Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 11 Working with User Databases
ODBC Database
The CSNTGroup and CSNTacctInfo fields are processed only after a successful
authentication. The CSNTerrorString file is logged only after a failure (if the
result is greater than or equal to 4).
The procedure must return the result fields in the order listed above.
Result Codes
You can set the result codes listed in Table 11-6.
Table 11-5 CHAP/MS-CHAP/ARAP Stored Procedure Results
Field Type Explanation
CSNTresult Integer See Table 11-6 on page 11-39 Result Codes.
CSNTgroup Integer The Cisco Secure ACS group number for authorization.
0xFFFFFFFF is used to assign the default value. Values other than
0-499 are converted to the default.
Note The group specified in the CSNTgroup field overrides
group mapping configured for the ODBC external user
CSNTacctInfo String 0-16 characters. A third-party defined string is added to subsequent
account log file entries.
0-255 characters. A third-party defined string is written to the
CSAuth service log file if an error occurs.
0-255 characters. The password is authenticated by
Cisco Secure ACS for CHAP authentication.
Table 11-6 Result Codes
Result Code Meaning
0 (zero) Authentication successful
1 Unknown username
2 Invalid password