Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
0
Helpful
2
Replies

ACS with AD and network management only

Joseph Dworak
Level 1
Level 1

‎05-08-2010 05:58 PM - edited ‎03-10-2019 05:07 PM

I purchased an ACS server and am running 5.x.  I have setup the initial config so have access to the server.

I thought this would allow me to manage authentication to all my cisco equipment with my AD account.  I would rather not build individual accounts on the ACS and woudl rather tie it to Active Directory so we can quickly delete access at the AD level rather than AD then ACS.

So I created an AD account and username.  On the ACS server I went to external stores and Active Directory. When I try to enter the domain, uname, and pw I get an error that I am trying to add a device to AD.  I really just wanted to be able to do more like an LDAP query so the ACS knew of AD accounts.

Any help or links to setup would be apprecited,
JD

Labels:
0 Helpful
2 Replies 2

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-08-2010 06:05 PM

Joseph,

Is this an ACS appliance?

If the ACS is running version 4.x on a windows server, then it can be member of the domain, but if it's an appliance I believe that it will not let you interact directly with AD (you can download an agent that communicates the appliance with the AD).

Even with an appliance or with ACS running on windows, there's no need to create the user database on the ACS appliance if you still use the AD for user database. The difference is in how the appliance or the windows server interact with AD.

Federico.

0 Helpful

Kent Heide
Level 1
Level 1
In response to Federico Coto Fajardo

‎05-09-2010 04:54 AM

He is running 5.x as stated in his question. And 5.x only comes as appliance (hw or vmware).

Here is the doc for 5.x

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/acsuserguide.html

Basically 5.x uses LDAP (SMB) to communicate with the domain. You need to specify a user with read access to the OU's which you want to search in when doing authentication. This user also needs to have permission to add computers to the domain as it will add the ACS server to the domain. (Yes, even though it is not windows).

After that you can use specify ldap groups in your policies to check group membership to allow user access. It's pretty straight forward actually!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents