Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
832
Views
0
Helpful
3
Replies

ACS 5.2 Self authorization

Lujohny18
Level 1
Level 1

‎08-26-2013 04:01 AM - edited ‎03-10-2019 08:49 PM

Hi all!

I have problems in configuring Cisco ACS 5.2. I did not find how to configure it for authorization (on itself) by AD credentials. I mean, like an administrator acount, but from AD groups. It was easy to configure connection with AD, selecting identity groups and creating authentication policies for tacacs authorization on network devices. It works fine! But how can i configure it to authenticate by AD user/pass on itself? Can anyone give some suggestions. Thanks!

Labels:
0 Helpful
3 Replies 3

Jacob Snyder
Level 5
Level 5

‎08-26-2013 08:50 PM

The feature you are looking for is not in ACS 5.2.  You will have to upgrade to 5.4 for the ability to make an AD group an ACS Administrator.

0 Helpful

Lujohny18
Level 1
Level 1
In response to Jacob Snyder

‎08-27-2013 12:36 AM

Thanks for the reply! This is sad...

0 Helpful

Muhammad Munir
Level 5
Level 5

‎08-27-2013 02:36 AM

Machine authentication provides access to network services to only these computers that are listed in Active Directory. This becomes very important for wireless networks because unauthorized users can try to access your wireless access points from outside your office building.

You can configure ACS to retrieve user or machine AD attributes to be used in authorization and group mapping rules. The attributes are mapped to the ACS policy results and determine the authorization level for the user or machine.

ACS retrieves user and machine AD attributes after a successful user or machine authentication and can also retrieve the attributes for authorization and group mapping purposes independent of authentication.

ACS can retrieve user or machine groups from Active Directory after a successful authentication and also retrieve the user or machine group independent of authentication for authorization and group mapping purposes. You can use the AD group data in the authorization and group mapping tables and introduce special conditions to match them against the retrieved groups.

Morover please go through given link for configuration. This link will helpful to you.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/users_id_stores.html#wp1170642

0 Helpful
Customers Also Viewed These Support Documents