Most probably this question has been asked earlier but I couldnt find any during my research in this forum.
For now, I setup all our networking devices to use tacacs+ for authentication and it works ok. What I want to accomplish is, I want to restrict the user privileges based on which AD group the user belongs to. I think I need to setup our existing AD as an LDAP server on Cisco ACS.
Like if the user belongs to an ordinaru Domain Users group he wont get authorized to access that network device but if he/she belongs to CiscoAdmins group in our active directory structure then they will have granted access.
If anyone has any config examples (not just guides) on ways of doing this I would really appreciate if they can share those with me. I really do not have time to go through many pages of Cisco ACS Admin guide.
Thanks in advance.