Cisco Systems Servers Benutzerhandbuch
12-7
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 12 Administering External User Databases
Unknown User Processing
The default AAA client timeout value is 5 seconds. If you have Cisco Secure ACS
configured to search through several databases or if your databases are large, you
might need to increase this value in your AAA client configuration file. For more
information, refer to your Cisco IOS documentation.
configured to search through several databases or if your databases are large, you
might need to increase this value in your AAA client configuration file. For more
information, refer to your Cisco IOS documentation.
Network Access Authorization
While the Unknown User Policy allows authentication requests to be forwarded
to external user databases, all responsibility for the authorization parameters
provided to the AAA client remains with Cisco Secure ACS. External user
databases provide authentication services, and Cisco Secure ACS then provides
the additional authorization information that is sent to the AAA client in the
RADIUS or TACACS+ response packet. For more information about assignment
of user authorization, see the
to external user databases, all responsibility for the authorization parameters
provided to the AAA client remains with Cisco Secure ACS. External user
databases provide authentication services, and Cisco Secure ACS then provides
the additional authorization information that is sent to the AAA client in the
RADIUS or TACACS+ response packet. For more information about assignment
of user authorization, see the
.
Unknown User Policy
You can configure how Cisco Secure ACS processes unknown users on the
Configure Unknown User Policy page, in the External User Databases section of
the HTML interface. The Configure Unknown User Policy page contains the
following fields:
Configure Unknown User Policy page, in the External User Databases section of
the HTML interface. The Configure Unknown User Policy page contains the
following fields:
•
Unknown User Policy—Defines what action Cisco Secure ACS takes if it
does not find a matching username in its database. There are two options for
controlling the Unknown User Policy:
does not find a matching username in its database. There are two options for
controlling the Unknown User Policy:
–
Fail the attempt—Disables unknown user processing.
Cisco Secure ACS rejects authentication requests for any user not found
in the CiscoSecure user database.
Cisco Secure ACS rejects authentication requests for any user not found
in the CiscoSecure user database.
–
Check the following external user databases—Enables unknown user
processing. Cisco Secure ACS uses databases in the Selected Databases
list to authenticate users that are not found in the CiscoSecure user
database.
processing. Cisco Secure ACS uses databases in the Selected Databases
list to authenticate users that are not found in the CiscoSecure user
database.
•
External Databases—Lists the external user databases that
Cisco Secure ACS does not use to authenticate unknown users.
Cisco Secure ACS does not use to authenticate unknown users.
•
Selected Databases—Lists the external user databases Cisco Secure ACS
that uses to authenticate an unknown user (if the Check the following external
user databases option is selected). Cisco Secure ACS attempts authentication
that uses to authenticate an unknown user (if the Check the following external
user databases option is selected). Cisco Secure ACS attempts authentication