Cisco Systems Server Servers User manual

Category
Software
Type
User manual

This manual is also suitable for

Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Cisco Secure ACS 3.0 for Windows
2000/NT Servers User Guide
November 2001
Customer Order Number: DOC-7813751=
Text Part Number: 78-13751-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT
NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT
ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR
THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION
PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO
LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as
part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE
PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED
OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL
DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR
INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
AccessPath, AtmDirector, Browse with Me, CCIP, CCSI, CD-PAC, CiscoLink, the Cisco Powered Network logo, Cisco Systems Networking
Academy, the Cisco Systems Networking Academy logo, Cisco Unity, Fast Step, Follow Me Browsing, FormShare, FrameShare, IGX, Internet
Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, MGX, the Networkers logo, ScriptBuilder,
ScriptShare, SMARTnet, TransPath, Voice LAN, Wavelength Router, and WebViewer are trademarks of Cisco Systems, Inc.; Changing the Way
We Work, Live, Play, and Learn, and Discover All That’s Possible are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst,
CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco
Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch,
FastHub, FastSwitch, GigaStack, IOS, IP/TV, LightStream, MICA, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX,
Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its
affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply
a partnership relationship between Cisco and any other company. (0110R)
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
Copyright © 2001, Cisco Systems, Inc.
All rights reserved
iii
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
CONTENTS
Preface xxvii
Document Objectives
xxvii
Who Should Read This Guide xxvii
How This Guide is Organized xxviii
Conventions Used in This Guide xxx
Related Documentation xxxi
Obtaining Documentation xxxii
World Wide Web xxxii
Documentation CD-ROM xxxii
Ordering Documentation xxxii
Documentation Feedback xxxiii
Obtaining Technical Assistance xxxiii
Cisco.com xxxiii
Technical Assistance Center xxxiv
Cisco TAC Web Site xxxiv
Cisco TAC Escalation Center xxxv
CHAPTER
1 Overview of Cisco Secure ACS 1-1
The Cisco Secure ACS Paradigm 1-1
Cisco Secure ACS Specifications 1-2
System Performance Specifications 1-3
Cisco Secure ACS Windows Services 1-3
Contents
iv
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
AAA Server Functions and Concepts 1-4
Cisco Secure ACS and the AAA Client 1-5
AAA Protocols—TACACS+ and RADIUS 1-5
TACACS+ 1-6
RADIUS 1-6
Authentication 1-7
Authentication Considerations 1-8
Authentication and User Databases 1-8
Passwords 1-10
Other Authentication-Related Features 1-14
Authorization 1-15
Max Sessions 1-16
Dynamic Usage Quotas 1-16
Other Authorization-Related Features 1-17
Accounting 1-17
Other Accounting-Related Features 1-18
Administration 1-18
HTTP Port Allocation for Remote Administrative Sessions 1-19
Network Device Groups 1-20
Other Administration-Related Features 1-20
Cisco Secure ACS HTML Interface 1-21
About the Cisco Secure ACS HTML Interface 1-21
HTML Interface Layout 1-22
Uniform Resource Locator for the HTML Interface 1-24
Network Environments and Remote Administrative Sessions 1-24
Remote Administrative Sessions and HTTP Proxy 1-24
Remote Administrative Sessions through Firewalls 1-25
v
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Contents
Remote Administrative Sessions through a NAT Gateway 1-25
Accessing the HTML Interface 1-26
Logging Off the HTML Interface 1-26
Online Help and Online Documentation 1-27
Using Online Help 1-27
Using the Online Documentation 1-28
CHAPTER
2 Deploying Cisco Secure ACS 2-1
Basic Deployment Requirements for Cisco Secure ACS 2-2
System Requirements 2-2
Hardware Requirements 2-2
Operating System Requirements 2-3
Third-Party Software Requirements 2-3
Network Requirements 2-4
Basic Deployment Factors for Cisco Secure ACS 2-4
Network Topology 2-5
Dial-Up Topology 2-5
Wireless Network 2-8
Remote Access using VPN 2-11
Remote Access Policy 2-13
Security Policy 2-14
Administrative Access Policy 2-14
Separation of Administrative and General Users 2-16
Database 2-17
Number of Users 2-17
Type of Database 2-17
Contents
vi
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Network Speed and Reliability 2-18
Suggested Deployment Sequence 2-18
CHAPTER
3 Setting Up the Cisco Secure ACS HTML Interface 3-1
Interface Design Concepts 3-2
User-to-Group Relationship 3-2
Per-User or Per-Group Features 3-2
User Data Configuration Options 3-3
Defining New User Data Fields 3-3
Advanced Options 3-4
Setting Advanced Options for the Cisco Secure ACS User Interface 3-6
Protocol Configuration Options for TACACS+ 3-7
Setting Options for TACACS+ 3-9
Protocol Configuration Options for RADIUS 3-10
Setting Protocol Configuration Options for (IETF) RADIUS 3-12
Setting Protocol Configuration Options for RADIUS (Cisco IOS/PIX) 3-14
Setting Protocol Configuration Options for RADIUS (Ascend) 3-14
Setting Protocol Configuration Options for RADIUS (Cisco VPN 3000) 3-15
Setting Protocol Configuration Options for RADIUS (Cisco VPN 5000) 3-16
Setting Protocol Configuration Options for RADIUS (Microsoft) 3-17
Setting Protocol Configuration Options for RADIUS (Nortel) 3-18
Setting Protocol Configuration Options for RADIUS (Juniper) 3-19
Setting Protocol Configuration Options for RADIUS (Cisco BBSM) 3-20
CHAPTER
4 Setting Up and Managing Network Configuration 4-1
About Distributed Systems 4-2
AAA Servers in Distributed Systems 4-3
vii
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Contents
Default Distributed System Settings 4-3
Proxy in Distributed Systems 4-4
Fallback on Failed Connection 4-5
Character String 4-6
Stripping 4-6
Proxy in an Enterprise 4-6
Remote Use of Accounting Packets 4-7
Other Features Enabled by System Distribution 4-8
AAA Client Configuration 4-8
Adding and Configuring a AAA Client 4-9
Editing an Existing AAA Client 4-12
Deleting a AAA Client 4-14
AAA Server Configuration 4-15
Adding and Configuring a AAA Server 4-16
Editing a AAA Server Configuration 4-18
Deleting a AAA Server 4-20
Network Device Group Configuration 4-20
Adding a Network Device Group 4-21
Assigning an Unassigned AAA Client or AAA Server to an NDG 4-22
Reassigning a AAA Client or AAA Server to an NDG 4-23
Renaming a Network Device Group 4-23
Deleting a Network Device Group 4-24
Proxy Distribution Table Configuration 4-25
About the Proxy Distribution Table 4-25
Adding a New Proxy Distribution Table Entry 4-26
Sorting the Character String Match Order of Distribution Entries 4-28
Contents
viii
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Editing a Proxy Distribution Table Entry 4-28
Deleting a Proxy Distribution Table Entry 4-29
CHAPTER
5 Setting Up and Managing Shared Profile Components 5-1
Downloadable PIX ACLs 5-2
About Downloadable PIX ACLs 5-2
Downloadable PIX ACL Configuration 5-3
Adding a Downloadable PIX ACL 5-3
Editing a Downloadable PIX ACL 5-4
Deleting a Downloadable PIX ACL 5-5
Network Access Restrictions 5-6
About Network Access Restrictions 5-6
Shared Network Access Restrictions Configuration 5-7
Adding a Shared Network Access Restriction 5-8
Editing a Shared Network Access Restriction 5-10
Deleting a Shared Network Access Restriction 5-12
Command Authorization Sets 5-12
About Command Authorization Sets 5-13
About Pattern Matching 5-14
Command Authorization Sets Configuration 5-14
Adding a Command Authorization Set 5-15
Editing a Command Authorization Set 5-17
Deleting a Command Authorization Set 5-17
CHAPTER
6 Setting Up and Managing User Groups 6-1
User Group Setup Features and Functions 6-2
Default Group 6-2
ix
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Contents
Group TACACS+ Settings 6-2
Common User Group Settings 6-3
Enabling VoIP Support for a User Group 6-4
Setting Default Time of Day Access for a User Group 6-5
Setting Callback Options for a User Group 6-6
Setting Network Access Restrictions for a User Group 6-7
Setting Max Sessions for a User Group 6-11
Setting Usage Quotas for a User Group 6-13
Configuration-specific User Group Settings 6-15
Setting Token Card Settings for a User Group 6-17
Setting Enable Privilege Options for a User Group 6-18
Enabling Password Aging for the CiscoSecure User Database 6-20
Varieties of Password Aging Supported by Cisco Secure ACS 6-20
Password Aging Feature Settings 6-21
Enabling Password Aging for Users in Windows Databases 6-25
Setting IP Address Assignment Method for a User Group 6-26
Assigning a Downloadable PIX ACL to a Group 6-27
Configuring TACACS+ Settings for a User Group 6-28
Configuring a Shell Command Authorization Set for a User Group 6-30
Configuring a PIX Command Authorization Set for a User Group 6-32
Configuring IETF RADIUS Settings for a User Group 6-34
Configuring Cisco IOS/PIX RADIUS Settings for a User Group 6-36
Configuring Ascend RADIUS Settings for a User Group 6-37
Configuring Cisco VPN 3000 Concentrator RADIUS Settings for a User
Group
6-38
Configuring Cisco VPN 5000 Concentrator RADIUS Settings for a User
Group
6-39
Contents
x
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Configuring Microsoft RADIUS Settings for a User Group 6-41
Configuring Nortel RADIUS Settings for a User Group 6-42
Configuring Juniper RADIUS Settings for a User Group 6-44
Configuring Cisco BBSM RADIUS Settings for a User Group 6-45
Configuring Custom RADIUS VSA Settings for a User Group 6-46
Group Setting Management 6-48
Listing Users in a User Group 6-48
Resetting Usage Quota Counters for a User Group 6-49
Renaming a User Group 6-49
Saving Changes to User Group Settings 6-50
CHAPTER
7 Setting Up and Managing User Accounts 7-1
User Setup Features and Functions 7-2
About User Databases 7-3
Basic User Setup Options 7-4
Adding a Basic User Account 7-5
Setting Supplementary User Information 7-7
Setting a Separate CHAP/MS-CHAP/ARAP Password 7-8
Assigning a User to a Group 7-9
Setting User Callback Option 7-10
Assigning a User to a Client IP Address 7-11
Setting Network Access Restrictions for a User 7-12
Setting Max Sessions Options for a User 7-17
Setting User Usage Quotas Options 7-19
Setting Options for User Account Disablement 7-21
Assigning a PIX ACL to a User 7-22
xi
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Contents
Advanced User Authentication Settings 7-23
TACACS+ Settings (User) 7-24
Configuring TACACS+ Settings for a User 7-24
Configuring a Shell Command Authorization Set for a User 7-26
Configuring a PIX Command Authorization Set for a User 7-29
Configuring the Unknown Service Setting for a User 7-31
Advanced TACACS+ Settings (User) 7-31
Setting Enable Privilege Options for a User 7-32
Setting TACACS+ Enable Password Options for a User 7-34
Setting TACACS+ Outbound Password for a User 7-35
RADIUS Attributes 7-36
Setting IETF RADIUS Parameters for a User 7-37
Setting Cisco IOS/PIX RADIUS Parameters for a User 7-38
Setting Ascend RADIUS Parameters for a User 7-39
Setting Cisco VPN 3000 Concentrator RADIUS Parameters for a
User
7-41
Setting Cisco VPN 5000 Concentrator RADIUS Parameters for a
User
7-42
Setting Microsoft RADIUS Parameters for a User 7-44
Setting Nortel RADIUS Parameters for a User 7-45
Setting Juniper RADIUS Parameters for a User 7-47
Setting BBSM RADIUS Parameters for a User 7-48
Setting Custom RADIUS Attributes for a User 7-49
User Management 7-51
Listing All Users 7-51
Finding a User 7-52
Disabling a User Account 7-53
Contents
xii
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Deleting a User Account 7-54
Resetting User Session Quota Counters 7-55
Resetting a User Account after Login Failure 7-55
Saving User Settings 7-56
CHAPTER
8 Establishing Cisco Secure ACS System Configuration 8-1
Service Control 8-2
Determining the Status of Cisco Secure ACS Services 8-2
Stopping, Starting, or Restarting Services 8-2
Logging 8-3
Date Format Control 8-3
Setting the Date Format 8-4
Password Validation 8-4
Setting Password Validation Options 8-5
CiscoSecure Database Replication 8-6
About CiscoSecure Database Replication 8-6
Replication Process 8-8
Replication Frequency 8-10
Important Implementation Considerations 8-10
Database Replication Versus Database Backup 8-11
Database Replication Logging 8-12
Replication Options 8-13
Replication Components Options 8-13
Replication Scheduling Options 8-14
Replication Partners Options 8-15
Implementing Primary and Secondary Replication Setups on
Cisco Secure ACS Servers
8-16
xiii
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Contents
Configuring a Secondary Cisco Secure ACS Server 8-17
Replicating Immediately 8-18
Scheduling Replication 8-20
Disabling CiscoSecure Database Replication 8-23
Database Replication Event Error Alert Notification 8-23
RDBMS Synchronization 8-24
About RDBMS Synchronization 8-24
RDBMS Synchronization Components 8-25
About CSDBSync 8-25
About the accountActions Table 8-26
Cisco Secure ACS Database Recovery Using the accountActions Table 8-28
Reports and Event (Error) Handling 8-29
Preparing to Use RDBMS Synchronization 8-29
Considerations for Using CSV-Based Synchronization 8-30
Preparing for CSV-Based Synchronization 8-31
Configuring a System Data Source Name for RDBMS Synchronization 8-32
RDBMS Synchronization Options 8-33
RDBMS Setup Options 8-34
Synchronization Scheduling Options 8-34
Synchronization Partners Options 8-35
Performing RDBMS Synchronization Immediately 8-35
Scheduling RDBMS Synchronization 8-37
Disabling Scheduled RDBMS Synchronizations 8-39
Cisco Secure ACS Backup 8-40
About Cisco Secure ACS Backup 8-40
Backup File Locations 8-41
Directory Management 8-41
Contents
xiv
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Components Backed Up 8-41
Reports of Cisco Secure ACS Backups 8-42
Performing a Manual Cisco Secure ACS Backup 8-42
Scheduling Cisco Secure ACS Backups 8-43
Disabling Scheduled Cisco Secure ACS Backups 8-44
Cisco Secure ACS System Restore 8-45
About Cisco Secure ACS System Restore 8-45
Backup File Names and Locations 8-45
Components Restored 8-47
Reports of Cisco Secure ACS Restorations 8-47
Restoring Cisco Secure ACS from a Backup File 8-47
Cisco Secure ACS Active Service Management 8-48
System Monitoring 8-49
System Monitoring Options 8-49
Setting Up System Monitoring 8-50
Event Logging 8-51
Setting Up Event Logging 8-51
IP Pools Server 8-52
Allowing Overlapping IP Pools or Forcing Unique Pool Address Ranges 8-53
Refreshing the AAA Server IP Pools Table 8-55
Adding a New IP Pool 8-55
Editing an IP Pool Definition 8-56
Resetting an IP Pool 8-57
Deleting an IP Pool 8-58
IP Pools Address Recovery 8-59
Enabling IP Pool Address Recovery 8-59
xv
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Contents
VoIP Accounting Configuration 8-60
Configuring VoIP Accounting 8-61
Cisco Secure ACS Certificate Setup 8-61
Background on Certification 8-62
EAP-TLS Setup Overview 8-63
Requirements for Certificate Enrollment 8-63
Generating a Request for a Certificate 8-64
Installing Cisco Secure ACS Certification with Manual Enrollment 8-66
Installing Cisco Secure ACS Certification with Automatic Enrollment 8-68
Performing Cisco Secure ACS Certification Update or Replacement 8-69
Certification Authority Setup 8-70
Trust Requirements and Models 8-71
Editing the Certificate Trust List 8-72
Adding a New CA Certificate to Local Certificate Storage 8-72
Global Authentication Setup 8-73
CHAPTER
9 Working with Logging and Reports 9-1
Logging Formats 9-1
Special Logging Attributes 9-2
Update Packets In Accounting Logs 9-3
About Cisco Secure ACS Logs and Reports 9-4
Accounting Logs 9-4
TACACS+ Accounting Log 9-5
TACACS+ Administration Log 9-6
RADIUS Accounting Log 9-7
VoIP Accounting Log 9-8
Failed Attempts Log 9-9
Contents
xvi
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Passed Authentications Log 9-10
Dynamic Cisco Secure ACS Administration Reports 9-10
Logged-In Users Report 9-11
Disabled Accounts Report 9-14
Cisco Secure ACS System Logs 9-15
ACS Backup and Restore Log 9-15
RDBMS Synchronization Log 9-16
Database Replication Log 9-16
Administration Audit Log 9-17
ACS Service Monitoring Log 9-18
Working with CSV Logs 9-19
CSV Log File Names 9-19
Enabling or Disabling a CSV Log 9-19
Viewing a CSV Report 9-20
Configuring a CSV Log 9-22
Working with ODBC Logs 9-25
Preparing to Use ODBC Logging 9-25
Configuring a System Data Source Name for ODBC Logging 9-26
Configuring an ODBC Log 9-27
Remote Logging 9-29
About Remote Logging 9-30
Remote Logging Options 9-31
Configuring a Central Logging Server 9-31
Enabling and Configuring Remote Logging 9-32
Disabling Remote Logging 9-33
xvii
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Contents
Service Logs 9-34
Services Logged 9-34
Configuring Service Logs 9-35
CHAPTER
10 Setting Up and Managing Administrators and Policy 10-1
Administrator Accounts 10-1
Administrator Privileges 10-2
Adding an Administrator Account 10-6
Editing an Administrator Account 10-7
Deleting an Administrator Account 10-9
Access Policy 10-10
Access Policy Options 10-10
Setting Up Access Policy 10-12
Session Policy 10-13
Session Policy Options 10-13
Setting Up Session Policy 10-14
Audit Policy 10-16
CHAPTER
11 Working with User Databases 11-1
CiscoSecure User Database 11-2
About External User Databases 11-4
Authenticating with External User Databases 11-5
Windows NT/2000 User Database 11-6
The Cisco Secure ACS Authentication Process with Windows NT/2000 User
Databases
11-7
Trust Relationships 11-8
Contents
xviii
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Windows Dial-up Networking Clients 11-9
About the Windows NT/2000 Dial-up Networking Client 11-9
About the Windows 95/98/Millennium Edition Dial-up Networking
Client
11-10
Windows NT/2000 Authentication 11-10
User-Changeable Passwords with Windows NT/2000 User Databases 11-12
Preparing Users for Authenticating with Windows NT/2000 11-12
Configuring a Windows NT/2000 External User Database 11-13
Generic LDAP 11-14
Cisco Secure ACS Authentication Process with a Generic LDAP User
Database
11-15
Multiple LDAP Instances 11-16
LDAP Organizational Units and Groups 11-17
Directed Authentications 11-17
LDAP Failover 11-17
Successful Previous Authentication with the Primary LDAP Server 11-18
Unsuccessful Previous Authentication with the Primary LDAP
Server
11-18
Configuring a Generic LDAP External User Database 11-19
Novell NDS Database 11-24
User Contexts 11-25
Novell NDS External User Database Options 11-27
Configuring a Novell NDS External User Database 11-28
ODBC Database 11-30
Cisco Secure ACS Authentication Process with an ODBC External User
Database
11-31
Preparing to Authenticate Users with an ODBC-Compliant Relational
Database
11-32
xix
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Contents
Implementation of Stored Procedures for ODBC Authentication 11-33
Type Definitions 11-34
Microsoft SQL Server and Case-Sensitive Passwords 11-34
Sample Routine for Generating a PAP Authentication SQL Procedure 11-35
Sample Routine for Generating an SQL CHAP Authentication
Procedure
11-36
PAP Authentication Procedure Input 11-36
PAP Procedure Output 11-37
CHAP/MS-CHAP/ARAP Authentication Procedure Input 11-38
CHAP/MS-CHAP/ARAP Procedure Output 11-38
Result Codes 11-39
Configuring a System Data Source Name for an ODBC External User
Database
11-40
Configuring an ODBC External User Database 11-41
LEAP Proxy RADIUS Server Database 11-44
Configuring a LEAP Proxy RADIUS Server External User Database 11-45
Token Server User Databases 11-47
About Token Servers and Cisco Secure ACS 11-48
Token Servers and ISDN 11-48
RADIUS-Enabled Token Servers 11-49
About RADIUS-Enabled Token Servers 11-49
Token Server RADIUS Authentication Request and Response
Contents
11-50
Configuring a RADIUS Token Server External User Database 11-50
Token Servers with Vendor-Proprietary Interfaces 11-53
About Token Servers with Proprietary Interfaces 11-53
Configuring a SafeWord Token Server External User Database 11-53
Contents
xx
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Configuring an AXENT Token Server External User Database
AXENT
11-55
Configuring an RSA SecurID Token Server External User Database 11-56
Deleting an External User Database Configuration 11-58
CHAPTER
12 Administering External User Databases 12-1
Unknown User Processing 12-1
Known, Unknown, and Cached Users 12-2
General Authentication Request Handling and Rejection Mode 12-3
Authentication Request Handling and Rejection Mode with the
Windows NT/2000 User Database
12-4
Windows Authentication with a Domain Specified 12-4
Windows Authentication with Domain Omitted 12-5
Performance of Unknown User Authentication 12-6
Added Latency 12-6
Authentication Timeout Value on AAA clients 12-6
Network Access Authorization 12-7
Unknown User Policy 12-7
Database Search Order 12-8
Configuring the Unknown User Policy 12-8
Turning off External User Database Authentication 12-9
Database Group Mappings 12-10
Group Mapping by External User Database 12-10
Creating a Cisco Secure ACS Group Mapping for a Token Server, ODBC
Database, or LEAP Proxy RADIUS Server Database
12-12
Group Mapping by Group Set Membership 12-13
Group Mapping Order 12-13
No Access Group for Group Set Mappings 12-14
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180
  • Page 181 181
  • Page 182 182
  • Page 183 183
  • Page 184 184
  • Page 185 185
  • Page 186 186
  • Page 187 187
  • Page 188 188
  • Page 189 189
  • Page 190 190
  • Page 191 191
  • Page 192 192
  • Page 193 193
  • Page 194 194
  • Page 195 195
  • Page 196 196
  • Page 197 197
  • Page 198 198
  • Page 199 199
  • Page 200 200
  • Page 201 201
  • Page 202 202
  • Page 203 203
  • Page 204 204
  • Page 205 205
  • Page 206 206
  • Page 207 207
  • Page 208 208
  • Page 209 209
  • Page 210 210
  • Page 211 211
  • Page 212 212
  • Page 213 213
  • Page 214 214
  • Page 215 215
  • Page 216 216
  • Page 217 217
  • Page 218 218
  • Page 219 219
  • Page 220 220
  • Page 221 221
  • Page 222 222
  • Page 223 223
  • Page 224 224
  • Page 225 225
  • Page 226 226
  • Page 227 227
  • Page 228 228
  • Page 229 229
  • Page 230 230
  • Page 231 231
  • Page 232 232
  • Page 233 233
  • Page 234 234
  • Page 235 235
  • Page 236 236
  • Page 237 237
  • Page 238 238
  • Page 239 239
  • Page 240 240
  • Page 241 241
  • Page 242 242
  • Page 243 243
  • Page 244 244
  • Page 245 245
  • Page 246 246
  • Page 247 247
  • Page 248 248
  • Page 249 249
  • Page 250 250
  • Page 251 251
  • Page 252 252
  • Page 253 253
  • Page 254 254
  • Page 255 255
  • Page 256 256
  • Page 257 257
  • Page 258 258
  • Page 259 259
  • Page 260 260
  • Page 261 261
  • Page 262 262
  • Page 263 263
  • Page 264 264
  • Page 265 265
  • Page 266 266
  • Page 267 267
  • Page 268 268
  • Page 269 269
  • Page 270 270
  • Page 271 271
  • Page 272 272
  • Page 273 273
  • Page 274 274
  • Page 275 275
  • Page 276 276
  • Page 277 277
  • Page 278 278
  • Page 279 279
  • Page 280 280
  • Page 281 281
  • Page 282 282
  • Page 283 283
  • Page 284 284
  • Page 285 285
  • Page 286 286
  • Page 287 287
  • Page 288 288
  • Page 289 289
  • Page 290 290
  • Page 291 291
  • Page 292 292
  • Page 293 293
  • Page 294 294
  • Page 295 295
  • Page 296 296
  • Page 297 297
  • Page 298 298
  • Page 299 299
  • Page 300 300
  • Page 301 301
  • Page 302 302
  • Page 303 303
  • Page 304 304
  • Page 305 305
  • Page 306 306
  • Page 307 307
  • Page 308 308
  • Page 309 309
  • Page 310 310
  • Page 311 311
  • Page 312 312
  • Page 313 313
  • Page 314 314
  • Page 315 315
  • Page 316 316
  • Page 317 317
  • Page 318 318
  • Page 319 319
  • Page 320 320
  • Page 321 321
  • Page 322 322
  • Page 323 323
  • Page 324 324
  • Page 325 325
  • Page 326 326
  • Page 327 327
  • Page 328 328
  • Page 329 329
  • Page 330 330
  • Page 331 331
  • Page 332 332
  • Page 333 333
  • Page 334 334
  • Page 335 335
  • Page 336 336
  • Page 337 337
  • Page 338 338
  • Page 339 339
  • Page 340 340
  • Page 341 341
  • Page 342 342
  • Page 343 343
  • Page 344 344
  • Page 345 345
  • Page 346 346
  • Page 347 347
  • Page 348 348
  • Page 349 349
  • Page 350 350
  • Page 351 351
  • Page 352 352
  • Page 353 353
  • Page 354 354
  • Page 355 355
  • Page 356 356
  • Page 357 357
  • Page 358 358
  • Page 359 359
  • Page 360 360
  • Page 361 361
  • Page 362 362
  • Page 363 363
  • Page 364 364
  • Page 365 365
  • Page 366 366
  • Page 367 367
  • Page 368 368
  • Page 369 369
  • Page 370 370
  • Page 371 371
  • Page 372 372
  • Page 373 373
  • Page 374 374
  • Page 375 375
  • Page 376 376
  • Page 377 377
  • Page 378 378
  • Page 379 379
  • Page 380 380
  • Page 381 381
  • Page 382 382
  • Page 383 383
  • Page 384 384
  • Page 385 385
  • Page 386 386
  • Page 387 387
  • Page 388 388
  • Page 389 389
  • Page 390 390
  • Page 391 391
  • Page 392 392
  • Page 393 393
  • Page 394 394
  • Page 395 395
  • Page 396 396
  • Page 397 397
  • Page 398 398
  • Page 399 399
  • Page 400 400
  • Page 401 401
  • Page 402 402
  • Page 403 403
  • Page 404 404
  • Page 405 405
  • Page 406 406
  • Page 407 407
  • Page 408 408
  • Page 409 409
  • Page 410 410
  • Page 411 411
  • Page 412 412
  • Page 413 413
  • Page 414 414
  • Page 415 415
  • Page 416 416
  • Page 417 417
  • Page 418 418
  • Page 419 419
  • Page 420 420
  • Page 421 421
  • Page 422 422
  • Page 423 423
  • Page 424 424
  • Page 425 425
  • Page 426 426
  • Page 427 427
  • Page 428 428
  • Page 429 429
  • Page 430 430
  • Page 431 431
  • Page 432 432
  • Page 433 433
  • Page 434 434
  • Page 435 435
  • Page 436 436
  • Page 437 437
  • Page 438 438
  • Page 439 439
  • Page 440 440
  • Page 441 441
  • Page 442 442
  • Page 443 443
  • Page 444 444
  • Page 445 445
  • Page 446 446
  • Page 447 447
  • Page 448 448
  • Page 449 449
  • Page 450 450
  • Page 451 451
  • Page 452 452
  • Page 453 453
  • Page 454 454
  • Page 455 455
  • Page 456 456
  • Page 457 457
  • Page 458 458
  • Page 459 459
  • Page 460 460
  • Page 461 461
  • Page 462 462
  • Page 463 463
  • Page 464 464
  • Page 465 465
  • Page 466 466
  • Page 467 467
  • Page 468 468
  • Page 469 469
  • Page 470 470
  • Page 471 471
  • Page 472 472
  • Page 473 473
  • Page 474 474
  • Page 475 475
  • Page 476 476
  • Page 477 477
  • Page 478 478
  • Page 479 479
  • Page 480 480
  • Page 481 481
  • Page 482 482
  • Page 483 483
  • Page 484 484
  • Page 485 485
  • Page 486 486
  • Page 487 487
  • Page 488 488
  • Page 489 489
  • Page 490 490
  • Page 491 491
  • Page 492 492
  • Page 493 493
  • Page 494 494
  • Page 495 495
  • Page 496 496
  • Page 497 497
  • Page 498 498
  • Page 499 499
  • Page 500 500
  • Page 501 501
  • Page 502 502
  • Page 503 503
  • Page 504 504
  • Page 505 505
  • Page 506 506
  • Page 507 507
  • Page 508 508
  • Page 509 509
  • Page 510 510
  • Page 511 511
  • Page 512 512
  • Page 513 513
  • Page 514 514
  • Page 515 515
  • Page 516 516
  • Page 517 517
  • Page 518 518
  • Page 519 519
  • Page 520 520
  • Page 521 521
  • Page 522 522
  • Page 523 523
  • Page 524 524
  • Page 525 525
  • Page 526 526
  • Page 527 527
  • Page 528 528
  • Page 529 529
  • Page 530 530
  • Page 531 531
  • Page 532 532
  • Page 533 533
  • Page 534 534
  • Page 535 535
  • Page 536 536
  • Page 537 537
  • Page 538 538
  • Page 539 539
  • Page 540 540
  • Page 541 541
  • Page 542 542
  • Page 543 543
  • Page 544 544
  • Page 545 545
  • Page 546 546
  • Page 547 547
  • Page 548 548
  • Page 549 549
  • Page 550 550
  • Page 551 551
  • Page 552 552
  • Page 553 553
  • Page 554 554
  • Page 555 555
  • Page 556 556
  • Page 557 557
  • Page 558 558
  • Page 559 559
  • Page 560 560
  • Page 561 561
  • Page 562 562
  • Page 563 563
  • Page 564 564
  • Page 565 565
  • Page 566 566
  • Page 567 567
  • Page 568 568
  • Page 569 569
  • Page 570 570
  • Page 571 571
  • Page 572 572
  • Page 573 573
  • Page 574 574
  • Page 575 575
  • Page 576 576
  • Page 577 577
  • Page 578 578
  • Page 579 579
  • Page 580 580
  • Page 581 581
  • Page 582 582
  • Page 583 583
  • Page 584 584
  • Page 585 585
  • Page 586 586
  • Page 587 587
  • Page 588 588
  • Page 589 589
  • Page 590 590
  • Page 591 591
  • Page 592 592
  • Page 593 593
  • Page 594 594
  • Page 595 595
  • Page 596 596
  • Page 597 597
  • Page 598 598
  • Page 599 599
  • Page 600 600
  • Page 601 601
  • Page 602 602
  • Page 603 603
  • Page 604 604
  • Page 605 605
  • Page 606 606
  • Page 607 607
  • Page 608 608
  • Page 609 609
  • Page 610 610
  • Page 611 611
  • Page 612 612
  • Page 613 613
  • Page 614 614
  • Page 615 615
  • Page 616 616
  • Page 617 617
  • Page 618 618
  • Page 619 619
  • Page 620 620
  • Page 621 621
  • Page 622 622
  • Page 623 623
  • Page 624 624
  • Page 625 625
  • Page 626 626
  • Page 627 627
  • Page 628 628
  • Page 629 629
  • Page 630 630
  • Page 631 631
  • Page 632 632
  • Page 633 633
  • Page 634 634
  • Page 635 635
  • Page 636 636
  • Page 637 637
  • Page 638 638
  • Page 639 639
  • Page 640 640
  • Page 641 641
  • Page 642 642
  • Page 643 643
  • Page 644 644
  • Page 645 645
  • Page 646 646
  • Page 647 647
  • Page 648 648
  • Page 649 649
  • Page 650 650
  • Page 651 651
  • Page 652 652
  • Page 653 653
  • Page 654 654

Cisco Systems Server Servers User manual

Category
Software
Type
User manual
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI