08-08-2013 10:13 AM - edited 03-11-2019 07:23 PM
Hello,
Does anyone knows how long are the IP-to-user mappings kept on the Cisco Context Directory Agent?
Is there a setting that dictates for how long to keep these mappings if a user doesn't logoff?
The scenario i have seen is that user lock their PCs but do not logoff and after a while the mapping dissapears.
Thanks
09-22-2014 04:26 AM
Hello,
I have the same problem, as I see noone knows the issue.
09-22-2014 04:49 AM
There is a user inactivity setting which is set to a default of 60 minutes.
You can configure the timeout by using the following command:
user-identity inactive-user-timer minutes 120
The link should open to the Configuring Identity Options portion of the document, but you need to scroll a little down to find the command and the description.
--
Please remember to select a correct answer and rate helpful posts
09-22-2014 05:08 AM
Thank you for the rating.
Could you please mark the answer as correct also.
09-22-2014 05:15 AM
Marius,
Thank You for answer. This is helpfull for ASA transparent authentication. I have the problem with Cisco WSA installation. When User login domain I see "Added Mapping Record From Active Directory" event on Cisco CDA's Live logs. When I logoff domain I see "Updated Mapping Record From Active Directory" on Cisco CDA's Live logs and I have still a record in ip-username mapping table. Do You know issue of this problem?
09-23-2014 02:23 AM
I am uncertain on this. It could very well be a bug and that the CDA still looks to the logon epiration timer to mark the user as logged out. Or perhaps this is there by design?
If you need to find the answer to this, I suggest opening a case with Cisco TAC.
--
Please remember to select a correct answer and rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide