topic Re: ACS 3.3 using Windows AD Database in Network Access Control

ACS 3.3 using Windows AD Database

rman — Sun, 10 Mar 2019 21:20:41 GMT

Hi,

I installed ACS3.3 on windows 2003 standard server and it joins Windows 2000 Active Directory. It works normally when it is using Cisco Secure Database. However, it can't authenticate users located in windows 2000 AD. Is my combination supported by Cisco ACS ? Any additional function I need to configure?

Besides, I checked with Document that NTLMv2 is not supported in Domain Authentication. NTLM version is determined by the Domain Controller or the Member Server (i.e. The ACS server)?

Thanks a lot!

Quote:

Verify that the NT LAN Manager (NTLM) version used is version 1. In the applicable Windows security policy editor, access Local Policies > Security Options, and locate the LAN Manager Authentication Level policy and set the policy to Send LM & NTLM responses. Other settings involve the use of NTLM v2, which Cisco Secure ACS does not support.

Re: ACS 3.3 using Windows AD Database

Darthkim_2 — Wed, 19 Oct 2005 00:45:36 GMT

Sup dude,

How did you want to authenticate users from AD?

Yes it is possible to authenticate users from Active Directory. It just depends on how. You set the Active Directory as a external database. I currently use mine for 802.1x authentication.

Regarding NTLM authentication, the domain controller should dumb down to at least NTLM v1. This depends on the Group Policies defined for your domain.

Re: ACS 3.3 using Windows AD Database

a.kiprawih — Fri, 21 Oct 2005 12:22:07 GMT

Hi,

Just a quick check. Have you point the AD into your 'unknown user policy'? You need to do this in your ACS.

I assumed you have already done this:

- set user database in ACS to external database

- join your ACS server to your domain.

Rgds,