Cisco Systems 3.3 Server User Manual


 
13-67
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 13 User Databases
ODBC Database
The CSNTGroup and CSNTacctInfo fields are processed only after a successful
authentication. The CSNTerrorString file is logged only after a failure (if the
result is greater than or equal to 4).
Note If the ODBC database returns data in recordset format rather than in parameters,
the procedure must return the result fields in the order listed above.
EAP-TLS Authentication Procedure Input
Cisco Secure ACS provides a single value for input to the stored procedure
supporting EAP-TLS authentication. The stored procedure should accept the
named input value as a variable.
Table 13-5 CHAP/MS-CHAP/ARAP Stored Procedure Results
Field Type Explanation
CSNTresult Integer See Table 13-8 Result Codes.
CSNTgroup Integer The Cisco Secure ACS group number for authorization. 0xFFFFFFFF is
used to assign the default value. Values other than 0-499 are converted
to the default.
Note The group specified in the CSNTgroup field overrides group
mapping configured for the ODBC external user database.
CSNTacctInfo String 0-15 characters. A customer-defined string that Cisco Secure ACS adds
to subsequent account log file entries.
CSNTerrorString String 0-255 characters. A customer-defined string that Cisco Secure ACS
writes to the CSAuth service log file if an error occurs.
CSNTpassword String 0-255 characters. The password is authenticated by Cisco Secure ACS.
Note If the password field in the database is defined using a CHAR
datatype rather than VARCHAR, the database may return a
string 255 characters long, regardless of actual password length.
We recommend using the VARCHAR datatype for the CHAP
password field in your ODBC database.