Dial-in Connection Issues
Dial-in Connection Issues
Condition
A dial-in user cannot
connect to the AAA
client.
No record of the
attempt appears in
either the TACACS+
or RADIUS
Accounting Report
(in the Reports &
Activity section,
click TACACS+
Accounting or
RADIUS
Accounting or
Failed Attempts).
User Guide for Cisco Secure ACS for Windows Server
A-6
Recovery Action
Examine the Cisco Secure ACS Reports or AAA client Debug output to narrow
the problem to a system error or a user error. Confirm the following:
•
The dial-in user was able to establish a connection and ping the
Windows 2000 server before Cisco Secure ACS was installed. If the dial-in
user could not, the problem is related to a AAA client/modem
configuration, not Cisco Secure ACS.
•
LAN connections for both the AAA client and the Windows 2000 server
supporting Cisco Secure ACS are physically connected.
•
IP address of the AAA client in the Cisco Secure ACS configuration is
correct.
•
IP address of Cisco Secure ACS in AAA client configuration is correct.
TACACS+ or RADIUS key in both AAA client and Cisco Secure ACS are
•
identical (case sensitive).
The command ppp authentication pap is entered for each interface, if the
•
Windows NT/2000 user database is being used.
The command ppp authentication chap pap is entered for each interface,
•
if the Cisco Secure ACS database is being used.
•
The AAA and TACACS+ or RADIUS commands are correct in the AAA
client. The necessary commands are listed in the following:
Program Files\CiscoSecure ACS vx.x\TacConfig.txt
Program Files\CiscoSecure ACS vx.x\RadConfig.txt
The Cisco Secure ACS Services are running (CSAdmin, CSAuth,
•
CSDBSync CSLog, CSRadius, CSTacacs) on the Windows 2000 server.
Appendix A
Troubleshooting Information for Cisco Secure ACS
.
78-14696-01, Version 3.1