Cisco 3.3 User Manual
Page 508
Chapter 13 User Databases
Windows User Database
13-24
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Cisco Secure ACS allows you to complete this step only after you have
successfully completed Step 1. For detailed steps, see
Step 4
Configure a Windows external user database and enable the applicable types of
machine authentication on the Windows User Database Configuration page:
•
To support machine authentication with PEAP, select the Permit PEAP
machine authentication check box.
•
To support machine authentication with EAP-TLS, select the Permit
EAP-TLS machine authentication check box.
•
To require machine authentication in addition to user authentication, select
the Enable machine access restrictions check box.
Note
If you already have a Windows external user database configured, modify
its configuration to enable the applicable machine authentication types.
For detailed steps, see
Configuring a Windows External User Database,
Cisco Secure ACS is ready to perform machine authentication for computers
whose names exist in CiscoSecure user database.
Step 5
If you have not already enabled the Unknown User Policy and added the Windows
external user database to the Selected Databases list, consider doing so to allow
computers that are not known to Cisco Secure ACS to authenticate. For detailed
steps, see
Configuring the Unknown User Policy, page 15-16
.
Note
Enabling the Unknown User Policy to support machine authentication
also enables the Unknown User Policy for user authentication.
Cisco Secure ACS makes no distinction in unknown user support between
computers and users.
Cisco Secure ACS is ready to perform machine authentication for computers,
regardless of whether the computer names exist in CiscoSecure user database.