Cisco Secure ACS and Windows AD Group Mapping

griffijo · ‎10-27-2007

I have a Cisco Secure ACS Appliance running version 3.3. I have previously integrated Active Directory as an external database and authenticate unknown users this way. I want to map an ACS Group to an AD Group but whenever I try to do an "Add Mapping" in ACS I get an error that says "Failed to enumerate windows groups". I have searched on the error but all the documentation addresses the problem with ACS running on a Windows server, not the appliance.

somishra · ‎10-27-2007

Please make sure :

- we have installed the same exact version of RA as the ACS Software version

- Remote Agent service is running as Local System, if its installed on Domain Controller.

- Make sure that RA is registered in ACS under Network Configuration > Remote Agent

- We have selected the RA from External User Databases > Windows Database > Configure

tnx,

somishra

griffijo · ‎10-28-2007

The Remote Agent is functioning properly. I can authenticate users against Active Directory. The problem is when I try to map ACS groups to Active Directory groups.

somishra · ‎10-28-2007

How many groups do you have in the AD ?

griffijo · ‎10-28-2007

There are probably about 100 or so. No where near 500, at which point I think there is a problem.

somishra · ‎10-28-2007

Can you please attach the CSWinAgent logs, at the time you are trying to add the group mapping.

rgds

somishra

griffijo · ‎10-28-2007

This was a bug, CSCsi59931. After going from version 3.3.2.2 to version 3.3.4.12.6 on the ACS, the problem was resolved.