We have ACS providing TACACS authentication to our network devices.
ACS is configured to check Active Directory if the user is not in the Local ACS database.
If the user is not already configured in the Username list, ACS creates a dynamic account for the user if he is in Active Directory.
The dynamic account has level 15 priviledges.
I am trying to find where I change the Dynamic Mapping settings for the users that get created this way.
The Default Group settings are different that the dynamically mapped user settings.
How can I change the Level for these dynamic accounts that get created, or stop it?
If I change the External Database to not include Active Directory, will it prevent the existing users configured to use AD as their external database from loggin in?