Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1502
Views
0
Helpful
4
Replies

"External DB account restriction message"

admin_2
Level 3
Level 3

‎05-25-2004 07:08 PM - edited ‎03-10-2019 07:50 AM

Hi all,

I'm working with TACACS for NT/Windows 2000 2.6 installed on a Windows 2000 member server. I've the authentication process to work using the server's local user database for authentication. However, when I switch over and attempt to use the domain's active directory user database, the authentication fails and I see the "External DB account restriction message" in the failed authentication log.

I've ensured the user's active directory account has the "Allow access" option checked on the Remote Access tab. I also get the same message when I uncheck the "Verify allow dialin..." section on the TACACS server's Configure database page.

Any ideas on what to check next?

Also the TACACS server was made a member server on the domain after the TACACS software was installed. Anyone think un-installing/re-installing the TACACS software would help?

Thanks for your help, Alan

Labels:
0 Helpful
4 Replies 4

umedryk
Level 5
Level 5

‎06-01-2004 06:33 AM

The error you are receiving means that the users are not being accepted into the groups that are defined for some reason. This means that they then get dropped into the /DEFAULT group which is marked as "no access".

0 Helpful

gamccall
Level 4
Level 4

‎06-10-2004 08:18 AM

I encountered this error with an ACS Appliance authenticating to an AD through a remote agent. This is how I resolved it: Open up Active Directory Users and Groups. Rightclick on "Users"; select Properties. Click to the Security setting, and add the name of the account that the ACS service is running under to the list of security objects.

I didn't have to assign any new privileges to that account, but it did have to be in the list.

0 Helpful

alian2000
Level 1
Level 1
In response to gamccall

‎06-14-2004 04:08 AM

Hi Gabriel,

I am having similar problem , and i didnt find the security and settings you are talking about on AD.

Can you please tell me where is that tap , do u mean the Users org. unit (where all of the users by default defined in).

Thanks

0 Helpful

gamccall
Level 4
Level 4
In response to alian2000

‎06-14-2004 04:29 AM

I'm not an NT guru, so my terminology may not be that of a trained MS professional. I'll try to describe what I did in enough detail that that won't matter =)

Open up the AD Users and Groups console, and then expand the domain container by clicking the plus. That reveals a list of folders/ containers/ whatever; towards the bottom of that list is one called "Users". Rightclick on that folder and select properties. Users Properties has 3 tabs: General, Object, Security. Click to the Security tab, click Add on that window, and add the account which ACS is running under to that list.

If you can make that work and if that solves your problem, I'd love to know what the right names for all that is =)

-Gabriel

0 Helpful
Customers Also Viewed These Support Documents