Chapter11 Working with User Databases
Generic LDAP
11-14
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Step 6 To restrict network access to users who have Windows dial-in permission, select
the Grant dialin permission to user check box.
Note Windows dialin permission is enabled in the Dialin section of user
properties in WindowsNT and on the Dial-in tab of the user properties
in Windows 2000.
Step 7 To authenticate explicitly using each trusted Windows domain for usernames that
are not domain-qualified, select the domains you want CiscoSecure ACS to use
to authenticate unqualified usernames in the Available Domains list and move
them to the Domain List list by clicking >.
Step 8 In the MS-CHAP table, follow these steps:
a. To support for authentication, select the check boxes for the applicable
MS-CHAP versions.
b. To enable password changes, select the check boxes for the applicable
MS-CHAP versions.
Step 9 Click Submit.
Result: Cisco Secure ACS saves the Windows NT/2000 user database
configuration you created. You can now add it to your Unknown User Policy or
assign specific user accounts to use this database for authentication. For more
information about the Unknown User Policy, see the Unknown User Processing
section on page 12-1. For more information about configuring user accounts to
authenticate using this database, see the Setting Up and Managing User
Accounts section on page 7-1.
Generic LDAP
Cisco Secure ACS supports PAP and EAP-TLS authentication via generic
Lightweight Directory Access Protocol (LDAP) databases, such as Netscape
Directory Services. Configuring Cisco Secure ACS to authenticate against an
LDAP database does not affect the configuration of the LDAP database. To
manage your LDAP database, see your LDAP database documentation.