12-11
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter12 Administering External User Databases Database Group Mappings
assign a group setup that is appropriate for users who are working away from
home, such as MaxSessions=1. Or you could configure restricted hours for other
groups, but give unrestricted access to Telecommuters group members.
While you can configure Cisco Secure ACS to map all unknown users found in
any external user database type to a single CiscoSecure ACS group, the following
external user database types are the external user database types whose users you
can only map to a single Cisco Secure ACS group:
ODBC
LEAP Proxy RADIUS server
ActivCard token server
AXENT token server
CRYPTOCard token server
RADIUS token server
RSA SecurID token server
SafeWord token server
Vasco token server
For a subset of the external user database types listed above, group mapping by
external database type is overridden on a user-by-user basis when the external user
database specifies a Cisco Secure ACS group with its authentication response.
Cisco Secure ACS supports specification of group membership for the following
external user database types:
LEAP Proxy RADIUS server
ActivCard token server
CRYPTOCard token server
RADIUS token server
Vasco token server
For more information about specifying group membership for users authenticated
with one of these database types, see the RADIUS-Based Group Specification
section on page 12-21.