Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
596
Views
0
Helpful
2
Replies

ACS connecting to AD

darrenshaw
Level 1
Level 1

‎10-05-2004 02:20 AM - edited ‎07-04-2021 10:02 AM

I have had this problem quite a few weeks. Basically my ACS will not authenticate unknown user to AD.

I have gone through the following.

Ensure the ACS services start with Domain Admins account....

log on as service......

and act as part of the operating system.

All users are added to the pre-windows 2000 compatible access group.

I have done a packet capture and the ACS does talk to the Domain controller but will not authenticate, i get the following error in the authentication log on the ACS

EXTERNAL DB ACCOUNT RESTRICTION.

If i set up a user in the ACS this works fine no problems. ACS VER is 3.2, running on W2K SP3.

I will be setting a test bed up to test this against another AD machine.

Any Ideas...anyone?

Labels:
0 Helpful
2 Replies 2

sbilgi
Level 5
Level 5

‎10-12-2004 07:50 AM

If you have access to the Cisco Bugtoolkit, you can check there to find if there are any known issues in this.

0 Helpful

dominic.caron
Level 5
Level 5

‎10-13-2004 09:54 AM

I had a similar problem at first.

I found that some ACL blocked ICMP between ACS and DCs. Windows Domain Controler need ICMP(it's send a ping to the ACS server before sending policys) to send security credential to the windows part of ACS.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card