Cisco Acs 5.2 Clock Skew Error
Contents |
Secure Access Control SystemConfigureConfiguration Examples and TechNotes ACS 5.x: Cisco ACS Synchronization with NTP Server Configuration Example Download Print Available Languages Download Options PDF (10.4 KB) View with Adobe Reader on a variety of devices Updated:Jun 15, 2012 cisco acs 5.2 configuration guide Contents Introduction Prerequisites Requirements Components Used Conventions Configure NTP Configuration on Cisco ACS Verify cisco acs 5.2 default username password Troubleshoot Problem: Clock drifts too much and NTP fails when ACS is installed on a VMWare machine Solution NTP Synchronization lost after the cisco acs 5.2 download interface IP address of ACS is changed Solution Related Information Introduction Network Time Protocol (NTP) is a protocol used in order to synchronize the clocks of different network entities. It uses UDP/123. The main objective to use cisco acs 5.2 end of life this protocol is to avoid the effects of variable latency over the data networks. This document provides a sample configuration for the Cisco ACS to synchronize its clock with NTP server. ACS 5.x is allowed to configure up to two NTP servers. Prerequisites Requirements There are no specific requirements for this document. Components Used The information in this document is based on these software and hardware versions: Cisco Secure ACS Version 5.x The information in
Cisco Acs Timezone
this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Conventions Refer to the Cisco Technical Tips Conventions for more information on document conventions. Configure In this section, you are presented with the information to configure the features described in this document. Note:Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section. NTP Configuration on Cisco ACS In order to synchronize the time of Cisco ACS with an NTP server, complete these steps: Manually configure the date and time with the clock set
for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Ask a Question Ask for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get
Cisco Acs Ntp Setup
Help Expand Search Submit Close Search Login Join Today Products BackProducts Gigs Live Careers cisco acs cli default password Vendor Services Groups Website Testing Store Headlines Experts Exchange > Questions > Cisco ACS server clock skew error Want to Advertise Here? cisco acs restart services Solved Cisco ACS server clock skew error Posted on 2011-10-05 Network Operations 1 Verified Solution 4 Comments 3,382 Views Last Modified: 2012-05-12 Hello all, i have a Cisco ACS server configured in a virtual environment http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113579-acs-ntp-vmware-00.html - V-Sphere. The ACS is used for authenticating wireless and VPN users RADIUS. Also it is used for for authenticating netork admins logging in to routers and switches etc... TACACS is used for this. The ACS talks to Active directory to authenticate the users. Every so often, maybe every 3 months, people are not able to authenticate. I log on to the ACS GUI page, and perform a connectivity test to https://www.experts-exchange.com/questions/27381023/Cisco-ACS-server-clock-skew-error.html AD. It fails and says there is a clock skew error. i then have to manually SSH to the ACS, change the clock and then restart. the funny thing here is, the clock on ACS has to be 1hour and 10 minutes behind the domain controller for the link between ACS and AD to be successfull. If i set the correct time on the ACS then the connection actually fails - clock skew error. does anybody know a fix for this? maybe someone has seen this before? its even more frustrating because, even though all my NAS devices such as wireless access points, VPN concentrator etc... are configured to use an alternative server for user authentication, this other server is never attempted becase the wireless access point for instance can still see the ACS. Therefore the secondary authentication server is never attempted, and the user just fails authentication based on the clock skew error. a quick fix is to power off the ACS, and then the secondary auth server is used. But this is obviously just a workaround and would prefer a better solution. thanks in advance. 0 Question by:L-Plate Facebook Twitter LinkedIn Google LVL 14 Best Solution byanoopkmr you may need to configure NTP.. this what i found in the cisco
I see in my 5508 that it shows I'm not connected to AD. I test the connection and receive (clock skew error). https://community.spiceworks.com/topic/579625-cisco-acs-clock-skew-error I can see that my WLAN and ACS times are within 7 seconds apart. My DC time is 5 mins faster thought. I haven't had any issues like this in the past 2 years. Anyone seen this issue and have a way to resolve it? Reply Subscribe   2 Replies Thai Pepper OP stevemoores Sep 9, 2014 at 2:58 UTC Multiple computers cisco acs will never keep good time, they will always drift over time. Even your electronic wrist watch will gain or lose a few seconds a day (and the clocks in computers are no better, usually much worse). Consider syncing everything with NTP. See: http://www.pool.ntp.org/en/ 0 Jalapeno OP Nick Koiter Sep 9, 2014 at 3:29 UTC Synch your network, frank5898 wrote: I see in my 5508 cisco acs 5.2 that it shows I'm not connected to AD. I test the connection and receive (clock skew error). I can see that my WLAN and ACS times are within 7 seconds apart. My DC time is 5 mins faster thought. I haven't had any issues like this in the past 2 years. Anyone seen this issue and have a way to resolve it? If your 5508 can get to external, then sync from external. You don't have to specify the source interface, but I prefer to do so. Then choose your 3+ time sources (internal or external): ntp source GigabitEthernet0/0ntp master 2ntp server 64.250.229.100ntp server 128.138.140.44ntp server 132.246.11.229 prefer Typically, you should have a specific NTP server on your network or use your gateway router to update externally from NTP pool. http://support.ntp.org/bin/view/Servers/NTPPoolServers Point your DC to update from that router and use your Windows W32tm with DOMHIER, built-in services to update your network. 0 This discussion has been inactive for over a year. You may get a better answer to your question by starting a new discussion. Text Quote Post |Replace Attachment Add link Text to display: Where should this link go? Add Cancel × Insert c