Problem ACS 4.0 with group mapping

Unanswered Question
Feb 5th, 2008

A customer has an ACS 4.0.27 for Windows 2k3 SP2 and added a new domain. By mapping the domain with a group of Cisco Secure should authenticate with the user of that domain and access devices group Cisco Secure, but always authentic in the group ID 0 (Default).

I deleted the mapping and created again but it does not work.

I attach part of the CSAuth.log.

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jhillend Tue, 02/19/2008 - 10:03

Just a few things to check...

Does the new domain have a trust relationship with the local domain for ACS? This is required.

Is the same username used in both domains? The local domain will always use the local username. If this is the case, you may need to add the domain to the username, for example newdomain/username.

acgsupport Wed, 02/20/2008 - 04:29

Answer the first question, yes. The new domain has a trust relationship.

the username is different, and try to login in using the following sintax, domain\username or username@domain.com, but I think that the ACS 4.0 have a bug or similar. I'll take a test with ACS 4.1, if the test is OK, I'll notice

Thanks

Actions

This Discussion