09-03-2010 07:34 AM
I'm trying to integrate one of my FOS switches with Microsoft Active Directory 2008 in order to facilitate single sign-on.
I've used aaaconfig to set the IP address of my two domain controllers, in addition to setting the full domain (ie. winlab.xxxx).
I also set aaaconfig using the 'authspec' to specify LDAP first, then local as a secondary lookup.
Finally, I use ldapcfg to map a specific AD group to the "admin" switch role.
After this, I try logging in with my AD account but get an "Access Denied" error.
My concern is that we might need to make some changes on the actual Microsoft Active Directory server. This could be a problem in our environment.
Has anyone managed to get FOS authentication integrated with Microsoft AD? Any help or advice would be greatly appreciated.
09-06-2010 10:14 PM
you need to change your AD schema. Please check FOS Admin Guide page 103ff.
You can Microsoft IAS (RADIUS) server add on. In this case you do not need to change your schema.
09-07-2010 06:37 AM
In that same guide you can look at page 536 in Appendix D for the FIPS AD support, which appears to give more functionality. I've attached the doc.
09-17-2010 09:10 AM
So, if I understand correctly, there is no way to incorporate FOS switches into Microsoft AD without changing part of the schema on the AD server?
09-17-2010 11:59 AM
I found this doc on the internet and found it quite good. Credits to the original author David Antkowiak.
Just a dumb suggestion from me
Did you try login using
I have found many customers trying to login with just the username.
09-17-2010 12:09 PM
No spaces or dashes in the group name.
I definitely have spaces in my group name. I also have a dash in my login name.
I will have to try it without the space or dash to see if that is the culprit.