Enabling password aging for users, Enabling password aging for users in – Cisco 3.3 User Manual

Page 216

Advertising
background image

Chapter 6 User Group Management

Configuration-specific User Group Settings

6-26

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Step 8

To save the group settings you have just made, click Submit.

For more information, see

Saving Changes to User Group Settings, page 6-56

.

Step 9

To continue specifying other group settings, perform other procedures in this
chapter, as applicable.

Enabling Password Aging for Users in Windows Databases

Cisco Secure ACS supports two types of password aging for users in Windows
databases. Both types of Windows password aging mechanisms are separate and
distinct from the other Cisco Secure ACS password aging mechanisms. For
information on the requirements and settings for the password aging mechanisms
that control users in the CiscoSecure user database, see

Enabling Password Aging

for the CiscoSecure User Database, page 6-21

.

Note

You can run both Windows Password Aging and Cisco Secure ACS Password
Aging for Transit Sessions mechanisms concurrently, provided that the users
authenticate from the two different databases.

The types of password aging in Windows databases are as follows:

RADIUS-based password aging—RADIUS-based password aging depends
upon the RADIUS AAA protocol to send and receive the password change
messages. Requirements for implementing the RADIUS-based Windows
password aging mechanism include the following:

Communication between Cisco Secure ACS and the AAA client must be
using RADIUS.

The AAA client must support MS CHAP password aging in addition to
MS CHAP authentication.

Users must be in a Windows user database.

Users must be using the Windows DUN client.

You must enable MS CHAP version 1 or MS CHAP version 2, or both,
in the Windows configuration within the External User Databases
section.

Advertising