Cisco Systems 4.2 Server User Manual


 
9-19
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 9 NAC Configuration Scenario
Step 4: Set Up Administration Control
Step 3 In the Administrator Details area, specify the following information:
Step 4 Click Grant All.
This grants all privileges to the new administrator; or, specifies to which groups or actions this
administrator is granted access.
Note For more information on administrative privileges, see the “Add Administrator and Edit
Administrator Pages” section in Chapter 11 of the User Guide for Cisco Secure Access Control
Server 4.2, “Administrators and Administrative Policy.”
Option Description
Administrator Name Enter the login name for the ACS administrator account. Administrator names
can contain 1 to 32 characters, but cannot contain the left angle bracket (<), the
right angle bracket (>), or the backslash (\). An ACS administrator name does
not have to match a network user name.
Password Enter the password for the administrator to access the ACS web interface.
The password can match the password that the administrator uses for dial-in
authentication; or, it can be a different password. ACS enforces the options in
the Password Validation Options section on the Administrator Password
Policy
page.
Passwords must be at least 4 characters long and contain at least 1 numeric
character. The password cannot include the username or the reverse username,
must not match any of the previous 4 passwords, and must be in ASCII
characters. If you make a password error, ACS displays the password criteria.
If the password policy changes and the password does not change, the
administrator remains logged in. ACS enforces the new password policy at the
next
login.
Confirm Password Reenter the password that you entered in the password field.
Account Never
Expires
If you want to override the lockout options set up on the Administrator
Password Policy page (with the exception of manual lockout), check the check
box next to Account Never Expires. If you check this option, the account never
expires, but the password change policy remains in effect. The default value
is
unchecked (disabled).
Account Locked If you want to lock out an administrator who is denied access due to the account
policy options specified on the Password Policy page, check the Account
Locked check box. When unchecked (disabled), this option unlocks an
administrator who was locked out.
Administrators who have the Administration Control privilege can use this
option to manually lock out an account or reset locked accounts. The system
displays a message that explains the reason for a lockout.
When an administrator unlocks an account, ACS resets the Last Password
Change and the Last Activity fields to the day on which the administrator
unlocks the account.
The reset of a locked account does not affect the configuration of the lockout
and unlock mechanisms for failed attempts.