I need to add new domain in my Windows DB configuration on ACS. I just need to add new domain from "Configure Domain List" ? After that add manual mapping groups from AD to groups in ACS?
Also, what does it mean -
"Submitting the configuration changes removes the dynamic users linked to the database." That all users now connected will be remowed?
Thanks for help!
No thats means ACS will not show the dynamically mapped user under users list unless they disconnet and authenticate again via ACS. It will remove all the dynamically mapped user from the ACS ( users exist on AD).
Dynamic user: If the user does not exist in the CS ACS local database, CS ACS marks that user as unknown and checks for an unknown user policy. If the unknown user policy is to fail the user, CS ACS fails the user. Otherwise, if external database is configured, CS ACS forwards that information to the configured external user database. CS ACS tries each external user database until the user succeeds or fails.If the authentication is successful, the user information goes into the cache of CSACS, which has a pointer for using the external user database. This user is known as a dynamic user.
The next time the dynamic user tries to authenticate, Cisco Secure ACS authenticates the user against the database that was successful the first time. These cached user entries are used to speed up the authentication process. Dynamic users are treated in the same way as known users.
Do rate helpful posts-