beautypg.com

About radius-enabled token servers – Cisco 3.3 User Manual

Page 564

background image

Chapter 13 User Databases

Token Server User Databases

13-80

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

About RADIUS-Enabled Token Servers

Cisco Secure ACS supports token servers using the RADIUS server built into the
token server. Rather than using a vendor-proprietary API, Cisco Secure ACS
sends standard RADIUS authentication requests to the RADIUS authentication
port on the token server. This feature enables Cisco Secure ACS to support any
IETF RFC 2865-compliant token server.

You can create multiple instances of RADIUS token servers. For information
about configuring Cisco Secure ACS to authenticate users with one of these token
servers, see

Configuring a RADIUS Token Server External User Database,

page 13-81

.

Cisco Secure ACS provides a means for specifying a user group assignment in the
RADIUS response from the RADIUS-enabled token server. Group specification
always takes precedence over group mapping. For more information, see

RADIUS-Based Group Specification, page 16-14

.

Cisco Secure ACS also supports mapping users authenticated by a
RADIUS-enabled token server to a single group. Group mapping only occurs if
group specification does not occur. For more information, see

Group Mapping by

External User Database, page 16-2

.

Token Server RADIUS Authentication Request and Response Contents

When Cisco Secure ACS forwards an authentication request to a
RADIUS-enabled token server, the RADIUS authentication request contains the
following attributes:

User-Name (RADIUS attribute 1)

User-Password (RADIUS attribute 2)

NAS-IP-Address (RADIUS attribute 4)

NAS-Port (RADIUS attribute 5)

NAS-Identifier (RADIUS attribute 32)