https://community.cisco.com/t5/network-access-control/acs3-1-nds-external-database/m-p/119207#M437931 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Unfortunately, if thats the case, it will not work. In the case, of NT domain you have the option to allow/disallow user authentication when you create the user in NT domain database. In the case of the NDS, there is no such option to the best of my knowledge. Sorry !</P><P></P><P>Regards,</P><P></P><P>Mynul</P></BODY></HTML> Thu, 03 Jul 2003 17:28:46 GMT mhoda 2003-07-03T17:28:46Z https://community.cisco.com/t5/network-access-control/acs3-1-nds-external-database/m-p/119202#M437920 <P>We purchased ACS3.1 and will like to use NDS as the external database for authenticating dialing-users. This configuration is working fine, but now how can I restrict a specific dialing-users from authenticating to NDS. </P><P></P><P></P> Sun, 10 Mar 2019 14:23:20 GMT https://community.cisco.com/t5/network-access-control/acs3-1-nds-external-database/m-p/119202#M437920 ovillaci 2019-03-10T14:23:20Z https://community.cisco.com/t5/network-access-control/acs3-1-nds-external-database/m-p/119203#M437923 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>On ACS you need to configure NAR (Network Access Restrictions). Here is the procedure -</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102174.html#536615" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102174.html#536615</A></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102173.html#224846" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080102173.html#224846</A></P><P></P><P>Thanks,</P><P></P><P>Mynul</P><P></P></BODY></HTML> Wed, 02 Jul 2003 19:57:52 GMT https://community.cisco.com/t5/network-access-control/acs3-1-nds-external-database/m-p/119203#M437923 mhoda 2003-07-02T19:57:52Z https://community.cisco.com/t5/network-access-control/acs3-1-nds-external-database/m-p/119204#M437925 <HTML><HEAD></HEAD><BODY><P>Mynul, </P><P></P><P>What I meant is how can I resrict dialing-users/remote-users/vpn-users to authenticate to NDS. Below are three scenarios that we have in production and we are planning to migrate to ACS. At this time authentication is being done using each device's local database. </P><P></P><P>vpn users----&gt;VPN3000---&gt;ACS3.1---&gt;NDS(external database)</P><P>dialing-users--&gt;Shiva----&gt;VPN3000---&gt;ACS3.1---&gt;NDS(external database)</P><P>pptp-users----&gt;WatchGuard(FBII)---&gt;ACS3.1---&gt;NDS(external database)</P><P></P><P></P></BODY></HTML> Wed, 02 Jul 2003 20:31:52 GMT https://community.cisco.com/t5/network-access-control/acs3-1-nds-external-database/m-p/119204#M437925 ovillaci 2003-07-02T20:31:52Z https://community.cisco.com/t5/network-access-control/acs3-1-nds-external-database/m-p/119205#M437928 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Not sure if I understand your question correctly. It appears that you are looking for seperating the users for different traffic (VPN, dialup, PPTP) and make sure that VPN users cannot connect for dialup and vice versa. If thats the case, then you need to create three different group in NDS and 3 groups in ACS and then MAP the corresponding ACS group with the NDS group. Finally you need to apply NAR described earlier in every group and allow or disallow the devices. </P><P></P><P>Pl. let me know if this answers your question. Regards,</P><P></P><P>Mynul</P></BODY></HTML> Wed, 02 Jul 2003 22:02:39 GMT https://community.cisco.com/t5/network-access-control/acs3-1-nds-external-database/m-p/119205#M437928 mhoda 2003-07-02T22:02:39Z https://community.cisco.com/t5/network-access-control/acs3-1-nds-external-database/m-p/119206#M437930 <HTML><HEAD></HEAD><BODY><P>Yes, that's the idea. But how can I restrict 2 users out of 5 that are members of the same group from authenticating to NDS. When I map a NDS group to ACS group, everyone within the NDS container are able to authenticate. </P><P> I do not have a problem setting restrictions for users to access devices, this works fine. </P><P></P><P>Thanks for your help.</P></BODY></HTML> Thu, 03 Jul 2003 17:20:21 GMT https://community.cisco.com/t5/network-access-control/acs3-1-nds-external-database/m-p/119206#M437930 ovillaci 2003-07-03T17:20:21Z https://community.cisco.com/t5/network-access-control/acs3-1-nds-external-database/m-p/119207#M437931 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Unfortunately, if thats the case, it will not work. In the case, of NT domain you have the option to allow/disallow user authentication when you create the user in NT domain database. In the case of the NDS, there is no such option to the best of my knowledge. Sorry !</P><P></P><P>Regards,</P><P></P><P>Mynul</P></BODY></HTML> Thu, 03 Jul 2003 17:28:46 GMT https://community.cisco.com/t5/network-access-control/acs3-1-nds-external-database/m-p/119207#M437931 mhoda 2003-07-03T17:28:46Z