Solved: Re: ACS 5.1 and AD Integration

rd9689 · ‎06-16-2010

I have just installed ACS 5.1 as a VM instance to provide TACACS AAA. So far things are working fine with local authentication and I now wish to have my users authenticate via AD. Looking at the user guide on page 8-39 it looks like I need to create an AD identity store and join the ACS server to the domain. Is this correct? and is the AD user name password required a one time thing to join the ACS server to the domain or a special account that must be created for the AD server?

thanks!

Bob

Jatin Katyal · ‎06-16-2010

Yes, that is correct.

Joining ACS to an AD Domain
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1140906

ACS 5.1 has to be configured with a valid NTP server for time synchronization, preferably from where the domain controller is syncing its time. Another one is a valid DNS server which can resolve internal names.

Both of them will be configured from the CLI:
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_use.html#wp1096003

ip name-server
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_app_a.html#wp1729536

Ntp server
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_app_a.html#wp1013780

And yes the admin username/password you use would be a one time. It could be an existing admin account, Just make sure whatever admin credentials you are using on ACS to integrate with AD should have privileges to add computer on the domain.

We will never recommend you to delete the admin account after integrating ACS with AD.

HTH

JK

Do rate helpful posts-

~Jatin

View solution in original post

Jatin Katyal · ‎06-16-2010