Specifications

10-65

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 10 Cisco NAC Appliance Agents

Mac OS X Cisco NAC Agent

Figure 10-78 Cisco NAC Agent—preference.plist File Contents

RADIUS Challenge-Response Mac OS X Cisco NAC Agent Dialogs

If you configure the Clean Access Manager to use a RADIUS server to validate remote users, the

end-user Cisco NAC Agent login session may feature extra authentication challenge-response dialogs

not available in other dialog sessions—beyond the standard user ID and password. This additional

interaction is due to the user authentication profile on the RADIUS server, itself, and does not require

any additional configuration on the Clean Access Manager. For example, the RADIUS server profile

configuration may feature an additional authentication challenge like verifying a token-generated PIN

or other user-specific credentials in addition to the standard user ID and password. In this case, one or

more additional login dialog screens may appear as part of the login session.

The following section provides an example of the dialog exchange for Mac OS X Cisco NAC Agent user

authentication.

1. The remote user logs in normally and provides their username and password in the Mac OS X Cisco

NAC Agent login dialog.

2. If the associated RADIUS server has been configured to authenticate users with additional

credentials, the user is presented with one or more additional challenge-response dialogs (like the

password renewal scenario shown in Figure 10-79) for which they must provide additional

credentials to authenticate and connect.