Specifications
7-28
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 7 User Management: Configuring Authentication Servers
Configuring Authentication Cache Timeout (Optional)
Configuring Authentication Cache Timeout (Optional)
For performance reasons, the Clean Access Manager caches the authentication results from user
authentication for 2 minutes by default. The Authentication Cache Timeout control on the Auth Server
list page allows administrators to configure the number of seconds the authentication result will be
cached in the CAM. When a user account is removed from the authentication server (LDAP, RADIUS,
etc.), administrators can restrict the time window a user can login again into Cisco NAC Appliance by
configuring the Authentication Cache Timeout.
Step 1 Go to User Management > Auth Servers > Auth Servers > List.
Figure 7-19 List Auth Servers
Step 2 Type the number of seconds you want user authentication results to be cached in the CAM. The default
is 120 seconds; minimum is 1 second, maximum is 86400 seconds.
Note If you set this timeout value to 0, the CAM does not cache user authentication results although this
method may affect performance due to increased authentication traffic for multiple users logging into
Cisco NAC Appliance.
Step 3 Click Update.
Authenticating Against a Backend Active Directory
Several types of authentication providers in the Clean Access Manager can be used to authenticate users
against an Active Directory server, Microsoft’s proprietary directory service. These include Windows
NT (NTLM), Kerberos, and LDAP (preferred).
If using LDAP to connect to the AD server, the Search(Admin) Full DN (distinguished name) can be
the DN of an AD administrator or user account and the first CN (common name) entry should be an AD
user with read privileges.
Note The search filter, “sAMAccountName,” is the user login name in the default AD schema.