Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1412
Views
0
Helpful
2
Replies

ACS 3.1 Windows 2000 Domain Problem

aymandcp
Level 1
Level 1

‎03-20-2004 01:41 AM - edited ‎03-10-2019 01:43 PM

Dear

I have ACS 3.1 for W2k. I install the program in W2k Advance Server and config it to get Authentication from Active Directory. The authentications is work in case of exec but in case of remote logging through Cisco Access Server get error (CS user unknown) and cannot log using the W2k AD Users.

What recommendations for this error?

Labels:
0 Helpful
2 Replies 2

aymandcp
Level 1
Level 1

‎03-20-2004 02:58 AM

the debug ppp authentication

2d03h: %LINK-3-UPDOWN: Interface Serial0:12, changed state to down

2d03h: %LINK-3-UPDOWN: Interface Async7, changed state to up

2d03h: As7 PPP: Treating connection as a dedicated line

2d03h: As7 PPP: Phase is AUTHENTICATING, by this end

2d03h: As7 CHAP: O CHALLENGE id 3 len 26 from "RAS"

2d03h: As7 CHAP: I RESPONSE id 3 len 30 from "test"

2d03h: As7 CHAP: Unable to validate Response. Username test: Authenticatio

n failure

2d03h: As7 CHAP: O FAILURE id 3 len 26 msg is "Authentication failure"

2d03h: %LINK-3-UPDOWN: Interface Serial0:10, changed state to down

2d03h: %LINK-5-CHANGED: Interface Async7, changed state to reset

2d03h: %LINK-3-UPDOWN: Interface Async7, changed state to down

the error in ACS log mesg is "CS CHAP password invalid"

0 Helpful

aymandcp
Level 1
Level 1

‎03-20-2004 11:52 PM

More Info

I have recently installed ACS v3.1. I can successfully authenticate users using chap, but when I add the aaa authentication ppp default group tacacs+ command to my Cisco (AS5300) (authen'ing using my W2K AD) and debug it says that authentication fails. I am running IOS 12.0(3)T1. It will however, successfully authenticate me when logging into a AAA client using the aaa authentication login default group tacacs+ local command, so it appears that the authentication process is working. Any suggestions on how to authenticate my dialup users(via ACS/AD Database)? Everything appears to be configured right on the router. My guess is something in ACS is not configured properly to pass the the authen. from the ACS to the NT Database(DC) for the dialup users. Any suggestions would be appreciated.

The ACS log error is (CS CHAP password invalid )

0 Helpful
Customers Also Viewed These Support Documents