Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
892
Views
5
Helpful
2
Replies

ACS 4.2 new Domain

ToX1c1986
Level 1
Level 1

‎05-24-2010 09:38 PM - edited ‎03-10-2019 05:09 PM

Hello!

I need to add new domain in my Windows DB configuration on ACS. I just need to add new domain from "Configure Domain List" ? After that add manual mapping groups from AD to groups in ACS?

Also, what does it mean -

"Submitting the configuration changes removes the dynamic users linked to the database." That all users now connected will be remowed?

Thanks for help!

Labels:
0 Helpful
2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

‎05-25-2010 03:08 AM

No thats means ACS will not show the dynamically mapped user under users list unless they disconnet and authenticate again via ACS. It will remove all the dynamically mapped user from the ACS ( users exist on AD).


Dynamic user: If the user does not exist in the CS ACS local database, CS ACS marks that user as unknown and checks for an unknown user policy. If the unknown user policy is to fail the user, CS ACS fails the user. Otherwise, if external database is configured, CS ACS forwards that information to the configured external user database. CS ACS tries each external user database until the user succeeds or fails.If the authentication is successful, the user information goes into the cache of CSACS, which has a pointer for using the external user database. This user is known as a dynamic user.

The next time the dynamic user tries to authenticate, Cisco Secure ACS authenticates the user against the database that was successful the first time. These cached user entries are used to speed up the authentication process. Dynamic users are treated in the same way as known users.

HTH

JK


Do rate helpful posts-

~Jatin

ToX1c1986
Level 1
Level 1
In response to Jatin Katyal

‎05-25-2010 03:24 AM

Thank you very much, now I know what does it mean Dynamic User.

And what about new domain in DB?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents