cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1143
Views
0
Helpful
6
Replies

Cisco Secure ACS and Windows AD Group Mapping

griffijo
Level 1
Level 1

I have a Cisco Secure ACS Appliance running version 3.3. I have previously integrated Active Directory as an external database and authenticate unknown users this way. I want to map an ACS Group to an AD Group but whenever I try to do an "Add Mapping" in ACS I get an error that says "Failed to enumerate windows groups". I have searched on the error but all the documentation addresses the problem with ACS running on a Windows server, not the appliance.

6 Replies 6

somishra
Cisco Employee
Cisco Employee

Please make sure :

- we have installed the same exact version of RA as the ACS Software version

- Remote Agent service is running as Local System, if its installed on Domain Controller.

- Make sure that RA is registered in ACS under Network Configuration > Remote Agent

- We have selected the RA from External User Databases > Windows Database > Configure

tnx,

somishra

The Remote Agent is functioning properly. I can authenticate users against Active Directory. The problem is when I try to map ACS groups to Active Directory groups.

How many groups do you have in the AD ?

There are probably about 100 or so. No where near 500, at which point I think there is a problem.

Can you please attach the CSWinAgent logs, at the time you are trying to add the group mapping.

rgds

somishra

This was a bug, CSCsi59931. After going from version 3.3.2.2 to version 3.3.4.12.6 on the ACS, the problem was resolved.