11-43
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Chapter 11 Working with User Databases
ODBC Database
To prepare for authenticating with an ODBC-compliant relational database,
follow these steps:
Step 1
Install the database software on its server. For more information, refer to the
relational database documentation.
Step 2
Create the database to hold the usernames and passwords. The database name is
irrelevant to Cisco Secure ACS, so you can name the database however you like.
Step 3
Create the table or tables that will hold the usernames and passwords for your
users. The table names are irrelevant to Cisco Secure ACS, so you can name the
tables and columns however you like.
Step 4
Write the stored procedures intended to return the required authentication
information to Cisco Secure ACS. For more information about these stored
procedures, see
Implementation of Stored Procedures for ODBC Authentication,
page 11-43
.
Step 5
Set up a system DSN on the Cisco Secure ACS server. For steps, see
Configuring
a System Data Source Name for an ODBC External User Database, page 11-50
.
Step 6
Configure Cisco Secure ACS to authenticate users with an ODBC database. For
steps, see
Configuring an ODBC External User Database, page 11-51
.
Implementation of Stored Procedures for ODBC Authentication
When you configure Cisco Secure ACS to authenticate users against an
ODBC-compliant relational database, you must create a stored procedure to
perform the necessary query and return the values that Cisco Secure ACS expects.
Cisco Secure ACS supports ODBC authentication for PAP or
CHAP/MS-CHAP/ARAP protocols; however, the method of authentication
differs for these two sets of protocols.
Authentication for PAP protocol occurs within the relational database; that is, if
the stored procedure finds a record with both the username and the password
matching the input, the user is considered authenticated.
Authentication for CHAP/MS-CHAP/ARAP occurs within Cisco Secure ACS.
The stored procedure returns the fields for the record with a matching username,
including the password. Cisco Secure ACS confirms or denies authentication
based on the values returned from the procedure.