Filter
Top Products
A-7
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Appendix A Troubleshooting Information for Cisco Secure ACS
Dial-in Connection Issues
A dial-in user is unable to make
a connection to the AAA client.
The Windows NT/2000 user
database is being used for
authentication.
A record of a failed attempt
appears in the Failed Attempts
Report (in the Reports &
Activity section, click Failed
Attempts).
The user information is not properly configured for authentication
in Windows NT/2000 or Cisco Secure ACS.
The Windows NT/2000 user database resides on the same machine
as Cisco Secure ACS.
From the Windows NT User Manager or Windows 2000 Active
Directory Users and Computers, confirm the following:
• The username and password are configured in Windows NT
User Manager or the Windows 2000 Active Directory Users
and Computers.
• The User Properties window does not have User Must Change
Password at Login enabled.
• The User Properties window does not have Account Disabled
selected.
• The User Properties for the dial-in window does not have Grant
dial-in permission to user disabled, if Cisco Secure ACS is
using this option for authenticating.
From within the Cisco Secure ACS confirm the following:
• If the username has already been entered into
Cisco Secure ACS, a Windows NT/2000 database
configuration is selected in the Password Authentication list in
User Setup for the user.
• If the username has already been entered into
Cisco Secure ACS, the Cisco Secure ACS group to which the
user is assigned has the correct authorization enabled (such as
IP/PPP, IPX/PPP or Exec/Telnet). Be sure to click Submit +
Restart if a change has been made.
• The user’s expiration information in the Windows NT/2000
database has not caused failed authentication. For
troubleshooting purposes, disable password expiry for the user
in the Windows NT/2000 database.
Condition Recovery Action