Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
2
Replies

ACS 3.3 using Windows AD Database

rman
Level 1
Level 1

‎10-17-2005 04:57 AM - edited ‎03-10-2019 02:20 PM

Hi,

I installed ACS3.3 on windows 2003 standard server and it joins Windows 2000 Active Directory. It works normally when it is using Cisco Secure Database. However, it can't authenticate users located in windows 2000 AD. Is my combination supported by Cisco ACS ? Any additional function I need to configure?

Besides, I checked with Document that NTLMv2 is not supported in Domain Authentication. NTLM version is determined by the Domain Controller or the Member Server (i.e. The ACS server)?

Thanks a lot!

Quote:

Verify that the NT LAN Manager (NTLM) version used is version 1. In the applicable Windows security policy editor, access Local Policies > Security Options, and locate the LAN Manager Authentication Level policy and set the policy to Send LM & NTLM responses. Other settings involve the use of NTLM v2, which Cisco Secure ACS does not support.

Labels:
0 Helpful
2 Replies 2

Darthkim_2
Level 1
Level 1

‎10-18-2005 05:45 PM

Sup dude,

How did you want to authenticate users from AD?

Yes it is possible to authenticate users from Active Directory. It just depends on how. You set the Active Directory as a external database. I currently use mine for 802.1x authentication.

Regarding NTLM authentication, the domain controller should dumb down to at least NTLM v1. This depends on the Group Policies defined for your domain.

0 Helpful

a.kiprawih
Level 7
Level 7
In response to Darthkim_2

‎10-21-2005 05:22 AM

Hi,

Just a quick check. Have you point the AD into your 'unknown user policy'? You need to do this in your ACS.

I assumed you have already done this:

- set user database in ACS to external database

- join your ACS server to your domain.

Rgds,

AK

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents