Solved: ACS 5.1 TACACS+ and an AD group

burnsidestev · ‎09-07-2010

I have joined our ACS5.1 to AD. I can map a group in the AD section and see that it mapped correctly.

How do I set TACACS+ to authenticate against that group? I am not able to see that group appear anywhere in group choices. I am also unable to see the users within that group anywhere.

Thanks.

Nate Austin · ‎09-07-2010

Hi burnsidestev, That is all done from your Access Policies. Goto the Authorization tab of your TACACS policy (usually Default Device Admin). Then hit the Customize button on that page. It should allow you to add new columns to the Conditions list, one of which should be "AD1: External Groups". Once that is added to the page you should be able to edit any rules and select any of the AD groups you selected under the original AD configuration. Thanks, Nate

Posted from my mobile device.

View solution in original post

Nate Austin · ‎09-07-2010

Hi burnsidestev, That is all done from your Access Policies. Goto the Authorization tab of your TACACS policy (usually Default Device Admin). Then hit the Customize button on that page. It should allow you to add new columns to the Conditions list, one of which should be "AD1: External Groups". Once that is added to the page you should be able to edit any rules and select any of the AD groups you selected under the original AD configuration. Thanks, Nate

Posted from my mobile device.

burnsidestev · ‎09-07-2010

Thanks so much. I knew it would be in there somewhere!