Is possible integrate cisco acs 5.2 with AD Microsoft 2008 r2?

ivan.martin · ‎06-12-2011

Hi

What things is necessary to configure 802.1X EAP PEAP with cisco acs 5.2 + active directory, in the active directory and the cisco acs?

cisco acs 5.2 working very well with active directory 2008 r2?? or is not possible work with it.

Could you explain me the steps to do it?

Thanks

Regards

IVAN

andamani · ‎06-12-2011

Hi,

It is possible to do so.

The bug :

CSCtg12399

ACS 5.1 did not support 2008 R2 Server for AD.

is fixed in ACS 5.2.

here is the release note which mentions the above:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/release/notes/acs_52_rn.html

The following is the user guide describing the AD integration with ACS 5.x:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/users_id_stores.html#wp1248491

Hope this helps .

Regards,

Anisha

P.S.:Please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

jrabinow · ‎06-12-2011

The following are the basic steps

1) Configure Active Directory:
Go to following location: Users and Identity Stores > External Identity Stores > Active Directory

Enter domain name and Username/password of a Predefined user in AD with authenticate user or Computer Objects and Delete Computer Objects permission or any permission to add machines to the AD domain.

When you Save Changes here you connect ACS to the Active Directory domain

Connection can fail if the time between ACS and AD is not synced and so need to manually set this or use NTP

2) Select AD in identity policy

Of using the default policies as defined upon installation then go to:

Access Policies > Access Services > Default Network Access > Identity

and select the AD store (I think will be called AD1)

3) Perform authentication against user defined in AD