ACS 4.x and Dynamic Mappings

Unanswered Question

Hi -

We have ACS integrated with AD and when a user is dynamically mapped, we would like to change the group locally on the ACS from what the mapping was, but after a while, the user changes back to "dynamic mapping" and the old group.

Is the only way to keep the setting is create the user locally and tell it to look for the password in the "Windows Database"?

Thank you!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
darpotter Mon, 07/14/2008 - 23:25

Its shouldnt be.. if you edit a dynamic user to hard set group membership the setting should remain.

That said, such users still have an "auto created" flag which newer versions of ACS probably use in order to seek out and destroy dynamic users.

Sounds like the safest way, as you've found, is to manually create.

Also worth noting with AD, the same user could end up with several accounts in ACS depending on whether how they entered their name:

DOMAIN/user

user

[email protected]

Each would look different to ACS and you might get multiple accounts.

Worse still, if you are doing NAC/NAP you'll see ACS create a user record for each user for each NAP.

Actions

This Discussion