Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1962
Views
0
Helpful
3
Replies

Cisco Secure ACS 4.2 Windows user authentication from different domain

Go to solution
seba
Level 1
Level 1

‎03-25-2013 01:17 AM - edited ‎03-10-2019 08:14 PM

Hello

I have a Cisco Secure ACS 4.2 Server for Windows. The server belongs to a domain and users belonging to a determinate group are authenticated against the domain.

Now I must change the server configuration and reassign it to a different domain. There's no trust relationship between both domains and I would like to know if users can still be authenticated  against the previous domain.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni
In response to seba

‎03-25-2013 06:05 AM

Hello,

First of all, take backup (as a precaution to be able to restore config if something goes wrong) then proceed witht the following:

- Remove the windows domain configuration (group mapping...etc) from the server before changing the domain.

- Change the domain membership then reboot.

- follow the post-installatino tasks for ACS (check this link): http://tiny.cc/zr6huw.

- Configure the external database again on the ACS (group mapping, unknown user policy..etc).

You need to notice also that if the new domain controller is Windows Server 2008 R2, that is not supported in ACS 4.x.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni

‎03-25-2013 01:34 AM

Hello,

If there is no trust relationship then you'll not be able to authenticate.

After changing the domain you need to go to the external user DB and change the configuration (curernt domain, group mapping...etc).
The authentication for the previous domain will no longer be valid.

So, if you want both domains to work you have to have a trust relationship between both domains.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Go to solution
seba
Level 1
Level 1
In response to Amjad Abdullah

‎03-25-2013 04:42 AM

Hello

I don't need to authenticate users against the old domain.

I just need to move the server to a new domain but keep authenticating the users as I used to do?

Is it possible?

Thank you

0 Helpful

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni
In response to seba

‎03-25-2013 06:05 AM

Hello,

First of all, take backup (as a precaution to be able to restore config if something goes wrong) then proceed witht the following:

- Remove the windows domain configuration (group mapping...etc) from the server before changing the domain.

- Change the domain membership then reboot.

- follow the post-installatino tasks for ACS (check this link): http://tiny.cc/zr6huw.

- Configure the external database again on the ACS (group mapping, unknown user policy..etc).

You need to notice also that if the new domain controller is Windows Server 2008 R2, that is not supported in ACS 4.x.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents