Chapter 13 User Databases
ODBC Database
13-58
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
• Group Mapping for Unknown Users—Cisco Secure ACS supports group
mapping for unknown users by requesting group membership information
from Windows user databases. For more information about group mapping
for users authenticated with a Windows user database, see Group Mapping by
Group Set Membership, page 16-4.
Cisco Secure ACS Authentication Process with an ODBC
External User Database
Cisco Secure ACS forwards user authentication requests to an ODBC database in
either of the two following scenarios. The first scenario is when the user account
in the CiscoSecure user database lists an ODBC database configuration as the
authentication method. The second is when the user is unknown to the
CiscoSecure user database and the Unknown User Policy dictates that an ODBC
database is the next external user database to try.
In either case, Cisco Secure ACS forwards user credentials to the ODBC database
via an ODBC connection. The relational database must have a stored procedure
that queries the appropriate tables and returns values to Cisco Secure ACS. If the
returned values indicate that the user credentials provided are valid, Cisco Secure
ACS instructs the requesting AAA client to grant the user access; otherwise,
Cisco Secure ACS denies the user access (Figure 13-2).
Figure 13-2 Using the ODBC Database for Authentication
CiscoSecure
ACS
RDBMS
ODBC
"Unknown
user"
interface
Name, pap password
Chap/Arap password,
authen result,
acct info
Pap authentication
(MS) Chap/Arap Extraction
16752