Recently install ACS 18.104.22.168.8 and setup ACS for device Administration using TACACS+.
Everything works as expected; ACS intergrated correctly with end points, local users can auth onto end point correctly though AAA.
Debug on end points shows successful AAA comms to ACS.
Now I'm at the point to remove all local users in ACS and intergrate ACS with AD.
I setup the external store AD section with the correct domain name and added the AD user (the AD service account had domain admin rights)
I clicked 'test connectivity' button and got a successful connection first go.
I setup the AD section to link to 2 AD groups.
Now I run into a brick wall.
I cannot seem to authenticate an AD user for AAA access onto a router or switch using telnet.
I check the logs and noticed that it says 'unknown user' and the store its using says 'internal store'
I have set the identity store sequence to be AD first then local but ACS still does not seem to check against the external store.
I'm not sure if I should be setting up ACS to AD group mappings, if this will have any effect, like it did in 4.2
I'm also unsure as to how the rule set should be changed in my access policies; e.g. do I need to click the customize button and add in a new policy element. And then rewrite the rules to exclude local groups and include AD groups, so as to get ACS to perform user lookup against the external AD store.
If anyone can point be the the right direction, would be greatly appreciated.. or
if someone could please point me towards a step guide as to how to correctly setup ACS to intergrate into AD for tacacs device admin this would also help.