Table of Contents
Advertisement
Windows User Database
Microsoft Windows and Machine Authentication
User Guide for Cisco Secure ACS for Windows Server
13-20
Calling-Station-Id value not found in the cache—Cisco Secure ACS
–
assigns the user to the user group specified by "Group map for successful
user authentication without machine authentication" list. This can
include the <No Access> group.
User profile settings always override group profile settings. If a user
Note
profile grants an authorization that is denied by the group specified in
the "Group map for successful user authentication without machine
authentication" list, Cisco Secure ACS grants the authorization.
The MAR feature supports full EAP-TLS and Microsoft PEAP authentication, as
well as resumed sessions for EAP-TLS and Microsoft PEAP and fast
reconnections for Microsoft PEAP.
The MAR feature has the following limitations and requirements:
•
Machine authentication must be enabled.
Users must authenticate with EAP-TLS or a Microsoft PEAP client. MAR
•
does not apply to users authenticated by other protocols, such as EAP-FAST,
LEAP, or MS-CHAP.
•
The AAA client must send a value in the IETF RADIUS Calling-Station-Id
attribute (31).
Cisco Secure ACS does not replicate the cache of Calling-Station-Id attribute
•
values from successful machine authentications.
Cisco Secure ACS supports machine authentication with Active Directory in
Windows 2000. To enable machine authentication support in Windows 2000
Active Directory you must:
Apply Service Pack 4 to the computer running Active Directory.
•
Complete the steps in
•
Modify Dial-In Permissions for Computers That Use Wireless
Microsoft Knowledge Base Article 306260: Cannot
Chapter 13
User Databases
Networking.
78-16592-01
Advertisement
Table of Contents
Troubleshooting
