Cisco 3.3 User Manual

13-81

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 13 User Databases

Token Server User Databases

Cisco Secure ACS expects to receive one of the following three responses:

•

access-accept—No attributes are required; however, the response can
indicate the Cisco Secure ACS group to which the user should be assigned.
For more information, see

RADIUS-Based Group Specification, page 16-14

.

•

access-reject—No attributes required.

•

access-challenge—Attributes required, per IETF RFC, are as follows:

–

State (RADIUS attribute 24)

–

Reply-Message (RADIUS attribute 18)

Configuring a RADIUS Token Server External User Database

Use this procedure to configure RADIUS Token Server external user databases.

Before You Begin

You should install and configure your RADIUS token server before configuring
Cisco Secure ACS to authenticate users with it. For information about installing
the RADIUS token server, refer to the documentation included with your token
server.

To configure Cisco Secure ACS to authenticate users with a RADIUS Token
Sever, follow these steps:

Step 1

In the navigation bar, click External User Databases.

Step 2

Click Database Configuration.

Cisco Secure ACS lists all possible external user database types.

Step 3

Click RADIUS Token Server.

The Database Configuration Creation table appears. If at least one RADIUS token
server configuration exists, the External User Database Configuration table also
appears.

Step 4

If you are creating a configuration, follow these steps:

a.

Click Create New Configuration.

b.

Type a name for the new configuration for the RADIUS-enabled token server
in the box provided, or accept the default name in the box.