Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
922
Views
0
Helpful
5
Replies

ACS and Microsoft Domain authentication issue

g.rodegari
Level 1
Level 1

‎12-17-2004 05:40 AM - edited ‎03-10-2019 01:56 PM

Hi,

I've a Cisco Secure 3.3 and a Windows 2000 Domain.

I've tried to configure user authentication on ACS to Windows external DB.

With the "Unknown user policy" enabled, all works fine.

Then I've disbled this policy and specified the same user in the internal ACS group. This group is always mapped to windows group. The user is configured with "external windows db" for the password authentication... and do not work!

Seems that I must enable the "unknown user policy" ... but I do not want!

Anyone can help me?

Thank you very much,

G.

Labels:
0 Helpful
5 Replies 5

gfullage
Cisco Employee
Cisco Employee

‎12-19-2004 02:45 PM

As long as the username is defined in the ACS database then this should work fine. I just tried it on my ACS server and it worked, I had authentication set up to an external LDAP database (shouldn't make any difference the type of database), authenticated myself so that my username was entered into the local ACS database, then went under Unknown User Policy and selected to "Fail the Attempt" for any unknown user. I then tried to authenticate again using my username and it worked fine. My password in the ACS database is defined as the external LDAP DB.

What error are you seeing in the Failed Attempts Log for this user when you try and authenticate?

0 Helpful

g.rodegari
Level 1
Level 1
In response to gfullage

‎12-20-2004 01:23 AM

Hi Gary and

Thank you for your reply,

I've defined a username in the Cisco Secure DB with password authentication to Microsoft DB. When I've checked "Fail Attempts" to "Unknown user policy"... I do not know why, but, the authentication fail, with message "CS User Unknown".

When I Check the "Unknown user policy" to listen the external Microsoft DB... with the same user, all works fine!

NB: The CS version is 3.3.1(16)

Thanks,

G

0 Helpful

g.rodegari
Level 1
Level 1
In response to g.rodegari

‎12-20-2004 03:16 AM

Hi, GLENN! sorry for the mistake...

I'd like to upgrade my CS from 3.3.1 (16) to 3.3.2...to see if the problem persist.

Could I download from the Partners CCO the upgrade? or I've to purchase the new version?

Kind regards,

G.

0 Helpful

nicolas.dubois
Level 1
Level 1
In response to g.rodegari

‎05-12-2005 05:04 AM

Hi,

I have the same issue with ACS 3.3 installed on a Windows 2003 server. I created a user in ACS with the passowrd authentication field sets to : "Windows database"

If I don't enable "Check the following external user databases" in "Configure unknown user policy", I can't log in with this user and the "failed attempts" logs notice : "CS User unknown"

Have you found a solution since your last post?

Thanks.

Brgds,

N.D.

0 Helpful

g.rodegari
Level 1
Level 1
In response to nicolas.dubois

‎05-12-2005 07:44 AM

Hi,

no... But I've configured a workaround:

I've mapped CS's internal group over MS Domain group, checked the Unknown User Policy but... placed a NAR restriction that deny all on the CS Default Group...

Hope this help

Kind regrads,

Graz.

0 Helpful
Customers Also Viewed These Support Documents