Cisco Systems 3.3 Manual De Usuario
Chapter 15 Unknown User Policy
Authentication and Unknown Users
15-6
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Note
Because usernames in the CiscoSecure user database must be unique,
Cisco Secure ACS supports a single instance of any given username across all
databases that it is configured to use. For example, assume every external user
database contains a user account with the username John. Each account is for a
different user, but they each, coincidentally, have the same username. After the
first John attempts to access the network and has authenticated through the
unknown user process, Cisco Secure ACS retains a discovered user account for
that John and only that John. Now, Cisco Secure ACS tries to authenticate
subsequent attempts by any user named John using the same external user
database that originally authenticated John. Assuming their passwords are
different than the password for the John who authenticated first, the other Johns
are unable to access the network.
Cisco Secure ACS supports a single instance of any given username across all
databases that it is configured to use. For example, assume every external user
database contains a user account with the username John. Each account is for a
different user, but they each, coincidentally, have the same username. After the
first John attempts to access the network and has authenticated through the
unknown user process, Cisco Secure ACS retains a discovered user account for
that John and only that John. Now, Cisco Secure ACS tries to authenticate
subsequent attempts by any user named John using the same external user
database that originally authenticated John. Assuming their passwords are
different than the password for the John who authenticated first, the other Johns
are unable to access the network.
Windows Authentication of Unknown Users
Because there can be multiple occurrences of the same username across the
trusted Windows domains against which Cisco Secure ACS authenticates users,
Cisco Secure ACS treats authentication with a Windows user database as a special
case.
trusted Windows domains against which Cisco Secure ACS authenticates users,
Cisco Secure ACS treats authentication with a Windows user database as a special
case.
To perform authentication, Cisco Secure ACS communicates with the Windows
operating system of the computer running Cisco Secure ACS. Windows uses its
built-in facilities to forward the authentication requests to the appropriate domain
controller.
operating system of the computer running Cisco Secure ACS. Windows uses its
built-in facilities to forward the authentication requests to the appropriate domain
controller.
This section contains the following topics:
•
•
•
Domain-Qualified Unknown Windows Users
When a domain name is supplied as part of a authentication request, Cisco Secure
ACS detects that a domain name was supplied and tries the authentication
credentials against the specified domain. The dial-up networking clients provided
ACS detects that a domain name was supplied and tries the authentication
credentials against the specified domain. The dial-up networking clients provided