I have just been tasked with setting up the ACS 5.3 and am having
a few problems getting things started.
Here is a question from my server team -
ACS specifies an account to join the machine to the domain. Will this account then be the account that it communicates to AD on once it has joined the domain or is there somewhere we need to put AD credentials for LDAP lookup? Our AD administrator is happy to join it the domain but does not want ACS then running under his account”
In other words we dont want to use an admin account but surely
we only need an ordinary account that reads ad for authentication ?
Here are the account guidelines for joining ACS to AD, Once ACS joins to AD it will authenticate users through the workstation account that is created when its joined. The only time the ACS needs the credentials of the account is when the box joins to AD.
Predefined user in AD. AD account required for domain access in ACS should have either of the following:
•Add workstations to domain user right in corresponding domain.
•Create Computer Objects or Delete Computer Objects permission on corresponding computers container where ACS machine's account is precreated (created before joining ACS machine to the domain).
We recommend that you disable the lockout policy for the ACS account and configure the AD infrastructure to send alerts to the admin if a wrong password is used for that account. This is because if you enter a wrong password, ACS will not create or modify its machine account when it is necessary and therefore possibly deny all authentications.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...