https://community.cisco.com/t5/network-access-control/acs-5-3-local-user-authentication/m-p/2124811#M147087 <P>I want to have a local user in ACS that is permitted to login to routers. I have TACACS with AD already working but cannot get a local user to work. I used to do this in ACS 4.x.</P><UL><LI>I created a user in the internal identity store.<BR /></LI><LI>I tried configuring a policy to allow this users TACACS authentication multiple ways to no avail.<BR /></LI></UL><P></P><P>I cannot find a config example doc and cannot figure it out from the user guide as the documention is sorely lacking.</P> Mon, 11 Mar 2019 02:46:50 GMT Vin Daniell 2019-03-11T02:46:50Z https://community.cisco.com/t5/network-access-control/acs-5-3-local-user-authentication/m-p/2124811#M147087 <P>I want to have a local user in ACS that is permitted to login to routers. I have TACACS with AD already working but cannot get a local user to work. I used to do this in ACS 4.x.</P><UL><LI>I created a user in the internal identity store.<BR /></LI><LI>I tried configuring a policy to allow this users TACACS authentication multiple ways to no avail.<BR /></LI></UL><P></P><P>I cannot find a config example doc and cannot figure it out from the user guide as the documention is sorely lacking.</P> Mon, 11 Mar 2019 02:46:50 GMT https://community.cisco.com/t5/network-access-control/acs-5-3-local-user-authentication/m-p/2124811#M147087 Vin Daniell 2019-03-11T02:46:50Z https://community.cisco.com/t5/network-access-control/acs-5-3-local-user-authentication/m-p/2124812#M147089 <HTML><HEAD></HEAD><BODY><P>Hi Vin,</P><P></P><P>What's happening in your scenario is that you have your Access Policy/Identity using only AD1, this will force the ACS to check only in the Active Directory database.</P><P></P><P>If you want to use both databases you need to create an Identity Store Sequence, this is done under "Users and Identity Stores/<A target="_self">External Identity Stores/</A><A target="_self">Identity Store Sequences"</A><BR /></P><P></P><P>In this section you need to define both databases like the example below:</P><P></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/7/7/7/112777-IS.JPG" class="jive-image" /></P><P></P><P>Then you need to use this option under Identity. Check below:</P><P></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/1/8/7/112781-IS2.JPG" class="jive-image" /></P><P></P><P>Let me know if it helps.</P></BODY></HTML> Tue, 13 Nov 2012 20:32:36 GMT https://community.cisco.com/t5/network-access-control/acs-5-3-local-user-authentication/m-p/2124812#M147089 mauzamor 2012-11-13T20:32:36Z https://community.cisco.com/t5/network-access-control/acs-5-3-local-user-authentication/m-p/2124813#M147095 <HTML><HEAD></HEAD><BODY><P>That did not seem to work. Here's what I have. </P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/2/9/7/112792-pic1.jpg" class="jive-image" /><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/3/9/7/112793-pic2.jpg" class="jive-image" /><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/4/9/7/112794-pic3.jpg" class="jive-image" /><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/5/9/7/112795-pic4.jpg" class="jive-image" /></P></BODY></HTML> Tue, 13 Nov 2012 20:50:15 GMT https://community.cisco.com/t5/network-access-control/acs-5-3-local-user-authentication/m-p/2124813#M147095 Vin Daniell 2012-11-13T20:50:15Z https://community.cisco.com/t5/network-access-control/acs-5-3-local-user-authentication/m-p/2124814#M147097 <HTML><HEAD></HEAD><BODY><P> Oh and here's the error I'm getting.</P><P></P><P></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/7/9/7/112797-pic5.jpg" class="jive-image" /></P></BODY></HTML> Tue, 13 Nov 2012 20:52:00 GMT https://community.cisco.com/t5/network-access-control/acs-5-3-local-user-authentication/m-p/2124814#M147097 Vin Daniell 2012-11-13T20:52:00Z https://community.cisco.com/t5/network-access-control/acs-5-3-local-user-authentication/m-p/2124815#M147099 <HTML><HEAD></HEAD><BODY><P> Ok... it seems to be working now. I set the identity source to "internal users" then back to "TACACS+ search sequence" and now it's working.</P><P></P><P>Thanks!</P></BODY></HTML> Tue, 13 Nov 2012 20:55:29 GMT https://community.cisco.com/t5/network-access-control/acs-5-3-local-user-authentication/m-p/2124815#M147099 Vin Daniell 2012-11-13T20:55:29Z https://community.cisco.com/t5/network-access-control/acs-5-3-local-user-authentication/m-p/2124816#M147101 <HTML><HEAD></HEAD><BODY><P>Glad to know it's working now. Usually we use Internal Users first as the ACS database is smaller than the Active Directory.</P><P></P><P>Rate if it helps.</P></BODY></HTML> Tue, 13 Nov 2012 20:59:08 GMT https://community.cisco.com/t5/network-access-control/acs-5-3-local-user-authentication/m-p/2124816#M147101 mauzamor 2012-11-13T20:59:08Z