Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
4
Helpful
8
Replies

AD with ACS 4.2 issues

youssef_1985
Level 1
Level 1

‎09-28-2008 06:29 AM - edited ‎03-10-2019 04:06 PM

hay

I want to ask you friend

I have AD window 2K3 service pack 1 and ACS 4.2 i think it is well to configure i can import all groupe window and the mapping but anyone user is not able to authenticates itself.

1)I believe that I need an agent?if yes give me the link for download.

if "no" help me sur.

Labels:
0 Helpful
8 Replies 8

craig.eyre
Level 1
Level 1

‎09-30-2008 08:32 AM

Hi,

If I understand you correctly from your post, is that you have Win2k3 and ACS 4.2 configured as you see correct. You can map the local ACS groups to the appropriate AD groups but the users cannot login with their AD credentials. Is that correct? What are you trying to log into? Switches, wireless.....etc

There is no agent that you need to install but you need to make some changes on the AD side.

Did you follow this document?

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html

Craig

HTH

0 Helpful

youssef_1985
Level 1
Level 1
In response to craig.eyre

‎10-02-2008 09:10 AM

thanks for your reply,

Yes it is corect,I want to log into my network because i use dot1x in my Switch.

if it is available give me the modification that I had to make on AD.

0 Helpful

craig.eyre
Level 1
Level 1
In response to youssef_1985

‎10-02-2008 11:55 AM

Hi,

Are you trying to do USER authentication or MACHINE authentication? I assume machine authentication but please confirm.

Craig

0 Helpful

youssef_1985
Level 1
Level 1
In response to craig.eyre

‎10-02-2008 01:27 PM

hi,

yes i try to do user athentication.

0 Helpful

craig.eyre
Level 1
Level 1
In response to youssef_1985

‎10-02-2008 01:54 PM

Hi

Have you configured a workstation in active directory with a name of CISCO?

If you navigate to external user database/database configuration/windows database on the ACS and scroll to the bottom of that screen you'll see a setting called "Windows Authentication Configuration" You'll see a "default "Cisco"" listed there. You need a workstation configured in active directory to match that of the ACS.

hth

Craig

youssef_1985
Level 1
Level 1
In response to craig.eyre

‎10-03-2008 12:43 AM

hi,

no,I am going to test it then I inform you of the result.

thanks.

0 Helpful

youssef_1985
Level 1
Level 1
In response to craig.eyre

‎10-07-2008 11:17 AM

hi thanks it's work fine but:

if i try to connect in my domain with new account this message display "domain not found"

but not problem with old account.

for resolve this issue I had to connect to a port configured without dot1x.

help me please.

0 Helpful

craig.eyre
Level 1
Level 1
In response to youssef_1985

‎10-07-2008 12:30 PM

Hi,

You don't need dot1x if you are only doing USER authentication but I assume that you are looking to use machine authentication if you have dot1x configured.

Below is a document that should help you on your way.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00805e7a18.shtml

HTH

Craig

0 Helpful
Customers Also Viewed These Support Documents