03-20-2007 09:18 AM - edited 03-10-2019 03:02 PM
In ACS we setup several groups: Internet-only, VPN-only and Internet-VPN. Users are then placed into these groups according to group-mapping from Windows AD. This has been working as designed for years. Now we upgrade to ACS 4.0 and there is a problem. It seems as if our Internet group from AD is not being recognized by ACS. If a user is only in the AD internet group, ACS places them in no access. If a user is in the internet group and a VPN group they are placed in VPN-only group. If a user is only in a VPN group they are correctly placed in VPN-only. If I setup a new group mapping, I see the Internet group in the list of AD groups. Does ACS 4.0 recognize all AD groups whether they are global or local when it come to authenticating and classifing users? I ask this because the VPNgroups are global groups and the Internet group is not, but that did not matter before.
Thanks
jogillis
03-22-2007 11:15 AM
It shouldn't make any difference. Did you make any changes in regards to Windows?
03-22-2007 11:34 AM
Not that I am aware. If we fall back to ACS 3.3 all works fine. If I create another group mapping (in ACS 4.0)using only global groups it works find. I make another group mapping using a local group, the same thing happens.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide