Table of Contents
Advertisement
Chapter 13
User Databases
Table 13-5 CHAP/MS-CHAP/ARAP Stored Procedure Results
Field
Type
CSNTresult
Integer
CSNTgroup
Integer
CSNTacctInfo
String
CSNTerrorString String
CSNTpassword
String
Note
EAP-TLS Authentication Procedure Input
78-16592-01
Explanation
See
Table 13-8
The Cisco Secure ACS group number for authorization. 0xFFFFFFFF is
used to assign the default value. Values other than 0-499 are converted
to the default.
The group specified in the CSNTgroup field overrides group
Note
mapping configured for the ODBC external user database.
0-15 characters. A customer-defined string that Cisco Secure ACS adds
to subsequent account log file entries.
0-255 characters. A customer-defined string that Cisco Secure ACS
writes to the CSAuth service log file if an error occurs.
0-255 characters. The password is authenticated by Cisco Secure ACS.
If the password field in the database is defined using a CHAR
Note
datatype rather than VARCHAR, the database may return a
string 255 characters long, regardless of actual password length.
We recommend using the VARCHAR datatype for the CHAP
password field in your ODBC database.
The CSNTGroup and CSNTacctInfo fields are processed only after a successful
authentication. The CSNTerrorString file is logged only after a failure (if the
result is greater than or equal to 4).
If the ODBC database returns data in recordset format rather than in parameters,
the procedure must return the result fields in the order listed above.
Cisco Secure ACS provides a single value for input to the stored procedure
supporting EAP-TLS authentication. The stored procedure should accept the
named input value as a variable.
Result Codes.
User Guide for Cisco Secure ACS for Windows Server
ODBC Database
13-67
Advertisement
Table of Contents
Troubleshooting
