Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
720
Views
0
Helpful
3
Replies

Windows domain account to view reports / manage ACS server.

Go to solution
CCIEBret13
Level 1
Level 1

‎03-27-2013 05:41 AM - edited ‎03-10-2019 08:14 PM

All,

We have a Cisco ACS 5.2 deployment (appliance).  It has an existing integration with Active Directory.  We utilize this with RADIUS to authenticate our wireless users and TACACS for managing our network equipment.

The RADIUS reports are useful for other teams (outside my own) to be able to troubleshoot password and account lockouts (everyone forgets to change the password on their phone).

I would like to allow this team and other access to view the RADIUS authentications report.

I want them to be able to use their domain account to do this.  <<<-------  This is mandatory, based on our security policies.

We have tried using a local account and that works fine.

My system admin is telling me that domain accounts can't access the administrative pieces of ACS.

Is this true?

We have support to allow us to upgrade to the latest version of ACS.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jrabinow
Level 7
Level 7

‎03-27-2013 06:10 AM

In ACS 5.4 it is possible to authenticate and authorize administrators based on external stores including AD accounts

View solution in original post

0 Helpful
3 Replies 3

Go to solution
jrabinow
Level 7
Level 7

‎03-27-2013 06:10 AM

In ACS 5.4 it is possible to authenticate and authorize administrators based on external stores including AD accounts

0 Helpful

Go to solution
CCIEBret13
Level 1
Level 1
In response to jrabinow

‎03-27-2013 06:31 AM

I'm assuming this is a recent feature add then and was not available in my version.  I will dig into the release notes of 5.4.

0 Helpful

Go to solution
CCIEBret13
Level 1
Level 1
In response to CCIEBret13

‎03-27-2013 06:41 AM

Thanks this did answer my question.  You were correct.  AAC looks like a winner.

System Administration Enhancements

The System Administration enhancement includes:

Administrative Access Control

ACS 5.4 introduces a new service type called the Administrative Access Control (AAC) service. The AAC service processes the authentication and authorization of the ACS administrators. The AAC service also processes the configuration of roles and permissions for ACS management and different administration operations. Only AD and LDAP are supported as the external databases for AAC. The RSA database is not supported. For more information, see User Guide for Cisco Secure Access Control System 5.4.

The enhanced AAC web interface includes:

Policy-based authentication and authorization.

ACS 5.4 includes authentication against an external database, feasible by password type on administrator accounts in the administrators internal ID store and the ability to map between external groups and admin roles.

0 Helpful
Customers Also Viewed These Support Documents