https://community.cisco.com/t5/network-access-control/ad-authentication-for-client-vpn/m-p/1876594#M227545 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply. Better i will go with ACS with AD. I can have better authorization features with TACACS...</P><P>I will do this and let you know.....</P><P></P><P></P><P></P><P></P><P>Thanks&amp;Regards,</P><P></P><P>Vamsi Pinnaka</P><P>Bangalore</P></BODY></HTML> Tue, 27 Dec 2011 13:05:22 GMT Vamsi Pinnaka 2011-12-27T13:05:22Z https://community.cisco.com/t5/network-access-control/ad-authentication-for-client-vpn/m-p/1876592#M227516 <P>Hi,</P><P></P><P>I am using Cisco 1812 as EZVPN server. I want to use Active directory for VPN user authentication. I am trying from couple of days but no success.</P><P>With ASA, i am able to authenticate against AD, but not with IOS router. Below are my configurations</P><P></P><P>aaa authentication login AD krb5</P><P></P><P>kerberos local-realm THECCIEGROUP.LOCAL</P><P>kerberos realm thecciegroup.local THECCIEGROUP.LOCAL</P><P>kerberos realm .thecciegroup.local THECCIEGROUP.LOCAL</P><P>kerberos server THECCIEGROUP.LOCAL 10.10.102.2</P><P>kerberos preauth encrypted-kerberos-timestamp</P><P>kerberos credentials forward</P><P></P><P>If kerberos authentication is not possible, I would like to know the possibility of using AD as ACS external database. I am running both AD and ACS in the same server. If i can integrate AD with ACS, i can use TACACS or RADIUS for the authentication.</P><P></P><P></P><P></P><P>Thanks&amp;Regards,</P><P></P><P>Vamsi Pinnaka</P><P>Bangalore.</P> Mon, 11 Mar 2019 01:39:48 GMT https://community.cisco.com/t5/network-access-control/ad-authentication-for-client-vpn/m-p/1876592#M227516 Vamsi Pinnaka 2019-03-11T01:39:48Z https://community.cisco.com/t5/network-access-control/ad-authentication-for-client-vpn/m-p/1876593#M227530 <HTML><HEAD></HEAD><BODY><P>I can answer from the ACS side.</P><P>Yes you can integrate ACS with AD and then the switch uses ACS like a radius server. ACS checks AD through kerberos in the backend, transparently.</P><P></P><P>If you have ACS 4.x running on a Windows PC being a member server of the domain, the integration is automatically done actually.</P></BODY></HTML> Tue, 27 Dec 2011 12:47:53 GMT https://community.cisco.com/t5/network-access-control/ad-authentication-for-client-vpn/m-p/1876593#M227530 Nicolas Darchis 2011-12-27T12:47:53Z https://community.cisco.com/t5/network-access-control/ad-authentication-for-client-vpn/m-p/1876594#M227545 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply. Better i will go with ACS with AD. I can have better authorization features with TACACS...</P><P>I will do this and let you know.....</P><P></P><P></P><P></P><P></P><P>Thanks&amp;Regards,</P><P></P><P>Vamsi Pinnaka</P><P>Bangalore</P></BODY></HTML> Tue, 27 Dec 2011 13:05:22 GMT https://community.cisco.com/t5/network-access-control/ad-authentication-for-client-vpn/m-p/1876594#M227545 Vamsi Pinnaka 2011-12-27T13:05:22Z https://community.cisco.com/t5/network-access-control/ad-authentication-for-client-vpn/m-p/1876595#M227571 <HTML><HEAD></HEAD><BODY><P>Working perfectly..... Successfully integrated AD with ACS external database..</P><P></P><P></P><P></P><P></P><P></P><P></P><P>Thanks&amp;Regards</P><P></P><P>Vamsi Pinnaka</P><P>Bangalore</P></BODY></HTML> Thu, 29 Dec 2011 06:04:19 GMT https://community.cisco.com/t5/network-access-control/ad-authentication-for-client-vpn/m-p/1876595#M227571 Vamsi Pinnaka 2011-12-29T06:04:19Z