Appendix A
Troubleshooting Information for Cisco Secure ACS
Condition
User can authenticate but authorizations are
different from expected.
User cannot log in.
Authentication fails.
78-14696-01, Version 3.1
Recovery Action
Different vendors use different AV pairs. AV pairs
not used in one vendor protocol are ignored by
another vendor protocol.
Make sure the user settings reflect the correct
vendor protocol; for example, Cisco RADIUS.
Re-enable the user account or reset the failed
attempts counter.
The retry interval is too short. (The default is 5
seconds.) Increase the retry interval
(tacacs-server timeout 20) on the AAA client to
20 or greater.
Check the Failed Attempts report.
User Guide for Cisco Secure ACS for Windows Server
User Authentication Issues
A-15