Configure ACS and Active Directory Integration

Users and Identity Stores >> External Identity Stores >> Active Directory

 

Enter Domain Name, user Account and Password and Save Changes

 

 

 

Select Directory Group Tab, Select to search for group, OK

 

Shell Profile

Policy Elements >> Authorization and Permissions >> Device Administration >> Shell profiles >> Create

 

Users and Identity Stores >> External Identity Stores >> Active Directory

 

Enter Domain Name, user Account and Password and Save Changes

 

Select Directory Group Tab, Select to search for group, OK

 

Shell Profile

Policy Elements >> Authorization and Permissions >> Device Administration >> Shell profiles

 

 


 

Enter a name and a Description

Click on the Common Tasks Tab

Change Default Privilege to Static and Value to 15

 

Click on Submit

 

Access Policy >> Access Services >> Create

Enter a Name and Description

Check User Selected Service Type >> Select Device Administraton from the drop down box

Verify that Identity and Authorization are checked and click on Next

 

 

Select Appropriate protocols and select Finish

 

 

Click on Identity under the Newely cerated Access Seriice and select the Rule Based results selection

 

Click on OK for the message

 

 

 

Click on create

 

Enter Name

Click Select for Identity Source

Select AD1 and Click on OK

 

 

Access Policy >> Newly created Access Service >> Identity

Customize >> Add protocols >> OK

Click On Create

Enter Name

Check Protocol >> Match >> and Select Protocol. Select Tacacs +, Select OK

 

Click on Select for Identity Source. Select AD1 and clock on OK

 

Ok on the Original Page

 

 

Enable Authorization

Access Policy >> Newly created Access Service >> Authorization

Create and Enter a name

Status is Enable

Select Shell Profile created Earlier and select OK

For condition, select AD and External Groups for attributes.

Select for operators and select the group under Directory services added earlier

Under current Conditions, Select Add V and click on ok

 

Enableing the Service

 

Click on Service Selection Rule >> Create

Check Protocol and select Tacacs+

Select newely created group under service and select OK

 

 

 

 

 

 

 

 

Leave a Comment

Your email address will not be published. Required fields are marked *