Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
524
Views
0
Helpful
2
Replies

least privilege of AD account and certificate migration

eckebellcn
Level 1
Level 1

‎10-31-2013 08:16 PM - edited ‎03-10-2019 09:03 PM

Hi, All:

     I want to migrate ACS from 4.2 to 5.4, but i have some questions:

     1. ACS 5.4 will combine authentication function with Microsoft AD, but the AD administrator don't give me the Admin account, what is the least privilege of Account for combining with ACS 5.4?

     2. i have some scanners, it uses PEAP+ MSChapV2 authentication method, so it will be imported certificate from CA server. if i migrate ACS 4.2 from 5.4, do i need to apply the new certificate for scanners and ACS 5.4 from CA server?

      thank you !!

Labels:
0 Helpful
2 Replies 2

Tarik Admani
VIP Alumni
VIP Alumni

‎10-31-2013 09:32 PM

Hi,

For the first question, the user account privs are clearly specified in the binding to AD section.

http://www.cisco.com/en/US/products/ps9911/products_configuration_example09186a0080bc6506.shtml#dfgt

For the second question, if you have the private key from ACS 4.2 you can back that up with the cert and import that into ACS 5.4 as the EAP interface.

Tarik Admani
*Please rate helpful posts*

0 Helpful

eckebellcn
Level 1
Level 1
In response to Tarik Admani

‎10-31-2013 11:44 PM

Hi, Admani:

     Thanks for your reply!

0 Helpful
Customers Also Viewed These Support Documents