User Guide for Cisco Secure Access Control System 5.4
Chapter8 Managing Users and Identity Stores
Managing External Identity Stores
If AD is already configured and you want to delete it, clic k Clear Configuration after you verify
that there are no policy rules that use custom conditions based on the AD dictionary.
Configuring Machine Access Restrictions
To configure the Machine Access Restrictions, complete the following steps:
Step1 Select Users and Identity Stores > External Identity Stores > Active Directory, then click the
Machine Access Restrictions tab.
Step2 Complete the fields in the Active Directory: Machine Access Restrictions page as described in
Table 8 -14.
Step3 Click:
Save Changes to save the configuration.
Discard Changes to discard all changes.
If AD is already configured and you want to delete it, clic k Clear Configuration after you verify
that there are no policy rules that use custom conditions that are based on the AD dictionary.
Table8-14 Active Directory: Machine Access Restrictions Page
Option Description
Enable Machine Access
Check this check box to enable the Machine Access Restrictions controls in the web interface.
This ensures that the machine authentication results are tied to user authentication and
authorization. If you enable this feature, you must se t the Aging time.
Aging time (hours) Time after a machine was authenticated that a user can be authenticated from that machine. If
this time elapses, user authentication fails. The default value is 6 hours. The valid range is
from 1 to 8760 hours.
MAR Cache Distribution
Cache entry replication
Enter the time in seconds after which the cache entry replication gets timed out. The default
value is 5 seconds. The valid range is from 1 to 10.
Cache entry replication
Enter the number of times ACS has to perform MAR cache entry replication. The default value
is 2. The valid range is from 0 to 5.
Cache entry query timeout Enter the time in seconds after which the cache entry que ry gets timed out. The default value
is 2 seconds. The valid range is from 1 to 10.
Cache entry query attempts Enter the number of times that ACS has to perform the cache entry query. The default value is
1. The valid range is from 0 to 5.
Node Lists all the nodes that are connected to this AD domain.
Cache Distribution Group Enter the Cache Distribution Group of the selected node. This accepts any text string to a
maximum of 64 characters.