WEBVPN auth TACACS+ proxy to external ODBC

Peter Valdes · ‎08-27-2008

Hi Cisco,

We have successfully setup a Cisco ASA hosting SSLVPN portal for login which then points to TACACS+ ACS v3.0 for authentication.

For an easier login account management within the IT department, we want to now proxy the authentication from TACACS to an external SQL db ODBC as this existing database server is currently storing all existing login username and password for other internal products and services, hence reducing multiple login accounts for one user.

For example, works similar to RADIUS:

u/n: cisco@mydomain.com

p/w: cisco

TACACS receives the username, searches for policy/attributes according to the username in the TACACS, strips the @mydomain.com and sends it to ODBC connector "SQL db" for usnername "cisco" and p/w cisco authentication.

If we can produce a solution using ODBC to connect from TACAC to SQL server we are only to manage the one server for login account (external SQL Server), instead of having to manage multiple platform; TACACS for login and also another SQL db.

Please assist with a URL or suggestions on setting up TACACS+ to integrate with SQL db server.

I hope it makes sense.

Thanks again

Peter

Peter Valdes · ‎08-28-2008

Hi Cisco,

I have finally found the solution. Thanks to Cisco.com as always.

If any one is using the same set, here are the links FYI:

ACS v3.0

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007dec4.html#1835

External ODBC Authentication

http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/exatu_wp.pdf

Thanks