We've got a rule in our pix that authentication for outside adresses (the internet) will be via tacacs+
Our tacacs server is an acs (version 3.3) and the authentication-mechanism works.
In the acs we've got an external userdatabase (active directory) and we say that if a user
is member from a particulair group he will be mapped with a acs group wich will give
the user the rights.
for new users this goes fine but for users that already exists in acs (in other groups) then
the acs will never look in the external userdatabase but will authenticate against the
existing user (and if the user is in a wrong group we've got a failed attempt)
Is there a way to tell acs allways to look in the external userdatabase??