Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1134
Views
0
Helpful
6
Replies

ACS Express Appliance 5.0 (Anyone using with AD)

patrick.tuttle
Level 1
Level 1

‎11-02-2008 04:54 AM - edited ‎03-10-2019 04:10 PM

Hello,

Anyone using this new appliance for Active Directory integration?

This applaince runs on Linux (a good thing) but does not seem to like to talk with our AD, yet we have no problems in our environment in regards to DNS or AD. We have a case opened and hope it's a quick fix.

Just looking to see any sucess or failure stories out there on this unit in general.

thanks

Labels:
0 Helpful
6 Replies 6

patrick.tuttle
Level 1
Level 1

‎11-05-2008 06:57 AM

UPDATE,

I guess given the no resposnse, I can guess this is not a popular box.

Cisco ended up coming up with a fix for this problem. The default is to hunt through the entire AD forest. Once this file was edited, it attached imediatly.

-pat

0 Helpful

juliendymon
Level 1
Level 1
In response to patrick.tuttle

‎02-16-2009 07:14 AM

Hello,

Can you explain a little more please ?

I have an ACS 5.0 and I am not able to join the AD ...

Thank you

0 Helpful

patrick.tuttle
Level 1
Level 1
In response to juliendymon

‎02-16-2009 10:58 AM

Hello,

If there are any isues with contacting any of the AD controllers such as if just one of them is off line for any reason or you have a large environment, then it will not connect.

Also if time is not correct, it will also not connect. Our problem was with both some ADs were off line and our environmnet was too large.

So, Cisco has a patch file thay can send you so that you can get into ROOT of the box and edit the "centrifydc.conf" file

The file name you need to get into root is:

RootPatch.tar.gz

You also need console access to the device.

They are suppose to make these setting avail in the gui, in up comming releases.

Hope this helps

-pat

0 Helpful

Daniel Laden
Level 4
Level 4
In response to juliendymon

‎02-16-2009 11:02 AM

ACS Express will need to contact every domain controller to join. If a domain controller is offline or a listed domain controller is no longer a domain controller it will fail.

0 Helpful

patrick.tuttle
Level 1
Level 1
In response to Daniel Laden

‎02-16-2009 11:07 AM

This is how it works but really shouldn't work this way. There are many time in large enterprises that controllers are down for patching etc.

CSCsu83194

Symptom:

Attempting an AD join may fail if there are some domain controllers or global catalog servers it can not contact.

Conditions:

One or more domain controllers or global catalog servers that the ACS can not query or contact. AD Domain with inter-domain trusts containing trees that the ACS does not need access to descend into. The AD join process will eventually time out since it fails to return successful lookups for all domain controllers within the forest.

Workaround:

None via the GUI. Please contact TAC and provide the diagnostic logs.

Further Problem Description:

None.

However the fix I was given was to edit that file I was speaking about.

Once I did this I was able to attach all 12 appliances we purchased to our AD environment.

0 Helpful

juliendymon
Level 1
Level 1
In response to patrick.tuttle

‎02-17-2009 02:41 AM

Ok thank you for your support.

In fact I think there is a mistake executing the script to join the domain, the arguments is "DM=domain.com" and I think it should be "DN=domain.com".

I try to login on the ACS but I cant access the linux shell to modify the script, I only have access to the IOS Shell.

I have full physical access to the appliance and can make all the modification I want, it is only for testing and not in production environment.

Regards,

Julien

0 Helpful
Customers Also Viewed These Support Documents