A-7
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
AppendixA Troubleshooting Information for Cisco Secure ACS Dial-in Connection Issues
A dial-in user is unable to make
a connection to the AAA client.
The Windows NT/2000 user
database is being used for
authentication.
A record of a failed attempt
appears in the Failed Attempts
Report (in the Reports &
Activity section, click Failed
Attempts).
The user information is not properly configured for authentication
in WindowsNT/2000 or Cisco Secure ACS.
The Windows NT/2000 user database resides on the same machine
as Cisco Secure ACS.
From the Windows NT User Manager or Windows 2000 Active
Directory Users and Computers, confirm the following:
•The username and password are configured in Windows NT
User Manager or the Windows 2000 Active Directory Users
and Computers.
•The User Properties window does not have User Must Change
Password at Login enabled.
•The User Properties window does not have Account Disabled
selected.
•The User Properties for the dial-in window does not have Grant
dial-in permission to user disabled, if Cisco Secure ACS is
using this option for authenticating.
From within the Cisco Secure ACS confirm the following:
•If the username has already been entered into
Cisco Secure ACS, a Windows NT/2000 database
configuration is selected in the Password Authentication list in
User Setup for the user.
•If the username has already been entered into
Cisco Secure ACS, the Cisco Secure ACS group to which the
user is assigned has the correct authorization enabled (such as
IP/PPP, IPX/PPP or Exec/Telnet). Be sure to click Submit +
Restart if a change has been made.
•The user’s expiration information in the Windows NT/2000
database has not caused failed authentication. For
troubleshooting purposes, disable password expiry for the user
in the Windows NT/2000 database.
Condition Recovery Action