cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
401
Views
5
Helpful
2
Replies

Using local and AD authentication with ACS 5.6

Colin Higgins
Level 2
Level 2

I have an ACS 5.6 appliance set up to use AD authentication for my default network access and rules. This works fine.

 

I wanted to set up some devices, put them into a group, and give only locally-defined ACS users access to those devices.

 

Problem is, after creating the local accounts on ACS, creating a local identity group, and attempting to authenticate with a device, I always get "subject not found in identity store".

 

Is there a way to have hybrid authentication like this? How is it done?

1 Accepted Solution

Accepted Solutions

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi Colin,

One thing that comes to my mind is "identity store sequence". Ensure that you have "internal users" listed in there otherwise the request would never be matched against internal users.

I would also like to double check the identity source under default device admin or whatever service you have created. Ensure that it is internal users.

Please have a look at below document for more detail about identity store sequence.

https://supportforums.cisco.com/document/103901/acs-5x-identity-store-sequence

 

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

2 Replies 2

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi Colin,

One thing that comes to my mind is "identity store sequence". Ensure that you have "internal users" listed in there otherwise the request would never be matched against internal users.

I would also like to double check the identity source under default device admin or whatever service you have created. Ensure that it is internal users.

Please have a look at below document for more detail about identity store sequence.

https://supportforums.cisco.com/document/103901/acs-5x-identity-store-sequence

 

Regards,

Kanwal

Note: Please mark answers if they are helpful.

That worked perfectly. Thanks Fnu

 

I had the Access policy set but not the Identity Store Sequence.