Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1357
Views
5
Helpful
5
Replies

CDA - Mappings

lm20ele
Level 1
Level 1

‎08-08-2013 10:13 AM - edited ‎03-11-2019 07:23 PM

Hello,

Does anyone knows how long are the IP-to-user mappings kept on the Cisco Context Directory Agent?

Is there a setting that dictates for how long to keep these mappings if a user doesn't logoff?

The scenario i have seen is that user lock their PCs but do not logoff and after a while the mapping dissapears.

Thanks

2 people had this problem
Labels:
0 Helpful
5 Replies 5

Slava Monakhov
Level 1
Level 1

‎09-22-2014 04:26 AM

Hello,

I have the same problem, as I see noone knows the issue.

0 Helpful

Marius Gunnerud
VIP
VIP

‎09-22-2014 04:49 AM

There is a user inactivity setting which is set to a default of 60 minutes.

You can configure the timeout by using the following command:

user-identity inactive-user-timer minutes 120

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/aaa_idfw.html#pgfId-1322556

The link should open to the Configuring Identity Options portion of the document, but you need to scroll a little down to find the command and the description.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Marius Gunnerud
VIP
VIP
In response to Marius Gunnerud

‎09-22-2014 05:08 AM

Thank you for the rating.

Could you please mark the answer as correct also.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Slava Monakhov
Level 1
Level 1
In response to Marius Gunnerud

‎09-22-2014 05:15 AM

Marius,

Thank You for answer. This is helpfull for ASA transparent authentication. I have the problem with Cisco WSA installation. When User login domain I see "Added Mapping Record From Active Directory" event on Cisco CDA's Live logs. When I logoff domain I see "Updated Mapping Record From Active Directory" on Cisco CDA's Live logs and I have still a record in ip-username mapping table. Do You know issue of this problem?

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Slava Monakhov

‎09-23-2014 02:23 AM

I am uncertain on this.  It could very well be a bug and that the CDA still looks to the logon epiration timer to mark the user as logged out.  Or perhaps this is there by design?

If you need to find the answer to this, I suggest opening a case with Cisco TAC.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card