Authenticating against AD

Unanswered Question
May 8th, 2007


Currently I have users authenticating against RSA Ace server, but going via ACS 4.0's external database policy. Also have dialup users authenticating against the ACS internal database with CLI restrictions. My intention is to move the users using the internal database to authenticate against Active Directory. However ACS is in a management DMZ and being firewalled off isn't a member server of the Active Directoy domain. Unfortunately I can't take it out of the DMZ. Is it neccesary for the ACS server to be a member server of Active Directory? Most documentation I have seen suggests it is...



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 05/09/2007 - 09:51


As far as i am aware yes it does need to be a member of the AD domain to be able to query the AD database.

If you had an internal ACS server you could proxy the request from your DMZ which would alleviate some of the issues.




This Discussion