Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
531
Views
0
Helpful
2
Replies

ACS External Windows Authentication: Pre-Windows 2000 name only works

mrbugsir
Level 1
Level 1

‎01-16-2006 11:12 AM - edited ‎03-10-2019 02:26 PM

Hello. I have attempted to map ACS to Windows AD 2003 as an External Database. That works, but only if I authenticate using the Pre-Windows 2000 name (sometimes called the "down-level" name).

If I use the Windows 2003 login name, I get a 529 error in the event viewer, stating the username/password is incorrect. This error appears on the Windows 2003 SP1 server running ACS.

Curiously, if I authenticate using the down-level name, the successful event shows the same authentication package (MICROSOFT_AUTHENTICATION_PACKAGE_V1_0) and "Workstation" and "Login Process" name (CISCO).

I cannot determine if this is an ACS or Windows problem. Any one have a clue?

Labels:
0 Helpful
2 Replies 2

jhillend
Level 1
Level 1

‎01-19-2006 11:55 AM

Can you provide an example of the W2K3 AND W2K usernames you are using? This shouldn't be an issue.

0 Helpful

mrbugsir
Level 1
Level 1
In response to jhillend

‎01-19-2006 02:50 PM

Win2003 logon name: bob.smith@company.com

A Pre-Windows2000 name: bsmith@company.com

Interestingly, the down-level name will authenticate, but the "up-level" name will not.

Here are excerpts from AUTH.log:

Failed up-level name:

---------------------

AUTH 01/19/2006 07:52:04 I 4817 3604 Attempting authentication for Unknown User 'bob.smith@company.com'

AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Starting authentication for user [bob.smith@company.com]

AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bob.smith

AUTH 01/19/2006 07:52:04 E 0365 3604 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Reattempting authentication at domain COMPANY

AUTH 01/19/2006 07:52:04 I 0365 3604 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bob.smith

AUTH 01/19/2006 07:52:04 E 0365 3604 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

AUTH 01/19/2006 07:52:04 I 2124 3604 Unknown User 'bob.smith@company.com' was not authenticated

Passed down-level name:

-----------------------

AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Starting authentication for user [bsmith@company.com]

AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bsmith

AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Windows authentication SUCCESSFUL (by WINDC02)

AUTH 01/19/2006 07:52:23 I 0365 3604 External DB [NTAuthenDLL.dll]: Obtaining RAS information for user bsmith from WINDC02

0 Helpful
Customers Also Viewed These Support Documents