Cisco 3.3 User Manual
User guide for cisco secure acs for windows server
Table of contents
Document Outline
- Contents
- Preface
- Overview
- The CiscoSecure ACS Paradigm
- CiscoSecure ACS Specifications
- AAA Server Functions and Concepts
- CiscoSecure ACS HTML Interface
- Deployment Considerations
- Interface Configuration
- Network Configuration
- Shared Profile Components
- User Group Management
- About User Group Setup Features and Functions
- Basic User Group Settings
- Configuration-specific User Group Settings
- Setting Token Card Settings for a User Group
- Setting Enable Privilege Options for a User Group
- Enabling Password Aging for the CiscoSecure User Database
- Enabling Password Aging for Users in Windows Databases
- Setting IP Address Assignment Method for a User Group
- Assigning a Downloadable IP ACL to a Group
- Configuring TACACS+ Settings for a User Group
- Configuring a Shell Command Authorization Set for a User Group
- Configuring a PIX Command Authorization Set for a User Group
- Configuring Device-Management Command Authorization for a User Group
- Configuring IETF RADIUS Settings for a User Group
- Configuring Cisco IOS/PIX RADIUS Settings for a User Group
- Configuring Cisco Aironet RADIUS Settings for a User Group
- Configuring Ascend RADIUS Settings for a User Group
- Configuring Cisco VPN 3000 Concentrator RADIUS Settings for a User Group
- Configuring Cisco VPN 5000 Concentrator RADIUS Settings for a User Group
- Configuring Microsoft RADIUS Settings for a User Group
- Configuring Nortel RADIUS Settings for a User Group
- Configuring Juniper RADIUS Settings for a User Group
- Configuring BBSM RADIUS Settings for a User Group
- Configuring Custom RADIUS VSA Settings for a User Group
- Group Setting Management
- User Management
- About User Setup Features and Functions
- About User Databases
- Basic User Setup Options
- Adding a Basic User Account
- Setting Supplementary User Information
- Setting a Separate CHAP/MS-CHAP/ARAP Password
- Assigning a User to a Group
- Setting User Callback Option
- Assigning a User to a Client IP Address
- Setting Network Access Restrictions for a User
- Setting Max Sessions Options for a User
- Setting User Usage Quotas Options
- Setting Options for User Account Disablement
- Assigning a Downloadable IP ACL to a User
- Advanced User Authentication Settings
- TACACS+ Settings (User)
- Advanced TACACS+ Settings (User)
- RADIUS Attributes
- Setting IETF RADIUS Parameters for a User
- Setting Cisco IOS/PIX RADIUS Parameters for a User
- Setting Cisco Aironet RADIUS Parameters for a User
- Setting Ascend RADIUS Parameters for a User
- Setting Cisco VPN 3000 Concentrator RADIUS Parameters for a User
- Setting Cisco VPN 5000 Concentrator RADIUS Parameters for a User
- Setting Microsoft RADIUS Parameters for a User
- Setting Nortel RADIUS Parameters for a User
- Setting Juniper RADIUS Parameters for a User
- Setting BBSM RADIUS Parameters for a User
- Setting Custom RADIUS Attributes for a User
- User Management
- System Configuration: Basic
- System Configuration: Advanced
- CiscoSecure Database Replication
- About CiscoSecure Database Replication
- Important Implementation Considerations
- Database Replication Versus Database Backup
- Database Replication Logging
- Replication Options
- Implementing Primary and Secondary Replication Setups on CiscoSecure ACSes
- Configuring a Secondary CiscoSecure ACS
- Replicating Immediately
- Scheduling Replication
- Disabling CiscoSecure Database Replication
- Database Replication Event Errors
- RDBMS Synchronization
- About RDBMS Synchronization
- RDBMS Synchronization Components
- CiscoSecure ACS Database Recovery Using the accountActions Table
- Reports and Event (Error) Handling
- Preparing to Use RDBMS Synchronization
- Considerations for Using CSV-Based Synchronization
- Configuring a System Data Source Name for RDBMS Synchronization
- RDBMS Synchronization Options
- Performing RDBMS Synchronization Immediately
- Scheduling RDBMS Synchronization
- Disabling Scheduled RDBMS Synchronizations
- IP Pools Server
- IP Pools Address Recovery
- CiscoSecure Database Replication
- System Configuration: Authentication and Certificates
- About Certification and EAP Protocols
- Global Authentication Setup
- CiscoSecure ACS Certificate Setup
- Logs and Reports
- Administrators and Administrative Policy
- User Databases
- CiscoSecure User Database
- About External User Databases
- Windows User Database
- What’s Supported with Windows User Databases
- Authentication with Windows User Databases
- Trust Relationships
- Windows Dial-up Networking Clients
- Usernames and Windows Authentication
- EAP and Windows Authentication
- User-Changeable Passwords with Windows User Databases
- Preparing Users for Authenticating with Windows
- Windows User Database Configuration Options
- Configuring a Windows External User Database
- Generic LDAP
- Novell NDS Database
- ODBC Database
- What is Supported with ODBC User Databases
- CiscoSecure ACS Authentication Process with an ODBC External User Database
- Preparing to Authenticate Users with an ODBC-Compliant Relational Database
- Implementation of Stored Procedures for ODBC Authentication
- Microsoft SQL Server and Case-Sensitive Passwords
- Sample Routine for Generating a PAP Authentication SQL Procedure
- Sample Routine for Generating an SQL CHAP Authentication Procedure
- Sample Routine for Generating an EAP-TLS Authentication Procedure
- PAP Authentication Procedure Input
- PAP Procedure Output
- CHAP/MS-CHAP/ARAP Authentication Procedure Input
- CHAP/MS-CHAP/ARAP Procedure Output
- EAP-TLS Authentication Procedure Input
- EAP-TLS Procedure Output
- Result Codes
- Configuring a System Data Source Name for an ODBC External User Database
- Configuring an ODBC External User Database
- LEAP Proxy RADIUS Server Database
- Token Server User Databases
- Deleting an External User Database Configuration
- Network Admission Control
- Unknown User Policy
- Known, Unknown, and Discovered Users
- Authentication and Unknown Users
- Posture Validation and the Unknown User Policy
- Authorization of Unknown Users
- Unknown User Policy Options
- Database Search Order
- Configuring the Unknown User Policy
- Disabling Unknown User Authentication
- User Group Mapping and Specification
- About User Group Mapping and Specification
- Group Mapping by External User Database
- Group Mapping by Group Set Membership
- Group Mapping Order
- No Access Group for Group Set Mappings
- Default Group Mapping for Windows
- Windows Group Mapping Limitations
- Creating a CiscoSecure ACS Group Mapping for Windows, Novell NDS, or Generic LDAP Groups
- Editing a Windows, Novell NDS, or Generic LDAP Group Set Mapping
- Deleting a Windows, Novell NDS, or Generic LDAP Group Set Mapping
- Deleting a Windows Domain Group Mapping Configuration
- Changing Group Set Mapping Order
- NAC Group Mapping
- RADIUS-Based Group Specification
- Troubleshooting
- TACACS+ Attribute-Value Pairs
- RADIUS Attributes
- CiscoIOS Dictionary of RADIUS AV Pairs
- CiscoIOS/PIX Dictionary of RADIUS VSAs
- About the cisco-av-pair RADUIS Attribute
- CiscoVPN 3000 Concentrator Dictionary of RADIUS VSAs
- Cisco VPN 5000 Concentrator Dictionary of RADIUS VSAs
- Cisco Building Broadband Service Manager Dictionary of RADIUS VSA
- IETF Dictionary of RADIUS AV Pairs
- Microsoft MPPE Dictionary of RADIUS VSAs
- Ascend Dictionary of RADIUS AV Pairs
- Nortel Dictionary of RADIUS VSAs
- Juniper Dictionary of RADIUS VSAs
- CSUtil Database Utility
- Location of CSUtil.exe and Related Files
- CSUtil.exe Syntax
- CSUtil.exe Options
- Displaying Command-Line Syntax
- Backing Up CiscoSecure ACS with CSUtil.exe
- Restoring CiscoSecure ACS with CSUtil.exe
- Creating a CiscoSecure User Database
- Creating a CiscoSecure ACS Database Dump File
- Loading the CiscoSecure ACS Database from a Dump File
- Compacting the CiscoSecure User Database
- User and AAA Client Import Option
- Exporting User List to a Text File
- Exporting Group Information to a Text File
- Exporting Registry Information to a Text File
- Decoding Error Numbers
- Recalculating CRC Values
- User-Defined RADIUS Vendors and VSA Sets
- PAC File Generation
- Posture Validation Attributes
- VPDN Processing
- RDBMS Synchronization Import Definitions
- Internal Architecture
- Index