Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1161
Views
0
Helpful
3
Replies

Cisco ACS5.7

Go to solution
Aphea
Level 1
Level 1

‎09-17-2015 09:47 PM - edited ‎03-10-2019 11:04 PM

Dear experts,

I would like to ask if anyone can guide me through user authentication in ACS5.7.

The problem is, I want to create internal users with the same name as in Active Directory, and take only password from AD.

Do you have any experiences on this issue? Your response is highly appreciated :) 

 

Best regards,

 

Aphea

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Ivan Gonzalez
Cisco Employee
Cisco Employee

‎09-21-2015 11:03 AM

Hi,

 

To accomplish this task, basically you need to create the user internally on the ACS, but configure the password to be checked against AD as on the attached example.

 

And the identity for either "Default Network Access" or "Default Device Admin" should still point to "Internal users" under the following section "Access Policies > Access Services > Default network access > Identity"

 

 

Note: Please mark it as answered if applicable

View solution in original post

Preview file
257 KB
0 Helpful

Go to solution
Ivan Gonzalez
Cisco Employee
Cisco Employee
In response to Aphea

‎09-23-2015 05:56 AM

Hi Aphea,

 

On the step #5 from the link you provided, you need to change the "password type" from Internal Users ( which is local password ), to AD so the ACS will check the password against AD.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ivan Gonzalez
Cisco Employee
Cisco Employee

‎09-21-2015 11:03 AM

Hi,

 

To accomplish this task, basically you need to create the user internally on the ACS, but configure the password to be checked against AD as on the attached example.

 

And the identity for either "Default Network Access" or "Default Device Admin" should still point to "Internal users" under the following section "Access Policies > Access Services > Default network access > Identity"

 

 

Note: Please mark it as answered if applicable

Preview file
257 KB
0 Helpful

Go to solution
Aphea
Level 1
Level 1
In response to Ivan Gonzalez

‎09-21-2015 05:52 PM

Dear ivangonz,

Highly appreciated with your response.

Actually, I forget to tell that I am using vpn with downloadable access lists with radius. 

But Cisco ACS requires me to put the same password and user in order to grant access.

I have followed this links. http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113449-asa-vpn-acs-00.html, but I get no luck.

You have any experiences with this issue? With creating internal username, and password from AD to authenticate with ACS Radius.

Thanks,

Aphea

 

0 Helpful

Go to solution
Ivan Gonzalez
Cisco Employee
Cisco Employee
In response to Aphea

‎09-23-2015 05:56 AM

Hi Aphea,

 

On the step #5 from the link you provided, you need to change the "password type" from Internal Users ( which is local password ), to AD so the ACS will check the password against AD.

0 Helpful
Customers Also Viewed These Support Documents