Chapter 11 Working with User Databases
About External User Databases
11-4
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
If you implement an external user database, Cisco Secure ACS offers two
powerful features that you must configure. The first feature is the Unknown User
Policy. This feature automates the creation of user accounts in the CiscoSecure
user database for users authenticated by an external user database. The other
feature is Cisco Secure ACS user group mappings for users authenticated by
external user databases. For information on these features, see Chapter 12,
“Administering External User Databases.”
The CiscoSecure user database supports authentication for PAP, CHAP,
MS-CHAP, ARAP, LEAP, and ASCII passwords. It also supports the
certificate-based EAP-TLS authentication protocol.
About External User Databases
You can configure Cisco Secure ACS to forward authentication of users to one
external user database or more. Support for external user databases means that
Cisco Secure ACS does not require that you create duplicate user entries in the
CiscoSecure user database. Users can be authenticated using the following
databases.
• Windows NT/2000 User Database
• Generic LDAP
• Novell NetWare Directory Services (NDS)
• Open Database Connectivity (ODBC)-compliant relational databases
• LEAP Proxy RADIUS servers
• AXENT token servers
• SafeWord token servers
• RSA SecureID token servers
• RADIUS-based token servers, including:
–
ActivCard token servers
–
CRYPTOCard token servers
–
Vasco token servers
–
Generic RADIUS token servers
