I am trying to create a series of group mappings between a single Windows group and a single ACS group. I am using a 4.0 ACS Appliance with a Windows ACS Remote Agent on a 2003 Member server.
I can add the database successfully and map to the domain. When I create a new configuration, the Windows groups enumerate correctly, but when I try to create the mapping, I end up with the NTGroups mapped to "All other combinations" and my CiscoSecure group set to the one I selected. I am unable to add other mappings to this as it simply replaces the first one. It acts as though this Windows database is actually another format that only allows a single mapping??
I noticed there is a limitation on the user being a member of more than 500 groups, and was wondering if this is applied at the time the groups are enumerated, or when the user actually tries to log in. I am reasonably sure I have more than 500 groups.
I have been able to do 1:1 mappings in earlier ACS versions and on the Windows product.
This seems to be a Java applet issue. Try to upgrade your Java.
Yor are mapping one AD group to one ACS group but the GUI ( web interface ) is not sending this information to ACS. Hence ACS takes the default mapping.
Try to do the mapping again & again.It will work at one point.