×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Group mappings

Answered Question
Sep 25th, 2006
User Badges:

Need to tap some brain power here. Can I map a NT account group to an ACS group? If I have a group on our domain called tngrp, can I map it to an HSCguest group on ACS? These will be more detailed groups so should these groups be checked prior to our NT login domain group?


Thanks


Dwane

Correct Answer by ethiel about 10 years 11 months ago

yes, yes, and yes. You can map windows groups to ACs groups. The gotchas are:

You cannot use nested groups in AD (e.g. testgroup contains testgroup1 and testgroup2).

A user can not map to multiple ACS groups. For this reason, as you mentioned, you want the most important groups first. For example, if you want admins to map to admins and users to map to users, you should define the admins mapping above the users mapping (assuming all admins are users).


-Eric

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
ethiel Mon, 09/25/2006 - 17:35
User Badges:
  • Gold, 750 points or more

yes, yes, and yes. You can map windows groups to ACs groups. The gotchas are:

You cannot use nested groups in AD (e.g. testgroup contains testgroup1 and testgroup2).

A user can not map to multiple ACS groups. For this reason, as you mentioned, you want the most important groups first. For example, if you want admins to map to admins and users to map to users, you should define the admins mapping above the users mapping (assuming all admins are users).


-Eric

Actions

This Discussion