Result codes, Table 13-8 – Cisco 3.3 User Manual

13-69

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 13 User Databases

ODBC Database

The CSNTGroup and CSNTacctInfo fields are processed only after a successful
authentication. The CSNTerrorString file is logged only after a failure (if the
result is greater than or equal to 4).

Note

If the ODBC database returns data in recordset format rather than in parameters,
the procedure must return the result fields in the order listed above.

Result Codes

You can set the result codes listed in

Table 13-8

.

The SQL procedure can decide among 1, 2, or 3 to indicate a failure, depending
on how much information you want the failed authentication log files to include.

A return code of 4 or higher results in an authentication error event. These errors
do not increment per-user failed attempt counters. Additionally, error codes are
returned to the AAA client so it can distinguish between errors and failures and,
if configured to do so, fall back to a backup AAA server.

Successful or failed authentications are not logged; general Cisco Secure ACS
logging mechanisms apply. In the event of an error (CSNTresult equal to or less
than 4), the contents of the CSNTerrorString are written to the Windows Event
Log under the Application Log.

Table 13-8 Result Codes

Result Code

Meaning

0 (zero)

Authentication successful

1

Unknown username

2

Invalid password

3

Unknown username or invalid password

4+

Internal error—authentication not processed