Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Cisco ACS integration with Windows Active directory

Hello all...

     I have a Cisco ACS 4.2 running on windows server 2003 . I have integrated it with active directory. I created two groups in the active directory lets say  " MAINGROUP" and "SUBGROUP" . I  created one user "user1" and added this user to the group "SUBGROUP". Then i added this "SUBGROUP" to the "MAIN GROUP". Now "SUBGROUP" is  a member of " MAINGROUP". Now when i map a group in the ACS say " Group 1" to the Active Directory Group " MAINGROUP" and try to login as "user1" authentication is failing. I cheked the failed authentications list in ACS and it gives me an error "EXTERNAL DATABASE ACCOUNT RESTRICTION" . If i map the "SUBGROUP" instead of "MAIN GROUP" to acs group "Group 1" the authentication is successfull for user1. This is the minimum scenario. If i have 100 groups in AD then do i have to map them one by one to the acs group or I can add these 100 group to a parent group and map this parent group to the desired acs group?... Please help me on this.. I am badly in need of  a solution. If anybody can advise me the step by step solution then it ll be so helpful for me..

CreatePlease to create content