No announcement yet.

secure acs & external database

  • Filter
  • Time
  • Show
Clear All
new posts

  • secure acs & external database

    "If an authentication attempt fails against its internal list of users, the Cisco Secure ACS will try the selected databases configured in the Unknown User Policy. The external databases are attempted sequentially, in the configured order. Upon a successful attempt, the user is added to the Cisco Secure ACS internal database but marked for authentication by the appropriate database. For subsequent authentication attempts, ACS will try the supplied credentials directly against the previously successful external database."

    How can I get the users in my exchange 2000 server to be put into the external database of my cisco secure ACS server? (so that I can check for authentication) I have been trying to solve these problem for weeks now!! Any help is greatly appreciated!!!!!!!!!

  • #2
    Re: secure acs & external database

    Hi Yasemin

    Have you tried using Microsoft IAS (RADIUS) server? It will make your Windows AD into a RADIUS database that could be used for authentication. I haven't ever looked into whether or not ACS could use RADIUS but I know the devices could go to RADIUS instead of ACS (but that doesn't sound like what you want to do). According to what you pasted in, it sounds like ACS will do it.

    As Exchange is using AD and IAS uses AD, you are talking about the same accounts. Exchange really doesn't have anything to do with it.

    Lookup Microsoft IAS (Internet Authentication Service).

    Let us know how it goes or if this helped out.

    Best of luck to you,
    David Davis - Petri Forums Moderator & Video Training Author
    Train Signal - The Global Leader in IT Video Training - Free IT Training Products
    Personal Websites: &


    • #3
      Re: secure acs & external database

      There are several ways do do that.
      1. If your exchange server is DC in the same time, you can configure ACS to authenticate users to AD
      2. Usually Windows Server is LDAP server in the same time. ACS works with generic LDAP as well
      3. Less prefferd option, but will work - you can export users from ExServer into CSV list, process it with simple script and have it imported into ACS internal DB. You can automate that procedure with simple set of scripts so no worries about syncronization.

      Let me know if any of these options works for you.