Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

AAA Windows AD Authentication per Device Group

Hello,

I currently have and ACS system authenticating against a Win2K3 AD database. I have a user that is a member of multiple security groups that are mapped to multiple groups on the ACS. I want to be able to force authentication against a specific group based on the device group that is being used for authentication.

For example, User1 is a member of GroupA, GroupB, and GroupC in the AD. GroupA is mapped to Group1 in the ACS, GroupB is mapped to Group2, and GroupC is mapped to Group3. I have three device groups called switches, firewalls, and routers.

When User1 logs into a router, I want him to be authenticated against Group1. When User1 logs into a switch, authenticate against Group2, and a firewall would be authenticated against Group3. Is it posssible to even do this? If so, how?

Thanks for your help!

Steve

5 REPLIES
noc
New Member

Re: AAA Windows AD Authentication per Device Group

I have the same problem.

The users mapped by external authenticator are dinamically linked to Cisco ACS group.

Since ACS uses the group order to match the credentials, even if the user is groupped in more than one group in AD, it's linked to the first ACS group.

I've tried also to use a NAR, but it doesn't seem to work.

Anyone has suggestions?

Andrea

New Member

Re: AAA Windows AD Authentication per Device Group

Doing the same setup with our new ACS so I'm really hoping someone can assist with this problem

New Member

Re: AAA Windows AD Authentication per Device Group

Hi,

What version of ACS are you currently running?

Craig

noc
New Member

Re: AAA Windows AD Authentication per Device Group

I'm running version is 4.0.1.27

Andrea

New Member

Re: AAA Windows AD Authentication per Device Group

I am running multiple versions for multiple customers, from 4.0 to 4.2.

154
Views
0
Helpful
5
Replies
CreatePlease to create content