cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
750
Views
5
Helpful
7
Replies

acs admin via external database?(MS AD)

ryancolson
Level 1
Level 1

Is it possible, and if so, where would i go about doing it, to set ACS up so that it pulls from AD for ACS admins. For example, I create an AD group called ACSADMIN, and therefore everyone in that group has ACS admin rights

7 Replies 7

Jagdeep Gambhir
Level 10
Level 10

Unfortunately that is not possible. This feature is currently not available with acs.

Regards,

~JG

Do rate helpful posts

Hi I have a similar request.  Can I associate a AD group with ACS administrators or some similar role based feature?(example read only to view ACS 5.3)?

Hi Tuyen,

The feature you're looking for has been introduced in ACS 5.4. You may go through the below listed link:

Check Release notes of ACS 5.4 under System Administration Enhancements

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/release/notes/acs_54_rn.html#wp71092

If you've ACS 5.4 running in your setup and you'd like to configure this feature, please refer the below listed link:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/admin_admin.html#wp1089044

Summary of steps you need to perform:

1. Define ACS as a AAA/tacacs client in ACS

2. Login to the ACS CLI through SSH or console session and execute a command

   - aaa authentication tacacs+ server key

3. Go to System Administration || Administrative Access Control || Identity || Select AD as a Identity source.

4. Click on Authorization || create a new rule || select the username from AD that you want to login with || select the       role that you want to assign to user. You may first create a user with super-admin role

5. Save the changes, logout and login again with the ad account.

NOTE: If you're not comfortable with the above changes, you may open a TAC case.

Hope it helps.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Were you able to configure it in your setup?

Do let us know how it goes?

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Ravi Singh
Level 7
Level 7

For ACS admin you have to create the user locally. Till now the requested feature is not available with ACS.

Thanks it worked.

thats a good news. Would appreciate if you mark this thread answered and close it, other community may get help with the similar query.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: