ACS integration with AD 2008

Unanswered Question
Aug 22nd, 2008

Hi,

Iam trying to integrate ACS 4.1 with AD 2008 but its not working, where as with AD 2003 it works.

can someone help me on this

Thanks

Ravi

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srivchan Fri, 08/22/2008 - 04:45

Hi Ravi,

ACS 4.1 does not support AD 2008 server.

Below links shows the supported Operating System for ACS 4.1:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/device/guide/sdt41.html#wp40144

If you want ACS to integrate Win 2008 AD, you need to migrate from ACS 4.1 to ACS 4.2 and then upgrade to 4.2 Patch 4.

ACS 4.2.0.124 Patch 4 supports Win 2008 AD.

Revert back for any clarifications.

Thanks,

Srividhya

ravisambaji Fri, 08/22/2008 - 05:06

Thanks Srivihya, info is helpful, will get back to u incase i need any help

Thanks

Ravi

andamani Wed, 03/02/2011 - 07:52

Hi,

The software mentioned is Acs-4.2.1.15.4-SW.zip. It is present on download software of cisco.com page.

Hope this helps.

Regards,

Anisha

P.

mmletzko Fri, 03/25/2011 - 11:16

Anisha,


I saw another posting in which Cisco that said ACS v4.2 was not supported with 2008 R2 - that ACS v5.1 was required.

We are getting ready to upgrade to v4.2.1.15.3 (.3 patch was the latest at the time - couple of months ago), but now I see from this posting that there is a .4 patch.  Does the .4 patch allow ACS v4.2.1.15 to work with 2008 R2?

We are also in the process of upgrading to Server 2008 R2 and hadn't planned on upgrading to ACS v5.x anytime soon.

Thanks!

andamani Fri, 03/25/2011 - 18:47

Hi,

Patch 4 does not support windows 2008 R2 you need ACS 5.2 for the same.

The following link stating the system requirements clearly states that windows 2008 R2 is not supported.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/Installation_Guide/windows/install.html#wp1041324

The Bug CSCtg12399 ACS 5.1 did not support 2008 R2 Server for AD is resolved in ACS 5.2.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/release/notes/acs_52_rn.html

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

mmletzko Mon, 03/28/2011 - 07:00

Anisha,


This document is for ACS for Windows.  What if you have ACS Solution Engines?  What exactly does "not supported" mean?


Does it mean you cannot authenticate against any windows domain controller that's running 2008R2?

Does it mean you cannot run a Windows Agent on any member server running 2008R2?

I'd like to understand exactly what "not supported" means when it comes to the Solution Engine.

This is a very significant issue that may have a huge impact on our environment.  We have 35+ solution engines in 6 different infrastructures, so "upgrade to v5.2" is not a simple solution, especially when the versions are not compatible with each other.


Thanks!

-Matt

andamani Mon, 03/28/2011 - 10:01

Hi Matt,

The ACS is designed to support windows 2003 and windows 2008 schema. The Windows R2 schema is very different.

So neither you can authenticate against windows 2008 R2 DC nor can you run windows agent.

Hope that helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

staalebotnen Tue, 03/29/2011 - 03:16

Can you clarify this?

We are currently Cisco ACS 4.2 on a Windows server 2003 and authenticating towards a Windows Server 2008 R2 AD domain without issues. We are authenticating both users and machine certificates. I see from the documentation that this is not supported, but it does work (AD group upgraded to 2008 R2 without informing us).

The following post shows that others are running the same configuration without issues as well:

https://supportforums.cisco.com/message/3027740#3027740

We are in the process of moving to ACS 5.2 in order to have a supported solution, but in the meantime we are not experiencing any issues....

andamani Fri, 04/08/2011 - 10:57

Hi,

I would jus say that you are lucky.

There are issues and i have seen them. If it breaks, as you said you will not get any support.

Regards,

Anisha

- Do rate helpful posts

aboschetti Tue, 07/12/2011 - 02:26

Hi,

what means " Cisco ACS 4.2 does not support AD 2008 server"?

I can't add as external database a windows 2008R2 domain?

I have to upgrade my domain from windows 2003 to windows 2008R2 domain, what can I do on my ACS 4.2 to support this upgrade?

Thank you for the clarification.

Laura

Actions

This Discussion