cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3932
Views
5
Helpful
23
Replies
Highlighted
Beginner

Ask the Expert: Installing and Configuring Cisco Access Control

Hi Javier,

Another quick question, how do I configure ACS to use Windows AD credentials for administrative access to the ACS GUI?

thanks,

John

Highlighted
Enthusiast

Ask the Expert: Installing and Configuring Cisco Access Control

To configure ACS to use Windows AD credentials for administrative access to the GUI once ACS has been joined to an AD domain:

1) Go to System Administration -> Administrators -> Administrative Access Control

2) Click on Identity, then for Identity Source select "AD1"

3) Click on Save Changes

4) Click on Authorization

5) Create an authorization policy with the desired criteria to grant access and grant the desired role

Complete, step by step instructions are available in the following document:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/admin_admin.html

Javier Henderson

Cisco Systems

Ask the Expert: Installing and Configuring Cisco Access Control

Hi Javier,

How can we integrate ACS with RSA Authentication Manager for two factor authentication.

How does the two factor authentication work in this integration scenario?

Is there any other App other than RSA, we can integrate with ACS for two factor authentication.

Rajmohan R

Rajmohan R
Highlighted
Enthusiast

Ask the Expert: Installing and Configuring Cisco Access Control

Rajmohan,

ACS supports the RSA product, in addition to other third party products as external user databases to provide two-factor authentication.


Details on the configuration steps can be found int he following document:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/users_id_stores.html

Please let me know if you have specific questions regarding ACS configuration once you had a chance to read that document.

Javier Henderson

Cisco Systems

Highlighted
Beginner

Ask the Expert: Installing and Configuring Cisco Access Control

Hello Javier,

Thank you for covering this topic.  Have a question for you.  What are the requirements for the AD account used to join ACS to AD?

Regards,

Jessica

Highlighted
Enthusiast

Ask the Expert: Installing and Configuring Cisco Access Control

Jessica,

An AD account which is required for the domain access in ACS, should have either of the following:

Add workstations to the domain user in the corresponding domain.

Create Computer Objects or Delete Computer Objects permission on corresponding computers container where ACS machine's account is precreated (created before joining ACS machine to the domain).

Cisco recommends that you disable the lockout policy for the ACS account and configure the AD infrastructure to send alerts to the administrator if a wrong password is used for that account. This is because, if you enter a wrong password, ACS will not create or modify its machine account when it is necessary and therefore possibly deny all authentications.

Javier Henderson

Cisco Systems

Highlighted
Beginner

Ask the Expert: Installing and Configuring Cisco Access Control

Hi Javier

In terms of ipv6 is the platform ACS and protocols ready to receive ipv6 request, it would be very nice if we can create a simple network esenario where we can authenticate a user on 802.1x using nothing but ipv6 conectivity.

i hope my question bring more people together and we can discuss further.

thanks in advance for your answer.

Gabriel Lopez

Highlighted
Beginner

Ask the Expert: Installing and Configuring Cisco Access Control

Hi Javier

My question is, in Cisco ACS 5.2 (VMWARE) if the ssh password is lost but I still have access to the web gui, can I create or change an account from there to be able to ssh into the system?

Thanks

Highlighted
Enthusiast

Ask the Expert: Installing and Configuring Cisco Access Control

Raul,

It is not possible to change the password for the shell users from the GUI.

However, you can change the password on the virtual console by booting from the virtual CD using the installation ISO image, one of the options is to reset the admin user password.

Javier Henderson

Cisco Systems