08-15-2012 08:09 PM - edited 07-03-2021 10:32 PM
Hi All,
We are using a cisco ACS 4.2 in our network for wireless and VPN client authenticantion.
Recently we are getting huge logs from ACS continously to RA server when the users are gets Authenticate . below is the error which Message which we have got from the ACS server .
08/13/2012,19:34:32,Authen failed,asthagi,Default Group,00-26-ff-79-b5-5c,External DB user invalid or bad password,,,29,10.101.254.27, |
08/13/2012,19:35:53,Authen failed,asthagi,Default Group,00-26-ff-79-b5-5c,External DB user invalid or bad password,,,29,10.101.254.27, |
08/13/2012,19:37:14,Authen failed,asthagi,Default Group,00-26-ff-79-b5-5c,External DB user invalid or bad password,,,29,10.101.254.27, |
08/13/2012,19:38:35,Authen failed,asthagi,Default Group,00-26-ff-79-b5-5c,External DB account locked out,,,29,10.101.254.27, |
08/13/2012,19:41:36,Authen failed,asthagi,Default Group,00-26-ff-79-b5-5c,External DB user invalid or bad password,,,29,10.101.254.27, |
Due to this if the client's accounts will locked out if they tried more than 3 times.
1. All the clients are getting authenticated via the default group.
2. Only few users are facing the issue not all the users.
3. ACS version is 4.2 and RA version is 4.2.0
Kindly we request you to help on this to solve the same also avoid getting the huge logs in the RA server.
Regards,
Jayaraman M.S
08-16-2012 03:34 AM
Jaya: isRA used for logging only or used for authentication?
Logs are straightforward, the password provided for the username is not correct.
It seems the users updated their password on the AD but forgot to change the password on their vpn configuration.
Let them update the vpn configuration with the correct password things should be fine.
HTH
Amjad
Sent from Cisco Technical Support iPad App
08-21-2012 09:32 PM
Thanks a lot Amjad,
We have checked the same and it seems to be the paswords updated in all the neccessary places , so, We had a reload once after we stoped all the services . post reload we are not observing the same issue . But not sure how it is working fine now ,
Can you please help us to understand what could be the root cause in this case ? .
Regards,
Jayaraman M.S
08-26-2012 11:15 PM
Jaya:
good that it is now working.
I can't guess the root cause but you make sure that both ACS and RA on same version with same patch level. Make sure to have latest patch applied to both.
You want to say "Thank you"? Don't. Just rate the useful answers, that is more useful than "Thank you".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide