Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Databases

BASIC CONFIGURATION FOR WINDOWS AUTHENTICATION

advertisement 
BASIC CONFIGURATION FOR WINDOWS AUTHENTICATION
ONLY FOR ACS FOR WINDOWS
Please make sure you have performed post installation task for ACS before doing below configuration on ACS.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/gu
ide/windows/postin.html#wp1041202
After successfully configuring




Local Security Policies
ACS Services
Enable NetBIOS.
Ensure DNS operation
Then proceed with following configuration on ACS end.
1.
Go to ACS -> external user databases -> unknown user policy
2.
3.
4.
select option Check the following external user databases
Move the windows database to the right hand side.
And check the option “The database in which the user profile is held.”
Click on submit and then select option “Database Group Mappings”
Then select Windows Database.
Click on new configuration:
Select your domain name and click on submit.
Now click on the domain name :
And
the default group for the Windows users who belong to the
defined Windows group set.
Now come back to the first page on External user databases.
Click Windows Database -> configure : Check option for “Verify that "Grant dialin permission to user" setting has been enabled from within the Windows
User Manager for users configured for Windows User Database authentication.” If required and this option is
optional.
Select box next to unknown user policy -> and move the domain under domain list coloumn/box.
Enable below options under MS-CHAP settings section.
Enable password changes using MS-CHAP version1.
Enable password changes using MS-CHAP version 2.
Test authentication and see if it passes or fails.
For more information please go through below links
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/us
er/guide/UsrDb.html#wp353791
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/us
er/guide/UnknUsr.html#wpxref40759
Any error coming in failed attempt starting from External DB states issue with external database authentication it can
be windows, LDAP, ODBC or something else.
Common error messages:

Auth type not supported by External DB
Solution : http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K24308566

External DB account Restriction
Solution : http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K19031787

ACS External DB is not operational
This mostly happens in ACS solution engine when issues are with remote agent or if ACS for windows machine is not
on the domain.

External DB user invalid or bad password
http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K65242111
The following messages are output when ACS does not have
reachability to Active Directory.
- "External DB user invalid or bad password"
- "InternalError"
Related documents
GC Instrument Portfolio
GC Instrument Portfolio
Wu-VortexCATALYST-FOR-POSITIVE-CHANGE
Wu-VortexCATALYST-FOR-POSITIVE-CHANGE
University of Florida Gainesville, FL, USA
University of Florida Gainesville, FL, USA
Responsive Nanostructures and Nanocomposites
Responsive Nanostructures and Nanocomposites
complete this form.
complete this form.
Activity Report template
Activity Report template
- Association of Caribbean States
- Association of Caribbean States
Membership Affairs Committee (MAC)
Membership Affairs Committee (MAC)
Cisco Secure Access Control Server Express 5.0 Overview Q. A.
Cisco Secure Access Control Server Express 5.0 Overview Q. A.
Cisco Secure Access Control Server 4.1 for Windows Overview Q. A.
Cisco Secure Access Control Server 4.1 for Windows Overview Q. A.
Configuration Example
Configuration Example
Cisco Secure ACS Online Troubleshooting Guide
Cisco Secure ACS Online Troubleshooting Guide
Download
advertisement