[c-nsp] SecureACS Appliance & AD Authentication

[Ryan Lambert]

Hi everyone,

Figure this is as good a place as any to reach out and see if anyone has
some experience with this.

I'm currently debating whether I use LDAP or a Remote Agent for Windows with
my SecureACS Appliance to authenticate network users via AD. I've read
through the documentation a bit, but I still have a couple questions:

- If I use the remote agent, is there a way I can only allow specific users
in an AD domain to log onto network devices? For obvious reasons I would not
want to allow each and every user in the domain to access my
routers/switches via SSH.
- Is there a method to doing this same restriction via LDAP?
- As a network admin with little/no access to the actual AD admin snap-in,
I'd much PREFER to have all of this in my control, with the exception of
obviously installing the Agent software on a member server if that's the
route we eventually go.

Thanks in advance.

-Ryan