Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
563
Views
0
Helpful
1
Replies

ACS group enumeration problem in Multi domain enviroment

rshoker99
Level 1
Level 1

‎04-06-2007 09:06 AM - edited ‎03-10-2019 03:04 PM

Hi all,

I have a problem with ACS 3.3.4 build 12

It cannot enumerate domain mapping in a multi domain enviroment.

Running the NT utility all groups enumerate. Domains list. (except in the ACS control page)

Also user authentication fails with the error

NOTE: Attempting NT/2000 authentication

ERROR: NT/2000 authentication FAILED (error 1300L)

User FAILED authentication, details follow...

The API error is -1058 (Unknown Windows 2000/NT error has occurred)

The W2K/NT error is 1300 (Not all privileges referenced are assigned to

the caller.

Acs server is in the root domain, using a domain user account which is in the local administrators group. It also runs the services.

All other domains are child domains.

User are able to authenticate on the VPN concentrators with no problem.

However wireless user require the user to use fully qualified names. (first.last@child.root)

That is the second problem.

Strange to say the least.

Thank you all for any advice.

Raj

Labels:
0 Helpful
1 Reply 1

dsweeny
Level 3
Level 3

‎04-12-2007 10:53 AM

In the local domain and in each trusted domain and child domain that Cisco Secure ACS will use to authenticate users, ensure both of the following:

.A computer account named "CISCO" exists.

.All users to be authenticated by Windows have permission to log into the computer named "CISCO".

Refer to this link:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/install/inst02.htm#wp981718

0 Helpful
Customers Also Viewed These Support Documents