Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ACS 5.1 and AD Integration

I have just installed ACS 5.1 as a VM instance to provide TACACS AAA.  So far things are working fine with local authentication and I now wish to have my users authenticate via AD.  Looking at the user guide on page 8-39 it looks like I need to create an AD identity store and join the ACS server to the domain.  Is this correct? and is the AD user name password required a one time thing to join the ACS server to the domain or a special account that must be created for the AD server?

thanks!

Bob

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACS 5.1 and AD Integration

Yes, that is correct.


Joining ACS to an AD Domain
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1140906

ACS 5.1 has to be configured with a valid NTP server for time synchronization, preferably from where the domain controller is syncing its time. Another one is a valid DNS server which can resolve internal names.

Both of them will be configured from the CLI:
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_use.html#wp1096003

ip name-server
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_app_a.html#wp1729536

Ntp server
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_app_a.html#wp1013780

And yes the admin username/password you use would be a one time. It could be an existing admin account, Just make sure whatever admin credentials you are using on ACS to  integrate with AD should have privileges to add computer on the domain.


We will never recommend you to delete the admin account after integrating ACS with AD.


HTH

JK


Do rate helpful posts-


~Jatin Katyal
2 REPLIES
Cisco Employee

Re: ACS 5.1 and AD Integration

Yes, that is correct.


Joining ACS to an AD Domain
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1140906

ACS 5.1 has to be configured with a valid NTP server for time synchronization, preferably from where the domain controller is syncing its time. Another one is a valid DNS server which can resolve internal names.

Both of them will be configured from the CLI:
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_use.html#wp1096003

ip name-server
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_app_a.html#wp1729536

Ntp server
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_app_a.html#wp1013780

And yes the admin username/password you use would be a one time. It could be an existing admin account, Just make sure whatever admin credentials you are using on ACS to  integrate with AD should have privileges to add computer on the domain.


We will never recommend you to delete the admin account after integrating ACS with AD.


HTH

JK


Do rate helpful posts-


~Jatin Katyal
Community Member

Re: ACS 5.1 and AD Integration

JK

Thanks for the response!

Bob

734
Views
0
Helpful
2
Replies
CreatePlease to create content