11-31
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter11 Working with User Databases ODBC Database
•Configuring a System Data Source Name for an ODBC External User
Database, page 11-40
•Configuring an ODBC External User Database, page 11-41
Cisco Secure ACS Authentication Process with an ODBC External User DatabaseCisco Secure ACS forwards user authentication requests to an ODBC database in
one of two scenarios. The first scenario is when the user’s account in the
CiscoSecure user database lists an ODBC database configuration as the
authentication method. The second is when the user is unknown to the
CiscoSecure user database and the Unknown User Policy dictates that an ODBC
database is the next external user database to try.
In either case, Cisco Secure ACS forwards the username and password to the
ODBC database via an ODBC connection. The ODBC database either passes or
fails the authentication request from Cisco Secure ACS. The relational database
must have a stored procedure that queries the appropriate tables and returns values
to Cisco Secure ACS. If the returned values indicate that the username and
password provided are valid, CiscoSecure ACS instructs the requesting AAA
client to grant the user access; otherwise, Cisco Secure ACS denies the user
access. See Figure 11-4. Upon receiving the response from the ODBC database,
Cisco Secure ACS instructs the requesting AAA client to grant or deny the user
access, depending upon the response from the ODBC database.