05-14-2013 09:07 AM - edited 03-10-2019 08:25 PM
Hi,
I have joined my ACS box to the domain and can auth users in active directory groups. I thought about this somewhat and would prefer to only use AD users in ACS groups. Is this possible, I can only seem to do local users in local groups and AD users in AD groups.
Many people have access to AD so I don't want anyone to be able to move users in and out of AD groups and get access to equipment.
05-15-2013 04:54 PM
Hi Matthew,
You can do group mapping. Are you using ACS 5.x?
Regards
Minakshi (Do rate helpful posts )
05-15-2013 07:37 PM
Map the AD group to ACS group under group mapping. Then you can asign it within ACS group setup and also use NAR
Sent from Cisco Technical Support Android App
05-16-2013 02:52 AM
Hi minkumar & Pavan,
Thanks for answering, I was loosing hope anyone new what I was talking about..
Yes, I am using ACS 5.3 applicance. I cannot find where to set this mapping up.
05-16-2013 09:30 AM
Hi Matt,
I appologies on the behalf of Cisco for the delay in reply. Please donot loose hope. We are certainly here to help you. If its an emergency, You can also open a TAC case
Please answer the below questions and I will provide you the resolution with the screen shots to help you with th eissue.
Are you using Tacacs or Radius Authentication?
Is it for admin access or wireless or VPN?
I will provide the screen shots for the same, once i know the setup.
Regards
Minakshi (Do rate the helpful posts )
05-19-2013 02:19 PM
Hi Minkumar,
I am using tacacs and its for admin access of devices.
Just to recap, I need to have AD users in a local group and assign that group permissions to equipment. This can somehow be achieved by using ad group to local ACS group mapping?
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: