Home > Cisco > Control System > Cisco Acs 5x User Guide

Cisco Acs 5x User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 5x User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 211

    Page 211 8-59 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Step 1Choose either of the following options: To reset node secret on the agent host, check the Remove securid file on submit check box. If you reset the node secret on the agent host, you must reset the agent host’s node secret in the RSA server. To reset the status of servers in the realm, check the Remove sdstatus.12 file on submit check box.... 
    8-59
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Step 1Choose either of the following options:
To reset node secret on the agent host, check the Remove securid file on submit check box.
If you reset the node secret on the agent host, you must reset the agent host’s node secret in the RSA 
server.
To reset the status of servers in the realm, check the Remove sdstatus.12 file on submit check box....

    Page 212

    Page 212 8-60 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Related Topics RSA SecurID Server, page 8-54 Creating and Editing RSA SecurID Token Servers, page 8-55 Configuring ACS Instance Settings, page 8-57 Editing ACS Instance Settings, page 8-57 Editing ACS Instance Settings, page 8-57 RADIUS Identity Stores RADIUS server is a third-party server that supports the RADIUS interface. RADIUS identity store,... 
    8-60
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Related Topics
RSA SecurID Server, page 8-54
Creating and Editing RSA SecurID Token Servers, page 8-55
Configuring ACS Instance Settings, page 8-57
Editing ACS Instance Settings, page 8-57
Editing ACS Instance Settings, page 8-57
RADIUS Identity Stores
RADIUS server is a third-party server that supports the RADIUS interface. RADIUS identity store,...

    Page 213

    Page 213 8-61 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Failover ACS 5.3 allows you to configure multiple RADIUS identity stores. Each RADIUS identity store can have primary and secondary RADIUS servers. When ACS is unable to connect to the primary server, it uses the secondary server. Password Prompt RADIUS identity stores allow you to configure the password prompt. You can configure the password... 
    8-61
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Failover
ACS 5.3 allows you to configure multiple RADIUS identity stores. Each RADIUS identity store can 
have primary and secondary RADIUS servers. When ACS is unable to connect to the primary server, it 
uses the secondary server.
Password Prompt
RADIUS identity stores allow you to configure the password prompt. You can configure the password...

    Page 214

    Page 214 8-62 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores RADIUS Identity Store in Identity Sequence You can add the RADIUS identity store for authentication sequence in an identity sequence. However, you cannot add the RADIUS identity store for attribute retrieval sequence because you cannot query the RADIUS identity store without authentication. ACS cannot distinguish between different error cases... 
    8-62
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
RADIUS Identity Store in Identity Sequence
You can add the RADIUS identity store for authentication sequence in an identity sequence. However, 
you cannot add the RADIUS identity store for attribute retrieval sequence because you cannot query the 
RADIUS identity store without authentication. ACS cannot distinguish between different error cases...

    Page 215

    Page 215 8-63 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Safeword token servers support both the formats. ACS works with various token servers. While configuring a Safeword server, you must check the Safeword Server check box for ACS to parse the username and convert it to the specified format. This conversion is done in the RADIUS token server identity store before the request is sent to the RADIUS... 
    8-63
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Safeword token servers support both the formats. ACS works with various token servers. While 
configuring a Safeword server, you must check the Safeword Server check box for ACS to parse the 
username and convert it to the specified format. 
This conversion is done in the RADIUS token server identity store before the request is sent to the 
RADIUS...

    Page 216

    Page 216 8-64 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Step 2Click Create. You can also: Check the check box next to the identity store you want to duplicate, then click Duplicate. Click the identity store name that you want to modify, or check the box next to the name and click Edit. Step 3Complete the fields in the General tab. See Configuring General Settings, page 8-64 for a description of the... 
    8-64
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Step 2Click Create. You can also:
Check the check box next to the identity store you want to duplicate, then click Duplicate.
Click the identity store name that you want to modify, or check the box next to the name and click 
Edit.
Step 3Complete the fields in the General tab. See Configuring General Settings, page 8-64 for a description of 
the...

    Page 217

    Page 217 8-65 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Server Connection Enable Secondary Server Check this check box to use a secondary RADIUS identity server as a backup server in case the primary RADIUS identity server fails. If you enable the secondary server, you must configure the parameters for the secondary RADIUS identity server and must choose one of the following options: Always Access... 
    8-65
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Server Connection
Enable Secondary Server Check this check box to use a secondary RADIUS identity server as a 
backup server in case the primary RADIUS identity server fails. 
If you enable the secondary server, you must configure the parameters for 
the secondary RADIUS identity server and must choose one of the 
following options:
Always Access...

    Page 218

    Page 218 8-66 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Related Topics RADIUS Identity Stores, page 8-60 Creating, Duplicating, and Editing RADIUS Identity Servers, page 8-63 Configuring Shell Prompts, page 8-66 Configuring Directory Attributes, page 8-67 Configuring Advanced Options, page 8-68 Configuring Shell Prompts For TACACS+ ASCII authentication, ACS must return the password prompt to the user.... 
    8-66
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Related Topics
RADIUS Identity Stores, page 8-60
Creating, Duplicating, and Editing RADIUS Identity Servers, page 8-63
Configuring Shell Prompts, page 8-66
Configuring Directory Attributes, page 8-67
Configuring Advanced Options, page 8-68
Configuring Shell Prompts
For TACACS+ ASCII authentication, ACS must return the password prompt to the user....

    Page 219

    Page 219 8-67 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Managing External Identity Stores Configuring Directory Attributes When a RADIUS identity server responds to a request, RADIUS attributes are returned along with the response. You can make use of these RADIUS attributes in policy rules. In the Directory Attributes tab, you can specify the RADIUS attributes that you use in policy rule conditions. ACS maintains a separate list of... 
    8-67
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Managing External Identity Stores
Configuring Directory Attributes
When a RADIUS identity server responds to a request, RADIUS attributes are returned along with the 
response. You can make use of these RADIUS attributes in policy rules. 
In the Directory Attributes tab, you can specify the RADIUS attributes that you use in policy rule 
conditions. ACS maintains a separate list of...

    Page 220

    Page 220 8-68 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 8 Managing Users and Identity Stores Configuring CA Certificates Configuring Shell Prompts, page 8-66 Configuring Advanced Options, page 8-68 Configuring Advanced Options In the Advanced tab, you can do the following: Define what an access reject from a RADIUS identity server means to you. Enable identity caching. Ta b l e 8 - 1 8 describes the fields in the Advanced tab of the RADIUS Identity Servers page. Click Submit... 
    8-68
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8      Managing Users and Identity Stores
  Configuring CA Certificates
Configuring Shell Prompts, page 8-66
Configuring Advanced Options, page 8-68
Configuring Advanced Options
In the Advanced tab, you can do the following:
Define what an access reject from a RADIUS identity server means to you.
Enable identity caching.
Ta b l e 8 - 1 8 describes the fields in the Advanced tab of the RADIUS Identity Servers page.
Click Submit...
    Start reading Cisco Acs 5x User Guide

    Related Manuals for Cisco Acs 5x User Guide

    All Cisco manuals