cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
2405
Views
0
Helpful
1
Replies
ciscoroyzhang
Beginner

24408 User authentication against Active Directory failed since user has entered the wrong password

       Hi there,  I have setup ACS as TACACS server for login request for routers and switch. every time when try to access use the AD user account, it shows above errror, but the password is correct. if I use the account int the internal store there is no issue.  following is the record from ACS monitoring and report:

... ... ....

Evaluating Identity Policy
Matched rule
Selected Identity Store - AD1
Current Identity Store does not support the authentication method; Skipping it.
TACACS+ will use the password prompt from global TACACS+ configuration.
Returned TACACS+ Authentication Reply
Received TACACS+ Authentication CONTINUE Request
Using previously selected Access Service
Identity Policy was evaluated before; Identity Sequence continuing
Authenticating user against Active Directory
User authentication against Active Directory failed since user has entered the wrong password
The advanced option that is configured for a failed authentication request is used.
The 'Reject' advanced option is configured in case of a failed authentication request.
Returned TACACS+ Authentication Reply

Evaluating Identity Policy
Matched rule
Selected Identity Store - AD1
Current Identity Store does not support the authentication method; Skipping it.
TACACS+ will use the password prompt from global TACACS+ configuration.
Returned TACACS+ Authentication Reply
Received TACACS+ Authentication CONTINUE Request
Using previously selected Access Service
Identity Policy was evaluated before; Identity Sequence continuing
Authenticating user against Active Directory
User authentication against Active Directory failed since user has entered the wrong password
The advanced option that is configured for a failed authentication request is used.
The 'Reject' advanced option is configured in case of a failed authentication request.
Returned TACACS+ Authentication Reply

Evaluating Identity Policy
Matched rule
Selected Identity Store - AD1
Current Identity Store does not support the authentication method; Skipping it.
TACACS+ will use the password prompt from global TACACS+ configuration.
Returned TACACS+ Authentication Reply
Received TACACS+ Authentication CONTINUE Request
Using previously selected Access Service
Identity Policy was evaluated before; Identity Sequence continuing
Authenticating user against Active Directory
User authentication against Active Directory failed since user has entered the wrong password
The advanced option that is configured for a failed authentication request is used.
The 'Reject' advanced option is configured in case of a failed authentication request.
Returned TACACS+ Authentication Reply
... ... ...

Please let me know if you have any suggestion. thanks in advance. Roy

1 REPLY 1
trinhtuanphong
Beginner

i know it too late for answer this question, but may be i can help someone who still using this software and stuck in this situation.
We need create same username ( as the one in AD), on the internal acs identity.
The password option "Password Type" select AD1.
That all!