Authentication and unknown users, About unknown user authentication, About – Cisco 3.3 User Manual
Page 614: About unknown user
Chapter 15 Unknown User Policy
Authentication and Unknown Users
15-4
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
–
Authentication—The authentication process for discovered users is
identical to the authentication process for known users who are
authenticated with external user databases and whose Cisco Secure ACS
group membership is determined by group mapping.
–
Posture Validation—Cisco Secure ACS always uses the Unknown User
Policy to determine which NAC database to use for a posture validation
request. For more information, see
Posture Validation and the Unknown
Note
We recommend removing a username from a database when the privileges
associated with that username are no longer required. For more information about
deleting a user account, see
Deleting a User Account, page 7-57
Authentication and Unknown Users
This section provides information about using the Unknown User Policy with
authentication. For information about using the Unknown User Policy with NAC,
see
Posture Validation and the Unknown User Policy, page 15-10
This section contains the following topics:
•
About Unknown User Authentication, page 15-4
•
General Authentication of Unknown Users, page 15-5
•
Windows Authentication of Unknown Users, page 15-6
•
Performance of Unknown User Authentication, page 15-8
About Unknown User Authentication
The Unknown User Policy is a form of authentication forwarding. In essence, this
feature is an extra step in the authentication process. In this additional step, if the
username does not exist in the CiscoSecure user database, Cisco Secure ACS
forwards the authentication request of an incoming username and password to
external databases with which it is configured to communicate and which support
the authentication protocol used in the authentication request.