Guest

Preview Tool

Cisco Bug: CSCtd16392 - ACS uses Centrify user's group caching while authorization

Last Modified

Feb 22, 2018

Products (1)

  • Cisco Secure Access Control Server Solution Engine

Known Affected Releases

5.1(0.44)

Description (partial)

Symptom:
when authenticating against AD, user may seen as a member of group which is no longer belong too. this may impact policy/rules conditions.
Conditions:
When user is removed from certain groups within AD server, and this user already made authentications via ACS against AD, the fact that this user is no longer member of these groups is updated 30 Min after the change was made in AD server.

Related Community Discussions

AD group caching
I have a new install of ACS 5.2 added to our 2003 AD.  I am using PEAP for wireless auth, and have ACS set to verify the user is a member of the wireless users security group in AD.  If the user has never been a member of this group, wireless auth fails as it should.  However, if I add a user to the sec group and ACS finds them and authenticates the wireless, it will always authenticate that user even after being removed from the group.   I see that bug <key>CSCtd16392</key> addresses a similar issue with 5.1, ...
Latest activity: Apr 13, 2011
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.