I am trying to integrate my Cisco ACS 5.3 with Windows Active directory for centralised user authentication but i continously receive
a kerberos status error.
i have checked and my firewall is open for all the ports between ACS and AD
Samba Port - TCP 445
LDAP - TCP 389
LDAP - UDP 389 (is ok)
KDC - TCP 88
kpasswd - TCP 464
NTP- UDP 123
Global catalogue - TCP - 3268
any known issues on this? my NTP time is synchronized with the Active Directory.
thanks in advance for the help.
Couple of comments:
- If you are testingACS 5.3 with active directory recommendation is to install at least patch 4
which has following note
"When you install ACS 5.3 or upgrade any older version of ACS to ACS 5.3, you are strongly recommended to install the cumulative patch 18.104.22.168.4 or a later patch as a part of this installation or upgrade process. This patch includes some important fixes that are related to the upgrade process and Active Directory operations. You must install this patch if you are using Active Directory as the identity store in ACS."
Latest patch is in fact 22.214.171.124.5
- Can try the "Test Connection" button on the active directiory GUI