cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

400
Views
5
Helpful
2
Replies
Kashish_Patel
Explorer

Integration of ACS with AD

We have an ACS running 4.2. I am sure that this ACS is talking to our AD database because our wireless users (using ACS as RADIUS servers) are able to log in using their Windows AD account.

However, I am not sure how ACS is integrated with AD. Our ACS is installed on a windows 2003 R2 server. I am not sure where the AD database is?  ie,

if AD is on the same server as ACS

OR

on a different server [ADs managed by different group altogether :-(  ].

Could you tell me:

How is the integration done between ACS and AD when both are on the same windows server?

And

How is the integration done between ACS and AD when they are on different windows servers?

I am looking for exact steps as I did not find any clear, short doc.

ACS is software installed on windows 2003 R2 server.

PS: I rate useful posts.

Thanks,

Kashish

2 ACCEPTED SOLUTIONS

Accepted Solutions
Tarik Admani
Advocate

Kashish,

Since your ACS is installed on a windows server that server is either a member of the domain or a domain controller itself. ACS 4.x uses the libraries that come in the bin directory in order to authenticate to the domain, if my memory serves me correct I am sure it uses ntlm authentication.

Here are the post installation tasks for acs for windows that may provide some insight based on the tasks that may help answer your question.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/windows/postin.html

Thanks,

Tarik Admani

View solution in original post

Amjad Abdullah
Engager

Just like described by Tarik, your windows machine that hosts the ACS server needs to be member of the domain as either domain member or domain server.

If you use an appliance flavor of the ACS, then there is a piece of software called remote agent that is needed to be installed on a member server (or domain server) to serve authentication requests between ACS and active directory

In both cases, the software (either ACS itself when it is installed on windows or remotea agent in case of acs appliance) does the authentication as a normal user. i.e: just like AD users authenticate. a request is sent to the domain controller and a reply is sent back to the requestor.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

View solution in original post

2 REPLIES 2
Tarik Admani
Advocate

Kashish,

Since your ACS is installed on a windows server that server is either a member of the domain or a domain controller itself. ACS 4.x uses the libraries that come in the bin directory in order to authenticate to the domain, if my memory serves me correct I am sure it uses ntlm authentication.

Here are the post installation tasks for acs for windows that may provide some insight based on the tasks that may help answer your question.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/windows/postin.html

Thanks,

Tarik Admani

View solution in original post

Amjad Abdullah
Engager

Just like described by Tarik, your windows machine that hosts the ACS server needs to be member of the domain as either domain member or domain server.

If you use an appliance flavor of the ACS, then there is a piece of software called remote agent that is needed to be installed on a member server (or domain server) to serve authentication requests between ACS and active directory

In both cases, the software (either ACS itself when it is installed on windows or remotea agent in case of acs appliance) does the authentication as a normal user. i.e: just like AD users authenticate. a request is sent to the domain controller and a reply is sent back to the requestor.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

View solution in original post

Content for Community-Ad