Cisco Systems OL-15986-01 Security Camera User Manual


 
5-8
Cisco NAC Guest Server Installation and Configuration Guide
OL-15986-01
Chapter 5 Configuring User Group Permissions
Mapping to Active Directory Groups
Mapping to Active Directory Groups
If a sponsor authenticates to the Cisco NAC Guest Server using Active Directory authentication then the
Cisco NAC Guest Server can map them into a user group by their membership in Active Directory
groups.
If you have configured AD authentication (as described in Configuring Active Directory (AD)
Authentication, page 4-5), then the Guest Server automatically retrieves a list of all the groups
configured within all the AD servers configured.
Selecting an Active Directory Group from the dropdown provides all sponsor users who are in this AD
group the permissions of this group.
Step 1 Select Active Directory Mapping from the top menu when in the add user group or edit user group
screen.
Figure 5-8 Active Directory Group Mapping
Step 2 Select the group you wish to match against and click the Assign Group button.
Note By default, Active Directory only returns a maximum of 1000 groups in response to a Cisco NAC Guest
Server search. If you have more than 1000 groups and have not increased the LDAP search size, it is
possible that the group you want to match will not appear. In this situation, you can manually enter the
group name in the Active Directory Group combo box.
Mapping to LDAP Groups
If a sponsor authenticates to the Cisco NAC Guest Server using LDAP authentication then the Cisco
NAC Guest Server can map them into a user group by their membership of LDAP groups.
Based on the settings of the LDAP server that you authenticate against the Cisco NAC Guest Server will
use one of two methods for mapping the sponsor using group information.
There are two main methods that LDAP servers use for assigning users to groups.