| Author | Messages | |
CreamerM@xxxx.yyy
 | | 09/12/2005 4:05 AM |
| I™d like to be able to point our Cisco ACS server to our global catalogs to authenticate users (LDAP config rather than Windows). Is anyone on the list using this configuration that could help me figure out what to enter into the various fields?
One question in particular¦it wants to know the users container and groups container. If I was using port 389, and a single domain, I would probably enter CN=Users there. But what is the container entry for users and groups when I™m pointing to a GC? I have several domains with users in the same forest, so a GC makes sense here (I think). J
Thanks as always,
Mark Creamer
Systems Engineer
Cintas Corporation
This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. | | | |
| jmedeiros@xxxx.yyy
| | 09/12/2005 8:37 AM |
| Hi Mark,
Since I haven't seen a response yet, I'll give you my two cents. Although I have not configured Cisco ACS to authenticate against Active Directory, I have managed to configure Cisco VPN concentrators to do so at a prior company. My suggestion to you is to contact the Cisco TAC ( It's a free call if you have a support agreement ), although they may suggest that you use a Radius server instead, or you could just install Microsoft Internet Authentication services, Radius on your AD controller and that would do the same thing for you.
Peace,
Jose
----------------------------------------
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Creamer, Mark
Sent: Monday, September 12, 2005 8:41 AM
To: activedir@xxxxxxxxxxxxx
Subject: [ActiveDir] Cisco ACS and GC configuration
I'd like to be able to point our Cisco ACS server to our global catalogs to authenticate users (LDAP config rather than Windows). Is anyone on the list using this configuration that could help me figure out what to enter into the various fields?
One question in particular...it wants to know the users container and groups container. If I was using port 389, and a single domain, I would probably enter CN=Users there. But what is the container entry for users and groups when I'm pointing to a GC? I have several domains with users in the same forest, so a GC makes sense here (I think). J
Thanks as always,
Mark Creamer
Systems Engineer
Cintas Corporation
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| steve@xxxx.yyy
| | 09/13/2005 1:34 AM |
| In a previous life I did setup this to go against a single domain and a
piece of cake, in your case with several domains as long as the trusts are
there it shouldn't matter what domain you hit, the auth-request should
work.. *In theory* pointing to a GC should not make any difference unless
this is a forest root. I think the GC is a domain attribute, I'm rusty on
my AD right now but the *app* member server that had ACS installed on it the
service ran as a domain administrator. This was a service account to be
able to read passwords. I probably could have figured it out otherwards to
run as a non-admin but that is moot now I don't work there. :) We defined
the PDC emulator machine and the primary WINS server in the ACS machine. We
also had all users in the same OU so it was easy to point the ACS machine
where to get credentials. Sorry I don't have more but definitely checking
with your Cisco rep should know more.
Steve Schofield
steve@xxxxxxxxxx
----- Original Message -----
From: "Creamer, Mark"
To:
Sent: Monday, September 12, 2005 11:41 AM
Subject: [ActiveDir] Cisco ACS and GC configuration
I'd like to be able to point our Cisco ACS server to our global catalogs to
authenticate users (LDAP
config rather than Windows). Is anyone on the list using this configuration
that could help me figure
out what to enter into the various fields?
One question in particular...it wants to know the users container and groups
container. If I was using
port 389, and a single domain, I would probably enter CN=Users there. But
what is the container entry
for users and groups when I'm pointing to a GC? I have several domains with
users in the same forest,
so a GC makes sense here (I think). :-)
Thanks as always,
Mark Creamer
Systems Engineer
Cintas Corporation
This e-mail transmission contains information that is intended to be
confidential and privileged. If you receive this e-mail and you are not a
named addressee you are hereby notified that you are not authorized to read,
print, retain, copy or disseminate this communication without the consent of
the sender and that doing so is prohibited and may be unlawful. Please
reply to the message immediately by informing the sender that the message
was misdirected. After replying, please delete and otherwise erase it and
any attachments from your computer system. Your assistance in correcting
this error is appreciated.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
|
|