Leap proxy radius server database, Leap proxy – Cisco 3.3 User Manual

Page 559

Advertising
background image

13-75

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 13 User Databases

LEAP Proxy RADIUS Server Database

LEAP Proxy RADIUS Server Database

For Cisco Secure ACS-authenticated users accessing your network via Cisco
Aironet devices, Cisco Secure ACS supports ASCII, PAP, MS-CHAP (versions 1
and 2), LEAP, and EAP-FAST (phase zero and phase two) authentication with a
proxy RADIUS server. Other authentication protocols are not supported with
LEAP Proxy RADIUS Server databases.

Note

Authentication protocols not supported with LEAP Proxy RADIUS Server
databases may be supported by another type of external user database. For more
information about authentication protocols and the external database types that
support them, see

Authentication Protocol-Database Compatibility, page 1-10

.

Cisco Secure ACS uses MS-CHAP version 1 for LEAP Proxy RADIUS Server
authentication. To manage your proxy RADIUS database, refer to your RADIUS
database documentation.

Lightweight extensible authentication protocol (LEAP) proxy RADIUS server
authentication allows you to authenticate users against existing Kerberos
databases that support MS-CHAP authentication. You can use the LEAP Proxy
RADIUS Server database to authenticate users with any third-party RADIUS
server that supports MS-CHAP authentication.

Note

The third-party RADIUS server must return Microsoft Point-to-Point Encryption
(MPPE) keys in the Microsoft RADIUS vendor-specific attribute (VSA)
MSCHAP-MPPE-Keys (VSA 12). If the third-party RADIUS server does not
return the MPPE keys, the authentication fails and is logged in the Failed
Attempts log.

Cisco Secure ACS supports RADIUS-based group specification for users
authenticated by LEAP Proxy RADIUS Server databases. RADIUS-based group
specification overrides group mapping. For more information, see

RADIUS-Based Group Specification, page 16-14

.

Cisco Secure ACS supports group mapping for unknown users authenticated by
LEAP Proxy RADIUS Server databases. Group mapping is only applied to an
unknown user if RADIUS-based group specification did not occur. For more
information about group mapping users authenticated by a LEAP Proxy RADIUS
Server database, see

Group Mapping by External User Database, page 16-2

.

Advertising
Popular Brands
Popular manuals