Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1110
Views
0
Helpful
3
Replies

Integrate ACS verison 5.x

waleedmatter
Level 1
Level 1

‎04-06-2013 01:03 PM - edited ‎02-21-2020 10:28 AM

                   Can we integrate cisco acs verison 5.x with active direcotry microsoft windows server 2012 ?

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-07-2013 09:43 AM

Yes. AD integration is a key function of all versions of ACS and is quite commonly deployed that way.

Windows Server 2012 support specifically was introduced as of ACS 5.4, Patch 2 (released February 2013). This is noted in the Compatibility Guide.

The configuration guide has details here.

0 Helpful

aamadulin.accenture
Level 1
Level 1
In response to Marvin Rhoads

‎04-21-2014 06:38 AM

Hi Marvin,

Hope you're well!

I am facing some access issue after completed the ACS (5.1) and AD (Windows 2003) integration, details underneath.

Enable password for (Router, Switches) is working fine if identify source is "Internal Users", unfortunately after completed the integration between ACS to MS AD, and change the Identity source to "AD1" I got the following result

1. able to access network device (cisco switch) using MS AD username and password via SSH/Telnet.

2. Enable password is not working (using the same user password configured in MS AD.

3. When I revert back and change the ACS identity source from "AD1" to "Internal Users" enable password is working fine.

Switch Tacacs Configuration

aaa new-model
!
aaa authentication login default none
aaa authentication login ACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec ACS group tacacs+ local 
aaa authorization commands 15 ACS group tacacs+ local 
aaa accounting exec ACS start-stop group tacacs+
aaa accounting commands 15 ACS start-stop group tacacs+
aaa authorization console
!
aaa session-id common
!
tacacs-server host 10.X.Y.11
tacacs-server timeout 20
tacacs-server directed-request
tacacs-server key gacakey

!

line vty 0 4
 session-timeout 5 
 access-class 5 in
 exec-timeout 5 0
 login authentication ACS
 authorization commands 15 ACS
 authorization exec ACS
 accounting commands 15 ACS
 accounting exec ACS
 logging synchronous

 

This is my first ACS - AD integration experience, hoping to fix this issue with your support, thanks in advance.

 

Regards,

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to aamadulin.accenture

‎04-21-2014 02:12 PM

Your device-side setup looks fine. I suspect it's on the AD or ACS-AD end.

Have you had a look at the configuration guide example for ACS-LDAP here? It has some tips on verifying the ACS-LDAP connectivity.

Once you've confirmed the simple ones there are check out OK, we can look more closely at what remaining issues (if any) you might be seeing.

0 Helpful
Customers Also Viewed These Support Documents