Appendix A Troubleshooting Information for Cisco Secure ACS
Dial-in Connection Issues
A-8
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
A dial-in user is
unable to connect to
the AAA client.
The CiscoSecure
user database is
being used for
authentication.
A record of a failed
attempt is displayed
in the Failed
Attempts Report (in
the Reports &
Activity section,
click Failed
Attempts).
From within Cisco Secure ACS confirm the following:
•
The username has been entered into Cisco Secure ACS.
•
CiscoSecure user database is selected on the Password Authentication list
and a password has been entered in User Setup for the user.
•
The Cisco Secure ACS group to which the user is assigned has the correct
authorization enabled (such as IP/PPP, IPX/PPP or Exec/Telnet). Be sure to
click Restart if a change has been made.
•
Expiration information has not caused failed authentication. Set to
Expiration: Never for troubleshooting.
A dial-in user is
unable to connect to
the AAA client;
however, a Telnet
connection can be
authenticated across
the LAN.
This isolates the problem to one of three areas:
•
Line/modem configuration problem. Review the documentation that came
with your modem and verify that the modem is properly configured.
•
The user is not assigned to a group that has the correct authorization rights.
Authorization rights can be modified under Group Setup or User Setup.
User settings override group settings.
•
The Cisco Secure ACS or or RADIUS configuration is not
correct in the AAA client. The necessary commands are listed in the
following:
Program Files\CiscoSecure ACS vx.x\TacConfig.txt
Program Files\CiscoSecure ACS vx.x\RadConfig.txt
Program Files\CiscoSecure ACS vx.x\README.TXT
You can additionally verify Cisco Secure ACS connectivity as follows:
•
Telnet to the access server from a workstation connected to the LAN.
•
A successful authentication for Telnet confirms that Cisco Secure ACS is
working with the AAA client.
Condition
Recovery Action