This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Another quick question, how do I configure ACS to use Windows AD credentials for administrative access to the ACS GUI?
To configure ACS to use Windows AD credentials for administrative access to the GUI once ACS has been joined to an AD domain:
1) Go to System Administration -> Administrators -> Administrative Access Control
2) Click on Identity, then for Identity Source select "AD1"
3) Click on Save Changes
4) Click on Authorization
5) Create an authorization policy with the desired criteria to grant access and grant the desired role
Complete, step by step instructions are available in the following document:
How can we integrate ACS with RSA Authentication Manager for two factor authentication.
How does the two factor authentication work in this integration scenario?
Is there any other App other than RSA, we can integrate with ACS for two factor authentication.
ACS supports the RSA product, in addition to other third party products as external user databases to provide two-factor authentication.
Details on the configuration steps can be found int he following document:
Please let me know if you have specific questions regarding ACS configuration once you had a chance to read that document.
Thank you for covering this topic. Have a question for you. What are the requirements for the AD account used to join ACS to AD?
An AD account which is required for the domain access in ACS, should have either of the following:
•Add workstations to the domain user in the corresponding domain.
•Create Computer Objects or Delete Computer Objects permission on corresponding computers container where ACS machine's account is precreated (created before joining ACS machine to the domain).
Cisco recommends that you disable the lockout policy for the ACS account and configure the AD infrastructure to send alerts to the administrator if a wrong password is used for that account. This is because, if you enter a wrong password, ACS will not create or modify its machine account when it is necessary and therefore possibly deny all authentications.
In terms of ipv6 is the platform ACS and protocols ready to receive ipv6 request, it would be very nice if we can create a simple network esenario where we can authenticate a user on 802.1x using nothing but ipv6 conectivity.
i hope my question bring more people together and we can discuss further.
thanks in advance for your answer.
My question is, in Cisco ACS 5.2 (VMWARE) if the ssh password is lost but I still have access to the web gui, can I create or change an account from there to be able to ssh into the system?
It is not possible to change the password for the shell users from the GUI.
However, you can change the password on the virtual console by booting from the virtual CD using the installation ISO image, one of the options is to reset the admin user password.