Table of Contents
Advertisement
Windows NT/2000 User Database
Figure 11-2 Using the Windows NT/2000 User Database for Authentication
Trust Relationships
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
11-8
To further control access by a user from within the Windows NT User Manager or
the Windows 2000 Active Directory Users and Computers, you can configure
Cisco Secure ACS to also check the setting for granting dialin permission to user.
This setting is labeled "Grant dialin permission to user" in Windows NT and
"Allow access" in the Remote Access Permission area in Windows 2000. If this
feature is disabled for the user, access is not permitted, even if the username and
password are typed correctly.
For the most secure authentication with Windows NT/2000 user databases, use
MS-CHAP.
Cisco Secure ACS can take advantage of trust relationships that have been
established between Windows NT/2000 servers. If the domain that contains the
Cisco Secure ACS server trusts another domain, Cisco Secure ACS can
authenticate users whose accounts reside in the other domain. Cisco Secure ACS
can also reference the Grant dialin permission to user setting across trusted
domains.
If your domains are Windows 2000 domains, Cisco Secure ACS can take
advantage of indirect trusts for Windows authentication. Consider the example of
Windows 2000 domains A, B, and C, where Cisco Secure ACS resides on a
Chapter 11
Working with User Databases
78-13751-01, Version 3.0
Advertisement
Table of Contents
Troubleshooting
