06-16-2010 12:52 PM - edited 03-10-2019 05:11 PM
I have just installed ACS 5.1 as a VM instance to provide TACACS AAA. So far things are working fine with local authentication and I now wish to have my users authenticate via AD. Looking at the user guide on page 8-39 it looks like I need to create an AD identity store and join the ACS server to the domain. Is this correct? and is the AD user name password required a one time thing to join the ACS server to the domain or a special account that must be created for the AD server?
thanks!
Bob
Solved! Go to Solution.
06-16-2010 07:18 PM
Yes, that is correct.
Joining ACS to an AD Domain
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1140906
ACS 5.1 has to be configured with a valid NTP server for time synchronization, preferably from where the domain controller is syncing its time. Another one is a valid DNS server which can resolve internal names.
Both of them will be configured from the CLI:
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_use.html#wp1096003
And yes the admin username/password you use would be a one time. It could be an existing admin account, Just make sure whatever admin credentials you are using on ACS to integrate with AD should have privileges to add computer on the domain.
We will never recommend you to delete the admin account after integrating ACS with AD.
HTH
JK
Do rate helpful posts-
06-16-2010 07:18 PM
Yes, that is correct.
Joining ACS to an AD Domain
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1140906
ACS 5.1 has to be configured with a valid NTP server for time synchronization, preferably from where the domain controller is syncing its time. Another one is a valid DNS server which can resolve internal names.
Both of them will be configured from the CLI:
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_use.html#wp1096003
And yes the admin username/password you use would be a one time. It could be an existing admin account, Just make sure whatever admin credentials you are using on ACS to integrate with AD should have privileges to add computer on the domain.
We will never recommend you to delete the admin account after integrating ACS with AD.
HTH
JK
Do rate helpful posts-
06-17-2010 04:37 AM
JK
Thanks for the response!
Bob
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide