C H A P T E R
11-1
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
11
Working with User Databases
Cisco Secure Access Control Server (Cisco Secure ACS) for Windows Server
version 3.1 authenticates users against one of several possible databases,
including its internal database. You can configure Cisco Secure ACS to
authenticate users with more than one type of database. This flexibility enables
you to use user accounts data collected in different locations without having to
explicitly import the users from each external user database into the CiscoSecure
user database. It also enables you to apply different databases to different types of
users, depending on the security requirements associated with user authorizations
on your network. For example, a common configuration is to use a Windows
2000/NT user database for standard network users and a token server for network
administrators.
This chapter contains the following sections:
•
CiscoSecure User Database, page 11-2
•
About External User Databases, page 11-4
•
Windows NT/2000 User Database, page 11-7
•
Generic LDAP, page 11-16
•
Novell NDS Database, page 11-33
•
ODBC Database, page 11-39
•
LEAP Proxy RADIUS Server Database, page 11-54
•
Token Server User Databases, page 11-57
•
Deleting an External User Database Configuration, page 11-66
For information about the Unknown User Policy and group mapping features, see
Chapter 12, “Administering External User Databases.”