Filter
Top Products
A-11
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Appendix A Troubleshooting Information for Cisco Secure ACS
Debug Issues
Debug Issues
Condition Recovery Action
When running debug aaa
authentication on the AAA
client, a failure message is
returned from
Cisco Secure ACS.
The configurations of the AAA client or Cisco Secure ACS are
likely to be at fault.
From within Cisco Secure ACS confirm the following:
• Cisco Secure ACS is receiving the request. This can be done by
viewing the Cisco Secure ACS reports. Based on what
does/does not appear in the reports and which database is being
used, troubleshoot Cisco Secure ACS based on one of the first
three listings in this matrix.
From the AAA client, confirm the following:
• The command ppp authentication pap is entered for each
interface if authentication against the Windows NT/2000 User
Database is being used.
• The command ppp authentication chap pap is entered for
each interface if authentication against the CiscoSecure user
database is being used.
• The AAA and TACACS+ or RADIUS configuration is correct
in the AAA client. The necessary commands are listed in the
following:
Program Files\CiscoSecure ACS vx.x\TacConfig.txt
Program Files\CiscoSecure ACS v
x.x\RadConfig.txt
Program Files\CiscoSecure ACS v
x.x\README.TXT
When running debug aaa
authentication and debug aaa
authorization on the AAA
client, a
PASS is returned for
authentication, but a
FAIL is
returned for authorization.
This problem occurs because authorization rights are not correctly
assigned.
From Cisco Secure ACS User Setup, confirm that the user is
assigned to a group that has the correct authorization rights.
Authorization rights can be modified under Group Setup or User
Setup. User settings override group settings.
If a specific attribute for TACACS+ or RADIUS is not displayed
within the Group Setup section, this might indicate it has not been
enabled in Interface Configuration: TACACS+ (Cisco IOS) or
RADIUS.