Filter
Top Products
13-69
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 13 User Databases
ODBC Database
The CSNTGroup and CSNTacctInfo fields are processed only after a successful
authentication. The CSNTerrorString file is logged only after a failure (if the
result is greater than or equal to 4).
Note If the ODBC database returns data in recordset format rather than in parameters,
the procedure must return the result fields in the order listed above.
Result Codes
You can set the result codes listed in Table 13-8.
The SQL procedure can decide among 1, 2, or 3 to indicate a failure, depending
on how much information you want the failed authentication log files to include.
A return code of 4 or higher results in an authentication error event. These errors
do not increment per-user failed attempt counters. Additionally, error codes are
returned to the AAA client so it can distinguish between errors and failures and,
if configured to do so, fall back to a backup AAA server.
Successful or failed authentications are not logged; general Cisco Secure ACS
logging mechanisms apply. In the event of an error (CSNTresult equal to or less
than 4), the contents of the CSNTerrorString are written to the Windows Event
Log under the Application Log.
Table 13-8 Result Codes
Result Code Meaning
0 (zero) Authentication successful
1 Unknown username
2 Invalid password
3 Unknown username or invalid password
4+ Internal error—authentication not processed