Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS3.1 + NDS external database

We purchased ACS3.1 and will like to use NDS as the external database for authenticating dialing-users. This configuration is working fine, but now how can I restrict a specific dialing-users from authenticating to NDS.

5 REPLIES
Silver

Re: ACS3.1 + NDS external database

New Member

Re: ACS3.1 + NDS external database

Mynul,

What I meant is how can I resrict dialing-users/remote-users/vpn-users to authenticate to NDS. Below are three scenarios that we have in production and we are planning to migrate to ACS. At this time authentication is being done using each device's local database.

vpn users---->VPN3000--->ACS3.1--->NDS(external database)

dialing-users-->Shiva---->VPN3000--->ACS3.1--->NDS(external database)

pptp-users---->WatchGuard(FBII)--->ACS3.1--->NDS(external database)

Silver

Re: ACS3.1 + NDS external database

Hi,

Not sure if I understand your question correctly. It appears that you are looking for seperating the users for different traffic (VPN, dialup, PPTP) and make sure that VPN users cannot connect for dialup and vice versa. If thats the case, then you need to create three different group in NDS and 3 groups in ACS and then MAP the corresponding ACS group with the NDS group. Finally you need to apply NAR described earlier in every group and allow or disallow the devices.

Pl. let me know if this answers your question. Regards,

Mynul

New Member

Re: ACS3.1 + NDS external database

Yes, that's the idea. But how can I restrict 2 users out of 5 that are members of the same group from authenticating to NDS. When I map a NDS group to ACS group, everyone within the NDS container are able to authenticate.

I do not have a problem setting restrictions for users to access devices, this works fine.

Thanks for your help.

Silver

Re: ACS3.1 + NDS external database

Hi,

Unfortunately, if thats the case, it will not work. In the case, of NT domain you have the option to allow/disallow user authentication when you create the user in NT domain database. In the case of the NDS, there is no such option to the best of my knowledge. Sorry !

Regards,

Mynul

115
Views
1
Helpful
5
Replies