Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
468
Views
5
Helpful
1
Replies

ACS 4.1 with Network Access Profiles

mmelbourne
Level 5
Level 5

‎05-21-2008 11:34 AM - edited ‎03-10-2019 03:51 PM

I've just upgraded to ACS 4.1 and am using a Network Access Profile (NAP) to ensure wireless users are authenticated against a Windows AD only (we had issues with overlapping user names for token-based access to other systems). I've had to add the internal database to the sequence of databases searched for this NAP to permit statically configured infrastructure AP credentials (in the ACS internal database) to be used to allow APs to authenticate to a WLSM.

All of this works, but I'm struggling to understand some entries in the user list (see attached JPEG) which shows the internal user, and an uneditable copy of that user which appears to have been used by the NAP. It just looked odd the first time I saw it, and I can't find any documentation which explains the interpretation of the Network Access Profile field in the user list.

Labels:
Preview file
106 KB
0 Helpful
1 Reply 1

darpotter
Level 5
Level 5

‎05-21-2008 10:46 PM

Hi

Its purely down to how NAP was implemented. In ACS v3.x a user could only be in one group at a time (even with dynamic mapping) and have one password type (either set by ACS admin or the first time an unknown user was authenticated)

With NAP in 4.x they got around this by creating multiple database entries for each user - one for each NAP.

Its perhaps a bit cludgy and the net result is that you might see the sames users listed multiple times.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents