×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

problem integrating ACS 5.3 with Active Directory

Answered Question
Jun 11th, 2012
User Badges:

Hello All,


I am trying to integrate my Cisco ACS 5.3 with Windows Active directory for centralised user authentication but i continously receive


a kerberos status error.

i have checked and my firewall is open for all the ports  between ACS and AD


Samba Port - TCP 445

LDAP - TCP 389

LDAP - UDP 389 (is ok)

KDC - TCP 88

kpasswd - TCP 464

NTP- UDP 123

Global catalogue - TCP - 3268


DNS 53


any known issues on this? my NTP time is synchronized with the Active Directory.


thanks in advance for the help.

Correct Answer by jrabinow about 5 years 2 months ago

Couple of comments:

- If you are testingACS 5.3 with active directory recommendation is to install at least patch 4

  See: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/release/notes/acs_53_rn.html#wp223684

which has following note

"When you install ACS 5.3 or upgrade any older version of ACS to ACS 5.3, you are strongly recommended to install the cumulative patch 5.3.0.40.4 or a later patch as a part of this installation or upgrade process. This patch includes some important fixes that are related to the upgrade process and Active Directory operations. You must install this patch if you are using Active Directory as the identity store in ACS."

Latest patch is in fact 5.3.0.40.5


- Can try the "Test Connection" button on the active directiory GUI

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
jrabinow Mon, 06/11/2012 - 03:13
User Badges:
  • Cisco Employee,

Couple of comments:

- If you are testingACS 5.3 with active directory recommendation is to install at least patch 4

  See: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/release/notes/acs_53_rn.html#wp223684

which has following note

"When you install ACS 5.3 or upgrade any older version of ACS to ACS 5.3, you are strongly recommended to install the cumulative patch 5.3.0.40.4 or a later patch as a part of this installation or upgrade process. This patch includes some important fixes that are related to the upgrade process and Active Directory operations. You must install this patch if you are using Active Directory as the identity store in ACS."

Latest patch is in fact 5.3.0.40.5


- Can try the "Test Connection" button on the active directiory GUI

Actions

This Discussion