Cisco Systems Servers Benutzerhandbuch

Seite von 654
Chapter 11      Working with User Databases
Generic LDAP
11-14
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Step 6
To restrict network access to users who have Windows dial-in permission, select 
the Grant dialin permission to user check box.
Note
Windows dialin permission is enabled in the Dialin section of user 
properties in Windows NT and on the Dial-in tab of the user properties 
in Windows 2000.
Step 7
To authenticate explicitly using each trusted Windows domain for usernames that 
are not domain-qualified, select the domains you want Cisco Secure ACS to use 
to authenticate unqualified usernames in the Available Domains list and move 
them to the Domain List list by clicking —>.
Step 8
In the MS-CHAP table, follow these steps:
a.
To support for authentication, select the check boxes for the applicable 
MS-CHAP versions.
b.
To enable password changes, select the check boxes for the applicable 
MS-CHAP versions.
Step 9
Click Submit.
Result: Cisco Secure ACS saves the Windows NT/2000 user database 
configuration you created. You can now add it to your Unknown User Policy or 
assign specific user accounts to use this database for authentication. For more 
information about the Unknown User Policy, see the 
. For more information about configuring user accounts to 
authenticate using this database, see th
.
Generic LDAP
Cisco Secure ACS supports PAP and EAP-TLS authentication via generic 
Lightweight Directory Access Protocol (LDAP) databases, such as Netscape 
Directory Services. Configuring Cisco Secure ACS to authenticate against an 
LDAP database does not affect the configuration of the LDAP database. To 
manage your LDAP database, see your LDAP database documentation.