beautypg.com

About external user databases, About external user – Cisco 3.3 User Manual

Page 488

background image

Chapter 13 User Databases

About External User Databases

13-4

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Cisco Secure ACS. Any user accounts unique to a secondary Cisco Secure
ACS are lost in the replication. For more information, see

CiscoSecure

Database Replication, page 9-1

.

About External User Databases

You can configure Cisco Secure ACS to forward authentication of users to one
external user database or more. Support for external user databases means that
Cisco Secure ACS does not require that you create duplicate user entries in the
CiscoSecure user database. In organizations in which a substantial user database
already exists, Cisco Secure ACS can leverage the work already invested in
building the database without any additional input.

In addition to performing authentication for network access, Cisco Secure ACS
can perform authentication for TACACS+ enable privileges using external user
databases. For more information about TACACS+ enable passwords, see

Setting

TACACS+ Enable Password Options for a User, page 7-35

.

Note

You can only use external users databases to authenticate users and to determine
which group Cisco Secure ACS assigns a user to. The CiscoSecure user database,
internal to Cisco Secure ACS, provides all authorization services. With few
exceptions, Cisco Secure ACS cannot retrieve authorization data from external
user databases. Exceptions are noted where applicable in the discussions of
specific databases in this chapter. For more information about group mapping for
unknown users, see

Chapter 16, “User Group Mapping and Specification”

.

Users can be authenticated using the following databases:

Windows Database

Generic LDAP

Novell NetWare Directory Services (NDS)

Open Database Connectivity (ODBC)-compliant relational databases

LEAP Proxy RADIUS servers

RSA SecurID token servers

RADIUS-compliant token servers