I'm currently trying to let Cisco NAC work together with a Windows Active Directory.
I've tried to activate the unknown user policy but it doesn't seem to be working.
First of all, when the same user exists in the ACS internal database and the external Active Directory database, then the authentication works like it should be.
However, when the user only exists in the external Active Directory Database, the users isn't added automatically to the internal ACS database. In stead, I have to put in the credentials for an existing internal account manually in the 'Trust Agent User Credentials' pop-up window.