No, the shared secret is correct, otherwise the ACS would show that as being the error and wouldn't be trying to authenticate the user against the windows AD. I thought this might have been the issue until I purposely used the wrong secret and there were different error's. On 2/15/06, Alan DeKok <aland@ox.org> wrote:
Tom <tjonesjr@gmail.com> wrote:
I have compiled pam_radius and it appears to be working as intended, however Cisco ACS reports "External DB User Invalid or bad password" anytime I try to use the same credentials that properly authenticate with ACS's tacacs on a linux or freebsd server. The username shows up properly on the ACS server, so I am assuming that the NAS is sending the proper username, but it appears that the password is not being sent correctly. I know the ACS server is trying to authenticate against AD because after so many tries the account get's locked out.
Is it a shared secret problem?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Thomas Jones Jr.