Following a config guide I was able to edit a user group and send the parameters the ACE was expecting as to user, role and domain in order to authenticate within the right context and with the right privileges. This, though, was made on a testing environment and I'd rather avoid editing the group of the live ACS to meet ACE's requirements. That group has already a config I wouldn't want to mess with.
I am under the impression that the same thing could be done by creating a Service and associate it with either a user or a group. I also think that the name of the service must match some ID or parameter sent by the ACE during authentication. Maybe hostname or a key word that identifies it. Is that so? What would it be the best way to send the parameters to the ACE trying to avoid messing with the groups?
If in fact there is an ID or alike that you can tell me about, please do so.
Thanks a lot!