Filter
Top Products
Chapter 11 Working with User Databases
Token Server User Databases
11-50
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Token Server RADIUS Authentication Request and Response Contents
When Cisco Secure ACS forwards an authentication request to a
RADIUS-enabled token server, the RADIUS authentication request contains the
following attributes:
• User-Name (RADIUS attribute 1)
• User-Password (RADIUS attribute 2)
• NAS-IP-Address (RADIUS attribute 4)
• NAS-Port (RADIUS attribute 5)
• NAS-Identifier (RADIUS attribute 32)
Cisco Secure ACS expects to receive one following three responses:
• access-accept—No attributes are required; however, the response can
indicate the Cisco Secure ACS group to which the user should be assigned.
For more information, see the “RADIUS-Based Group Specification” section
on page 12-21.
• access-reject—No attributes required.
• access-challenge—Attributes required, per IETF RFC, are as follows:
• State (RADIUS attribute 24)
• Reply-Message (RADIUS attribute 18)
Configuring a RADIUS Token Server External User Database
Use this procedure to configure ActivCard, CRYPTOCard, Vasco, and RADIUS
Token Server external user databases in Cisco Secure ACS.
Before You Begin
You should install and configure your RADIUS token server before configuring
Cisco Secure ACS to authenticate users with it. For information about installing
the RADIUS token server, refer to the documentation included with your token
server.