06-15-2008 01:57 AM - edited 03-10-2019 03:54 PM
Hello,
I currently have and ACS system authenticating against a Win2K3 AD database. I have a user that is a member of multiple security groups that are mapped to multiple groups on the ACS. I want to be able to force authentication against a specific group based on the device group that is being used for authentication.
For example, User1 is a member of GroupA, GroupB, and GroupC in the AD. GroupA is mapped to Group1 in the ACS, GroupB is mapped to Group2, and GroupC is mapped to Group3. I have three device groups called switches, firewalls, and routers.
When User1 logs into a router, I want him to be authenticated against Group1. When User1 logs into a switch, authenticate against Group2, and a firewall would be authenticated against Group3. Is it posssible to even do this? If so, how?
Thanks for your help!
Steve
07-04-2008 12:19 AM
I have the same problem.
The users mapped by external authenticator are dinamically linked to Cisco ACS group.
Since ACS uses the group order to match the credentials, even if the user is groupped in more than one group in AD, it's linked to the first ACS group.
I've tried also to use a NAR, but it doesn't seem to work.
Anyone has suggestions?
Andrea
07-15-2008 12:29 AM
Doing the same setup with our new ACS so I'm really hoping someone can assist with this problem
07-18-2008 09:09 AM
Hi,
What version of ACS are you currently running?
Craig
07-19-2008 03:49 AM
I'm running version is 4.0.1.27
Andrea
07-19-2008 08:35 AM
I am running multiple versions for multiple customers, from 4.0 to 4.2.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide