Solved: ACS 5.6.0.22 TACACS Authentication Issue

richard.gordon · ‎10-13-2015

Based on this scenario: The Active Directory server has failed or is unavailable.

ACS is configured with both AD and Local Users. When the AD is online I can use an AD account or a Local account for TACACS authentication. When AD is unavailable I receive the error: 24444 Active Directory operation has failed because of an unspecified error in ACS, when trying to use the Local account. (Of course I would expect not to be able to use an AD account)

Is this as designed? or Is there a configuration mistake at hand?

Ivan Gonzalez · ‎10-14-2015

Hi Richard,

In the case AD is offline, you still should be able to use your local account if you select the option of "Continue to next identity store in the sequence", on the "Advance options" on the "Identity Store Sequence" you created:

Section "Users and Identity Stores > Identity Store Sequences > Edit:"

Advanced Options

If access to the current identity store failed

Break Sequence

* Continue to next identity store in the sequence

Note: Please mark it as answered if applicable

View solution in original post

Ivan Gonzalez · ‎10-14-2015