cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2485
Views
14
Helpful
8
Replies

NAC authentication via Windows AD

Hi,

we have a Nac enviroment with users that are defined on the ACS. Also the groups are defined on this machine.

The problem is that we have to move all the users from the ACS to the domain controller, so all the users will become AD users.

In which way we have to configure the NAC enviroment to permit the authentication via Active Directory instead of Radius that runs on the ACS?

Thanks a lot!

Leonardo

8 Replies 8

Daniel Stefani
Level 1
Level 1

Hi Leonardo,

If the users log in in windows domain, so do you configure Single Sign On

else, you can configure by LDAP.

See the images...

I'm Brazilian, if you want more informations, contact me

Daniel Stefani

Great Daniel,

I've already configured a radius server on the "Auth Servers"...can you confirm me that adding a new "LDAP" server will not influence or cause interruption of service for the roles that are already defined?

If I've understood well the "Server mapping" must be done when we create the role...or not?

Thanks!

Hi Leonardo,

Not cause any interruption.

In my environment is configured LDAP Auth Server and did not need to map because I'm using just a Role, so this is configured as Default Role in Auth Server settings

Tks

Daniel Stefani

So, If It is so...only if you add more than one auth server you chan choose the mapping?

I'm migrating the user from radius (ACS) to LDAP (AD)...so I have a mixed enviroment for some time!!!

You have to create a map rule if you have two or

more Roles authenticating in the same LDAP Auth Server

and not if you have two or more auth servers

If the users authenticating today in Radius Server ACS is associated with a single Role XYZ, then you can configure the LDAP Server linking users to the same Role XYZ.

You will have two providers for the same Role.

Thanks a lot for the answers! :-)

I have another doubt.

Today with radius in the mapping I have the situation in the screenshot attached.

Which attribute I've to use if I have a mapping rules Vs Ldap (Domain Controller?)

Can you tell me this?

Sorry, but i don't know.

Do you intend mapp by groups in AD ?

If you discover, tell us.

Tks

Daniel Stefani