Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Group mappings

Need to tap some brain power here. Can I map a NT account group to an ACS group? If I have a group on our domain called tngrp, can I map it to an HSCguest group on ACS? These will be more detailed groups so should these groups be checked prior to our NT login domain group?

Thanks

Dwane

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Group mappings

yes, yes, and yes. You can map windows groups to ACs groups. The gotchas are:

You cannot use nested groups in AD (e.g. testgroup contains testgroup1 and testgroup2).

A user can not map to multiple ACS groups. For this reason, as you mentioned, you want the most important groups first. For example, if you want admins to map to admins and users to map to users, you should define the admins mapping above the users mapping (assuming all admins are users).

-Eric

2 REPLIES
Silver

Re: Group mappings

yes, yes, and yes. You can map windows groups to ACs groups. The gotchas are:

You cannot use nested groups in AD (e.g. testgroup contains testgroup1 and testgroup2).

A user can not map to multiple ACS groups. For this reason, as you mentioned, you want the most important groups first. For example, if you want admins to map to admins and users to map to users, you should define the admins mapping above the users mapping (assuming all admins are users).

-Eric

Re: Group mappings

I know that nested groups isn't supported on ACS 4.0, but, is it on ACS 4.1 ???

See note in page 77

http://www.cisco.com/global/IT/solutions/ent/tecnologie/wireless/pdf/avvid_implementation_guide.pdf

Regards,

Maximiliano.

137
Views
0
Helpful
2
Replies
CreatePlease to create content