Cisco Systems CSACS3415K9 Manual De Usuario
8-56
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 8 Managing Users and Identity Stores
Managing External Identity Stores
•
If AD is already configured and you want to delete it, click Clear Configuration after you verify
that there are no policy rules that use custom conditions based on the AD dictionary.
that there are no policy rules that use custom conditions based on the AD dictionary.
Configuring Machine Access Restrictions
To configure the Machine Access Restrictions, complete the following steps:
Step 1
Select Users and Identity Stores > External Identity Stores > Active Directory, then click the
Machine Access Restrictions tab.
Machine Access Restrictions tab.
Step 2
Complete the fields in the Active Directory: Machine Access Restrictions page as described in
Step 3
Click:
•
Save Changes to save the configuration.
•
Discard Changes to discard all changes.
•
If AD is already configured and you want to delete it, click Clear Configuration after you verify
that there are no policy rules that use custom conditions that are based on the AD dictionary.
that there are no policy rules that use custom conditions that are based on the AD dictionary.
Table 8-14
Active Directory: Machine Access Restrictions Page
Option
Description
Enable Machine Access
Restrictions
Restrictions
Check this check box to enable the Machine Access Restrictions controls in the web interface.
This ensures that the machine authentication results are tied to user authentication and
authorization. If you enable this feature, you must set the Aging time.
This ensures that the machine authentication results are tied to user authentication and
authorization. If you enable this feature, you must set the Aging time.
Aging time (hours)
Time after a machine was authenticated that a user can be authenticated from that machine. If
this time elapses, user authentication fails. The default value is 6 hours. The valid range is
from 1 to 8760 hours.
this time elapses, user authentication fails. The default value is 6 hours. The valid range is
from 1 to 8760 hours.
MAR Cache Distribution
Cache entry replication
timeout
timeout
Enter the time in seconds after which the cache entry replication gets timed out. The default
value is 5 seconds. The valid range is from 1 to 10.
value is 5 seconds. The valid range is from 1 to 10.
Cache entry replication
attempts
attempts
Enter the number of times ACS has to perform MAR cache entry replication. The default value
is 2. The valid range is from 0 to 5.
is 2. The valid range is from 0 to 5.
Cache entry query timeout
Enter the time in seconds after which the cache entry query gets timed out. The default value
is 2 seconds. The valid range is from 1 to 10.
is 2 seconds. The valid range is from 1 to 10.
Cache entry query attempts
Enter the number of times that ACS has to perform the cache entry query. The default value is
1. The valid range is from 0 to 5.
1. The valid range is from 0 to 5.
Node
Lists all the nodes that are connected to this AD domain.
Cache Distribution Group
Enter the Cache Distribution Group of the selected node. This accepts any text string to a
maximum of 64 characters.
maximum of 64 characters.