Solved: Group Mappings to Windows Database

scrane · ‎02-07-2007

Hi,

I am trying to create a series of group mappings between a single Windows group and a single ACS group. I am using a 4.0 ACS Appliance with a Windows ACS Remote Agent on a 2003 Member server.

I can add the database successfully and map to the domain. When I create a new configuration, the Windows groups enumerate correctly, but when I try to create the mapping, I end up with the NTGroups mapped to "All other combinations" and my CiscoSecure group set to the one I selected. I am unable to add other mappings to this as it simply replaces the first one. It acts as though this Windows database is actually another format that only allows a single mapping??

I noticed there is a limitation on the user being a member of more than 500 groups, and was wondering if this is applied at the time the groups are enumerated, or when the user actually tries to log in. I am reasonably sure I have more than 500 groups.

I have been able to do 1:1 mappings in earlier ACS versions and on the Windows product.

thanks

Scott

amrkrish · ‎02-07-2007

Hi Scott

This seems to be a Java applet issue. Try to upgrade your Java.

Yor are mapping one AD group to one ACS group but the GUI ( web interface ) is not sending this information to ACS. Hence ACS takes the default mapping.

Try to do the mapping again & again.It will work at one point.

View solution in original post

amrkrish · ‎02-07-2007