10-17-2005 04:57 AM - edited 03-10-2019 02:20 PM
Hi,
I installed ACS3.3 on windows 2003 standard server and it joins Windows 2000 Active Directory. It works normally when it is using Cisco Secure Database. However, it can't authenticate users located in windows 2000 AD. Is my combination supported by Cisco ACS ? Any additional function I need to configure?
Besides, I checked with Document that NTLMv2 is not supported in Domain Authentication. NTLM version is determined by the Domain Controller or the Member Server (i.e. The ACS server)?
Thanks a lot!
Quote:
Verify that the NT LAN Manager (NTLM) version used is version 1. In the applicable Windows security policy editor, access Local Policies > Security Options, and locate the LAN Manager Authentication Level policy and set the policy to Send LM & NTLM responses. Other settings involve the use of NTLM v2, which Cisco Secure ACS does not support.
10-18-2005 05:45 PM
Sup dude,
How did you want to authenticate users from AD?
Yes it is possible to authenticate users from Active Directory. It just depends on how. You set the Active Directory as a external database. I currently use mine for 802.1x authentication.
Regarding NTLM authentication, the domain controller should dumb down to at least NTLM v1. This depends on the Group Policies defined for your domain.
10-21-2005 05:22 AM
Hi,
Just a quick check. Have you point the AD into your 'unknown user policy'? You need to do this in your ACS.
I assumed you have already done this:
- set user database in ACS to external database
- join your ACS server to your domain.
Rgds,
AK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide