Cisco AAA/Identity/Nac :: ACS 4.2.0 Error In ACS Authentication For Accessing Devices
Jun 11, 2012
We are using acs version 4.2.0 build 124 on windows server 2003. Our domain controller has been upgraded from 2003 to windows 2008 R2.Now we are facing following error in ACS authentication for accessing our devices.Error: AUTH 06/09/2012 11:55:40 E 1810 3316 0x8f21 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1326L)if we restarted services of ACS server then users get authentiated fine.
View 1 Replies
ADVERTISEMENT
Sep 7, 2012
I configured ACS 5.3 and added AAA clients with TACACS+ server and shared secret key as cisco123. i did the below config on switch also. when i try to authenticate login with ACS it does not respond. Find the configuration and debug output.nd
In debug output it gives ruser and rem_addr is null. i did not understand why .
I am able to ping to ACS server and i used telnet 192.x.x.10 49 and it gives the proper output.
aaa new-model
aaa authentication login default group tacacs+ local
!
tacacs-server host 192.168.60.10 key cisco123
tacacs-server directed-request
ip tacacs source-interface Vlan172
View 2 Replies
View Related
May 15, 2013
I have an 1841 that was working fine - I could SSH to it with my Radius login and console into it with local credentials ("Fred").I added another use ("Mike") with priv 15 so the end user could log in locally via console if needed.After that, we can both log in via console, but when we try to enter privileged mode we get "% Error in Authentication", before even entering the password.I can still log in via Radius SSH with no problems and access privilege mode via SSH.What am I missing so we can have two different users be able to log in locally with different credentials and access privileged mode, and keep my ssh radius working?
View 3 Replies
View Related
Nov 22, 2011
we have ACS 4.2 and 2851 router with IOS 15.0(1)M4. There is authentication failure with error no 254. Is there any compatibilty issue with 15.0(1)M4 IOS
View 1 Replies
View Related
Mar 2, 2011
I have two 1310 bridges. one configured as root and the other as non-root. Authentication Settings: Open with EAP and Network EAP with no addition. Set up: when non-root bridge tries to associate with root bridge, root bridge checks with radius server if it's ok to associate with the non-root bridge.
I can see communication with the radius server (I'm using FreeRadius) and the radius server even sends a SUCCESS back to the root bridge. However I'm seeing this error on the non-root bridge: DOT1X_SHIM-3-PLUMB_KEY_ERR: Unable to plumb keys - Eap key struct is NULL and the bridges do not authenticate.
View 2 Replies
View Related
Apr 29, 2011
I installed NGS 2.0.2 for wireless guest user management and authentication. I implement webauth via webauth page on wlc deployed.One Branch with a WLC5508 version 7.0 wireless anchor controller is working on the NGS.But now I integrate next branch with WLC4402 version 6.0.188 and the authentication of users at the new branch gets an error, wrong user/password.
I double checked configuration and user/password but I can't find any configuration error. Also stopping and starting of radius service and reboot of NGS still does not work. I tried to debug the radius via web interface and watched for the loggfile and there is still a reject.I also tried the freeradius command radiusd -X but I got an error when starting the radiusd -X.
1.) How can I figure out, if I will get the correct password from my WLC ? Are there any debug options to see more ? e.g. some cli commands, radiustest utilities or how to get the received password from the chap challenge of the debug ?
2.) I have appended a part from my radius loggfile. How can I find the detailed error in the radius log file? Is it correct that the password in the debug file is empty ? raiuds logg line "[radius-user-auth] expand: %{User-Password} -> "
View 3 Replies
View Related
Mar 4, 2011
I have two devices in my office which both need to be accessible externally. One is an FTP server (Hermstedt Stingray), the other is a NAS drive (Lacie). I don't have a static IP so have instead configured an account with DYNDNS. My understanding is that by using this method, only one device will be ever be accessible because of the one single dynamic IP. Is this correct? Or is there a way of configuring something somewhere (DYNDNS, router etc) so that both my devices can be accessed externally.
View 3 Replies
View Related
Sep 9, 2012
I have a Netgear modem/router [DGN1000] (192.168.0.x) that serves as a the router for network 1 and also as the internet gateway. I have a Cisco [E4200] (192.168.1.x) router connected to the Netgear modem via the WAN port on the Cisco. This serves as the router for network 2.
DHCP is turned on for both routers. I can access all devices on network 1 using any device o network 2 including the Netgear modem configuration page, but I cant access any device on network 2 from network 1. Is it possible to have access to devices from both networks? [URL]
View 3 Replies
View Related
Mar 29, 2013
I want to setup a simple VPN to allow users to access the office via the iOS (iPad/iPhone) devices. I assume I do this through:
VPN>IPsec>Basic VPN Setup
BUT, what do I enter for the "Endpoint Information" and "Secure Connection Remote Accessibility"?
View 1 Replies
View Related
Feb 5, 2012
We have a D-Link DIR655 wireless router on our network. I have purchased two Seagate 1TB network storage units and would like to have one for me and one for my wife. It seems that the router will not support two, because they try to access the same port. How can I plug these two storage units to the router and have access for each of us to one device?
View 2 Replies
View Related
Jul 15, 2012
Just upgraded my system. I am using D-Link 615 as access point hardwired LAN to LAN to ActiveTec MI424WR N capable Verizon Fios Wireless Modem/Router. The Fios Router is set up with WPA2 security. Intend on having three 615s as Access Points off of ActiveTec. Have a number of wireless devices accessing the network. Have followed instructions from manual to use 615 as Access Point, disabling UPnP and the DNCP Server function on the 615. My ActiveTec IP address is 192.168.1.1 and I changed the 615 to 192.168.1.50. I can type this IP address in my browser and get to the 615 set-up.
I have tried a couple different options in naming the SSID on the 615 set-up. If I name the SSID on the 615 the same as the ActiveTec router, when I go to Connect to a wireless signal where there is overlap, there are two signals that one can connect to, named the same SSID, the Fios is WPA2 secured and the 615 is not. Shouldn't these all be on one SSID? It seems that I have two different networks (different SSIDs) instead of one (rather than the 615 simply serving as an extension of the Fios router as a wired remote access point) with different security protocols (WPA2 and None). The SSID name almost seems meaningless. If I name the 615 SSID the same as the Fios router SSID or something different, I still have the option of selecting one SSID that is secure and one that isn't. If I try to connect to the SSID name associated with the 615 I can get on without providing a password.How do I make it so that one can walk around and go from one area to the next and seamlessly move to the best signal? I did read to select different sets of channels for each access point.
View 3 Replies
View Related
Feb 23, 2011
i'm getting "general network error" while accessing application from server..
client machine: Windows 7
server machine: Windows 2008 server
Switch : 24 port unmanaged D-Link switch ..
network cable: CAT-5 cable.
View 1 Replies
View Related
Jan 5, 2012
We are working on a new site which is hosted on Rackspace. http:[url]....For some inexplicable reason we have intermittent connection problems when trying to access this site and the wordpress backend. We're able to access it for an hour or two and then it becomes unavailable and this can be for an hour or more. During those time we get an "Error 101"Error 101 (net::ERR_CONNECTION_RESET): The connection was reset.This problem is almost certainly unique to our location / ADSL connection.
We've had people at other locations check at the same time as we cannot access the site, and at that same time they can. We've also checked out the site using the 3G network and it's accessible when we're having problems from our ADSL connection.We have tried using fixed DNS addresses (Telecom's, then Google's and then Open DNS) We have binned the Dynalink RTA1025W ADSL Modem thinking it was an issue with the modem. We tried the standard Thomson Telecom Modem but that caused even more problems (binned that one too.)
We have now installed a new Linksys WAG160N but we have the same issue (but a prettier modem)Discussions with Telecom Support have been fruitlessWe connect (in case it's not already obvious) via Telecom ADSL network. I'm based in Manly, Auckland NZ. Our connection is otherwise fine although we have noticed on some of our devices recently that Facebook and Google.co.nz are unavailable for a short time. Often coming right within 30 seconds or so. This may be related.The domain name Travelcafe.co is registered with GoDaddy. I'm about to move it to Rackspace as well. (Rackspace think not, but I'll do it anyway to keep things clean.)
View 4 Replies
View Related
Jul 2, 2012
i have configured my ACS 5.3 server to access AD for user authentication but i would as well like to use the internal store for some users.The problem is that when i test with an internal user account, i can see in the logs that it still tries to access the AD for this user and i receive a message in the logs. " 22056 subject not found in the applicable data store".i have already defined the identity sequence to first use the AD, then if user not found, use the internal database.
View 2 Replies
View Related
Jan 16, 2012
I configured before ACS v4.2 to authenticate network devices using internal users at first, and if the user is not found use AD list users. But with v5.3 I have some problems doing this, on identity policies I use rule based result selection option, I configured 2 polices for Identity source, one for Internal Users and other policy for AD user, but it only works with the first policy, internal users or AD, but works only for the first policy identity. how to do that, if the user is not found on first policy, continue to the next policy.
View 7 Replies
View Related
Jul 3, 2011
I need a specify users to allow access to particular devices and give privilege only for show command or show run. Here is how I tried to configured.
1. Configured two seperate Shell Profile and Command set with privilege level 4-5 and allowing only show run command
2. create seperate service selection rule with adding the require NDG and protocol TACACS and maching service "RestrictAccess"
3. In the RestrictAccess Service I have following configured; Identity: internal users, Group Mapping to a particular group where the user exists, authorization: matching the above created identity group, NDG, shell profile, command sets
All the steps are attached in the .doc file. However when I tried with the particular user he is able to access everything and he is not hitting the correct access rule.
View 6 Replies
View Related
Oct 6, 2012
I have two ACS v 5.2 (primary and secundary) and some users are in the internal stor and the others are in the AD.The local site topology is like this:
PC - AP - WLC - ACS - AD
Authentication method is PEAP(EAP-MSCHAPv2) and all user have the certificate company installed. The OS in the client users is Windows 7.Users was working fine but some users reports intranet disconnections. I see in the ACS log many "22056 Subject not found in the applicable identity store(s)." and "24415 User authentication against Active Directory failed since user's account is locked out" alarms.I believed it was because user wasn´t in the AD data base, but some times the same user is authenticated successfull and other i see the "22056...." or "24415...." alarms.
I switched the role for ACS primary to works as secundary and we see the same alarms.
View 2 Replies
View Related
May 25, 2011
I have a self signed certificate on an ACS 4.2 Windows machine. I open a browser port to https://ipaddress:2002 of the acs and get the certificate error message as expected. When I proceed to the site then check the certificate via the shield on the top of the browser it shows is issued to ACSCOSC216_7. I install the certificate via the IE certificate import wizard.I then connect to the acs via the poper fqdn at [URL] login with my account but now get;The website declined to show this webpage.
View 1 Replies
View Related
Aug 2, 2012
I'm facing a problem related to devices authenticating to our wireless network. Below are how it is setup:WLC 4404 pass authentication to ACS 5.3 (PEAP + MsChapV2) then to AD server.Client can get stock in this status and it keeps repeating from 1 to 20.
View 4 Replies
View Related
Feb 12, 2011
I have been testing WiFi devices such as the iPhones and iPads connectivity with the following setup:
1. 3502i AP
2. WLC 5508 SW 7.0.98
3. NGS
The i-devices have iOS v4.2
My goal is to have the guest user i-devices maintain the credentials (username and password) when they login again to the wireless network. Like if the device sleep, I think definitely they would loose those IP address issued by the DHCP. Once the guest user uses them again and connect them to the wireless network the user would not need to type-in those credentials on the Web Authentication page directed by the WLC.
The credentials are issued by the sponsor who created them on the NGS. It seems that there are WiFi problems with these i-devices. But somehow, I'm looking for a solution that would automated the logins like a checkbox if you want to be kept signed in, on Yahoo or Stay signed in for GMail.
View 6 Replies
View Related
Aug 17, 2012
The original network had a Zylex router, Netgear Switch. There was 2 pc's, one XP and Win 7. There is also 3 tills connected too. There is VPN network connected too. This emits a wireless signal to connect to a scanning gun and is also used to administrate the entire network. I was told by the Administrator of that network that it shouldn't interfere with the wifi network.
The job I was requested to do was to install 3 new wall plates as the Win 7 pc was using a Belkin wireless adapter. There was 2 put inside the office where the XP and Win7 pc's are located. The 3rd was just outside the office.
Now all the ethernet connections work 100%. The wifi is another story though. It will show up in the connect too, when you try connect it will disappear/no response from AP/connect then disappear, these are random too. No order to when each is error is displayed. Even when I put in another router the exact same issues happen.
I have tried to connect to both routers wifi when it wasn't plugged into the switch. Just the router's turned on with no cables plugged in separately of course, no joy same issue with both.
View 2 Replies
View Related
Sep 17, 2008
I got a WLC4404 running software version 5.1.151.0 with 40 LWAPPs (mostly 1242AG). We got new Dell Latitude E6500 Laptops with Intel 5100 NICs. After upgrading the bios to the latest version and installing the latest wlan driver, wireless is working the most time.After about 4 reboots I see the following message in the WLCs logfile: "Thu Sep 18 13:53:10 2008 AAA Authentication Failure for UserName:host/hostname.domain.name User Type: WLAN USER".After I disable the wlan-card, it's working again.
View 7 Replies
View Related
Oct 25, 2011
I use PIX 8.0(4) and ACS 4.2 for VPN authentication. I got error as below even I'm able to ping to ACS server from PIX
RADIUS_SENT erver response timeout
RADIUS_DELETE
ERROR: Authentication Server not responding: No error
I tested aaa command from PIX and check configure on ACS (key and IP address) include restart ACS. The output still timeout and not responding from server.
PIX config:
=========
aaa-server AAA-VPN protocol radius
aaa-server AAA-VPN (MANAGEMENT) host 172.20.0.9
key xxxxxxx
tunnel-group CGS-DR type remote-access
tunnel-group CGS-DR general-attributes
address-pool VPN-POOL
authentication-server-group AAA-VPN LOCAL
default-group-policy GR-CGS
View 2 Replies
View Related
Mar 14, 2012
i received the below output,how to start a troubleshooting? the aaa server is cisco ACS 5.3
ERROR: Authentication Rejected: Unspecified.
View 1 Replies
View Related
Dec 30, 2012
I cannot connect to home WiFi while all other devices connected. Getthing "Authentication Error"
View 2 Replies
View Related
Jul 7, 2012
When I try to log-in to my D-Link DIR-835 Router using IE9, I get an 'Authentication Failed' error. FireFox & Chrome work just fine. what I need to change or fix in IE9 so it will also log-in to my router?
View 13 Replies
View Related
Sep 15, 2012
The original network had a Zylex router, Netgear Switch. There was 2 pc's, one XP and Win 7. There is also 3 tills connected too.There is VPN network connected too. This emits a wireless signal to connect to a scanning gun and is also used to administrate the entire network. I was told by the Administrator of that network that it shouldn't interfere with the wifi network.The job I was requested to do was to install 3 new wall plates as the Win 7 pc was using a Belkin wireless adapter. There was 2 put inside the office where the XP and Win7 pc's are located. The 3rd was just outside the office.Now all the ethernet connections work 100%. The wifi is another story though. It will show up in the connect too, when you try connect it will disappear/no response from AP/connect then disappear, these are random too. No order to when each is error is displayed. Even when I put in another router the exact same issues happen.I have tried to connect to both routers wifi when it wasn't plugged into the switch. Just the router's turned on with no cables plugged in separately of course, no joy same issue with both.
View 2 Replies
View Related
Dec 19, 2012
When I get the web authentication dialog from 1.1.1.1 it starts of with a certificate error. Is there a way to prevent this certificate error while using the self signed certificate? I have not been successful installing certificates on my WLC - problems with OpenSSL and others. Want to get this deployed but don't want users to have to encouter that error.
View 1 Replies
View Related
Aug 24, 2011
I'm getting a content encoding error whenever I try to go to any site. Sometimes i dont get the error instead it's just code or all the images are scrambled or saturated in red or just random colors. I can access secure (https) sites without any problem at all. I attempted to try again after disabling my firewall but still get the same problems. I tried using Internet explorer and firefox and the problem is identical for both. I am runnin this on a desktop with xp.
I have tried using my laptop running vista and connected wirelessly and get the same issue. I attempted to watch a movie on netflex instant watch through my playstation 3 Netflix app and the picture is distorted and oddly color and will not play the movie.
I reset my router and called my ISP. They are having techs do maintainance in my area but I am not sure if that is what's causing the issue. I spoke with a tech who told me that my modem was in time out and he could not reset it. When untold him I'm not having connectivity problems he said he would notify someone in another department and send a tech out.
Also to add the last time my internet worked I saw that there was windows updates ready for install. I shut down my computer and went to work came back and the issue started as soon as I turned on my pc. Also the basic windows malware scan picked up a virus (win32. Alureon(sp?)) I used the malware removal tool to partially remove it and attempted to run malware bytes to check for it again. I updated the definition then received an error when I tried to run it. I attempted to reinstall malware bytes and receive an error everytime I open the installer. I had full scanned my computer with malware bytes and spybot about a week ago and it was clean.
View 2 Replies
View Related
May 12, 2013
I just got a Samsung Galaxy S4. As I have always done with all of my devices that connect wirelessly, I went into the D-Link software and added my phone's MAC address to the network filter list. The security settings are WPA/WPA2. When I try to connect, the phone is able to see my Wi-Fi network, and it asks for my password, which I enter. It keeps trying to connect, but then it says an "authentication error occurred." I have checked and triple-checked the password, and it is correct. I have also checked and triple-checked the MAC address, and it is correct. I have rebooted the router and the phone several times each.
View 1 Replies
View Related
Jul 22, 2012
I have have a XPS L502X. I decided to make a clean installation based on Windows 7 Ultimate.My problem is when I instal the driver for the "Dell Wireless HSPA 5540" it fails with then warning:
"Authentication failed. The .... driver cannot be installed on this computer...."
How to install driver for this ?
View 13 Replies
View Related
Nov 6, 2011
I'm trying to set up a 5505 (running 8.3) so that i can use the client vpn through RADIUS authentication.I have set up a new local RAIDUS windows box and used the ASDM asistant and a few other guides to setup the 5505.
View 3 Replies
View Related
Dec 5, 2012
I have one Fortigate 200B Fire wall, which is using for wifi internet. i had configured one login page in the fourtigate .The path following below system > config > replacement message > authentication > login page.
it was working earlier. suddenly its not working. when i checked this path, that login page message colum was blanked. when i trying to put the message again its not pasting and am unble to type the message also.
View 3 Replies
View Related
