Filter
Top Products
6-27
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 6 User Group Management
Configuration-specific User Group Settings
Tip For information on enabling MS CHAP for password changes, see Configuring a
Windows External User Database, page 13-30. For information on enabling MS
CHAP in System Configuration, see Global Authentication Setup, page 10-26.
• PEAP password aging—PEAP password aging depends upon the
PEAP(EAP-GTC) or PEAP(EAP-MSCHAPv2) authentication protocol to
send and receive the password change messages. Requirements for
implementing the PEAP Windows password aging mechanism include the
following:
–
The AAA client must support EAP.
–
Users must be in a Windows user database.
–
Users must be using a Microsoft PEAP client, such as Windows XP.
–
You must enable PEAP on the Global Authentication Configuration page
within the System Configuration section.
Tip For information about enabling PEAP in System Configuration, see Global
Authentication Setup, page 10-26.
–
You must enable PEAP password changes on the Windows
Authentication Configuration page within the External User Databases
section.
Tip For information about enabling PEAP password changes, see Windows User
Database, page 13-7.
• EAP-FAST password aging—If password aging occurs during phase zero of
EAP-FAST, it depends upon EAP-MSCHAPv2 to send and receive the
password change messages. If password aging occurs during phase two of
EAP-FAST, it depends upon EAP-GTC to send and receive the password
change messages. Requirements for implementing the EAP-FAST Windows
password aging mechanism include the following:
–
The AAA client must support EAP.
–
Users must be in a Windows user database.