ACS 4.0 and AD groups

Unanswered Question
Mar 20th, 2007
User Badges:

In ACS we setup several groups: Internet-only, VPN-only and Internet-VPN. Users are then placed into these groups according to group-mapping from Windows AD. This has been working as designed for years. Now we upgrade to ACS 4.0 and there is a problem. It seems as if our Internet group from AD is not being recognized by ACS. If a user is only in the AD internet group, ACS places them in no access. If a user is in the internet group and a VPN group they are placed in VPN-only group. If a user is only in a VPN group they are correctly placed in VPN-only. If I setup a new group mapping, I see the Internet group in the list of AD groups. Does ACS 4.0 recognize all AD groups whether they are global or local when it come to authenticating and classifing users? I ask this because the VPNgroups are global groups and the Internet group is not, but that did not matter before.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jhillend Thu, 03/22/2007 - 11:15
User Badges:
  • Bronze, 100 points or more

It shouldn't make any difference. Did you make any changes in regards to Windows?

jogillis Thu, 03/22/2007 - 11:34
User Badges:

Not that I am aware. If we fall back to ACS 3.3 all works fine. If I create another group mapping (in ACS 4.0)using only global groups it works find. I make another group mapping using a local group, the same thing happens.


This Discussion