08-06-2003 05:20 AM - edited 03-10-2019 07:26 AM
I have an ACS appliance (3.2). I understand that I need to use an ACS remote agent, preferably installed on a Domain controller, to do Windows authentication. My question is: If I'm using Active Directory, can I not just use External User databases and configure Generic LDAP with appropriate settings to access Active Directory?? Then I wouldn't need a remote agent?? Or do I have to use External User databases and configure Windows Databases (which means using an external remote agent?? Or Can I choose either method?? Its confusing as Active Direcory also cann support pre-2000 windows domains, and i don't know which method of external User Databse mapping to use.
Solved! Go to Solution.
08-07-2003 04:02 PM
My apologies, missed the "appliance" word in your original post.
You could probably use this either way I would imagine, although we'd suggest using a Remote Agent with the Windows DB. If you do go down this path make sure of your security permissions (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#642394)
I've had users use the LDAP database with Windows Ad before and it works fine, the only difference (IIRC)is you don't get all the Windows group mappings with this method, but for just user authentication it should work fine.
08-06-2003 10:04 PM
With 3.2 you can authenticate directly to a Windows AD database (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/win32sdt.htm#95081). Just use External User Databases - Windows Database and you should be good to go.
08-06-2003 11:38 PM
But I'm using an ACS 3.2 appliance, which cannot authenticate directly to External User Databases -Windows Databases without the use of the ACS remote agent. So my question still stands. Can I use External User Databases -Generic LDAP mappings to authenticate Active Directory users without the use of the remote agent or do I have to use External User Databases - Windows Database method??
08-07-2003 04:02 PM
My apologies, missed the "appliance" word in your original post.
You could probably use this either way I would imagine, although we'd suggest using a Remote Agent with the Windows DB. If you do go down this path make sure of your security permissions (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#642394)
I've had users use the LDAP database with Windows Ad before and it works fine, the only difference (IIRC)is you don't get all the Windows group mappings with this method, but for just user authentication it should work fine.
12-10-2003 12:11 PM
If you use the LDAP database aren't you unable to use LEAP for authentication?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide