12-11
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter12 Administering External User Databases Database Group Mappings
assign a group setup that is appropriate for users who are working away from
home, such as MaxSessions=1. Or you could configure restricted hours for other
groups, but give unrestricted access to Telecommuters group members.
While you can configure Cisco Secure ACS to map all unknown users found in
any external user database type to a single CiscoSecure ACS group, the following
external user database types are the external user database types whose users you
can only map to a single Cisco Secure ACS group:
•ODBC
•LEAP Proxy RADIUS server
•ActivCard token server
•AXENT token server
•CRYPTOCard token server
•RADIUS token server
•RSA SecurID token server
•SafeWord token server
•Vasco token server
For a subset of the external user database types listed above, group mapping by
external database type is overridden on a user-by-user basis when the external user
database specifies a Cisco Secure ACS group with its authentication response.
Cisco Secure ACS supports specification of group membership for the following
external user database types:
•LEAP Proxy RADIUS server
•ActivCard token server
•CRYPTOCard token server
•RADIUS token server
•Vasco token server
For more information about specifying group membership for users authenticated
with one of these database types, see the “RADIUS-Based Group Specification”
section on page 12-21.