About External User Databases - Cisco Servers User Manual

About External User Databases

About External User Databases
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
11-4
If you implement an external user database, Cisco Secure ACS offers two
powerful features that you must configure. The first feature is the Unknown User
Policy. This feature automates the creation of user accounts in the CiscoSecure
user database for users authenticated by an external user database. The other
feature is Cisco Secure ACS user group mappings for users authenticated by
external user databases. For information on these features, see
"Administering External User Databases."
The CiscoSecure user database supports authentication for PAP, CHAP,
MS-CHAP, ARAP, LEAP, and ASCII passwords. It also supports the
certificate-based EAP-TLS authentication protocol.
You can configure Cisco Secure ACS to forward authentication of users to one
external user database or more. Support for external user databases means that
Cisco Secure ACS does not require that you create duplicate user entries in the
CiscoSecure user database. Users can be authenticated using the following
databases.
• Windows NT/2000 User Database
Generic LDAP
•
Novell NetWare Directory Services (NDS)
•
• Open Database Connectivity (ODBC)-compliant relational databases
LEAP Proxy RADIUS servers
•
• AXENT token servers
• SafeWord token servers
RSA SecureID token servers
•
• RADIUS-based token servers, including:
ActivCard token servers
–
CRYPTOCard token servers
–
– Vasco token servers
Generic RADIUS token servers
–
Chapter 11 Working with User Databases
Chapter 12,
78-13751-01, Version 3.0