Cisco Systems Servers Server User Manual


 
Chapter 11 Working with User Databases
LEAP Proxy RADIUS Server Database
11-44
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
procedure. For more information and an example routine, see the Sample
Routine for Generating an SQL CHAP Authentication Procedure section on
page 11-36.
Note If you enabled CHAP/MS-CHAP/ARAP authentication, the
CHAP authentication SQL procedure must exist on the ODBC
database and must have the exact name specified in the PAP SQL
Procedure box. If it does not, be sure to create it in the ODBC
database before attempting to authenticate users against the
ODBC database.
Step 14 Click Submit.
Result: Cisco Secure ACS saves the ODBC configuration you created. You can
add it to your Unknown User Policy or assign specific user accounts to use this
database for authentication. For more information about the Unknown User
Policy, see the Unknown User Processing section on page 12-1. For more
information about configuring user accounts to authenticate using this database,
see Chapter 7, Setting Up and Managing User Accounts.
LEAP Proxy RADIUS Server Database
For Cisco Secure ACS-authenticated users accessing your network via Cisco
Aironet devices, Cisco Secure ACS supports MS-CHAP and EAP-TLS
authentication with a proxy RADIUS server. Cisco Secure ACS uses MS-CHAP
version 1 for LEAP Proxy RADIUS Server authentication. To manage your proxy
RADIUS database, refer to your RADIUS database documentation.
Lightweight extensible authentication protocol (LEAP) proxy RADIUS server
authentication allows you to authenticate users against existing Kerberos
databases that support MS-CHAP authentication. You can use the LEAP Proxy
RADIUS Server database to authenticate users with any third-party RADIUS
server that supports MS-CHAP authentication.