With Cisco Secure Access Control Server (ACS) 3.3, user authentication fails when NTLMv2 authentication is enabled on the Windows 2000 domain server.
This issue is documented in Cisco bug ID CSCea91947.
When user authentication is attempted on a Windows 2000 domain server running NT LAN Manager version 2 (NTLMv2) authentication, the attempt fails and an authentication failed message is reported. The user is not able to log into the domain.
ACS will not authenticating Win2k users when NTLMv2 is enabled on network - CSCea91947
ACS support for NTLMv2 is only in versions 4.0 and later.
Workaround is to use NTLM for ACS versions 3.3 and lower.
Known Fixed Releases: (2)
To resolve this issue, perform these steps:
In the applicable Windows security policy editor, navigate to Local Policies > Security Options, and locate the LAN Manager Authentication Level policy.
Set this policy to Send LM & NTLM responses.
Note: Other settings involve the use of NTLMv2, which Cisco Secure ACS does not support.
Verify NTLM Version
Note This step is required only if Cisco Secure ACS authenticates users who belong to trusted domains or child domains.
Verify that the NT LAN Manager (NTLM) version used is version 1. In the applicable Windows security policy editor, access Local Policies > Security Options, and locate the LAN Manager Authentication Level policy and set the policy to Send LM & NTLM responses. Other settings involve the use of NTLM v2, which Cisco Secure ACS does not support.
Hi,Good day I was trying to set-up Cisco ESA C390 in one our data center but I'm having issues establishing connections to external and public mail servers. Below is the error when I tested SMTP ping via CLI: Starting SMTP test of host alt1.gmai...
Hi All I would like to know if the firepower 4100 setup in Active-Passive, so if the uplink switch in VSS, combine 2x 40G uplink to the Firepower pair. QuesionFirepower Active-Passive setup, what would the real time interface bandwidth would be ...