Pac file options and examples – Cisco 3.3 User Manual

D-41

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Appendix D CSUtil Database Utility

PAC File Generation

PAC File Options and Examples

When you use the -t option generate PAC files with CSUtil.exe, you have the
following additional options.

•

User specification options—While you can choose which user specification
option you want to use, you must choose one of the four options for
specifying which users you want PAC files for; otherwise, CSUtil.exe
displays an error message because no users are specified. User specification
options are as follows:

–

-a—CSUtil.exe generates a PAC file for each user in the CiscoSecure
user database. For example, if you have 3278 users in the CiscoSecure
user database and ran CSUtil.exe -t -a, CSUtil.exe would generate 3278
PAC files, one for each user.

Note

Using the -a option restarts the CSAuth service. No users are
authenticated while CSAuth is unavailable.

–

-g N—CSUtil.exe generates a PAC file for each user in the user group
specified by number (N). Cisco Secure ACS has 500 groups, numbered
from 0 (zero) to 499. For example, if group 7 has 43 users and you ran
CSUtil.exe -t -g 7, CSUtil.exe would generate 43 PAC files, one for each
user who is a member of group 7.

Note

Using the -g option restarts the CSAuth service. No users are
authenticated while CSAuth is unavailable.

–

-u username—CSUtil.exe generates a PAC file for the user specified by
name (username). For example, if you ran CSUtil.exe -t -u seaniemop,
CSUtil.exe would generate a single PAC file, named

seaniemop.pac

.

Tip

You can also specify a domain-qualified username, using the format
DOMAIN\username. For example, if you specify

ENIGINEERING\augustin

,

Cisco Secure ACS generates a PAC file name

ENGINEERING_augustin.pac

.