You are here
SEC0084 - ACS 5.4 AD Integration and Identity Store Sequences
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video walks you through steps for AD integration on Cisco ACS 5.4. We will join the ACS to an AD domain and download AD user groups, which we will use as part of authorization policies in our future labs. We will also touch on the function of Identity Store Sequences as a way to perform multiple user authentication database lookup.
Topic:
- Active Directory Integration
- Active Directory User Group Selection
- Identity Store Sequences
Tag:
14 comments
Active Directory Integration
hi,
I really appreciate the work you have done, it's nice and all video are nice easy to understand. but i have a problem when implement my own server, i joined AD on the server but at access policies>Access services>Identity cannot see any AD on Identity souce. i followed all your ateps.
Is there any problem on my server? please help me
Active Directory Integration
Can you double check the AD status and make sure it is connected? Also on the Domain Controller, make sure the ACS server shows up as a domain computer under User and Computer. If you don't get both of these, disconnect and try to reconnect ACS to AD.
Active Directory Integration
Thanks for your answer,
I found the resolution yesterday, It was my browser whitch was IE 10.x not 6, 7, 8, 9 as prerequisites
Active Directory Integration
Thank you for update. Good to know IE 10 causes issue.
Multiple AD (AD Identity stote)
Hi,
Is there any possibility to add multiple AD on ACS 5.4 ? or Multiple domain so that we can use multiple ID store.
Multiple AD (AD Identity stote)
Unless those domains are setup to trust each other, you will not be able to access user database in both domains simultaneously since ACS can be integrated with only one domain. If that is the case for you, you might want to look into accessing additional domain via LDAP.
Discount
Hello Metha,
You are just a wonderful Trainer. I am a student and please can you give me some discount so that i can purchase some of your acs videos. I will also like to know if the resolution of the videos are good for offline viewing in case I have to download them later on thank you.
Discount
Hi, We are currently offering 15% discount when you purchase the ACS 5.x video bundle. Please see the link below. All videos were recorded in 1440x900 which would be equivalent or better when you view it on Youtube at 720p.
http://www.labminutes.com/store/cisco-acs-5x-video-bundle
How to use local database
Hi Metha...could you explain how to set the Idendity and Authorization without the AD, as I am using only local user created on the ACS.
How to use local database
You can continue to use Identity Store Sequence and only define Local user under there or use the local userdiretly under the authentication policy
ACS 5.7 move to Joined but Disconnected Status after verificatio
I have Configured NTP to sync with AD , DNS , Domain wihtin ACS . Using User with necessary right to connect with AD . When test everything success . But within few seconds it shows as "Joined but Disconnected"
Cisco ACS VERSION INFORMATION - This is NEW VM and Patches up to date
---------------------------------------------------------------------------------------------------------
Version : 5.7.0.15.1
Internal Build ID : B.257
Patches :
5-7-0-15-1
ACS 5.7 move to Joined but Disconnected Status after verificatio
We have never run into this issue, although we have not tested version 5.7. Usually once ACS is joined to domain, it stays connected unless it loses connectivity to AD or time gets out of sync. Not sure if anything is logged on AD neither. May need to check with Cisco on this to see if it is a bug.
Multi-domain AD integration
Please help me regarding the steps to follow in order to pull users from a domain which is not directly mapped to ACS but has a two-way trust with the domain which is directly mapped. I'd like to know the policies to be configured too. Appreciate your help.
Multi-domain AD integration
If you already have the other domain in a two-way trust, you should be able to search the group/user as normal. If you don't see them, the chances are the trust is incorrect.