Cisco Systems Servers Manuale Utente

To further control access by a user from within the Windows NT User Manager or 
the Windows 2000 Active Directory Users and Computers, you can configure 
Cisco Secure ACS to also check the setting for granting dialin permission to user. 
This setting is labeled “Grant dialin permission to user” in Windows NT and 
“Allow access” in the Remote Access Permission area in Windows 2000. If this 
feature is disabled for the user, access is not permitted, even if the username and 
password are typed correctly.

For the most secure authentication with Windows NT/2000 user databases, use 
MS-CHAP.

Cisco Secure ACS can take advantage of trust relationships that have been 
established between Windows NT/2000 servers. If the domain that contains the 
Cisco Secure ACS server trusts another domain, Cisco Secure ACS can 
authenticate users whose accounts reside in the other domain. Cisco Secure ACS 
can also reference the Grant dialin permission to user setting across trusted 
domains.

If your domains are Windows 2000 domains, Cisco Secure ACS can take 
advantage of indirect trusts for Windows authentication. Consider the example of 
Windows 2000 domains A, B, and C, where Cisco Secure ACS resides on a