Cisco Bug: CSCum37159 - ACS does not do Cross Domain Group searching in AD Environment
Nov 25, 2016
- Cisco Secure Access Control Server Solution Engine
Known Affected Releases
Symptom: AD environment configured in a way where there are several domains and all domains have two way trust between one another. USER 1 configured in Domain B but a group created only in Domain A (which is the primary domain). The User is in Domain B and the group is in Domain A. Would like for ACS to be able to do Cross domain group mapping. ACS pulls the the GUID for a specific user in AD and that contains the tokenGroup attribute/list. That list is comprised of only the groups in that domain (in this example Domain B). Therefore the tokenGroup list from Domain B is not going to contain Domain A groups. Conditions: 220.127.116.11.8, VM, 2 servers in Distributed deployment. AD set up with multiple Domains all with two way trust. Domain A in AD set up as primary domain with groups configured while Domain B is set up with users in that group. Have the users in Domain B be added to the Groups in Domain A. Have Authorization Polices set up to match users in Domain B but with Groups in Domain A.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases