Chapter 11 Working with User Databases
Novell NDS Database
11-34
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
About Novell NDS User Databases
Cisco Secure ACS supports ASCII, PAP, and PEAP(EAP-GTC) authentication
with Novell NetWare Directory Services (NDS) servers. To use NDS
authentication, you must have a Novell NDS database. Other authentication
protocols are not supported with Novell NDS external user databases.
Note
Authentication protocols not supported with Novell NDS external user databases
may be supported by another type of external user database. For more information
about authentication protocols and the external database types that support them,
see
Authentication Protocol-Database Compatibility, page 1-9
.
Cisco Secure ACS supports group mapping for unknown users by requesting
group membership information from Novell NDS user databases. For more
information about group mapping for users authenticated with a Novell NDS user
database, see
Group Mapping by Group Set Membership, page 12-14
.
Note
Aside from user group membership information, Cisco Secure ACS retrieves no
user settings from Novell NDS databases; however, Cisco Secure ACS enforces
password restrictions, login restrictions, time restrictions, and account
restrictions for each user. Cisco Secure ACS accomplishes this by interpreting
authentication responses received from a Novell NDS database.
Cisco Secure ACS does not enforce address restrictions.
Configuring Cisco Secure ACS to authenticate against an NDS database does not
affect the configuration of the NDS database. To manage your NDS database,
refer to your NDS database documentation.
Some versions of Novell NDS provide standard LDAP implementations. If your
Novell NDS supports standard LDAP and you have implemented standard LDAP,
you should configure a Cisco Secure ACS generic LDAP external user database
to authenticate users defined in your Novell NDS. For more information about
generic LDAP external user databases, see
Generic LDAP, page 11-16
.
To authenticate users with a Novell NDS database, Cisco Secure ACS depends
upon Novell Requestor. Novell Requestor must be installed on the same Windows
server as Cisco Secure ACS. You can download the Requestor software from the
Novell website. For more information, refer to your Novell and Microsoft
documentation.