beautypg.com

Cisco 3.3 User Manual

Page 657

background image

A-13

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Appendix A Troubleshooting

Dial-in Connection Issues

A dial-in user cannot
connect to the AAA
client, and a Telnet
connection cannot be
authenticated across
the LAN.

Determine whether the Cisco Secure ACS is receiving the request. This can be
done by viewing the Cisco Secure ACS reports. Based on what does not appear
in the reports and which database is being used, troubleshoot the problem
based on one of the following:

Line/modem configuration problem. Review the documentation that came
with your modem and verify that the modem is properly configured.

The user does not exist in the Windows user database or the CiscoSecure
user database and might not have the correct password. Authentication
parameters can be modified under User Setup.

The Cisco Secure ACS or TACACS+ or RADIUS configuration is not
correct in the AAA client.

Callback is not
working.

Ensure that callback works on the AAA client when using local authentication.
Then add AAA authentication.

User authentication
fails when using PAP.

Outbound PAP is not enabled. If the Failed Attempts report shows that you are
using outbound PAP, go to the Interface Configuration section and select the
Per-User Advanced TACACS+ Features check box. Then, go to the
TACACS+ Outbound Password section of the Advanced TACACS+ Settings
table on the User Setup page and type and confirm the password in the boxes
provided.

Condition

Recovery Action