Cisco Systems Servers Manuale Utente

Select the Fail the attempt option.

Click Submit.

Result: Unknown user processing is halted. Cisco Secure ACS does not allow 
unknown users to authenticate with external user databases.

The Database Group Mapping feature in the External User Databases section 
enables you to associate unknown users with a Cisco Secure ACS group for the 
purposes of assigning authorization profiles. For external user databases from 
which Cisco Secure ACS can derive group information, you can associate the 
group memberships defined for the users in the external user database to specific 
Cisco Secure ACS groups. For Windows NT/2000 user databases, group mapping 
is further specified by domain, because each domain maintains its own user 
database. For Novell NDS user databases, group mapping is further specified by 
tree, because Cisco Secure ACS supports multiple trees in a single Novell NDS 
user database.

In addition to the Database Group Mapping feature, for some database types, 
Cisco Secure ACS supports RADIUS-based group specification.

This section contains the following topics:

You can map an external database to a Cisco Secure ACS group. Unknown users 
who authenticate using the specified database automatically belong to, and inherit 
the authorizations of, the group. For example, you could configure 
Cisco Secure ACS so that all unknown users who authenticate with a certain 
token server database belong to a group called Telecommuters. You could then