Cisco 3.3 User Manual
Page 655
A-11
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Appendix A Troubleshooting
Dial-in Connection Issues
A dial-in user cannot
connect to the AAA
client.
The Windows user
database is being used
for authentication.
A record of a failed
attempt appears in the
Failed Attempts
Report (in the Reports
& Activity section,
click Failed
Attempts).
Create a local user in the CiscoSecure user database and test whether
authentication is successful. If it is successful, the issue is that the user
information is not correctly configured for authentication in Windows or
Cisco Secure ACS.
From the Windows User Manager or Active Directory Users and Computers,
confirm the following:
•
The username and password are configured in the Windows User Manager
or Active Directory Users and Computers.
•
The user can log in to the domain by authenticating through a workstation.
•
The User Properties window does not have User Must Change Password
at Login enabled.
•
The User Properties window does not have Account Disabled selected.
•
The User Properties for the dial-in window does not have Grant dial-in
permission to user disabled, if Cisco Secure ACS is using this option for
authenticating.
From within Cisco Secure ACS confirm the following:
•
If the username has already been entered into Cisco Secure ACS, a
Windows user database configuration is selected in the Password
Authentication list on the User Setup page for the user.
•
If the username has already been entered into Cisco Secure ACS, the
Cisco Secure ACS group to which the user is assigned has the correct
authorization enabled (such as IP/PPP, IPX/PPP or Exec/Telnet). Be sure
to click Submit + Restart if a change has been made.
•
The user expiration information in the Windows user database has not
caused failed authentication. For troubleshooting purposes, disable
password expiry for the user in the Windows user database.
Click External User Databases, and click List All Databases Configured,
and then make sure that the database configuration for Windows is listed.
In the Configure Unknown User Policy table of the External User Databases
section ensure that Fail the attempt is not selected. And ensure that the
Selected Databases list reflects the necessary database.
Verify that the Windows group that the user belongs to has not been mapped
to No Access.
Condition
Recovery Action