Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi

AsyncOS displays a message saying that the user will be unable to log into the appliance and asks if you 
want to continue. 

To unlock a user account, open the user account by clicking on the user name in the Users listing and 
click Unlock Account.

If you lock the admin account, you can only unlock it by logging in as the admin through a serial 
communications connection to the serial console port. The admin user can always access the appliance 
using the serial console port, even when the admin account is locked. See the “Setup and Installation” 
chapter in the documentation or online help for your Email Security appliance for more information on 
accessing the appliance using the serial console port. 

If you store user information in an LDAP or RADIUS directory on your network, you can configure your 
Security Management appliance to use the external directory to authenticate users who log in to the 
appliance. 

Some features described in 

 are not available to 

externally-authenticated users. 

If your deployment uses both local and external authentication, local user names must not duplicate 
externally-authenticated user names. 

If the appliance cannot communicate with the external directory, a user who has both an external 
and a local account can log in with a local user account on the appliance. 

To configure LDAP authentication, see 

You can use a RADIUS directory to authenticate users and assign groups of users to user roles for 
administering your appliance. The RADIUS server should support the CLASS attribute, which AsyncOS 
uses to assign users in the RADIUS directory to user roles. 

If an external user changes the user role for their RADIUS group, the user should log out of the appliance 
and then log back in. The user will have the permissions of their new role. 

The Shared Secret key for access to the RADIUS server must be no more than 48 characters long.