Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
503
Views
0
Helpful
1
Replies

Windows Authentication Fails

craig-allen
Level 1
Level 1

‎03-05-2008 09:24 AM - edited ‎03-10-2019 03:41 PM

We are running ACS 4.1.(4) Build 13 on a member server within a 2003 AD Domain.

We get the following errors in the CSAuth.log file:

AUTH 05/03/2008 17:21:15 E 0384 6180 0x24 External DB [NTAuthenDLL.dll]: NetUserGetLocalGroups failed with result [5]

AUTH 05/03/2008 17:21:15 E 2169 6180 0x24 External DB [NTAuthenDLL.dll]: nt_GetUsersNTGroups failed

AUTH 05/03/2008 17:21:15 E 0384 6180 0x24 External DB [NTAuthenDLL.dll]: NetUserGetLocalGroups failed with result [5]

AUTH 05/03/2008 17:21:15 E 2169 6180 0x24 External DB [NTAuthenDLL.dll]: nt_GetUsersNTGroups failed.

It appears that ACS cannot determine group membership of the AD account. I have setup the mappings of AD Groups to ACS Groups.

Any ideas?

Labels:
0 Helpful
1 Reply 1

Premdeep Banga
Level 7
Level 7

‎03-05-2008 01:35 PM

Ensure that you have followed *all* the steps mentioned in this link,

Configuring for Member Server Authentication:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/installation/guide/windows/postin.html#wp1041304

Also, install Patch 6 for ACS version 4.1(4) Build 13 from,

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

- Acs-4.1.4.13.6-SW.zip

- Acs-4.1.4.13.6-SW-Readme.txt

Regards,

Prem

0 Helpful
Customers Also Viewed These Support Documents