cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
803
Views
0
Helpful
5
Replies

Cisco ACS 5.3

Matt Addy
Level 1
Level 1

Hi,

I have joined my ACS box to the domain and can auth users in active directory groups. I thought about this somewhat and would prefer to only use AD users in ACS groups. Is this possible, I can only seem to do local users in local groups and AD users in AD groups.
Many people have access to AD so I don't want anyone to be able to move users in and out of AD groups and get access to equipment.

5 Replies 5

minkumar
Level 1
Level 1

Hi Matthew,

  You can do group mapping. Are you using ACS 5.x?

Regards

Minakshi (Do rate helpful posts )

pavan.gokarn
Level 1
Level 1

Map the AD group to ACS group under group mapping. Then you can asign it within ACS group setup and also use NAR


Sent from Cisco Technical Support Android App

Hi minkumar & Pavan,

Thanks for answering, I was loosing hope anyone new what I was talking about..

Yes, I am using ACS 5.3 applicance. I cannot find where to set this mapping up.

Hi Matt,

  I appologies on the behalf of Cisco for the delay in reply. Please donot loose hope. We are certainly here to help you. If its an emergency, You can also open a TAC case

Please answer the below questions and I will provide you the resolution with the screen shots to help you with th eissue.

Are you using Tacacs or Radius Authentication?

Is it for admin access or wireless or VPN?

I will  provide the screen shots for the same, once i know the setup.

Regards

Minakshi (Do rate the helpful posts )

Matt Addy
Level 1
Level 1

Hi Minkumar,

I am using tacacs and its for admin access of devices.

Just to recap, I need to have AD users in a local group and assign that group permissions to equipment. This can somehow be achieved by using ad group to local ACS group mapping?

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: