cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

477
Views
0
Helpful
3
Replies
Lujohny18
Beginner

ACS 5.2 Self authorization

Hi all!

I have problems in configuring Cisco ACS 5.2. I did not find how to configure it for authorization (on itself) by AD credentials. I mean, like an administrator acount, but from AD groups. It was easy to configure connection with AD, selecting identity groups and creating authentication policies for tacacs authorization on network devices. It works fine! But how can i configure it to authenticate by AD user/pass on itself? Can anyone give some suggestions. Thanks!

3 REPLIES 3
Jacob Snyder
Contributor

The feature you are looking for is not in ACS 5.2.  You will have to upgrade to 5.4 for the ability to make an AD group an ACS Administrator.

Thanks for the reply! This is sad...

Muhammad Munir
Contributor

Machine authentication provides access to network services to only these computers that are listed in Active Directory. This becomes very important for wireless networks because unauthorized users can try to access your wireless access points from outside your office building.

You can configure ACS to retrieve user or machine AD attributes to be used in authorization and group mapping rules. The attributes are mapped to the ACS policy results and determine the authorization level for the user or machine.

ACS retrieves user and machine AD attributes after a successful user or machine authentication and can also retrieve the attributes for authorization and group mapping purposes independent of authentication.

ACS can retrieve user or machine groups from Active Directory after a successful authentication and also retrieve the user or machine group independent of authentication for authorization and group mapping purposes. You can use the AD group data in the authorization and group mapping tables and introduce special conditions to match them against the retrieved groups.

Morover please go through given link for configuration. This link will helpful to you.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/users_id_stores.html#wp1170642

Content for Community-Ad