Cisco Systems Servers Benutzerhandbuch

using the selected databases serially and in the order specified, top to bottom. 
For more information about the significance of the order of selected 
databases, see the 

For more information about configuring your Unknown User Policy, see the 

You can configure the order in which Cisco Secure ACS checks the selected 
external databases when Cisco Secure ACS attempts to authenticate unknown 
users. If the first database in the Selected Databases list fails the authentication 
request for the unknown user, Cisco Secure ACS checks the next database listed, 
and so on down the Selected Databases list, in the order listed, until the user 
authenticates or until Cisco Secure ACS has tried all the databases listed. 
Authentication with a Windows NT/2000 database is more complex. (For more 
information about Windows NT/2000 authentication, see the 

.) If Cisco Secure ACS does not find the user in 

any of the listed databases, authentication fails.

The order in which the databases appear in the Selected Databases list is 
important. For best performance, authentications should be processed first against 
the external database where the greatest number of authentications are likely to 
succeed (that is, get the highest level of successful cache hits). 

Always list the database that will allow most authentications to succeed as 
near to the top of the list as possible.

In Cisco Secure ACS, an unknown user is defined as one for whom no account has 
been created within the Cisco Secure ACS database.

 To specify how Cisco Secure ACS should handle users who are not in the 
Cisco Secure ACS database, follow these steps:

In the navigation bar, click External User Databases.

Click Unknown User Policy.