Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Active Directory + ACS Remote Agent

I have an ACS appliance (3.2). I understand that I need to use an ACS remote agent, preferably installed on a Domain controller, to do Windows authentication. My question is: If I'm using Active Directory, can I not just use External User databases and configure Generic LDAP with appropriate settings to access Active Directory?? Then I wouldn't need a remote agent?? Or do I have to use External User databases and configure Windows Databases (which means using an external remote agent?? Or Can I choose either method?? Its confusing as Active Direcory also cann support pre-2000 windows domains, and i don't know which method of external User Databse mapping to use.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Active Directory + ACS Remote Agent

My apologies, missed the "appliance" word in your original post.

You could probably use this either way I would imagine, although we'd suggest using a Remote Agent with the Windows DB. If you do go down this path make sure of your security permissions (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#642394)

I've had users use the LDAP database with Windows Ad before and it works fine, the only difference (IIRC)is you don't get all the Windows group mappings with this method, but for just user authentication it should work fine.

4 REPLIES
Cisco Employee

Re: Active Directory + ACS Remote Agent

With 3.2 you can authenticate directly to a Windows AD database (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/win32sdt.htm#95081). Just use External User Databases - Windows Database and you should be good to go.

New Member

Re: Active Directory + ACS Remote Agent

But I'm using an ACS 3.2 appliance, which cannot authenticate directly to External User Databases -Windows Databases without the use of the ACS remote agent. So my question still stands. Can I use External User Databases -Generic LDAP mappings to authenticate Active Directory users without the use of the remote agent or do I have to use External User Databases - Windows Database method??

Cisco Employee

Re: Active Directory + ACS Remote Agent

My apologies, missed the "appliance" word in your original post.

You could probably use this either way I would imagine, although we'd suggest using a Remote Agent with the Windows DB. If you do go down this path make sure of your security permissions (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#642394)

I've had users use the LDAP database with Windows Ad before and it works fine, the only difference (IIRC)is you don't get all the Windows group mappings with this method, but for just user authentication it should work fine.

New Member

Re: Active Directory + ACS Remote Agent

If you use the LDAP database aren't you unable to use LEAP for authentication?

298
Views
5
Helpful
4
Replies