https://community.cisco.com/t5/network-access-control/active-directory-acs-remote-agent/m-p/126132#M436078 <P>I have an ACS appliance (3.2). I understand that I need to use an ACS remote agent, preferably installed on a Domain controller, to do Windows authentication. My question is: If I'm using Active Directory, can I not just use External User databases and configure Generic LDAP with appropriate settings to access Active Directory?? Then I wouldn't need a remote agent?? Or do I have to use External User databases and configure Windows Databases (which means using an external remote agent?? Or Can I choose either method?? Its confusing as Active Direcory also cann support pre-2000 windows domains, and i don't know which method of external User Databse mapping to use.</P> Sun, 10 Mar 2019 14:26:06 GMT rcullum 2019-03-10T14:26:06Z https://community.cisco.com/t5/network-access-control/active-directory-acs-remote-agent/m-p/126132#M436078 <P>I have an ACS appliance (3.2). I understand that I need to use an ACS remote agent, preferably installed on a Domain controller, to do Windows authentication. My question is: If I'm using Active Directory, can I not just use External User databases and configure Generic LDAP with appropriate settings to access Active Directory?? Then I wouldn't need a remote agent?? Or do I have to use External User databases and configure Windows Databases (which means using an external remote agent?? Or Can I choose either method?? Its confusing as Active Direcory also cann support pre-2000 windows domains, and i don't know which method of external User Databse mapping to use.</P> Sun, 10 Mar 2019 14:26:06 GMT https://community.cisco.com/t5/network-access-control/active-directory-acs-remote-agent/m-p/126132#M436078 rcullum 2019-03-10T14:26:06Z https://community.cisco.com/t5/network-access-control/active-directory-acs-remote-agent/m-p/126133#M436079 <HTML><HEAD></HEAD><BODY><P>With 3.2 you can authenticate directly to a Windows AD database (<A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/win32sdt.htm#95081" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/win32sdt.htm#95081</A>). Just use External User Databases - Windows Database and you should be good to go.</P></BODY></HTML> Thu, 07 Aug 2003 05:04:03 GMT https://community.cisco.com/t5/network-access-control/active-directory-acs-remote-agent/m-p/126133#M436079 gfullage 2003-08-07T05:04:03Z https://community.cisco.com/t5/network-access-control/active-directory-acs-remote-agent/m-p/126134#M436080 <HTML><HEAD></HEAD><BODY><P>But I'm using an ACS 3.2 appliance, which cannot authenticate directly to External User Databases -Windows Databases without the use of the ACS remote agent. So my question still stands. Can I use External User Databases -Generic LDAP mappings to authenticate Active Directory users without the use of the remote agent or do I have to use External User Databases - Windows Database method??</P></BODY></HTML> Thu, 07 Aug 2003 06:38:00 GMT https://community.cisco.com/t5/network-access-control/active-directory-acs-remote-agent/m-p/126134#M436080 rcullum 2003-08-07T06:38:00Z https://community.cisco.com/t5/network-access-control/active-directory-acs-remote-agent/m-p/126135#M436081 <HTML><HEAD></HEAD><BODY><P>My apologies, missed the "appliance" word in your original post.</P><P></P><P>You could probably use this either way I would imagine, although we'd suggest using a Remote Agent with the Windows DB. If you do go down this path make sure of your security permissions (<A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#642394" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#642394</A>)</P><P></P><P>I've had users use the LDAP database with Windows Ad before and it works fine, the only difference (IIRC)is you don't get all the Windows group mappings with this method, but for just user authentication it should work fine.</P></BODY></HTML> Thu, 07 Aug 2003 23:02:47 GMT https://community.cisco.com/t5/network-access-control/active-directory-acs-remote-agent/m-p/126135#M436081 gfullage 2003-08-07T23:02:47Z https://community.cisco.com/t5/network-access-control/active-directory-acs-remote-agent/m-p/126136#M436082 <HTML><HEAD></HEAD><BODY><P>If you use the LDAP database aren't you unable to use LEAP for authentication?</P></BODY></HTML> Wed, 10 Dec 2003 20:11:24 GMT https://community.cisco.com/t5/network-access-control/active-directory-acs-remote-agent/m-p/126136#M436082 pallette 2003-12-10T20:11:24Z