Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1968
Views
5
Helpful
4
Replies

Active Directory + ACS Remote Agent

Go to solution
rcullum
Level 1
Level 1

‎08-06-2003 05:20 AM - edited ‎03-10-2019 07:26 AM

I have an ACS appliance (3.2). I understand that I need to use an ACS remote agent, preferably installed on a Domain controller, to do Windows authentication. My question is: If I'm using Active Directory, can I not just use External User databases and configure Generic LDAP with appropriate settings to access Active Directory?? Then I wouldn't need a remote agent?? Or do I have to use External User databases and configure Windows Databases (which means using an external remote agent?? Or Can I choose either method?? Its confusing as Active Direcory also cann support pre-2000 windows domains, and i don't know which method of external User Databse mapping to use.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee
In response to rcullum

‎08-07-2003 04:02 PM

My apologies, missed the "appliance" word in your original post.

You could probably use this either way I would imagine, although we'd suggest using a Remote Agent with the Windows DB. If you do go down this path make sure of your security permissions (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#642394)

I've had users use the LDAP database with Windows Ad before and it works fine, the only difference (IIRC)is you don't get all the Windows group mappings with this method, but for just user authentication it should work fine.

View solution in original post

4 Replies 4

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎08-06-2003 10:04 PM

With 3.2 you can authenticate directly to a Windows AD database (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/win32sdt.htm#95081). Just use External User Databases - Windows Database and you should be good to go.

0 Helpful

Go to solution
rcullum
Level 1
Level 1
In response to gfullage

‎08-06-2003 11:38 PM

But I'm using an ACS 3.2 appliance, which cannot authenticate directly to External User Databases -Windows Databases without the use of the ACS remote agent. So my question still stands. Can I use External User Databases -Generic LDAP mappings to authenticate Active Directory users without the use of the remote agent or do I have to use External User Databases - Windows Database method??

0 Helpful

Go to solution
gfullage
Cisco Employee
Cisco Employee
In response to rcullum

‎08-07-2003 04:02 PM

My apologies, missed the "appliance" word in your original post.

You could probably use this either way I would imagine, although we'd suggest using a Remote Agent with the Windows DB. If you do go down this path make sure of your security permissions (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#642394)

I've had users use the LDAP database with Windows Ad before and it works fine, the only difference (IIRC)is you don't get all the Windows group mappings with this method, but for just user authentication it should work fine.

Go to solution
pallette
Level 1
Level 1
In response to gfullage

‎12-10-2003 12:11 PM

If you use the LDAP database aren't you unable to use LEAP for authentication?

0 Helpful
Customers Also Viewed These Support Documents