Chapter 11 Working with User Databases
Generic LDAP
11-16
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Step 8
In the MS-CHAP table, follow these steps:
a.
To support for authentication, select the check boxes for the applicable
MS-CHAP versions.
b.
To enable password changes, select the check boxes for the applicable
MS-CHAP versions.
Step 9
Click Submit.
Result: Cisco Secure ACS saves the Windows NT/2000 user database
configuration you created. You can now add it to your Unknown User Policy or
assign specific user accounts to use this database for authentication. For more
information about the Unknown User Policy, see
Unknown User Processing,
page 12-1
. For more information about configuring user accounts to authenticate
using this database, see
Chapter 7, “Setting Up and Managing User Accounts.”
Generic LDAP
Cisco Secure ACS supports ASCII, PAP, EAP-TLS, and PEAP(EAP-GTC)
authentication via generic Lightweight Directory Access Protocol (LDAP)
databases, such as Netscape Directory Services. Other authentication protocols
are not supported with LDAP external user databases.
Note
Authentication protocols not supported with LDAP databases may be supported
by another type of external user database. For more information about
authentication protocols and the external database types that support them, see
Authentication Protocol-Database Compatibility, page 1-9
.
Cisco Secure ACS supports group mapping for unknown users by requesting
group membership information from LDAP user databases. For more information
about group mapping for users authenticated with an LDAP user database, see
Group Mapping by Group Set Membership, page 12-14
.
Configuring Cisco Secure ACS to authenticate against an LDAP database has no
effect on the configuration of the LDAP database. To manage your LDAP
database, see your LDAP database documentation.
