Re: ACS 5.2 Active Directory and local users combination

Douglas Barboza · ‎11-29-2010

Hi,

I'm planning to migrate an ACS 4.1 to a new ACS 5.2. The thing is that it has users that authenticate either locally (local data base) and using Active Directory credentials.

What I need is to be sure that ACS 5.2 support that kind of mixture enviroment.

Thanks for your comments

Tarik Admani · ‎11-29-2010

Douglas,

Yes this is supported, I have included a link which will walk you through with what you are trying to accomplish:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/users_id_stores.html#wp1054132

Hope this helps,

Tarik Admani

Douglas Barboza · ‎11-29-2010

Tarik,

One more question, checking some other posts, apparently there is an issue between previous ACS versions and multiple AD Domains.

Do you know if that issue remains ??

Thanks,

Nate Austin · ‎11-30-2010

Hi Douglas,

The ACS 5.2 server actually joins the domain that you specify under its configuration. It can only join one domain. As long as the domain that it joins has trusts configured with the other domains you want to authenticate then that should work fine. If there are other domains that are in separate AD forests with no trust between them and the domain the ACS is a member of, then you cannot use native AD authentication to authenticate clients to them. You would have to use another protocol like LDAP to authenticate to those other domains.

In terms of problems regarding trusted domain authentication, I don't know any off the top of my head. Do you have a bug for an earlier version that I can search for and see if its been resolved?

Thanks,

Nate

jlhainy · ‎12-09-2010

I am trying to do the same thing. That link doesn't seem to be working.