30-27
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 30 Configuring Tunnel Groups, Group Policies, and Users
Configuring Tunnel Groups
Figure 30-3 Active Directory—Maximum Password Age
Note The radius-with-expiry command, formerly configured as part of tunnel-group ipsec-ra
configuration to perform the password age function, is deprecated. The password-management
command, entered in tunnel-group general-attributes mode, replaces it.
Using Active Directory to Override an Account Disabled AAA Indicator
To override an account-disabled indication from a AAA server, specify the override-account-disable
command in tunnel-group general-attributes configuration mode on thesecurity appliance and do the
following steps under Active Directory:
Note Allowing override account-disabled is a potential security risk.
Step 1 Select Start > Programs > Administrative Tools > Active Directory Users and Computers.
Step 2 Right-click Username > Properties > Account and select Disable Account from the menu.
To Next Page
Loading...
Need help?
General