Cisco Systems Servers Server User Manual


 
Chapter 11 Working with User Databases
ODBC Database
11-32
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Figure 11-4 Using the ODBC Database for Authentication
Cisco Secure ACS grants authorization based on the Cisco Secure ACS group to
which the user is assigned. While the group to which a user is assigned can be
determined by information from the ODBC database using a process known as
group specification, it is Cisco Secure ACS that grants authorization privileges.
Cisco Secure ACS passes the user information to the relational database via the
ODBC connection. The relational database must have a stored procedure that
queries the appropriate tables and returns values to Cisco Secure ACS. If the
returned values indicate that the username and password provided are valid,
Cisco Secure ACS grants the user access. Otherwise, Cisco Secure ACS denies
the user access. See Figure 11-4 on page 11-32.
Preparing to Authenticate Users with an ODBC-Compliant
Relational Database
Authenticating users with an ODBC-compliant relational database requires that
you complete several significant steps external to Cisco Secure ACS before
configuring Cisco Secure ACS with an ODBC external user database.
CiscoSecure
ACS
RDBMS
ODBC
"Unknown
user"
interface
Name, pap password
Chap/Arap password,
authen result,
acct info
Pap authentication
(MS) Chap/Arap Extraction
16752