Result Codes - Cisco 3.3 User Manual

Chapter 13 User Databases
Note

Result Codes

78-16592-01
The CSNTGroup and CSNTacctInfo fields are processed only after a successful
authentication. The CSNTerrorString file is logged only after a failure (if the
result is greater than or equal to 4).
If the ODBC database returns data in recordset format rather than in parameters,
the procedure must return the result fields in the order listed above.
You can set the result codes listed in
Table 13-8 Result Codes
Result Code
0 (zero)
1
2
3
4+
The SQL procedure can decide among 1, 2, or 3 to indicate a failure, depending
on how much information you want the failed authentication log files to include.
A return code of 4 or higher results in an authentication error event. These errors
do not increment per-user failed attempt counters. Additionally, error codes are
returned to the AAA client so it can distinguish between errors and failures and,
if configured to do so, fall back to a backup AAA server.
Successful or failed authentications are not logged; general Cisco Secure ACS
logging mechanisms apply. In the event of an error (CSNTresult equal to or less
than 4), the contents of the CSNTerrorString are written to the Windows Event
Log under the Application Log.
Table 13-8.
Meaning
Authentication successful
Unknown username
Invalid password
Unknown username or invalid password
Internal error—authentication not processed
User Guide for Cisco Secure ACS for Windows Server
ODBC Database
13-69