Chapter 12 Administering External User Databases
Database Group Mappings
12-16
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Default Group Mapping for Windows NT/2000
For Windows NT/2000 user databases, Cisco Secure ACS includes the ability to
define a default group mapping. If no other group mapping matches an unknown
user authenticated by a Windows NT/2000 user database, Cisco Secure ACS
assigns the user to a group based on the default group mapping.
Configuring the default group mapping for Windows NT/2000 user databases is
the same as editing an existing group mapping, with one exception. When editing
the default group mapping for Windows NT/2000, instead of selecting a valid
domain name on the Domain Configurations page, select \DEFAULT.
For more information about editing an existing group mapping, see
Editing a
Windows NT/2000, Novell NDS, or Generic LDAP Group Set Mapping,
page 12-18
.
Creating a Cisco Secure ACS Group Mapping for Windows NT/2000, Novell NDS,
or Generic LDAP Groups
To map a Windows NT/2000, Novell NDS, or generic LDAP group to a
Cisco Secure ACS group, follow these steps:
Step 1
In the navigation bar, click External User Databases.
Step 2
Click Database Group Mappings.
Step 3
Click the external user database name for which you want to configure a group
mapping.
Result: If you are mapping a Windows NT/2000 group set, the Domain
Configurations table appears. If you are mapping an NDS group set, the NDS
Trees table appears. Otherwise, the Group Mappings for database Users table
appears.
Step 4
If you are mapping a Windows NT/2000 group set for a new domain, follow these
steps:
a.
Click New configuration.
Result: The Define New Domain Configuration page appears.
b.
If the Windows domain for which you want to create a group set mapping
configuration appears in the Detected domains list, select the name of the
domain.