A-17
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
AppendixA Troubleshooting Information for Cisco Secure ACS User Authentication Issues
Unknown users are not
authenticated. Go to External User Databases: Unknown User Policy. Click Check
the following external user databases. From the External
Databases list, select the database(s) against which to authenticate
unknown users. Click > (right arrow button) to add the database
to the Selected Databases list. Click Up or Down to move the
database into the desired position in the authentication hierarchy.
If you are using the Cisco Secure ACS Unknown User feature,
external databases can authenticate using only PAP.
User did not inherit settings from
new group. Users moved to a new group inherit new group settings but they
keep their existing user settings. Manually change the settings in
User Settings.
User can authenticate but
authorizations are different from
expected.
Different vendors use different AV pairs. AV pairs not used in one
vendors protocol are ignored by another vendors protocol.
Make sure the user settings reflect the correct vendor protocol; for
example, Cisco RADIUS.
User cannot log in. Re-enable the user account or reset the failed attempts counter.
Authentication fails. The retry interval is too short. (The default is 5 seconds.) Increase
the retry interval (tacacs-server timeout 20) on the AAA client to
20 or greater.
Check the Failed Attempts report.
Condition Recovery Action