Steve,The process is correct.. However Iam pointing out the following mistakesIt should not bevirtual-domain mandatory virtual-domain0=CRUKrather it should bevirtual-domain0 mandatory CRUKIn 4.x , virtual-domain0...
Hello,Its not really necessary for the acs to have a domain admin user.. Any user with permissions to add/remove computers on the domain will do. This username will be used just during the time when the acs joins itself to the domain as a domain comp...
Please attach radius packet captures, one for http auth and one for vpn remote access and I will be able to tell you how to differentiate.. The same concept of tacacs+ that I said should apply here also.. Select radius IETF from the dictionary and ch...
Yudong,Here is what you can do.. Hit customize on 'service selection rules' and include 'compound condition'.. Now lets begin first for TACACS+ admin users.. Chose 'TACACS+' in the dictionary and the attribute 'service'. Now match the service to 'log...
Gauthier,Is domain Y part of the same forest or different ? Also, what is the complete build and patch number that you are running on the acs? There are caveats in the lines of machine auth not working cross forest even when there is a two way trust...