Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
402
Views
5
Helpful
2
Replies

Using local and AD authentication with ACS 5.6

Go to solution
Colin Higgins
Level 2
Level 2

‎06-17-2015 08:12 AM - edited ‎03-10-2019 10:49 PM

I have an ACS 5.6 appliance set up to use AD authentication for my default network access and rules. This works fine.

 

I wanted to set up some devices, put them into a group, and give only locally-defined ACS users access to those devices.

 

Problem is, after creating the local accounts on ACS, creating a local identity group, and attempting to authenticate with a device, I always get "subject not found in identity store".

 

Is there a way to have hybrid authentication like this? How is it done?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎06-17-2015 08:27 PM

Hi Colin,

One thing that comes to my mind is "identity store sequence". Ensure that you have "internal users" listed in there otherwise the request would never be matched against internal users.

I would also like to double check the identity source under default device admin or whatever service you have created. Ensure that it is internal users.

Please have a look at below document for more detail about identity store sequence.

https://supportforums.cisco.com/document/103901/acs-5x-identity-store-sequence

 

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

2 Replies 2

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎06-17-2015 08:27 PM

Hi Colin,

One thing that comes to my mind is "identity store sequence". Ensure that you have "internal users" listed in there otherwise the request would never be matched against internal users.

I would also like to double check the identity source under default device admin or whatever service you have created. Ensure that it is internal users.

Please have a look at below document for more detail about identity store sequence.

https://supportforums.cisco.com/document/103901/acs-5x-identity-store-sequence

 

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Go to solution
Colin Higgins
Level 2
Level 2
In response to Kanwaljeet Singh

‎06-18-2015 06:46 AM

That worked perfectly. Thanks Fnu

 

I had the Access policy set but not the Identity Store Sequence.

0 Helpful
Customers Also Viewed These Support Documents