Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
948
Views
0
Helpful
2
Replies

Cisco ACS 3.3 and external DB authentication

michael.linhart
Level 1
Level 1

‎09-23-2004 11:15 PM - edited ‎03-10-2019 01:49 PM

Hi,

After upgradeing from 3.2 to 3.3 we are facing the following problem:

when using external db authentication, where "the unknown user policy" is set to "fail the attempt" no more authentication is possible and the acs server reports "CS user unknown", even the user is localy defined!

Any ideas ?

Is this an known issue in this release ?

Best Regards

Michael Linhart

Labels:
0 Helpful
2 Replies 2

bgh.vd.hout
Level 1
Level 1

‎09-28-2004 05:11 AM

Hi,

I'm afraid I don't have a solution. I can only say that I've experienced almost the same.

I have a unknown user policy redirecting to a Windows AD and a RSA SecurID Token Server for known users. I added a known user to ACS to be authenticated to the RSA Token Server.

Cisco Secure doesn't authenticate this user to RSA, but to Windows instead.

09/28/2004 15:00:59 I 5081 0968 Start RQ1026, client 2 (127.0.0.1)

AUTH 09/28/2004 15:00:59 I 0365 0968 External DB [NTAuthenDLL.dll]: Starting authentication for user [bgh.vd.hout]

AUTH 09/28/2004 15:00:59 I 0365 0968 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bgh.vd.hout

AUTH 09/28/2004 15:00:59 E 0365 0968 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

AUTH 09/28/2004 15:00:59 I 0365 0968 External DB [NTAuthenDLL.dll]: Reattempting authentication at domain INI

AUTH 09/28/2004 15:00:59 I 0365 0968 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user bgh.vd.hout

AUTH 09/28/2004 15:00:59 E 0365 0968 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)

AUTH 09/28/2004 15:00:59 I 5081 0968 Done RQ1026, client 2, status -2052

I'm sure I've configured RSA and the local ACS user correctly

Any idea's ?

Bram van den Hout

0 Helpful

cgiulini
Level 1
Level 1
In response to bgh.vd.hout

‎12-16-2004 02:56 PM

I just ran into a similar issue, though on a new ACS installation. I was configuring authentication against an external RSA server. I found (after reading your post) that an external Windows database was showing up in the ACS config, even though I had never specified this as an external database.

I deleted the external Windows database and was immediately able to start authenticating against RSA SecurID correctly.

Some additional information: I was seeing username: and PASSCODE: prompt. Those processed correctly but were then followed by a password: prompt. Certainly unusual. I believe this extra prompt was an attempt to authenticate against the "mystery" Windows db.

It's probably worth digging in to this further...

Hope this helps.

Chad

0 Helpful
Customers Also Viewed These Support Documents