Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Integrating RSA ACE and ACS 3.11 with Win2K Domain

I have set up ACS on Windows 2000 and it authenticates VPN users against the NT Domain fine. It is nice to be able to use groups defined in NT for management. We are trying to keep groups and users in a single database and NT/2K is the preferred format. So domain users get authenticated fine in this scenario with ACS and the domain. We added an RSA Token server so that users can use SecurID tokens. The integration between the two was set up according to CISCO sample config and the following RSA document;

This works OK also. It can even try the second External DB if the first fails.

The challenge is that to use the External Database - Unknown User - I am handing the user off to RSA and the client must authenticate with PIN and Tokencode - so I am maintainng a user db in two places and not able to use NT domain groups to control parameters for users of the RSA SecurID tokens. Does anyone have tighter user db integration running in their implementations so that we can get all the accounts in one place?

CreatePlease login to create content