Hi King
Took a lot of work with wireshark and cisco tac when I
had a problem with a customer that wouldn't use the agent on ACS4. I had
to setup an ASA to talk direct to the AD and then watch what it was
doing. This all then worked fine but ACS 5 has some more settings L
can't find may doc's on it as they all go on about ldap in the
novell/unix arena no AD
Dave
From: Kingsley Charles [mailto:[email protected]]
Sent: 15 April 2010 14:16
To: Dave Craddock
Cc: [email protected]
Subject: Re: [OSL | CCIE_Security] ACS5 Ldap to AD
Hi Dave
>From where did you get the other settings that you have mentioned. Is it
standard for Windows LDAP?
Any pointer to these settings.
With regards
Kings
On Thu, Apr 15, 2010 at 6:21 PM, Dave Craddock <[email protected]> wrote:
Hi All
Has anyone got ACS5.0 working with AD via an Ldap
connection? I can't use the native AD settings as there is a problem
with the setup of the domain and so there are no SRV settings for the
domain name. I have got the system working to the point where it can see
the AD groups and setup rules based on them but it then fails to
authenticate the user. I know when I had to do this on acs 4 I have to
change the attributes that the system was sending/looking for? On the
ACS5 there is an extra attribute password and I can't find what this
should be?
The other settings I have are :-
UserObjectType = sAMAccountName
UserObjectClass = person
GroupObjectType = cn
GroupObjectClass = group
Group Attribute = member
Thanks
Dave
_______________________________________________
For more information regarding industry leading CCIE Lab training,
please visit www.ipexpert.com <http://www.ipexpert.com/>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
