https://community.cisco.com/t5/network-access-control/acs-3-1-windows-2000-domain-problem/m-p/291194#M431766 <P>Dear </P><P>I have ACS 3.1 for W2k. I install the program in W2k Advance Server and config it to get Authentication from Active Directory. The authentications is work in case of exec but in case of remote logging through Cisco Access Server get error (CS user unknown) and cannot log using the W2k AD Users.</P><P>What recommendations for this error?</P><P> </P><P></P><P></P> Sun, 10 Mar 2019 20:43:41 GMT aymandcp 2019-03-10T20:43:41Z https://community.cisco.com/t5/network-access-control/acs-3-1-windows-2000-domain-problem/m-p/291194#M431766 <P>Dear </P><P>I have ACS 3.1 for W2k. I install the program in W2k Advance Server and config it to get Authentication from Active Directory. The authentications is work in case of exec but in case of remote logging through Cisco Access Server get error (CS user unknown) and cannot log using the W2k AD Users.</P><P>What recommendations for this error?</P><P> </P><P></P><P></P> Sun, 10 Mar 2019 20:43:41 GMT https://community.cisco.com/t5/network-access-control/acs-3-1-windows-2000-domain-problem/m-p/291194#M431766 aymandcp 2019-03-10T20:43:41Z https://community.cisco.com/t5/network-access-control/acs-3-1-windows-2000-domain-problem/m-p/291195#M431767 <HTML><HEAD></HEAD><BODY><P>the debug ppp authentication</P><P></P><P>2d03h: %LINK-3-UPDOWN: Interface Serial0:12, changed state to down</P><P>2d03h: %LINK-3-UPDOWN: Interface Async7, changed state to up</P><P>2d03h: As7 PPP: Treating connection as a dedicated line</P><P>2d03h: As7 PPP: Phase is AUTHENTICATING, by this end</P><P>2d03h: As7 CHAP: O CHALLENGE id 3 len 26 from "RAS"</P><P>2d03h: As7 CHAP: I RESPONSE id 3 len 30 from "test"</P><P>2d03h: As7 CHAP: Unable to validate Response. Username test: Authenticatio</P><P>n failure</P><P>2d03h: As7 CHAP: O FAILURE id 3 len 26 msg is "Authentication failure"</P><P>2d03h: %LINK-3-UPDOWN: Interface Serial0:10, changed state to down</P><P>2d03h: %LINK-5-CHANGED: Interface Async7, changed state to reset</P><P>2d03h: %LINK-3-UPDOWN: Interface Async7, changed state to down</P><P></P><P>the error in ACS log mesg is "CS CHAP password invalid"</P><P></P></BODY></HTML> Sat, 20 Mar 2004 10:58:11 GMT https://community.cisco.com/t5/network-access-control/acs-3-1-windows-2000-domain-problem/m-p/291195#M431767 aymandcp 2004-03-20T10:58:11Z https://community.cisco.com/t5/network-access-control/acs-3-1-windows-2000-domain-problem/m-p/291196#M431768 <HTML><HEAD></HEAD><BODY><P>More Info</P><P></P><P>I have recently installed ACS v3.1. I can successfully authenticate users using chap, but when I add the aaa authentication ppp default group tacacs+ command to my Cisco (AS5300) (authen'ing using my W2K AD) and debug it says that authentication fails. I am running IOS 12.0(3)T1. It will however, successfully authenticate me when logging into a AAA client using the aaa authentication login default group tacacs+ local command, so it appears that the authentication process is working. Any suggestions on how to authenticate my dialup users(via ACS/AD Database)? Everything appears to be configured right on the router. My guess is something in ACS is not configured properly to pass the the authen. from the ACS to the NT Database(DC) for the dialup users. Any suggestions would be appreciated. </P><P>The ACS log error is (CS CHAP password invalid )</P><P> </P><P></P></BODY></HTML> Sun, 21 Mar 2004 07:52:25 GMT https://community.cisco.com/t5/network-access-control/acs-3-1-windows-2000-domain-problem/m-p/291196#M431768 aymandcp 2004-03-21T07:52:25Z