Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

map acs to ad

Hi,

i have several different groups on the ACS (example: finance, sales, marketing). how do i map this to AD? (for example, if i have to put a person under sales group then i want to goto AD and add him to the member of sales and this should dynamically map and reflect on ACS)

Thanks

13 REPLIES
New Member

map acs to ad

any one can i get the ACS to dynamically map by the group on AD

Bronze

map acs to ad

Yes.  You can tell ACS to query AD via LDAP.

What version of ACS are you using?

Ven Taylor
New Member

Re: map acs to ad

4.1 acs

Sent from my Windows Phone

Bronze

Re: map acs to ad

We're using 4.2, so it's probably very similar.

Log into your ACS, click the External User Databases button.

Click External user Database Configuration link

Click Windows Database

Click Configure.

Pretty straightforward from there, but I think we had to do something on the AD server too.

Here's a link to the Cisco page that will guide you.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/UsrDb.html#wp353636

Ven

Ven Taylor
New Member

Re: map acs to ad

Thanks for this. I have already done this bit. What I want to do is, if add a member to sales group on AD then I want ACS to create a profile dynamically and map it to the sales group on ACS server. I know you will need to go into group mapping and select the domain and map it but cant remember exactly

Sent from my Windows Phone

New Member

Re: map acs to ad

any thoughts on this?

Silver

map acs to ad

HI

ACS cannot create the dynamic group automatically,

you will need to go external user database > database group mapping> windows database > select the domian and map the AD group to ACS

New Member

Re: map acs to ad

Thanks for this. I meant dynamic entry on ACS. Example if I have a user Bill and assign to sales group in AD then will ACS automaticaaly create a entry on ACS with the name Bill mapped to sales team (considering I have done what you have told me to)

Thanks

Sent from my Windows Phone

Silver

Re: map acs to ad

yes, Your understanding is correct. If the AD group is mapped with ACS already. Then in that case, as soon as the authentication is done for the user. The dynamic entry will be created automatically.

In order to verify, whether the user has been created or not. You can do as follows:

user setup> list all users or you can click on the alphabet > you will be able to see that account

Let me know if you have any further questions.

New Member

Re: map acs to ad

Thanks for this. I have already mapped the user to the group and linked ACS and AD. But dynamic entry is not created. However on the ACS I can see there is /local, /xyz (domain name) , /default - 3 different domains. The /local has all users mapped to default group on ACS. The /xyz is in correct order - the way I wanted to map. I presume its not wokring as ACS goes in order. It first looks at /local and then goes to xyz. Is this correct? So if jli delete the /local it shd work ?

But just want to confirm one thing - i don't have to create an entry for the users if manually if goes well, isn't it?

Thanks

Sent from my Windows Phone

Silver

Re: map acs to ad

Yup, It should work. we should be concerned about the AD domain. so if the/ local is deleted. It shouldnt make any difference.

if the group mapping is done then you dont have to create a seprate entry of the user.

Note: The entry will only be created, if the authentication is successfull.

New Member

Re: map acs to ad

Thanks will give this a shot and update you

Sent from my Windows Phone

Cisco Employee

map acs to ad

I would suggest you to watch the below video. and also request you to upgrade your version.

http://www.youtube.com/watch?v=zL1mRAcXN2I

588
Views
0
Helpful
13
Replies