Hey fellas,
I'm setting up a new pair of ACS servers, both are Windows 2000 domain
member servers. Both have Cisco Secure ACS 3.1 installed on them. Both
are configured identically in regards to their user database, that is
to say both are configured to use the Windows Active directory for
unknown users and I have no users manually configured. That makes
everyone an unknown user until they log in to one of the ACS servers.
First off, it is my understanding that the ACS database replication is
not adaptive, it doesn't import and export new entries into other
servers via the replication process but rather is dumps or accepts an
entire database wiping out whatever it may have known on it's own if
it is on the receiving end. At the moment I have ACS1 configured to
replicate to ACS2, which means ACS2 is slave to ACS1 and that any
changes made to ACS2 would be wiped out when ACS1 replicated to it.
Does that sound correct? I'm not sure I like it but I do want to make
sure I'm understanding it correctly.
Second...ACS2 is not authenticating users, ACS1 works great, but ACS2
does not. I get the following error;
11/06/2003 11:11:23 Authen failed <username> Default Group 0.0.0.0
Unknown .. .. 0 <NASIP>
It's verty strange and I need to double check each item but I believe
they are configured correctly and the same (each server) to talk to
the domain user database.
Last, I understand there is an upgrade to 3.2? Is that any good?
