Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS integration with AD 2008

Hi,

Iam trying to integrate ACS 4.1 with AD 2008 but its not working, where as with AD 2003 it works.

can someone help me on this

Thanks

Ravi

12 REPLIES
New Member

Re: ACS integration with AD 2008

Hi Ravi,

ACS 4.1 does not support AD 2008 server.

Below links shows the supported Operating System for ACS 4.1:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/device/guide/sdt41.html#wp40144

If you want ACS to integrate Win 2008 AD, you need to migrate from ACS 4.1 to ACS 4.2 and then upgrade to 4.2 Patch 4.

ACS 4.2.0.124 Patch 4 supports Win 2008 AD.

Revert back for any clarifications.

Thanks,

Srividhya

New Member

Re: ACS integration with AD 2008

Thanks Srivihya, info is helpful, will get back to u incase i need any help

Thanks

Ravi

New Member

Re: ACS integration with AD 2008

What is the name of then Patch File ? In the page Download Software?

Cisco Employee

Re: ACS integration with AD 2008

Hi,

The software mentioned is Acs-4.2.1.15.4-SW.zip. It is present on download software of cisco.com page.

Hope this helps.

Regards,

Anisha

P.

New Member

Re: ACS integration with AD 2008

Anisha,


I saw another posting in which Cisco that said ACS v4.2 was not supported with 2008 R2 - that ACS v5.1 was required.

We are getting ready to upgrade to v4.2.1.15.3 (.3 patch was the latest at the time - couple of months ago), but now I see from this posting that there is a .4 patch.  Does the .4 patch allow ACS v4.2.1.15 to work with 2008 R2?

We are also in the process of upgrading to Server 2008 R2 and hadn't planned on upgrading to ACS v5.x anytime soon.

Thanks!

Cisco Employee

Re: ACS integration with AD 2008

Hi,

Patch 4 does not support windows 2008 R2 you need ACS 5.2 for the same.

The following link stating the system requirements clearly states that windows 2008 R2 is not supported.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/Installation_Guide/windows/install.html#wp1041324

The Bug CSCtg12399 ACS 5.1 did not support 2008 R2 Server for AD is resolved in ACS 5.2.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/release/notes/acs_52_rn.html

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

New Member

Re: ACS integration with AD 2008

Anisha,


This document is for ACS for Windows.  What if you have ACS Solution Engines?  What exactly does "not supported" mean?


Does it mean you cannot authenticate against any windows domain controller that's running 2008R2?

Does it mean you cannot run a Windows Agent on any member server running 2008R2?

I'd like to understand exactly what "not supported" means when it comes to the Solution Engine.

This is a very significant issue that may have a huge impact on our environment.  We have 35+ solution engines in 6 different infrastructures, so "upgrade to v5.2" is not a simple solution, especially when the versions are not compatible with each other.


Thanks!

-Matt

Cisco Employee

Re: ACS integration with AD 2008

Hi Matt,

The ACS is designed to support windows 2003 and windows 2008 schema. The Windows R2 schema is very different.

So neither you can authenticate against windows 2008 R2 DC nor can you run windows agent.

Hope that helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

New Member

Re: ACS integration with AD 2008

Yes, it answers my question.  Thank you!

New Member

Re: ACS integration with AD 2008

Can you clarify this?

We are currently Cisco ACS 4.2 on a Windows server 2003 and authenticating towards a Windows Server 2008 R2 AD domain without issues. We are authenticating both users and machine certificates. I see from the documentation that this is not supported, but it does work (AD group upgraded to 2008 R2 without informing us).

The following post shows that others are running the same configuration without issues as well:

https://supportforums.cisco.com/message/3027740#3027740

We are in the process of moving to ACS 5.2 in order to have a supported solution, but in the meantime we are not experiencing any issues....

Cisco Employee

Re: ACS integration with AD 2008

Hi,

I would jus say that you are lucky.

There are issues and i have seen them. If it breaks, as you said you will not get any support.

Regards,

Anisha

- Do rate helpful posts

New Member

Re: ACS integration with AD 2008

Hi,

what means " Cisco ACS 4.2 does not support AD 2008 server"?

I can't add as external database a windows 2008R2 domain?

I have to upgrade my domain from windows 2003 to windows 2008R2 domain, what can I do on my ACS 4.2 to support this upgrade?

Thank you for the clarification.

Laura

1536
Views
0
Helpful
12
Replies