acs admin via external database?(MS AD)

Unanswered Question
Oct 4th, 2008

Is it possible, and if so, where would i go about doing it, to set ACS up so that it pulls from AD for ACS admins. For example, I create an AD group called ACSADMIN, and therefore everyone in that group has ACS admin rights

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jagdeep Gambhir Mon, 10/06/2008 - 04:45

Unfortunately that is not possible. This feature is currently not available with acs.

Regards,

~JG

Do rate helpful posts

Tuyen Nguyen Tue, 07/23/2013 - 18:22

Hi I have a similar request.  Can I associate a AD group with ACS administrators or some similar role based feature?(example read only to view ACS 5.3)?

Jatin Katyal Wed, 07/24/2013 - 00:13

Hi Tuyen,

The feature you're looking for has been introduced in ACS 5.4. You may go through the below listed link:

Check Release notes of ACS 5.4 under System Administration Enhancements

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/release/notes/acs_54_rn.html#wp71092

If you've ACS 5.4 running in your setup and you'd like to configure this feature, please refer the below listed link:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/admin_admin.html#wp1089044

Summary of steps you need to perform:

1. Define ACS as a AAA/tacacs client in ACS

2. Login to the ACS CLI through SSH or console session and execute a command

   - aaa authentication tacacs+ server key

3. Go to System Administration || Administrative Access Control || Identity || Select AD as a Identity source.

4. Click on Authorization || create a new rule || select the username from AD that you want to login with || select the       role that you want to assign to user. You may first create a user with super-admin role

5. Save the changes, logout and login again with the ad account.

NOTE: If you're not comfortable with the above changes, you may open a TAC case.

Hope it helps.

~BR
Jatin Katyal

**Do rate helpful posts**

Ravi Singh Tue, 07/23/2013 - 18:54

For ACS admin you have to create the user locally. Till now the requested feature is not available with ACS.

Jatin Katyal Fri, 07/26/2013 - 07:37

thats a good news. Would appreciate if you mark this thread answered and close it, other community may get help with the similar query.

~BR
Jatin Katyal

**Do rate helpful posts**

Actions

This Discussion