https://community.cisco.com/t5/network-access-control/cisco-acs5-7/m-p/2732709#M57509 <P>Hi,</P><P>&nbsp;</P><P>To accomplish this task, basically you need to create the user internally on the ACS, but configure the password to be checked against AD as on the attached example.</P><P>&nbsp;</P><P>And the identity for either "Default Network Access" or "Default Device Admin" should still point to "Internal users" under the following section "<SPAN class="cuesBreadcrumbStatic" style="font-family: Arial; color: rgb(0, 0, 0); font-size: 11px;">Access Policie</SPAN><SPAN class="cuesBreadcrumbStatic" style="font-family: Arial; font-size: 11px;">s</SPAN>&nbsp;&gt;&nbsp;<A class="cuesBreadcrumbLink" style="color: rgb(0, 136, 194); font-size: 11px;"><SPAN style="color:#000000;">Access Services</SPAN></A><SPAN style="color:#000000;">&nbsp;</SPAN>&gt; <SPAN style="font-size: 11px;">Default network access</SPAN>&nbsp;&gt;&nbsp;<SPAN class="cuesBreadcrumbLast" style="font-size: 11px; color: rgb(0, 0, 0);">Identity"</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P><SPAN style="font-size:12px;"><SPAN class="cuesBreadcrumbLast" style="color: rgb(0, 0, 0);">Note: Please mark it as answered if applicable</SPAN></SPAN></P> Mon, 21 Sep 2015 18:03:07 GMT Ivan Gonzalez 2015-09-21T18:03:07Z https://community.cisco.com/t5/network-access-control/cisco-acs5-7/m-p/2732708#M57508 <P>Dear experts,</P><P>I would like to ask if anyone can guide me through user authentication in ACS5.7.</P><P>The problem is, I want to create internal users with the same name as in Active Directory, and take only password from AD.</P><P>Do you have any experiences on this issue? Your response is highly appreciated <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span>&nbsp;</P><P>&nbsp;</P><P>Best regards,</P><P>&nbsp;</P><P>Aphea</P><P>&nbsp;</P> Mon, 11 Mar 2019 06:04:20 GMT https://community.cisco.com/t5/network-access-control/cisco-acs5-7/m-p/2732708#M57508 Aphea 2019-03-11T06:04:20Z https://community.cisco.com/t5/network-access-control/cisco-acs5-7/m-p/2732709#M57509 <P>Hi,</P><P>&nbsp;</P><P>To accomplish this task, basically you need to create the user internally on the ACS, but configure the password to be checked against AD as on the attached example.</P><P>&nbsp;</P><P>And the identity for either "Default Network Access" or "Default Device Admin" should still point to "Internal users" under the following section "<SPAN class="cuesBreadcrumbStatic" style="font-family: Arial; color: rgb(0, 0, 0); font-size: 11px;">Access Policie</SPAN><SPAN class="cuesBreadcrumbStatic" style="font-family: Arial; font-size: 11px;">s</SPAN>&nbsp;&gt;&nbsp;<A class="cuesBreadcrumbLink" style="color: rgb(0, 136, 194); font-size: 11px;"><SPAN style="color:#000000;">Access Services</SPAN></A><SPAN style="color:#000000;">&nbsp;</SPAN>&gt; <SPAN style="font-size: 11px;">Default network access</SPAN>&nbsp;&gt;&nbsp;<SPAN class="cuesBreadcrumbLast" style="font-size: 11px; color: rgb(0, 0, 0);">Identity"</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P><SPAN style="font-size:12px;"><SPAN class="cuesBreadcrumbLast" style="color: rgb(0, 0, 0);">Note: Please mark it as answered if applicable</SPAN></SPAN></P> Mon, 21 Sep 2015 18:03:07 GMT https://community.cisco.com/t5/network-access-control/cisco-acs5-7/m-p/2732709#M57509 Ivan Gonzalez 2015-09-21T18:03:07Z https://community.cisco.com/t5/network-access-control/cisco-acs5-7/m-p/2732710#M57511 <P>Dear <SPAN class="fullname"><SPAN rel="sioc:has_creator"><A class="username" href="https://supportforums.cisco.com/users/ivangonz" title="View user profile.">ivangonz</A></SPAN></SPAN>,</P><P>Highly appreciated with your response.</P><P>Actually, I forget to tell that I am using vpn with downloadable access lists with radius.&nbsp;</P><P>But Cisco ACS requires me to put the same password and user in order to grant access.</P><P>I have followed this links. <A href="http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113449-asa-vpn-acs-00.html" target="_blank">http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113449-asa-vpn-acs-00.html</A>, but I get no luck.</P><P>You have any experiences with this issue? With creating internal username, and password from AD to authenticate with ACS Radius.</P><P>Thanks,</P><P>Aphea</P><P>&nbsp;</P> Tue, 22 Sep 2015 00:52:06 GMT https://community.cisco.com/t5/network-access-control/cisco-acs5-7/m-p/2732710#M57511 Aphea 2015-09-22T00:52:06Z https://community.cisco.com/t5/network-access-control/cisco-acs5-7/m-p/2732711#M57513 <P>Hi Aphea,</P><P>&nbsp;</P><P>On the step #5 from the link you provided, you need to change the "password type" from Internal Users ( which is local password ), to AD so the ACS will check the password against AD.</P> Wed, 23 Sep 2015 12:56:09 GMT https://community.cisco.com/t5/network-access-control/cisco-acs5-7/m-p/2732711#M57513 Ivan Gonzalez 2015-09-23T12:56:09Z