cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2710
Views
0
Helpful
4
Replies

ACS 4.2 user group mapping

Hi,

We are using ACS 4.2.1.15 with patch 8 on ACS 1113 SE box.

Our requirement is to assign ACS loal group to user on basis of windows Nt group. Which means I dont wants to create individual users in ACS rather when user will login, the auth request will be forwarded to AD(remote database). Depeneding on the remote database group the user should be mapped to local database.

For this I have configured "database group mapping" according to following cisco guide.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/GrpMap.html#wp940538#wp940538

However when ever my AD users are authenticating they are getting the membership of default group as configured in "\Default" profile.

I am using TACACS+ protocol in my routers and switches for authentication.

Please let me know whether "Group mapping by External user database"  works with TACACS+ or only with RADIUS protocol.

If it works with TACACS+ please let me know what else configuration need to be done so that my ACS can map users to proper groups instead of default group.

2 Accepted Solutions

Accepted Solutions

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

Can you post a screenshot of your group mapping confiiguration. This will work with Tacacs.

Thanksm

Tarik Admani
*Please rate helpful posts*

View solution in original post

Amjad Abdullah
VIP Alumni
VIP Alumni

Satya:

Group mapping should work with either RADIUS or TACACS+.

Tarik requesting a screenshot because we believe that there is something wrong with your configuration. a screenshot should be handy to detect what is configured incorrectly.

waiting for your screenshot. ;-)

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

View solution in original post

4 Replies 4

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

Can you post a screenshot of your group mapping confiiguration. This will work with Tacacs.

Thanksm

Tarik Admani
*Please rate helpful posts*

Amjad Abdullah
VIP Alumni
VIP Alumni

Satya:

Group mapping should work with either RADIUS or TACACS+.

Tarik requesting a screenshot because we believe that there is something wrong with your configuration. a screenshot should be handy to detect what is configured incorrectly.

waiting for your screenshot. ;-)

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Dear AmJad & Tarik,

Thanks for your help. When I got confirmation from Tarik it works with Tacacs I verified the RA logs throughly for each individual user authentication. Post that I found AD reply does not contain the desired group membership because of which the problem was occuring. I made the maping on basis of AD reply and found it is working fine.

Thanks you very much for helping me :-)

Regards,

Satya Mishra.

Satya Mishra:

Great news. glad that everything is working now.

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: