Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
1
Replies

ACS 3.3 and AD authentication

robrhodes
Level 3
Level 3

‎06-14-2005 01:54 AM - edited ‎03-10-2019 02:11 PM

Is it possible to separate by group membership users who can authenticate for VPN access only from users who can authenticate for VPN access AND network device access? My customer has some older network gear which does not support the AAA authorization so I am trying to separate by group membership the general remote access users from the network admin team.

Labels:
0 Helpful
1 Reply 1

owillins
Level 6
Level 6

‎06-20-2005 06:08 AM

Cisco Secure ACS has the following limits with respect to group mapping for users authenticated by a Windows user database:

Cisco Secure ACS can only support group mapping for users who belong to 500 or less Windows groups.

Cisco Secure ACS can only perform group mapping using the local and global groups a user belongs to in the domain that authenticated the user. Group membership in domains trusted by the authenticating domain cannot be used for Cisco Secure ACS group mapping. This restriction is not removed by adding a remote group to a group local to the domain providing authentication.

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/qg.htm#wp940528

0 Helpful
Customers Also Viewed These Support Documents