Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1686
Views
0
Helpful
3
Replies

ACS2.6

mr.bond
Level 1
Level 1

‎07-02-2003 03:33 AM - edited ‎03-10-2019 07:23 AM

can somebody give me the steps to configure CAS2.6.2 and router 2600 with 16 modems.i wana configure it with tacacs+ and want to work fine with normal dialup and callback user.

Labels:
0 Helpful
3 Replies 3

ywadhavk
Cisco Employee
Cisco Employee

‎07-02-2003 06:17 AM

On the router you will require the below at the least.

aaa new-model

aaa authentication login default group tacacs+ enable

aaa authentication ppp default group tacacs+ local none

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization network default group tacacs+

You may require other additional statements as per you policies.

As for the dialup part for authentication

int group-async 1

ppp authentication chap ===> or pap

peer default ip address pool async ====> or you may choose to have the pool

defined on TACACS server

ip local pool async 10.6.100.101 10.6.100.103

tacacs-server host x.x.x.x

tacacs-server timeout 10

tacacs-server key xyz

On the TACACS server, add this router as the client under the Network Configuration with the proper key ( xyz in this case) and protocol tacacs

Configure the group for login protocol ppp

Please go through the below url for more info on the ACS configuration;

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt26/usergd26/ch3.htm

Thanks,

yatin

0 Helpful

mr.bond
Level 1
Level 1
In response to ywadhavk

‎07-06-2003 05:51 AM

i installed a new acs2.6.4 and changed everything on router as per your instructions.

i installed a new windows2k server with service pack2 and installed acs2.6.4 on it joined to our company domain.i have created two users on the same server 1.dialin 2. callback and put both in seperate group which i mapped to different group in acs with one having only dial access and another can callback.i changed the tacacs+ server and key of router.

when i use both callback/dialin user i cannot login its telling me user/password incorrect.

i use authentication in acs for windows2k and when i changed it to ciscosecure both users are working fine dialin with normal dialup and callback getting callback.

i wana use authentication from windows domain please suggest me your hints.

0 Helpful

ywadhavk
Cisco Employee
Cisco Employee
In response to mr.bond

‎07-06-2003 07:39 AM

Hi,

What you need to do is to configure the ACS server to use the external database of Windows NT.

You will find the instructions of configuring the NT SAM database as External User database on the following link

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt26/usergd26/ch3.htm#368606

More information on the NT User databases is on below url

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt26/usergd26/userdb.htm

Thanks,

yatin

0 Helpful
Customers Also Viewed These Support Documents