Chapter11 Working with User Databases
ODBC Database
11-38
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
The CSNTGroup and CSNTacctInfo fields are processed only after a successful
authentication. The CSNTerrorString file is logged only after a failure (if the
result is greater than or equal to 4).
The procedure must return the result fields in the order listed above.
CHAP/MS-CHAP/ARAP Authentication Procedure Input
Cisco Secure ACS provides a single value for input to the stored procedure
supporting CHAP/MS-CHAP/ARAP authentication. The stored procedure should
accept the named input value as a variable.
Note Because Cisco Secure ACS performs authentication for
CHAP/MS-CHAP/ARAP, the users password is not an input. See Table 11-4.
The input name is for guidance only. A procedure variable created from it can
have a different name.
CHAP/MS-CHAP/ARAP Procedure Output
The stored procedure must return a single row containing the non-null fields.
Table11-5 lists the procedure results Cisco Secure ACS expects as output from
stored procedure.
Table11-4 CHAP Stored Procedure Input
Field Type Explanation
CSNTusername String 0-64 characters