Table of Contents
Advertisement
Debug Issues
Debug Issues
Condition
When you run debug aaa
authentication on the AAA
client, Cisco Secure ACS returns
a failure message.
When you run debug aaa
authentication and debug aaa
authorization on the AAA
client, Cisco Secure ACS returns
a
for authentication, but
PASS
returns a
for authorization.
FAIL
User Guide for Cisco Secure ACS for Windows Server
A-14
Recovery Action
The configurations of the AAA client or Cisco Secure ACS are
likely to be at fault.
From within Cisco Secure ACS confirm the following:
Cisco Secure ACS is receiving the request. This can be done by
viewing the Cisco Secure ACS reports. What does or does not
appear in the reports may provide indications that your
Cisco Secure ACS is misconfigured.
From the AAA client, confirm the following:
The command ppp authentication pap is entered for each
•
interface if authentication against the Windows user database is
being used.
The command ppp authentication chap pap is entered for
•
each interface if authentication against the CiscoSecure user
database is being used.
The AAA and TACACS+ or RADIUS configuration is correct
•
in the AAA client.
This problem occurs because authorization rights are not correctly
assigned.
Examine the following:
•
Check failed attempts reports under Reports and Activities to
see if any services/protocols are being denied for the user.
•
From User Setup, confirm that the user is assigned to a group
that has the correct authorization rights. Authorization rights
can be modified under Group Setup or User Setup. User settings
override group settings.
If a specific attribute for TACACS+ or RADIUS is not
•
displayed within the Group Setup section, this may indicate that
it has not been enabled in Interface Configuration: TACACS+
(Cisco IOS) or RADIUS.
Appendix A
Troubleshooting
78-16592-01
Advertisement
Table of Contents
Troubleshooting
