Group Mappings to Windows Database

Answered Question

Hi,

I am trying to create a series of group mappings between a single Windows group and a single ACS group. I am using a 4.0 ACS Appliance with a Windows ACS Remote Agent on a 2003 Member server.

I can add the database successfully and map to the domain. When I create a new configuration, the Windows groups enumerate correctly, but when I try to create the mapping, I end up with the NTGroups mapped to "All other combinations" and my CiscoSecure group set to the one I selected. I am unable to add other mappings to this as it simply replaces the first one. It acts as though this Windows database is actually another format that only allows a single mapping??

I noticed there is a limitation on the user being a member of more than 500 groups, and was wondering if this is applied at the time the groups are enumerated, or when the user actually tries to log in. I am reasonably sure I have more than 500 groups.

I have been able to do 1:1 mappings in earlier ACS versions and on the Windows product.

thanks

Scott

I have this problem too.
0 votes
Correct Answer by amrkrish about 9 years 7 months ago

Hi Scott

This seems to be a Java applet issue. Try to upgrade your Java.

Yor are mapping one AD group to one ACS group but the GUI ( web interface ) is not sending this information to ACS. Hence ACS takes the default mapping.

Try to do the mapping again & again.It will work at one point.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
amrkrish Wed, 02/07/2007 - 10:43

Hi Scott

This seems to be a Java applet issue. Try to upgrade your Java.

Yor are mapping one AD group to one ACS group but the GUI ( web interface ) is not sending this information to ACS. Hence ACS takes the default mapping.

Try to do the mapping again & again.It will work at one point.

Actions

This Discussion