cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1154
Views
0
Helpful
6
Replies

Radius authentication using windows active directory

sholeh
Level 1
Level 1

Hi,

I am using radius to authenticate user who connect to LAN but always fail...here is the error in ACS report "external DB account restriction" can anyone help me to resolve ?

Many thanks...

Sholeh

6 Replies 6

m.sir
Level 7
Level 7

When user validation fails for any reason (external server down, wrong SSL certificate, or key mismatch with NAS), the csv failed attempts report states that the authentication failure code is 'external db account restriction'

So check if key is same for ACS and client, if users database is OK....

M.

Hope that helps rate if it does

Rutger Blom
Level 1
Level 1

Also check you enabled dial-in on the active directory account.

Rutger

darpotter
Level 5
Level 5

The official Microsoft error description is:

1327L ERROR_ACCOUNT_RESTRICTION Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions).

Darran

I'm using ACS 3.3 and having the same problem of "External DB account Restriction".

I checked all the things that you mentioned and everything seems fine.

Except that on the Radius server, the application event viewer keeps popping two errors.

The first one says source-rasctrs and it goes like this:

The description for Event ID ( 2001 ) in Source ( rasctrs ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer.

The second one says soure-preflib and it goes like this:

The Open Procedure for service "RemoteAccess" in DLL "c:\WINNT\System32\rasctrs.dll" failed.

HEEEEEEELLLLp

Dear All,

Thank you very much for your reply, I am new to this ACS and after reading the installation guide throughly I found that the windows running ACS server has not been configure to communicate with Active directory...that's way authentication always fail...and now my friend is still configuring it, hopefully it will work smoothly.

Thanks again.

Best regards,

Sholeh

Hello Azat,

with regard to the first event viewer message (Event ID 2001), this message usually is being displayed if you disabled the Remote Access service; these events are logged ´because the Performance Monitor checks the availability of all counters listed in the registry. Since Remote Access is installed but unavailable, the errors are logged.´

You can get rid of these entries by adding the following key to this registry entry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance]

"Disable Performance Counters"=dword:00000001

That is, create a DWORD entry with the name ´Disable Performance Counters´ with a value of 1 under the ´Performance´ entry.

As with regard to the original problem, I wonder if this could be a client problem. Which clients do you have (e.g. XP SP2) ? And are there any other devices (firewalls, or locally installed anti-virus scanners) in the path between the clients and the ACS ?

Regards,

GNT