Cisco Systems Servers Server User Manual


 
Appendix A Troubleshooting Information for Cisco Secure ACS
Dial-in Connection Issues
A-6
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Dial-in Connection Issues
Condition Recovery Action
A dial-in user is unable to make
a connection to the AAA client.
No record of the attempt appears
in either the TACACS+ or
RADIUS Accounting Report (in
the Reports & Activity section,
click TACACS+ Accounting or
RADIUS Accounting or Failed
Attempts).
Examine the Cisco Secure ACS Reports or AAA client Debug
output to narrow the problem to a system error or a user error.
Confirm the following:
The dial-in user was able to establish a connection and ping the
Windows NT/2000 server before Cisco Secure ACS was
installed. If the dial-in user could not, the problem is related to
a AAA client/modem configuration, not Cisco Secure ACS.
LAN connections for both the AAA client and the
Windows NT/2000 server supporting Cisco Secure ACS are
physically connected.
IP address of the AAA client in the Cisco Secure ACS
configuration is correct.
IP address of Cisco Secure ACS in AAA client configuration is
correct.
TACACS+ or RADIUS key in both AAA client and
Cisco Secure ACS are identical (case sensitive).
The command ppp authentication pap is entered for each
interface, if the Windows NT/2000 user database is being used.
The command ppp authentication chap pap is entered for
each interface, if the Cisco Secure ACS database is being used.
The AAA and TACACS+ or RADIUS commands are correct in
the AAA client. The necessary commands are listed in the
following:
Program Files\CiscoSecure ACS vx.x\TacConfig.txt
Program Files\CiscoSecure ACS v
x.x\RadConfig.txt.
The Cisco Secure ACS Services are running (CSAdmin,
CSAuth, CSDBSync CSLog, CSRadius, CSTacacs) on the
Windows NT/2000 server.