11-45
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter11 Working with User Databases LEAP Proxy RADIUS Server Database
Note The third-party RADIUS server must return Microsoft Point-to-Point
Encryption (MPPE) keys in the Microsoft RADIUS vendor-specific attribute
(VSA) MSCHAP-MPPE-Keys (VSA 12). If the third-party RADIUS server
does not return the MPPE keys, the authentication fails and is logged in the
Failed Attempts log.
Cisco Secure ACS support RADIUS-based group mapping for users
authenticated by LEAP Proxy RADIUS Server databases. For more information,
see the RADIUS-Based Group Specification section on page 12-21.
Configuring a LEAP Proxy RADIUS Server External User Database
You should install and configure your proxy RADIUS server before configuring
Cisco Secure ACS to authenticate users with it. For information about installing
the proxy RADIUS server, refer to the documentation included with your
RADIUS server.
To configure LEAP proxy RADIUS authentication, follow these steps:
Step 1 In the navigation bar, click External User Databases.
Step 2 Click Database Configuration.
Result: Cisco Secure ACS displays a list of all possible external user database
types.
Step 3 Click LEAP Proxy RADIUS Server.
Result: If no LEAP Proxy RADIUS Server configuration ex ists, only the Database
Configuration Creation table appears. Otherwise, in addition to the Database
Configuration Creation table, the External User Database Configuration table
appears.