Re: ACS 4.1/AD user account issue

cklesa5332 · ‎12-03-2007

hello all

Running ACS 4.1 for windows. AD environment. Using Odyssey client with Leap auth. Having an issue with some user names working and then others are not. User accounts are basic domain user accounts. Created a new user account and made sure it matched exactly as an account that is working. Checked the ACS log and it states auth failed and the reason code is Internal error. I am stumped as to why some accounts work and other accounts do not. Anyone come across this or have any ideas on this? I have checked to make certain the account is set for dial-in access.

Thanks for all your help!

ivillegas · ‎12-10-2007

Are the accounts that are not working use Username and Domain . Then this might not work depending on the ACS version. Try upgrading the ACS version.

cklesa5332 · ‎12-11-2007

Actually i found out what was going on here. Yes the accounts are setup in ACS with Domain\username We are running the latest version of ACS. In ACS under external user databases\database configuration\windows database there is a setting Verify that "Grant dialin permission to user". However this was not working for all accounts. Even though the account was definately set for dial-in access it would fail with an error "internal error" Since i am using a special account for our wireless LEAP authentication i removed the check mark from the ACS setting so that it did not verify if account had been set for dial-in access and it has been working fine since. If anyone else runs into this problem give that setting a shot and see if that helps.