Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

A dial-in user is unable to logon domain

Cisco Router, Firewall, VPN, SDM, ASA and Switch
Post a reply

A dial-in user is unable to logon domain

Postby guest » Mon Feb 09, 2009 10:50 am

1. Running debug aaa authentication on the AAA client to troubleshoot it.
2. Double check the configurations of the AAA client or Cisco Secure ACS.
3. Check the Failed Attamts' report.

When running debug aaa authentication and debug aaa authorization on the AAA client, a PASS is returned for authentication, but a FAIL is returned for authorization.
This problem occurs because authorization rights are not correctly assigned.

From Cisco Secure ACS User Setup, confirm that the user is assigned to a group that has the correct authorization rights. Authorization rights can be modified under Group Setup or User Setup. User settings override group settings.

If a specific attribute for TACACS+ or RADIUS is not displayed within the Group Setup section, this might indicate it has not been enabled in Interface Configuration: TACACS+ (Cisco IOS) or RADIUS.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9024
Joined: Mon Nov 27, 2006 1:10 pm
Top
Post a reply

Return to Cisco

Your Ad Here

Who is online

Users browsing this forum: No registered users and 3 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group