Filter
Top Products
Chapter 12 Administering External User Databases
Database Group Mappings
12-10
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Step 3 Select the Fail the attempt option.
Step 4 Click Submit.
Result: Unknown user processing is halted. Cisco Secure ACS does not allow
unknown users to authenticate with external user databases.
Database Group Mappings
The Database Group Mapping feature in the External User Databases section
enables you to associate unknown users with a Cisco Secure ACS group for the
purposes of assigning authorization profiles. For external user databases from
which Cisco Secure ACS can derive group information, you can associate the
group memberships defined for the users in the external user database to specific
Cisco Secure ACS groups. For Windows NT/2000 user databases, group mapping
is further specified by domain, because each domain maintains its own user
database. For Novell NDS user databases, group mapping is further specified by
tree, because Cisco Secure ACS supports multiple trees in a single Novell NDS
user database.
In addition to the Database Group Mapping feature, for some database types,
Cisco Secure ACS supports RADIUS-based group specification.
This section contains the following topics:
• Group Mapping by External User Database, page 12-10
• Group Mapping by Group Set Membership, page 12-13
• RADIUS-Based Group Specification, page 12-21
Group Mapping by External User Database
You can map an external database to a Cisco Secure ACS group. Unknown users
who authenticate using the specified database automatically belong to, and inherit
the authorizations of, the group. For example, you could configure
Cisco Secure ACS so that all unknown users who authenticate with a certain
token server database belong to a group called Telecommuters. You could then