03-25-2013 01:17 AM - edited 03-10-2019 08:14 PM
Hello
I have a Cisco Secure ACS 4.2 Server for Windows. The server belongs to a domain and users belonging to a determinate group are authenticated against the domain.
Now I must change the server configuration and reassign it to a different domain. There's no trust relationship between both domains and I would like to know if users can still be authenticated against the previous domain.
Solved! Go to Solution.
03-25-2013 06:05 AM
Hello,
First of all, take backup (as a precaution to be able to restore config if something goes wrong) then proceed witht the following:
- Remove the windows domain configuration (group mapping...etc) from the server before changing the domain.
- Change the domain membership then reboot.
- follow the post-installatino tasks for ACS (check this link): http://tiny.cc/zr6huw.
- Configure the external database again on the ACS (group mapping, unknown user policy..etc).
You need to notice also that if the new domain controller is Windows Server 2008 R2, that is not supported in ACS 4.x.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"
03-25-2013 01:34 AM
Hello,
If there is no trust relationship then you'll not be able to authenticate.
After changing the domain you need to go to the external user DB and change the configuration (curernt domain, group mapping...etc).
The authentication for the previous domain will no longer be valid.
So, if you want both domains to work you have to have a trust relationship between both domains.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"
03-25-2013 04:42 AM
Hello
I don't need to authenticate users against the old domain.
I just need to move the server to a new domain but keep authenticating the users as I used to do?
Is it possible?
Thank you
03-25-2013 06:05 AM
Hello,
First of all, take backup (as a precaution to be able to restore config if something goes wrong) then proceed witht the following:
- Remove the windows domain configuration (group mapping...etc) from the server before changing the domain.
- Change the domain membership then reboot.
- follow the post-installatino tasks for ACS (check this link): http://tiny.cc/zr6huw.
- Configure the external database again on the ACS (group mapping, unknown user policy..etc).
You need to notice also that if the new domain controller is Windows Server 2008 R2, that is not supported in ACS 4.x.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide