Cisco Systems CSACS3415K9 Computer Accessories User Manual

Open as PDF

of 678

8-47

User Guide for Cisco Secure Access Control System 5.4

OL-26225-01

Chapter 8 Managing Users and Identity Stores

Managing External Identity Stores

The distributed search is performed based on the cache entry query attempts and cache entry query

timeouts that are configured in the ACS web interface. The MAR entry search is also delayed until the

first successful response from any of the queried ACS nodes, up to the maximum of the configured cache

entry query timeout period.

Distributed MAR Cache Output in ACS View:

• 24422 - ACS has confirmed previous successful machine authentication for user in Active Directory.

• 24423 - ACS has not been able to confirm previous successful machine authentication for user in

Active Directory.

• 24701 - ACS peer has confirmed previous successful machine authentication for user in Active

Directory.

• 24702 - ACS peers have not confirmed previous successful machine authentication for user in Active

Directory.

Distributed MAR Cache Reliability

The ACS runtime component combines two operations to implement the distributed MAR cache, in

order to ensure strong reliability.

The distributed search option provides a fallback facility when the replication messages for some reason

are not delivered. In this case, you can find the MAR cache entry on the ACS node that performs the

machine authentication or on any one of the ACS nodes from the same MAR cache distribution group.

The distributed search option also provides a fallback facility when the ACS node that performs the

machine authentication is restarted.

In this case, also, you can find the MAR cache entry in any one of the ACS nodes from the same MAR

cache distribution group.

You lose the MAR cache entry when you restart all of the ACS nodes in the ACS deployment.

Dial-In Permissions

The dial-in permissions of a user are checked during authentications or queries from Active Directory.

The dial-in check is supported only for user authentications and not for machines, in the following

authentication protocols:

• PAP

• MSCHAPv2

• EAP-FAST

• PEAP

• EAP-TLS.

The following results are possible:

• Allow Access

• Deny Access

• Control Access through Remote Access Policy. This option is only available for Windows 2000

native domain, Windows server 2003 domain.

• Control Access through NPS Network Policy. This is the default result. This option is only available

for Windows server 2008 and Windows 2008 R2 domains.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems CSACS3415K9 Computer Accessories User Manual