Setting ip – Cisco 3.3 User Manual
Page 218
Chapter 6 User Group Management
Configuration-specific User Group Settings
6-28
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
–
Users must be using a client that supports EAP-FAST.
–
You must enable EAP-FAST on the Global Authentication Configuration
page within the System Configuration section.
Tip
For information about enabling EAP-FAST in System Configuration, see
Authentication Setup, page 10-26
–
You must enable EAP-FAST password changes on the Windows
Authentication Configuration page within the External User Databases
section.
Tip
For information about enabling EAP-FAST password changes, see
Users whose Windows accounts reside in “remote” domains (that is, not the
domain within which Cisco Secure ACS is running) can only use the
Windows-based password aging if they supply their domain names.
The methods and functionality of Windows password aging differ according to
which Microsoft Windows operating system you are using, and whether you
employ Active Directory (AD) or Security Accounts Manager (SAM). Setting
password aging for users in the Windows user database is only one part of the
larger task of setting security policies in Windows. For comprehensive
information on Windows procedures, refer to your Windows system
documentation.
Setting IP Address Assignment Method for a User Group
Perform this procedure to configure the way Cisco Secure ACS assigns IP
addresses to users in the group. The four possible methods are as follows:
•
No IP address assignment—No IP address is assigned to this group.
•
Assigned by dialup client—Use the IP address that is configured on the
dialup client network settings for TCP/IP.