Configuring a windows external user database, Configuring a – Cisco 3.3 User Manual
Page 514
Chapter 13 User Databases
Windows User Database
13-30
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Note
If you do not change the value of the Aging time (hours) box to
something other than zero, all EAP-TLS and Microsoft PEAP users
whose computers perform machine authentication are assigned to the
group specified in the “Group map for successful user authentication
without machine authentication” list.
Tip
To clear the cache of Calling-Station-Id values, type 0 in the Aging time (hours)
box and click Submit.
•
Group map for successful user authentication without machine
authentication—This list specifies the group profile that Cisco Secure ACS
applies to a user accessing the network from a computer that has not passed
machine authentication for longer than the number of hours specified in the
Aging time (hours) box. To deny such users any access to the network, select
<No Access> (which is the default setting).
Note
User profile settings always override group profile settings. If a user
profile grants an authorization that is denied by the group specified in
the “Group map for successful user authentication without machine
authentication” list, Cisco Secure ACS grants the authorization.
Configuring a Windows External User Database
For information about the options available on the Windows User Database
Configuration page, see
Windows User Database Configuration Options,
To configure Cisco Secure ACS to authenticate users against the Windows user
database in the trusted domains of your network, follow these steps:
Step 1
In the navigation bar, click External User Databases.
Step 2
Click Database Configuration.
Cisco Secure ACS displays a list of all possible external user database types.