ACS 4.2 with Active Directory

ciscoskeemz · ‎07-02-2009

i have a windows 2003 active directory domain setup with cisco acs 4.2 also installed on it I'm using a 2611xm router(ios 12.4 advsec) if I create users on the acs, i have no issues setting up AAA Authentication however, I have followed the online documentation, to set the ACS to use my windows user database(AD)...but when i try to log in, the authentication fails. On my domain, I have created a computer account named 'CISCO' and I have granted my user "Dial-in" permission. When I checked the failed attempts report on the ACS server it said, "authen failed" and under the authentication code, it said "internal error

Here are some results from some debug commands. Any help would be greatly appreciated

SDMRouter#

*Mar 1 00:24:44.365: AAA/BIND(00000007): Bind i/f

*Mar 1 00:24:44.369: AAA/AUTHEN/LOGIN (00000007): Pick method list 'MY_OWN'

*Mar 1 00:24:44.373: TPLUS: Queuing AAA Authentication request 7 for processing

*Mar 1 00:24:44.377: TPLUS: processing authentication start request id 7

*Mar 1 00:24:44.377: TPLUS: Authentication start packet created for 7()

*Mar 1 00:24:44.381: TPLUS: Using server 10.1.1.3

*Mar 1 00:24:44.385: TPLUS(00000007)/0/NB_WAIT/855EB078: Started 5 sec timeout

*Mar 1 00:24:44.393: TPLUS(00000007)/0/NB_WAIT: socket event 2

*Mar 1 00:24:44.393: TPLUS(00000007)/0/NB_WAIT: wrote entire 33 bytes request

*Mar 1 00:24:44.393: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:44.397: TPLUS(00000007)/0/READ: Would block while reading

*Mar 1 00:24:44.401: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:44.401: TPLUS(00000007)/0/READ: read entire 12 header bytes (expec

t 16 bytes data)

*Mar 1 00:24:44.405: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:44.405: TPLUS(00000007)/0/READ: read entire 28 bytes response

*Mar 1 00:24:44.405: TPLUS(00000007)/0/855EB078: Processing the reply packet

*Mar 1 00:24:44.405: TPLUS: Received authen response status GET_USER (7)

*Mar 1 00:24:48.900: TPLUS: Queuing AAA Authentication request 7 for processing

*Mar 1 00:24:48.904: TPLUS: processing authentication continue request id 7

*Mar 1 00:24:48.904: TPLUS: Authentication continue packet generated for 7

*Mar 1 00:24:48.908: TPLUS(00000007)/0/WRITE/84D88908: Started 5 sec timeout

*Mar 1 00:24:48.908: TPLUS(00000007)/0/WRITE: wrote entire 25 bytes request

*Mar 1 00:24:48.936: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:48.936: TPLUS(00000007)/0/READ: read entire 12 header bytes (expec

t 16 bytes data)

*Mar 1 00:24:48.936: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:48.936: TPLUS(00000007)/0/READ: read entire 28 bytes response

*Mar 1 00:24:48.940: TPLUS(00000007)/0/84D88908: Processing the reply packet

*Mar 1 00:24:48.940: TPLUS: Received authen response status GET_PASSWORD (8)

*Mar 1 00:24:51.981: TPLUS: Queuing AAA Authentication request 7 for processing

*Mar 1 00:24:51.985: TPLUS: processing authentication continue request id 7

*Mar 1 00:24:51.985: TPLUS: Authentication continue packet generated for 7

*Mar 1 00:24:51.989: TPLUS(00000007)/0/WRITE/84D88908: Started 5 sec timeout

*Mar 1 00:24:51.989: TPLUS(00000007)/0/WRITE: wrote entire 24 bytes request

*Mar 1 00:24:52.150: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:52.154: TPLUS(00000007)/0/READ: read entire 12 header bytes (expec

t 6 bytes data)

*Mar 1 00:24:52.154: TPLUS(00000007)/0/READ: socket event 1

*Mar 1 00:24:52.154: TPLUS(00000007)/0/READ: read entire 18 bytes response

*Mar 1 00:24:52.154: TPLUS(00000007)/0/84D88908: Processing the reply packet

*Mar 1 00:24:52.154: TPLUS: Received authen response status FAIL (3)

Jagdeep Gambhir · ‎07-03-2009

Most likely a permission issue, please see this link,

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/installation/guide/windows/postin.html

Regards,

~JG

Do rate helpful posts

ciscoskeemz · ‎07-03-2009

JG,

thanks...I actually was looking over that doc prior to posting, but still cannot find the issue. I will keep at it.