Cisco ACS integration with Windows Active directory

Unanswered Question
Apr 13th, 2010
User Badges:

Hello all...

     I have a Cisco ACS 4.2 running on windows server 2003 . I have integrated it with active directory. I created two groups in the active directory lets say  " MAINGROUP" and "SUBGROUP" . I  created one user "user1" and added this user to the group "SUBGROUP". Then i added this "SUBGROUP" to the "MAIN GROUP". Now "SUBGROUP" is  a member of " MAINGROUP". Now when i map a group in the ACS say " Group 1" to the Active Directory Group " MAINGROUP" and try to login as "user1" authentication is failing. I cheked the failed authentications list in ACS and it gives me an error "EXTERNAL DATABASE ACCOUNT RESTRICTION" . If i map the "SUBGROUP" instead of "MAIN GROUP" to acs group "Group 1" the authentication is successfull for user1. This is the minimum scenario. If i have 100 groups in AD then do i have to map them one by one to the acs group or I can add these 100 group to a parent group and map this parent group to the desired acs group?... Please help me on this.. I am badly in need of  a solution. If anybody can advise me the step by step solution then it ll be so helpful for me..

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion