Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5370
Views
0
Helpful
6
Replies

Authentication Failure Code for Cisco ACS

soebeginner
Level 1
Level 1

‎05-21-2019 08:46 PM - edited ‎02-21-2020 11:05 AM

Hi, 

 

Understand that there's Failure Code 24408 for failed login attempt due to wrong password for AD account.

 

24408: User authentication against Active Directory failed since user has entered the wrong password

 

Is there any failure code I can look at for similar instance but for failed logins on local accounts instead? 

 

Thanks!

0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎05-21-2019 11:38 PM

Look this information :

 

24408 User authentication against Active Directory failed since user has entered the wrong password

=========================================================================
Authentication failure gainst AD due to account is disabled
=============================================

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

soebeginner
Level 1
Level 1
In response to balaji.bandi

‎05-22-2019 12:29 AM

Hi Balaji,
Thanks for the reply.
Yup, thats for account against Active Directory.
What if the account is a local account (i.e. not available in Active Directory) for instance, username=admin? Does it share the same code 24408? Or is there other failure code for local accounts?
Thanks!
0 Helpful

Sathiyanarayanan Ravindran
Spotlight
Spotlight
In response to soebeginner

‎05-22-2019 12:34 PM

If the account is configured on the ACS for login. That time you will get a error code as below.

 

Message TextFailed-Attempt: Authentication failed
Failure Reason22040 Wrong password or invalid shared secret
Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
0 Helpful

soebeginner
Level 1
Level 1
In response to Sathiyanarayanan Ravindran

‎05-22-2019 09:02 PM

Hi Sathiya,

Thanks!
How about those accounts configured on the devices and that logins for the devices is send to cisco acs? e.g. failed login for admin account configured on firewall.
0 Helpful

Sathiyanarayanan Ravindran
Spotlight
Spotlight
In response to soebeginner

‎05-23-2019 12:22 PM

If TACACS is configured as a 1st priority and local as fall back. The error message would be 22056 Subject not found in the applicable identity store(s).

 

If Local as 1st priority and tacacs as second, The authentication will get drop at switch/Firewall. You won't get any logs on ACS.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
0 Helpful

Kush
Cisco Employee
Cisco Employee
In response to Sathiyanarayanan Ravindran

‎10-09-2019 04:35 AM

Hello sir,

 

On ACS 5.8 patch 9 when we try to enable password hashing for local users on ACS authentication fails on secondary server with same error message 22040 wrong password on invalid shared secret.

 

Verified the password and shared secret. 

 

Authentications work fine on primary server with hashing enabled for local users.

 

Tried to change the sec to primary and encountered the same issue.

 

Could you please share your insights.

0 Helpful
Customers Also Viewed These Support Documents