Cisco Secure ACS and Windows AD Group Mapping

Unanswered Question
Oct 27th, 2007
User Badges:

I have a Cisco Secure ACS Appliance running version 3.3. I have previously integrated Active Directory as an external database and authenticate unknown users this way. I want to map an ACS Group to an AD Group but whenever I try to do an "Add Mapping" in ACS I get an error that says "Failed to enumerate windows groups". I have searched on the error but all the documentation addresses the problem with ACS running on a Windows server, not the appliance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
somishra Sat, 10/27/2007 - 21:36
User Badges:
  • Cisco Employee,

Please make sure :

- we have installed the same exact version of RA as the ACS Software version

- Remote Agent service is running as Local System, if its installed on Domain Controller.

- Make sure that RA is registered in ACS under Network Configuration > Remote Agent

- We have selected the RA from External User Databases > Windows Database > Configure



griffijo@elizab... Sun, 10/28/2007 - 06:48
User Badges:

The Remote Agent is functioning properly. I can authenticate users against Active Directory. The problem is when I try to map ACS groups to Active Directory groups.

somishra Sun, 10/28/2007 - 06:51
User Badges:
  • Cisco Employee,

How many groups do you have in the AD ?

griffijo@elizab... Sun, 10/28/2007 - 06:52
User Badges:

There are probably about 100 or so. No where near 500, at which point I think there is a problem.

somishra Sun, 10/28/2007 - 07:00
User Badges:
  • Cisco Employee,

Can you please attach the CSWinAgent logs, at the time you are trying to add the group mapping.




This Discussion