NAC Guest Server 2.04 and Active Directory Groups

Frank Lothar Weber · ‎09-05-2012

Hi, all.

Since we upgraded to version 2.04 of the NGS, we encounter a strange AD group problem:

Guest server is connected to our AD, there are two seperate Sponsor groups on the NGS:

1. Sponsor - which is mapped to the AD Group "Domain Users"

2. Sponsor Admin - which is mapped to a specific AD group containing only a few user ids

But when a sponsor admin is logging in to the sponsor portal, NGS does not retrieve the complete list of groups which

this user is a member of and maps him to the sponsor group (not the admin group) instead:

This user definitely is a member of the "Admin" AD group:

Anyone else had this problem before ??? Any clues ??

Thx

Frank

Tarik Admani · ‎09-05-2012

Frank,

Have you tried upgrading to 2.0.5? I checked the bug toolkit and there doesnt seem to be an open bug for this. However please upgrade to 2.0.5 to see if this could have been an internal bug that was resolved. You can try to open a TAC case now to see if they can confirm this for you but its pretty evident from what you provided that you are hitting a defect.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani · ‎09-05-2012

Also can you confirm the order of the sponsor group and double check if the mapping order is configured correctly:

http://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_usergrp.html#wp1066525

Tarik Admani
*Please rate helpful posts*

lanny-8080 · ‎04-04-2013

Hi Guys,

I need help! I have configured sponsors to use authenticate to active directory. But when i test the connection is say 'active directory connection failed'

I have version 2.1.0 and have configured basd dn, ip address, username and password as required.

Any ideas?????

When i look at traffic coming to the AD from the NGS, its say strong authentication required

ANy help please?