In a previous life I did setup this to go against a single domain and a
piece of cake, in your case with several domains as long as the trusts are
there it shouldn't matter what domain you hit, the auth-request should
work.. *In theory* pointing to a GC should not make any difference unless
this is a forest root. I think the GC is a domain attribute, I'm rusty on
my AD right now but the *app* member server that had ACS installed on it the
service ran as a domain administrator. This was a service account to be
able to read passwords. I probably could have figured it out otherwards to
run as a non-admin but that is moot now I don't work there. :) We defined
the PDC emulator machine and the primary WINS server in the ACS machine. We
also had all users in the same OU so it was easy to point the ACS machine
where to get credentials. Sorry I don't have more but definitely checking
with your Cisco rep should know more.
Steve Schofield
[EMAIL PROTECTED]
----- Original Message -----
From: "Creamer, Mark" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, September 12, 2005 11:41 AM
Subject: [ActiveDir] Cisco ACS and GC configuration
I'd like to be able to point our Cisco ACS server to our global catalogs to
authenticate users (LDAP
config rather than Windows). Is anyone on the list using this configuration
that could help me figure
out what to enter into the various fields?
One question in particular...it wants to know the users container and groups
container. If I was using
port 389, and a single domain, I would probably enter CN=Users there. But
what is the container entry
for users and groups when I'm pointing to a GC? I have several domains with
users in the same forest,
so a GC makes sense here (I think). :-)
Thanks as always,
Mark Creamer
Systems Engineer
Cintas Corporation
This e-mail transmission contains information that is intended to be
confidential and privileged. If you receive this e-mail and you are not a
named addressee you are hereby notified that you are not authorized to read,
print, retain, copy or disseminate this communication without the consent of
the sender and that doing so is prohibited and may be unlawful. Please
reply to the message immediately by informing the sender that the message
was misdirected. After replying, please delete and otherwise erase it and
any attachments from your computer system. Your assistance in correcting
this error is appreciated.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/