Eap-tls authentication procedure input – Cisco 3.3 User Manual
Page 551
13-67
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 13 User Databases
ODBC Database
The CSNTGroup and CSNTacctInfo fields are processed only after a successful
authentication. The CSNTerrorString file is logged only after a failure (if the
result is greater than or equal to 4).
Note
If the ODBC database returns data in recordset format rather than in parameters,
the procedure must return the result fields in the order listed above.
EAP-TLS Authentication Procedure Input
Cisco Secure ACS provides a single value for input to the stored procedure
supporting EAP-TLS authentication. The stored procedure should accept the
named input value as a variable.
Table 13-5 CHAP/MS-CHAP/ARAP Stored Procedure Results
Field
Type
Explanation
CSNTresult
Integer
See
Result Codes.
CSNTgroup
Integer
The Cisco Secure ACS group number for authorization. 0xFFFFFFFF is
used to assign the default value. Values other than 0-499 are converted
to the default.
Note
The group specified in the CSNTgroup field overrides group
mapping configured for the ODBC external user database.
CSNTacctInfo
String
0-15 characters. A customer-defined string that Cisco Secure ACS adds
to subsequent account log file entries.
CSNTerrorString
String
0-255 characters. A customer-defined string that Cisco Secure ACS
writes to the CSAuth service log file if an error occurs.
CSNTpassword
String
0-255 characters. The password is authenticated by Cisco Secure ACS.
Note
If the password field in the database is defined using a CHAR
datatype rather than VARCHAR, the database may return a
string 255 characters long, regardless of actual password length.
We recommend using the VARCHAR datatype for the CHAP
password field in your ODBC database.