Appendix A Troubleshooting
Dial-in Connection Issues
A-12
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
A dial-in user cannot
connect to the AAA
client.
The CiscoSecure user
database is being used
for authentication.
A record of a failed
attempt is displayed in
the Failed Attempts
Report (in the Reports
& Activity section,
click Failed
Attempts).
From within Cisco Secure ACS confirm the following:
•The username has been entered into Cisco Secure ACS.
•CiscoSecure user database is selected from the Password Authentication
list and a password has been entered in User Setup for the user.
•The Cisco Secure ACS group to which the user is assigned has the correct
authorization enabled (such as IP/PPP, IPX/PPP or Exec/Telnet). Be sure
to click Submit + Restart if a change has been made.
•Expiration information has not caused failed authentication. Set to
Expiration: Never for troubleshooting.
A dial-in user cannot
connect to the AAA
client; however, a
Telnet connection can
be authenticated
across the LAN.
The problem is isolated to one of three areas:
•Line/modem configuration problem. Review the documentation that came
with your modem and verify that the modem is properly configured.
•The user is not assigned to a group that has the correct authorization
rights. Authorization rights can be modified under Group Setup or User
Setup. User settings override group settings.
•The Cisco Secure ACS or TACACS+ or RADIUS configuration is not
correct in the AAA client.
Additionally, you can verify Cisco Secure ACS connectivity by attempting to
Telnet to the access server from a workstation connected to the LAN. A
successful authentication for Telnet confirms that Cisco Secure ACS is
working with the AAA client.
Condition Recovery Action