Guest

Cisco Secure Access Control Server for Windows

Release Notes for CiscoSecure ACS 2.3(2) for Windows NT Server

 Feedback

Table of Contents

Release Notes for
CiscoSecure ACS 2.3(2) for Windows NT Server

Contents
Addition
Closed Issues
Open Issues and Workarounds
Cisco Connection Online
Documentation CD-ROM

Release Notes for
CiscoSecure ACS 2.3(2) for Windows NT Server

March 29, 1999

These release notes contain important information regarding CiscoSecure ACS 2.3(2) for Windows NT Server (CiscoSecure ACS 2.3(2) for Windows NT). For complete documentation on this product, refer to the following documents:

  • CiscoSecure ACS 2.3 for Windows NT Server User Guide

  • Quick Installation Card: CiscoSecure ACS 2.3 for Windows NT Server

  • Read Me First: CiscoSecure ACS 2.3 for Windows NT Server Getting Started

  • Quick Reference Card: Web Server Installation for CiscoSecure ACS for Windows NT User-Changeable Passwords

  • Release Notes for CiscoSecure ACS 2.3(1) for Windows NT Server

Contents

These release notes discuss the following topics:


Addition      page 2

Closed Issues      page 2

Open Issues and Workarounds      page 4

Cisco Connection Online      page 7

Documentation CD-ROM      page 8

Addition

CiscoSecure ACS 2.3(2) for Windows NT operates properly with Windows NT Service Pack 4.

Closed Issues

The following issues have been closed with this release of CiscoSecure ACS for Windows NT.

RADIUS Accounting and Unknown Users

  • CSCdk87466

Remote Access Dial-In User Service (RADIUS) accounting no longer has issues with unknown users.

Microsoft Commercial Internet System (MCIS) Message

  • CSCdk77656

When accessing the External User Databases: Database Group Mapping: MCIS Configuration page, a new message displays when the Active Directory Client software is not installed on the CiscoSecure ACS for Windows NT machine.

CSAdmin Hang

  • CSCdm01014

CSAdmin no longer hangs when an attempt is nade to restore backup from previous releases of CiscoSecure ACS 2.3(2) for Windows NT.

User Expiration Dates

  • CSCdm00461

Upper range check on user expiration dates is now performed.

CSDBSync Expiration Date

  • CSCdm00482

CSDBSync account expiration dates are now Year 2000 compliant.

Incorrectly Formed Usernames

  • CSCdm04728

Incorrectly formed usernames are no longer treated as internal server errors.

TACACS+ Single-Connect Timeout

  • CSCdm01123

Terminal Access Controller Access Control System (TACACS+) single-connect timeout is now configurable.

User Expiration Time

  • CSCdm06376

User expiration times are now evaluated as local time rather than Coordinated Universal Time (UTC).

Importing External Users

  • CSCdm06361

Password fields for imported external users are no longer empty.

MCIS Account-Status

  • CSCdk79761

MCIS account-status failure is now logged correctly.

Lightweight Directory Access Protocol (LDAP) Port Numbers

  • CSCdk73799

Misconfigured LDAP port numbers now log in failed attempts correctly.

LDAP Server

  • CSCdk59031

CiscoSecure ACS for Windows NT now responds correctly if the LDAP server is stopped.

Deleting Nonexistent Usernames

  • CSCdm13332

CSAuth now continues to work when nonexistent usernames are deleted.

Re-adding Deleted Usernames

  • CSCdm16568

Re-adding deleted usernames no longer affects user.dat.

Open Issues and Workarounds

The issues for CiscoSecure ACS for Windows NT listed in this section remain open.

HTML Interface Timeout with Netscape Communicator 4.01

  • CSCdj62066

With Netscape Communicator 4.01, when the Hypertext Markup Language (HTML) interface times out, a Java reconnect dialog box opens. However, clicking OK does not reestablish the session. The workaround is either to log in again or to use a different version of the browser.

Dragging Hyperlinks in Microsoft Internet Explorer 3.02

  • CSCdj63814

With Internet Explorer 3.02, when you drag any of the hyperlinks, the navigation bar is hidden, and an Internet Explorer message window opens. The workaround is either to use the browser's Back button or to use a different version of the browser.

Proxy with Dial-Up Networking

  • CSCdj67375

When performing Proxy and Windows NT authentication with Windows Dial-Up Networking, CiscoSecure ACS for Windows NT does not strip character strings located in the middle of usernames. For example, if the user ID is corporation@user1 and the domain is DOMAIN01, the authentication package is read as DOMAIN01\corporation@user1. CiscoSecure ACS for Windows NT does not strip "corporation." The workaround is to place the character string to be stripped at the end of the user ID.

Installing Internet Explorer when CiscoSecure ACS 2.3(2) for Windows NT Is Already Installed

  • CSCdk12995

If CiscoSecure ACS 2.3(2) for Windows NT is installed and you then install Internet Explorer, you must restart the system before CiscoSecure ACS 2.3(2) for Windows NT services will start. The workaround is to install Internet Explorer before you install CiscoSecure ACS 2.3(2) for Windows NT.

IP Pooling and Virtual Private Dialup Networks (VPDN)

  • CSCdk87655 and CSCdk76477

Releases of Cisco IOS software prior to Release 12.02 do not support the IP pooling feature of CiscoSecure ACS 2.3(2) for Windows NT with VPDN tunnels. As a result, duplicate IP addresses might be allocated. The workaround is to use Cisco IOS Release 12.02 or later or to use the IP pooling feature of the NAS if you are using VPDN.

Open Database Connectivity (ODBC) and Structured Query Language (SQL) 6.5

  • CSCdk39343

There is an incompatibility issue with the ODBC SQL version 6.5 drivers and CiscoSecure ACS 2.3(2) for Windows NT. The workaround is to follow these steps:

Step 1 Stop all ODBC applications and services.

Step 2 Install the latest ODBC drivers.

Step 3 Install CiscoSecure ACS 2.3(2) for Windows NT.


Note If you do not follow these steps in order, there will be issues with partial ODBC installations and you will have to manually recover by deleting various ODBC dynamic link libraries (DLLs).

Changed Passwords and SQL Servers

  • CSCdk64286

Changes to passwords made on the SQL server do not take effect immediately. This is an SQL issue that might cause security problems, because users can continue to log in using their old passwords until CSAuth is restarted. The workaround is to restart CSAuth after changing passwords on the SQL server.

ODBC Authentication System Data Source Name (DSN)

  • CSCdk80413

If you are using the Microsoft Access ODBC drivers, the ODBC System Data Source Name (DSN) is not retained after reinstalling CiscoSecure ACS 2.3(2) for Windows NT Server. This issue does not arise if you are using SQL ODBC drivers. The workaround is to reinstall ODBC after you have installed CiscoSecure ACS 2.3(2) for Windows NT.

User Status Inconsistent

  • CSCdk85593

After a user account is disabled, Internet Explorer displays the user account status as disabled in the User Setup window but still shows it as enabled in the Group Setup window. The workaround is to restart Internet Explorer.

Single Connection Per User on PIX Firewall

  • CSCdk86462

CiscoSecure ACS 2.3(2) for Windows NT supports only a single connection per user when authenticating on a PIX firewall. This is an issue only for MaxSessions and the Reports and Activity: Logged-In Users window. The accounting logs correctly record the PIX accounting packets; the workaround is to use the accounting logs to track concurrent logins.

User-Defined Field Name Not Showing

  • CSCdk68592

User-defined field names do not appear in the Interface Configuration window of the replicated CiscoSecure ACS 2.3(2) for Windows NT immediately. The workaround is to restart CSAdmin after replication.

Network Access Server (NAS) Port Name Blank

  • CSCdk89641

If a user authenticates successfully but fails authorization, the NAS port name is blank in the Failed Attempts Log. There is no workaround at this time.

NAS Port Filter

  • CSCdk89755

The NAS Port filter does not work if the Port Name contains a forward slash (/) character. The workaround is to use port names that do not contain the / character.

Cisco Connection Online

Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.

Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.

CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.

You can access CCO in the following ways:

For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.


Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com.

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.

If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.