Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS 3.3 using Windows AD Database


I installed ACS3.3 on windows 2003 standard server and it joins Windows 2000 Active Directory. It works normally when it is using Cisco Secure Database. However, it can't authenticate users located in windows 2000 AD. Is my combination supported by Cisco ACS ? Any additional function I need to configure?

Besides, I checked with Document that NTLMv2 is not supported in Domain Authentication. NTLM version is determined by the Domain Controller or the Member Server (i.e. The ACS server)?

Thanks a lot!


Verify that the NT LAN Manager (NTLM) version used is version 1. In the applicable Windows security policy editor, access Local Policies > Security Options, and locate the LAN Manager Authentication Level policy and set the policy to Send LM & NTLM responses. Other settings involve the use of NTLM v2, which Cisco Secure ACS does not support.

New Member

Re: ACS 3.3 using Windows AD Database

Sup dude,

How did you want to authenticate users from AD?

Yes it is possible to authenticate users from Active Directory. It just depends on how. You set the Active Directory as a external database. I currently use mine for 802.1x authentication.

Regarding NTLM authentication, the domain controller should dumb down to at least NTLM v1. This depends on the Group Policies defined for your domain.

Re: ACS 3.3 using Windows AD Database


Just a quick check. Have you point the AD into your 'unknown user policy'? You need to do this in your ACS.

I assumed you have already done this:

- set user database in ACS to external database

- join your ACS server to your domain.