I purchased an ACS server and am running 5.x. I have setup the initial config so have access to the server.
I thought this would allow me to manage authentication to all my cisco equipment with my AD account. I would rather not build individual accounts on the ACS and woudl rather tie it to Active Directory so we can quickly delete access at the AD level rather than AD then ACS.
So I created an AD account and username. On the ACS server I went to external stores and Active Directory. When I try to enter the domain, uname, and pw I get an error that I am trying to add a device to AD. I really just wanted to be able to do more like an LDAP query so the ACS knew of AD accounts.
Any help or links to setup would be apprecited, JD
If the ACS is running version 4.x on a windows server, then it can be member of the domain, but if it's an appliance I believe that it will not let you interact directly with AD (you can download an agent that communicates the appliance with the AD).
Even with an appliance or with ACS running on windows, there's no need to create the user database on the ACS appliance if you still use the AD for user database. The difference is in how the appliance or the windows server interact with AD.
Basically 5.x uses LDAP (SMB) to communicate with the domain. You need to specify a user with read access to the OU's which you want to search in when doing authentication. This user also needs to have permission to add computers to the domain as it will add the ACS server to the domain. (Yes, even though it is not windows).
After that you can use specify ldap groups in your policies to check group membership to allow user access. It's pretty straight forward actually!
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :