[c-nsp] SecureACS Appliance & AD Authentication
Ryan Lambert
thirdfrl.nsp at gmail.com
Mon Mar 1 10:17:37 EST 2010
We've only got a handful of folks accessing certain devices, and the
permissions are relatively static. Nothing fancy going on here.
After some tinkering I've been able to get them talking with ACS. The only
issue I'm running up against is that if the external DB fails out, I'm
unable to authenticate with no local rollback. I guess part of this is
because my unknown user policy is to fail the attempt (security reasons
obv.).
Unless anyone has any creative ideas, I guess I'll just need to rely on
primary & secondary DBs. Alternatively I suppose if it's a dire emergency I
can log in via ACS Admin and reconfigure the username for local... although
that's not really ideal for our environment.
TIA,
Ryan
More information about the cisco-nsp
mailing list