Filter
Top Products
8-50
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter8 Managing Users and Identity Stores
Managing External Identity Stores
Note When you upgrade ACS to ACS 5.4 version using the Reimaging and Upgrading an ACS Server method,
if you restore a configuration in which the AD is defined, you need to join ACS manually to the AD
domain. See Installation and Upgrade Guide for Cisco Secure Access Control System for more
information on upgrade methods.
Note When you upgrade ACS to ACS 5.4 using the Upgrading an ACS Server Using Application Upgrade
Bundle method, if you have ACS joined to AD already, ACS remains connected to AD after the
application upgrade.
To authenticate users and join ACS with an AD domain:
Step 1 Select Users and Identity Stores > External Identity Stores > Active Directory.
The Active Directory page appears.
The AD configuration page acts as a central AD management tool for all ACS nodes. You can perform
the join and test connection operations against a single ACS node or multiple ACS nodes on this page.
You can also view the join results of all ACS nodes in the deployment at a single glance.
Step 2 Modify the fields in the General tab as described in Table 8-10.
Step 3 Click:
Table 8-10 Active Directory: General Page
Option Description
Connection Details
Join/Test Connection Click to join or test the ACS connection with the AD domain for the given user, domain, and
password entered. See Joining Nodes to an AD Domain, page 8-51.
Leave Click to disconnect a single node or multiple nodes from the AD domain for the given user,
domain, and password entered. See Disconnecting Nodes from the AD Domain, page 8-52
End User Authentication Settings
Enable password change Click to allow the password to be changed.
Enable machine
authentication
Click to allow machine authentication.
Enable dial-in check Click to examine the user’s dial-in permissions during authentication or query. The result of
the check can cause a reject of the authentication in case the dial-in permission is denied.
The result is not stored on the AD dictionary.
Enable callback check for
dial-in clients
Click to examine the user’s callback option during authentication or query. The result of the
check is returned to the device on the RADIUS response.
The result is not stored on the AD dictionary.
Connectivity Status
Joined to Domain (Display only.) After you save the configuration (by clicking Save Changes), this shows the
domain name with which ACS is joined.
Connectivity Status (Display only.) After you save the configuration (by clicking Save Changes), this shows the
connection status of the domain name with which ACS is joined.