Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS 5.4 with Active directory store

Hello

I would liken network devices to fall back to local identity store whenever the active directory servers are not available on the network . Testing reveals ACS will not authenticate devices whenever AD is unavailable to ACS


I have my primary and secondary ACS server configured to use Active Directory as its identity service . What methods can I use to achieve this behavior ? I only want local authentication if AD services are not available to ACS.

Kind Regards

Scott

3 REPLIES

Re: ACS 5.4 with Active directory store

You can define an identity store sequence where it will try AD, then use the local accounts.

The trick here is to put the local users into an Identity Group, then go through your existing Access Policies and map the AD or LDAP group memberships to a identity group.

That way you can use the same rule set to apply to policy to multiple identity stores.

Sent from Cisco Technical Support iPhone App

Re: ACS 5.4 with Active directory store

Re:ACS 5.4 with Active directory store

I agree. Using identity store sequence is the solution for your problem.



Sent from Cisco Technical Support Android App

Rating useful replies is more useful than saying "Thank you"
514
Views
5
Helpful
3
Replies