About external user databases, About external user – Cisco 3.3 User Manual
Page 488
Chapter 13 User Databases
About External User Databases
13-4
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Cisco Secure ACS. Any user accounts unique to a secondary Cisco Secure
ACS are lost in the replication. For more information, see
Database Replication, page 9-1
.
About External User Databases
You can configure Cisco Secure ACS to forward authentication of users to one
external user database or more. Support for external user databases means that
Cisco Secure ACS does not require that you create duplicate user entries in the
CiscoSecure user database. In organizations in which a substantial user database
already exists, Cisco Secure ACS can leverage the work already invested in
building the database without any additional input.
In addition to performing authentication for network access, Cisco Secure ACS
can perform authentication for TACACS+ enable privileges using external user
databases. For more information about TACACS+ enable passwords, see
TACACS+ Enable Password Options for a User, page 7-35
.
Note
You can only use external users databases to authenticate users and to determine
which group Cisco Secure ACS assigns a user to. The CiscoSecure user database,
internal to Cisco Secure ACS, provides all authorization services. With few
exceptions, Cisco Secure ACS cannot retrieve authorization data from external
user databases. Exceptions are noted where applicable in the discussions of
specific databases in this chapter. For more information about group mapping for
unknown users, see
Chapter 16, “User Group Mapping and Specification”
Users can be authenticated using the following databases:
•
Windows Database
•
Generic LDAP
•
Novell NetWare Directory Services (NDS)
•
Open Database Connectivity (ODBC)-compliant relational databases
•
LEAP Proxy RADIUS servers
•
RSA SecurID token servers
•
RADIUS-compliant token servers