cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1449
Views
5
Helpful
10
Replies
Beginner

Cisco ACS 5.X and Radius using AD

Hello All - I am currently useing ACS 5.2 and have no problem using Tacacs+ with AD access.


But with Radius it seems I can only get the Local identity store to work, does anyone know if you need to do something special to get Radius to work with active directory with Cisco ACS?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Cisco ACS 5.X and Radius using AD

Hello Bobby,

would you please include screen shot for:

1) access policies ->> default device admin ->> group mapping

2) access policies ->> default network adming->> group mapping

Kind regards

Talal

View solution in original post

10 REPLIES 10
Beginner

Cisco ACS 5.X and Radius using AD

Just to note,  I keep getting

Failure Reason :

22056 Subject  not found in the applicable identity store(s).
Beginner

Cisco ACS 5.X and Radius using AD

Any help here?

Cisco Employee

Cisco ACS 5.X and Radius using AD

Hello Bobby,

can you please attach screen shots of following configuration:

users and identity stores ->> active directory.

both TABs , genearal and direcotry groups.

Kind regards

Talal

Beginner

Cisco ACS 5.X and Radius using AD

It is working for Tacacs+  but not Radius

Beginner

Cisco ACS 5.X and Radius using AD

the Directory Groups has two groups,  one for R/W and one for R/O.   

Cisco Employee

Cisco ACS 5.X and Radius using AD

Hello Bobby,

would you please include screen shot for:

1) access policies ->> default device admin ->> group mapping

2) access policies ->> default network adming->> group mapping

Kind regards

Talal

View solution in original post

Beginner

Re: Cisco ACS 5.X and Radius using AD

Ah, i looked there and noticed that the Default Network Admin was setup for Internal only, i moved it over to use the active directory,   but now i'm getting

15015 Could not find ID Store

Cisco Employee

Re: Cisco ACS 5.X and Radius using AD

perfect ;o)

Beginner

Cisco ACS 5.X and Radius using AD

Bobby, I ran into the same issue with the "15015 Could not find ID Store" issue.  It turned out to be an issue with communication between the ACS and AD.  It looked like AD was connected successfully, but until I rebooted ACS, I kept getting the same error.  It was like it couldn't see the AD security groups even though it could scan the AD tree successfully.

So, try rebooting ACS if you haven't already and see if that resolves the error.

Highlighted
Beginner

Cisco ACS 5.X and Radius using AD

Tim - I was able to get it to work after I setup the correct authentication in the ACS and tell it what shell to run.