Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
2
Replies

ACS v3.3 and CS user unknown

tjenkin2
Level 1
Level 1

‎10-20-2005 08:27 AM - edited ‎03-10-2019 02:20 PM

Hi,

Got a server running ACS v3.3 talking to a SecurID ACE server. When I set a user up to use SecurID, ACS always reports "CS user unknown" - when the user is plainly in the database. If I change user back to use Internal auth - it works a treat.

If tried using the "Unknown user policy" to force all requests to SecurID - this works OK - but doesn't collect any attributes from the users account in ACS.

v3.1 seems to work fine - is there a bug with v3.3 ?

Cheers,

Tim.

Labels:
0 Helpful
2 Replies 2

smalkeric
Level 6
Level 6

‎10-26-2005 06:54 AM

I think some required configuration must be missed out.For further configuration information look at the following url;

http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_configuration_guide09186a008046dc81.html#wp998632

0 Helpful

darpotter
Level 5
Level 5

‎11-01-2005 03:06 AM

Interesting, did the external db config for RSA come from 3.1, ie you just installed 3.3 over 3.1? If so you could try deleting the securid config and re-creating. But I admit thats a long shot

If things work when you enable the unknown user policy.... does it create totally new users in parallel to the ones already there?

To get "CS user unknown" it means ACS looked in its DB and didnt find a user with the same name. I would set logging to max (under system config) run the test again and then look in the CSAuth log file (under CSAuth/logs.auth.log) Look for "starting authentication for" type messages. That will give a good idea as to what is going on.

Darran

0 Helpful
Customers Also Viewed These Support Documents