I've worked out how to recover the User ID, or UID, from a wireless network logon by sending syslog messages from the Cisco Access Control Server, or ACS, to a syslog-sender configured on my firewall.
For wired connections I can recover UID and AD group membership through the PAN UID Agent and Group Mapping Settings.
But I still can't figure out how to get an AD group membership/mapping for my wireless users.
Wireless users connect via a Cisco wireless controller and their logins are controlled by a Cisco Access Control Server, which uses Windows AD as an external identity store. I have tested a couple of rules and can control access by UID for users connected to the wireless network but I can not use AD User Groups; however, I can use AD User Groups for users connected by wired settings, using standard windows logins, a couple of PAN UID Agents running on VMs, and Device | User Identification | Group Mapping Settings tab | <mapping object | Server Profile & Group Include List >
I'd really appreciate any pointers on how I might get this working; thanks,
Do you get the domain information from the ACS logs or just the user name?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!