-control/acs-v3-3-and-cs-user-unknown/m-p/433833#M428319 <HTML><HEAD></HEAD><BODY><P>Interesting, did the external db config for RSA come from 3.1, ie you just installed 3.3 over 3.1? If so you could try deleting the securid config and re-creating. But I admit thats a long shot</P><P></P><P>If things work when you enable the unknown user policy.... does it create totally new users in parallel to the ones already there?</P><P></P><P>To get "CS user unknown" it means ACS looked in its DB and didnt find a user with the same name. I would set logging to max (under system config) run the test again and then look in the CSAuth log file (under CSAuth/logs.auth.log) Look for "starting authentication for" type messages. That will give a good idea as to what is going on.</P><P></P><P>Darran</P><P></P></BODY></HTML> Tue, 01 Nov 2005 11:06:45 GMT https://community.cisco.com/t5/network-access-control/acs-v3-3-and-cs-user-unknown/m-p/433833#M428319 darpotter 2005-11-01T11:06:45Z