Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2028
Views
5
Helpful
10
Replies

Cisco ACS 5.X and Radius using AD

Go to solution
Bobby Roberts
Level 1
Level 1

‎10-31-2011 11:00 AM - edited ‎03-10-2019 06:31 PM

Hello All - I am currently useing ACS 5.2 and have no problem using Tacacs+ with AD access.


But with Radius it seems I can only get the Local identity store to work, does anyone know if you need to do something special to get Radius to work with active directory with Cisco ACS?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
tfraij
Cisco Employee
Cisco Employee
In response to Bobby Roberts

‎11-02-2011 07:40 AM

Hello Bobby,

would you please include screen shot for:

1) access policies ->> default device admin ->> group mapping

2) access policies ->> default network adming->> group mapping

Kind regards

Talal

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Bobby Roberts
Level 1
Level 1

‎10-31-2011 12:35 PM

Just to note,  I keep getting

Failure Reason :

22056 Subject  not found in the applicable identity store(s).
0 Helpful

Go to solution
Bobby Roberts
Level 1
Level 1
In response to Bobby Roberts

‎11-02-2011 06:54 AM

Any help here?

0 Helpful

Go to solution
tfraij
Cisco Employee
Cisco Employee
In response to Bobby Roberts

‎11-02-2011 07:03 AM

Hello Bobby,

can you please attach screen shots of following configuration:

users and identity stores ->> active directory.

both TABs , genearal and direcotry groups.

Kind regards

Talal

0 Helpful

Go to solution
Bobby Roberts
Level 1
Level 1
In response to tfraij

‎11-02-2011 07:21 AM

It is working for Tacacs+  but not Radius

0 Helpful

Go to solution
Bobby Roberts
Level 1
Level 1
In response to Bobby Roberts

‎11-02-2011 07:29 AM

the Directory Groups has two groups,  one for R/W and one for R/O.   

0 Helpful

Go to solution
tfraij
Cisco Employee
Cisco Employee
In response to Bobby Roberts

‎11-02-2011 07:40 AM

Hello Bobby,

would you please include screen shot for:

1) access policies ->> default device admin ->> group mapping

2) access policies ->> default network adming->> group mapping

Kind regards

Talal

0 Helpful

Go to solution
Bobby Roberts
Level 1
Level 1
In response to tfraij

‎11-02-2011 08:50 AM

Ah, i looked there and noticed that the Default Network Admin was setup for Internal only, i moved it over to use the active directory,   but now i'm getting

15015 Could not find ID Store

0 Helpful

Go to solution
tfraij
Cisco Employee
Cisco Employee
In response to Bobby Roberts

‎11-03-2011 12:33 AM

perfect ;o)

Go to solution
tim.knipper
Level 1
Level 1
In response to Bobby Roberts

‎11-18-2011 08:39 AM

Bobby, I ran into the same issue with the "15015 Could not find ID Store" issue.  It turned out to be an issue with communication between the ACS and AD.  It looked like AD was connected successfully, but until I rebooted ACS, I kept getting the same error.  It was like it couldn't see the AD security groups even though it could scan the AD tree successfully.

So, try rebooting ACS if you haven't already and see if that resolves the error.

0 Helpful

Go to solution
Bobby Roberts
Level 1
Level 1
In response to tim.knipper

‎11-18-2011 02:34 PM

Tim - I was able to get it to work after I setup the correct authentication in the ACS and tell it what shell to run.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents