I have problems in configuring Cisco ACS 5.2. I did not find how to configure it for authorization (on itself) by AD credentials. I mean, like an administrator acount, but from AD groups. It was easy to configure connection with AD, selecting identity groups and creating authentication policies for tacacs authorization on network devices. It works fine! But how can i configure it to authenticate by AD user/pass on itself? Can anyone give some suggestions. Thanks!
Machine authentication provides access to network services to only these computers that are listed in Active Directory. This becomes very important for wireless networks because unauthorized users can try to access your wireless access points from outside your office building.
You can configure ACS to retrieve user or machine AD attributes to be used in authorization and group mapping rules. The attributes are mapped to the ACS policy results and determine the authorization level for the user or machine.
ACS retrieves user and machine AD attributes after a successful user or machine authentication and can also retrieve the attributes for authorization and group mapping purposes independent of authentication.
ACS can retrieve user or machine groups from Active Directory after a successful authentication and also retrieve the user or machine group independent of authentication for authorization and group mapping purposes. You can use the AD group data in the authorization and group mapping tables and introduce special conditions to match them against the retrieved groups.
Morover please go through given link for configuration. This link will helpful to you.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...