Cisco ASA 5505 User Manual

Page 1457

67-31

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Configuring Connection Profiles

Figure 67-3

Active Directory—Maximum Password Age

Note

The radius-with-expiry command, formerly configured as part of tunnel-group remote-access
configuration to perform the password age function, is deprecated. The password-management
command, entered in tunnel-group general-attributes mode, replaces it.

Using Active Directory to Override an Account Disabled AAA Indicator

To override an account-disabled indication from a AAA server, specify the override-account-disable
command in tunnel-group general-attributes configuration mode on theASA and do the following steps
under Active Directory:

Note

Allowing override account-disabled is a potential security risk.

Step 1

Select Start > Programs > Administrative Tools > Active Directory Users and Computers.

Step 2

Right-click Username > Properties > Account and select Disable Account from the menu.

This manual is related to the following products:

ASA 5585-X ASA 5555-X ASA 5545-X ASA 5525-X ASA 5515-X ASA 5512-X ASA 5580 ASA 5550 ASA 5540 ASA 5520 ASA 5510 ASA 5500 Series