Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
695
Views
4
Helpful
3
Replies

Active Directory Authentication issues

Bryan.Carter
Level 1
Level 1

‎02-17-2006 06:48 PM - edited ‎02-21-2020 10:14 AM

I have the following equipment:

Cisco 3005 Conc.

Cisco ACS 3.3

MS Windows 2003 Active Directory

We are using VPN Client 4.8.

On 3005:

Group:XXXXX is set to point at ACS server for Authentication and Posture Validation via RADIUS.

On ACS:

External database points to Windows DC with ACS agent running.

All works as designed except:

User can ping everywhere on internal network.

When user attempts to access file shares on any domain computer it acts as though he is not authenticated to the domain. It prompts for credentials again. If credentials are given then all is well, but I woud think that the authentication to the domain was automatic via ACS. I am not expecting to run login scripts or anything. I don;t have hte option to put the COnnect before login options in place. Shouldn't the ACS connection to MS AD provide the user with an authenticated session? Have I missed something in ACS or 3005? I have seen this work before so I know it is possible, but not sure ewhat I have done to break it.

Thanks

Labels:
0 Helpful
3 Replies 3

harvey.dewan
Level 1
Level 1

‎02-19-2006 06:38 AM

Question. Are the machines in question part of the domain, or are they users home computers. I have the same issue but it is only with users who are using their home PC.

Bryan.Carter
Level 1
Level 1
In response to harvey.dewan

‎02-19-2006 05:30 PM

I hadn't thought of that. It appears now that I look into it, that it is happening only those machines that are not members of the domain as in your case. If I try it from my work laptop, which is a member of the domain it works fine. If I try it from my home PC, whic is actually a member of a different domain, it doesn't work.

0 Helpful

Bryan.Carter
Level 1
Level 1
In response to harvey.dewan

‎02-22-2006 10:58 AM

Cisco TAC states the following:

"Your users need to authenticate to the domain for them to be able to access the domain resources".

Apparently since I am using the Cisco ACS RADIUS server this is not automatic.

The bottom line is that I think I will need to provide a script that prompts for the users domain credentials after they connect tot he network.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents