cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1306
Views
8
Helpful
6
Replies

using AD with ACS 5.3

abukuru95
Level 3
Level 3

Hello Guys,

i have joined my ACS appliance to my AD domain and i would like authentication to be via active directory.

i already have an AD group that i can see but i just cannot figure out where to specify that all requests should go to the AD. atleast when i test, it does not work. for internal users, it is working perfectly. Do i have to do this on the directory attributes area?

I would also like to configure some access policies for some users. do i do this on the AD or on the ACS?

thanks in advance.

1 Accepted Solution

Accepted Solutions

Jatin Katyal
Cisco Employee
Cisco Employee

Go through the below listed link and see if that answer your quesries. In case you still have any questions, please let us know.

http://www.security-solutions.co.za/cisco-CSACS-1121-K9-5.2-configuration-example.html#_Toc299956260

Regards,

Jatin

Do rate helpful posts-

~Jatin

View solution in original post

6 Replies 6

maldehne
Cisco Employee
Cisco Employee

If you want all users trying to login to all your AAA clients to authenticate against AD , you need to define single rule identity policy and point to AD.

Pleaes correct me if i misunderstod you!!

Regards

Jatin Katyal
Cisco Employee
Cisco Employee

Go through the below listed link and see if that answer your quesries. In case you still have any questions, please let us know.

http://www.security-solutions.co.za/cisco-CSACS-1121-K9-5.2-configuration-example.html#_Toc299956260

Regards,

Jatin

Do rate helpful posts-

~Jatin

abukuru95
Level 3
Level 3

thanks maldehne and jkatyal.

i actually went through the proposed link but it much applies to version 5.2 of the ACS. i am running ACS 5.3

in the options, i do not have the shell profile option as shown in the attached pic.

where can i configure user authentication privileges for the AD users?

thanks a lot for the help.


If you look at the bottom right corner of authorization rule page, you would see a tab called customize > click on it and move the shell profilefrom available to seleceted section.

Regards,

Jatin

Do rate helpful posts-

~Jatin

Hello jkatyal,

I figured it out. actually, the problem is i had not configured a rule to associate the AD users too and a profil.

thanks a lot for the help.

Glad

~Jatin