acs admin via external database?(MS AD)

Unanswered Question
Oct 4th, 2008
User Badges:

Is it possible, and if so, where would i go about doing it, to set ACS up so that it pulls from AD for ACS admins. For example, I create an AD group called ACSADMIN, and therefore everyone in that group has ACS admin rights

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jagdeep Gambhir Mon, 10/06/2008 - 04:45
User Badges:
  • Red, 2250 points or more

Unfortunately that is not possible. This feature is currently not available with acs.


Regards,

~JG


Do rate helpful posts

Tuyen Nguyen Tue, 07/23/2013 - 18:22
User Badges:

Hi I have a similar request.  Can I associate a AD group with ACS administrators or some similar role based feature?(example read only to view ACS 5.3)?

Jatin Katyal Wed, 07/24/2013 - 00:13
User Badges:
  • Cisco Employee,

Hi Tuyen,


The feature you're looking for has been introduced in ACS 5.4. You may go through the below listed link:


Check Release notes of ACS 5.4 under System Administration Enhancements

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/release/notes/acs_54_rn.html#wp71092


If you've ACS 5.4 running in your setup and you'd like to configure this feature, please refer the below listed link:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/admin_admin.html#wp1089044


Summary of steps you need to perform:

1. Define ACS as a AAA/tacacs client in ACS

2. Login to the ACS CLI through SSH or console session and execute a command

   - aaa authentication tacacs+ server key

3. Go to System Administration || Administrative Access Control || Identity || Select AD as a Identity source.

4. Click on Authorization || create a new rule || select the username from AD that you want to login with || select the       role that you want to assign to user. You may first create a user with super-admin role

5. Save the changes, logout and login again with the ad account.


NOTE: If you're not comfortable with the above changes, you may open a TAC case.


Hope it helps.



~BR
Jatin Katyal

**Do rate helpful posts**

Jatin Katyal Thu, 07/25/2013 - 01:23
User Badges:
  • Cisco Employee,


Were you able to configure it in your setup?

Do let us know how it goes?


~BR
Jatin Katyal

**Do rate helpful posts**

Ravi Singh Tue, 07/23/2013 - 18:54
User Badges:
  • Cisco Employee,

For ACS admin you have to create the user locally. Till now the requested feature is not available with ACS.

Jatin Katyal Fri, 07/26/2013 - 07:37
User Badges:
  • Cisco Employee,

thats a good news. Would appreciate if you mark this thread answered and close it, other community may get help with the similar query.


~BR
Jatin Katyal

**Do rate helpful posts**

Actions

This Discussion