Chapter12 Admin istering Extern al User Databases
Unknown User Processing
12-8
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
using the selected databases serially and in the order specified, top to bottom.
For more information about the significance of the order of selected
databases, see the Database Search Order section on page 12-8.
For more information about configuring your Unknown User Policy, see the
Configuring the Unknown User Policy section on page12-8
Database Search Order
You can configure the order in which CiscoSecure ACS checks the selected
external databases when Cisco Secure ACS attempts to authenticate unknown
users. If the first database in the Selected Databases list fails the authentication
request for the unknown user, Cisco Secure ACS checks the next database listed,
and so on down the Selected Databases list, in the order listed, until the user
authenticates or until Cisco Secure ACS has tried all the databases listed.
Authentication with a WindowsNT/2000 database is more complex. (For more
information about Windows NT/2000 authentication, see the The
Cisco Secure ACS Authentication Process with Windows NT/2000 User
Databases section on page 11-7.) If Cisco Secure ACS does not find the user in
any of the listed databases, authentication fails.
The order in which the databases appear in the Selected Databases list is
important. For best performance, authentications should be processed first against
the external database where the greatest number of authentications are likely to
succeed (that is, get the highest level of successful cache hits).
Tip Always list the database that will allow most authentications to succeed as
near to the top of the list as possible.
Configuring the Unknown User Policy
In Cisco Secure ACS, an unknown user is defined as one for whom no account has
been created within the Cisco Secure ACS database.
To specify how CiscoSecure ACS should handle users who are not in the
Cisco Secure ACS database, follow these steps:
Step 1 In the navigation bar, click External User Databases.
Step 2 Click Unknown User Policy.