Authentication failure with ACS and External User Database

patrice.poiron · ‎03-03-2004

I'm using ACS 3.2 and I configured ACS with a Windows Database as External User Database for users to authenticate.

I selected the domain in W2K AD and the users groups

to map them with the Cisco Secure Groups.

In the Default group, I put <no Access> for All other combinations.

When, we try to connect on an equipment by telnet using the username/passwd of a user in these groups, we have an authentication failure with this message:

'External DB account restriction'.

The user doesn't appear in the users list and there is no mapping between NT Groups and CiscoSecure groups.

Help would be appreciated.

Patrice

amritpatek · ‎03-09-2004

Are you getting this error after an upgrade?? It could happen that the external database settings don't replicate. You may have to reorder the LDAP instances in the registry to match what is on the original server.

Hope this helps.

ppoiron · ‎03-10-2004

In fact, I would like to implement this kind of configuration because LMS and ITM CiscoWorks stations do not manage password aging. So I must find a workaround and it's the reason why I tried to implement an external windows database with Active Directory in the ACS box.

Permalink · ‎03-12-2004

See the following link(s). They may help you.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_field_notice09186a00800b1583.shtml

Regards

KevinPStokes

Syntegrity Limited

www.syntegritylimited.co.uk

ppoiron · ‎03-15-2004

Thanks.

I saw this bulletin. The only thing different is the domain administrator account which doesn't act as part of the operating system.