11-7
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 11 Working with User Databases
Windows NT/2000 User Database
This section contains the following topics:
• The Cisco Secure ACS Authentication Process with Windows NT/2000 User
Databases, page 11-7
• Trust Relationships, page 11-8
• Windows Dial-up Networking Clients, page 11-9
• Windows NT/2000 Authentication, page 11-10
• User-Changeable Passwords with Windows NT/2000 User Databases,
page 11-12
• Preparing Users for Authenticating with Windows NT/2000, page 11-12
• Configuring a Windows NT/2000 External User Database, page 11-13
The Cisco Secure ACS Authentication Process with Windows
NT/2000 User Databases
Cisco Secure ACS forwards user authentication requests to a Windows NT/2000
database in one of two scenarios. The first scenario is when the user’s account in
the CiscoSecure user database lists a Windows NT/2000 database configuration
as the authentication method. The second is when the user is unknown to the
CiscoSecure user database and the Unknown User Policy dictates that a Windows
NT/2000 database is the next external user database to try.
In either case, Cisco Secure ACS forwards the username and password to the
Windows NT/2000 database. The Windows NT/2000 database either passes or
fails the authentication request from Cisco Secure ACS. Upon receiving the
response from the Windows NT/2000 database, Cisco Secure ACS instructs the
requesting AAA client to grant or deny the user access, depending upon the
response from the Windows NT/2000 database.
Cisco Secure ACS grants authorization based on the Cisco Secure ACS group to
which the user is assigned. While the group to which a user is assigned can be
determined by information from the Windows NT/2000 database, it is
Cisco Secure ACS that grants authorization privileges. See Figure 11-2 on
page 11-8.
To Next Page
Loading...
