Cisco Systems Servers Manuale Utente

If you implement an external user database, Cisco Secure ACS offers two 
powerful features that you must configure. The first feature is the Unknown User 
Policy. This feature automates the creation of user accounts in the CiscoSecure 
user database for users authenticated by an external user database. The other 
feature is Cisco Secure ACS user group mappings for users authenticated by 
external user databases. For information on these features, see 

The CiscoSecure user database supports authentication for PAP, CHAP, 
MS-CHAP, ARAP, LEAP, and ASCII passwords. It also supports the 
certificate-based EAP-TLS authentication protocol.

You can configure Cisco Secure ACS to forward authentication of users to one 
external user database or more. Support for external user databases means that 
Cisco Secure ACS does not require that you create duplicate user entries in the 
CiscoSecure user database. Users can be authenticated using the following 
databases.

Windows NT/2000 User Database

Generic LDAP

Novell NetWare Directory Services (NDS)

Open Database Connectivity (ODBC)-compliant relational databases

LEAP Proxy RADIUS servers

AXENT token servers

SafeWord token servers

RSA SecureID token servers

RADIUS-based token servers, including:

ActivCard token servers

CRYPTOCard token servers

Vasco token servers

Generic RADIUS token servers