User authentication issues – Cisco 3.3 User Manual

Appendix A Troubleshooting

User Authentication Issues

A-20

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

User Authentication Issues

Condition

Recovery Action

After the administrator disables the Dialin
Permission setting, Windows database users can
still dial in and apply the Callback string
configured under the Windows user database.
(You can locate the Dialin Permission check box
by clicking External User Databases, clicking
Database Configuration, clicking Windows
Database, and clicking Configure.)

Restart Cisco Secure ACS services. For steps, see

Stopping, Starting, or Restarting Services,
page 8-2

.

User did not inherit settings from new group.

Users moved to a new group inherit new group
settings but they keep their existing user settings.
Manually change the settings in the User Setup
section.

Authentication fails.

Check the Failed Attempts report.

The retry interval may be too short. (The default is
5 seconds.) Increase the retry interval
(tacacs-server timeout 20) on the AAA client to
20 or greater.

The AAA client times out when authenticating
against a Windows user database.

Increase the TACACS+/RADIUS timeout interval
from the default, 5, to 20. Set the Cisco IOS
command as follows:

tacacs-server timeout 20
radius-server timeout 20