Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Authenticating against AD

Hi,

Currently I have users authenticating against RSA Ace server, but going via ACS 4.0's external database policy. Also have dialup users authenticating against the ACS internal database with CLI restrictions. My intention is to move the users using the internal database to authenticate against Active Directory. However ACS is in a management DMZ and being firewalled off isn't a member server of the Active Directoy domain. Unfortunately I can't take it out of the DMZ. Is it neccesary for the ACS server to be a member server of Active Directory? Most documentation I have seen suggests it is...

Regards,

RS.

1 REPLY
Hall of Fame Super Blue

Re: Authenticating against AD

Hi

As far as i am aware yes it does need to be a member of the AD domain to be able to query the AD database.

If you had an internal ACS server you could proxy the request from your DMZ which would alleviate some of the issues.

HTH

Jon

168
Views
0
Helpful
1
Replies
CreatePlease to create content