Cisco 3.3 User Manual
Page 217
6-27
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 6 User Group Management
Configuration-specific User Group Settings
Tip
For information on enabling MS CHAP for password changes, see
Windows External User Database, page 13-30
. For information on enabling MS
CHAP in System Configuration, see
Global Authentication Setup, page 10-26
•
PEAP password aging—PEAP password aging depends upon the
PEAP(EAP-GTC) or PEAP(EAP-MSCHAPv2) authentication protocol to
send and receive the password change messages. Requirements for
implementing the PEAP Windows password aging mechanism include the
following:
–
The AAA client must support EAP.
–
Users must be in a Windows user database.
–
Users must be using a Microsoft PEAP client, such as Windows XP.
–
You must enable PEAP on the Global Authentication Configuration page
within the System Configuration section.
Tip
For information about enabling PEAP in System Configuration, see
Authentication Setup, page 10-26
–
You must enable PEAP password changes on the Windows
Authentication Configuration page within the External User Databases
section.
Tip
For information about enabling PEAP password changes, see
•
EAP-FAST password aging—If password aging occurs during phase zero of
EAP-FAST, it depends upon EAP-MSCHAPv2 to send and receive the
password change messages. If password aging occurs during phase two of
EAP-FAST, it depends upon EAP-GTC to send and receive the password
change messages. Requirements for implementing the EAP-FAST Windows
password aging mechanism include the following:
–
The AAA client must support EAP.
–
Users must be in a Windows user database.