Chapter 6
User Group Management
For information on enabling MS CHAP for password changes, see
Tip
Windows External User Database, page
CHAP in System Configuration, see
•
Tip
For information about enabling PEAP in System Configuration, see
Authentication Setup, page
For information about enabling PEAP password changes, see
Tip
Database, page
•
78-16592-01
PEAP password aging—PEAP password aging depends upon the
PEAP(EAP-GTC) or PEAP(EAP-MSCHAPv2) authentication protocol to
send and receive the password change messages. Requirements for
implementing the PEAP Windows password aging mechanism include the
following:
The AAA client must support EAP.
–
Users must be in a Windows user database.
–
–
Users must be using a Microsoft PEAP client, such as Windows XP.
You must enable PEAP on the Global Authentication Configuration page
–
within the System Configuration section.
You must enable PEAP password changes on the Windows
–
Authentication Configuration page within the External User Databases
section.
13-7.
EAP-FAST password aging—If password aging occurs during phase zero of
EAP-FAST, it depends upon EAP-MSCHAPv2 to send and receive the
password change messages. If password aging occurs during phase two of
EAP-FAST, it depends upon EAP-GTC to send and receive the password
change messages. Requirements for implementing the EAP-FAST Windows
password aging mechanism include the following:
The AAA client must support EAP.
–
–
Users must be in a Windows user database.
User Guide for Cisco Secure ACS for Windows Server
Configuration-specific User Group Settings
13-30. For information on enabling MS
Global Authentication Setup, page
10-26.
Configuring a
10-26.
Global
Windows User
6-27