Appendix A Troubleshooting
Database Issues
A-8
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
External databases not operating properly. Make sure that a two-way trust (for dial-in check)
has been established between the Cisco Secure
ACS domain and the other domains.
If Cisco Secure ACS is installed on a Member
Server and is authenticating to a Domain
Controller, see the “Authentication Failures When
ACS/NT 3.0 Is Authenticating to Active
Directory” Field Notice at the following URL:
http://www.cisco.com/en/US/products/sw/
secursw/ps2086/
products_field_notice09186a00800b1583.shtml
Cannot install Novell NDS database
authentication.
Make sure Novell Requestor is installed on the
same Windows server as the Cisco Secure ACS.
Unknown users are not authenticated. Go to External User Databases > Unknown
User Policy. Select the Check the following
external user databases option. From the
External Databases list, select the database(s)
against which to authenticate unknown users.
Click —> (right arrow button) to add the database
to the Selected Databases list. Click Up or Down
to move the selected database into the desired
position in the authentication hierarchy.
If you are using the Cisco Secure ACS Unknown
User feature, external databases can only
authenticate using PAP.
Novell NDS or Generic LDAP Group Mapping not
working correctly.
Make sure that you have correctly configured
Group Mapping for the applicable database.
For more information, see Chapter 16, “User
Group Mapping and Specification”.
Condition Recovery Action