Cisco AAA/Identity/Nac :: ACS 5.1 Updating Internal User Database?
Jul 4, 2011
Using a CSV file, I can not add user in the internal database of the ACS I have a permanent "error File Format Validation Failed" However the file I want to import is a really CSV file.
View 2 Replies
ADVERTISEMENT
Jan 16, 2012
Is it possible to create on ACS5 rule which will:
1. Try to authenticate user in external database1 (radius)
2. When external database1 returns FAIL (because of bad password) ACS5 should try to authenticate user in another external database2 (radius)
View 5 Replies
View Related
Mar 9, 2012
Having CSACSE-1113-K9 with ACS 4.2.15.I want to configure windows user database under extrenal user database but i get an error (attached) 'An error has occured while processing the Authen DLL Configure pagebecasue an error occured.I tried to stop the services and start agian but the same issue. The eappliance is secondary (backup) ACS. On the primary it is working fine.
View 1 Replies
View Related
May 15, 2012
i am running NX-OS image n5000-uk9.5.1.3.N1.1.bin on the nexus 5020 platform.i have configured authorization with tacacs+ on ACS server version 5.2 with fall back to switch local database.a user test with priv 15 is craeted on ACS server, password test2 everything works fine, until i create the same username on the local database with privilege 0. ( it doesnt matter if the user in local database was created before user in ACS or after ) e.g.: username test password test1 role priv-0 (note passwords are different for users in both databases)
after i create the same user in local database with privilege 0,if i try to connect to the switch with this username test and password defined on ACS, i get only privilege 0 authorization, regardless, that ACS server is up and it should be primary way to authenticate and authorizate the user.
View 3 Replies
View Related
May 2, 2011
Migrating from 4.2 to 5.2 acs and have noticed there is no expiration date per internal user added. We expire users at different times due to their time on site. Is there something that has to be added to get back this basic feature we had before?
View 6 Replies
View Related
Dec 12, 2011
I have an ACS 5.2 server integrated with Active directory . Now i need to create an internal user account to login to some radisu devices using internal user database .I have near about 600 users all are authenticating through AD .
View 3 Replies
View Related
Apr 23, 2011
My ACS5.2 joined Windows 2003 Active Directory successfully. I created Support group with user1 in the internal store, also created Support-AD group with userad1 in the AD store. Identity Store Sequency is set Internal first, then AD. I can map Support-AD group to the local Support group without any problem.
Internal user gets authenticated and authorized OK. However, if the user is an AD user, the rule for AD users is not picked. So it goes to default.
View 4 Replies
View Related
Sep 27, 2010
I am looking for a way how to set the password-rules for individually for for some users or identity-groups.I just can find the global settings,Background of the requirement: We want to use password-aging for most admin-users, for some we dont want that pw expires.
View 10 Replies
View Related
Apr 29, 2012
I'm doing some testing with ACS server on my windows box and I can't seem to get a barebone radius authentication to work with ACS internal users. I tested the same configuration with TACACS and it works fine, so there's something missing or misconfigured in my setup.
I have a cisco 3550 switch that I want users to login using their ACS username/password.
SW1
username cisco password 0 cisco
username admin password 0 admin
[Code].....
View 2 Replies
View Related
Jul 4, 2011
I have a hosted web server that has a website on it that needs to connect back to a database within our internal network. We have a Cisco WRVS4400N Wireless Router with 2 VLANS. VLAN 1 goes to a Watchguard Firebox which is connected to our internal network. VLAN 2 goues to our classroom network.
Our database is on VLAN 1. I have opened port 1433 on the Watchguard to allow SQL traffic from our Web Server. I can telnet from my workstation on VLAN 1 to the Web Server over port 1433, so I know the Web Server is not blocking anything. When I try to telnet from the Web Server to our Public IP address over port 1433, it fails.
I believe I have the firewall on the Cisco WRVS4400N off, so it shouldn't be blocking any traffic, but for the life of me I can't get this to work. I have been working on this for two days, and I NEED it to work. This was working up until last week, then it quit working. I am the only person making changes to our network, and there were no changes made during that time.
View 1 Replies
View Related
Sep 11, 2012
We are wanting to use local database users to authenticate our SSH connections to our 6500 cores.
We have added the usernames and password into the 6500 using
username anameduser password astrongpassword or username anameduser secret astrongpassword
We where expecting the commands to be the same as other iOS devices example C3750 we would add.
Line vty 0 4 login local
And this would allow us to use the local user database to authenticate our ssh sessions.
The login local commands are not availbe on the 6500s and we have not found any documentation on how to impliment a local database for this purpose except in a CatOS 6500.
View 1 Replies
View Related
Mar 14, 2011
How i can use both LDAP Authentication and local user database to authenticate the remote vpn clinet in asa 5505?
when i try to do the things either only one method is working both are not working at a time.
View 3 Replies
View Related
Feb 28, 2012
I would like to configure the below setup:
End user client (Cisco Any connect/VPN client) -> ASA 5500 (AAA client) -> ACS server -> External RADIUS database.
Here ACS server would send the authentication requests to External RADIUS server.So, i have added the external user database (RADIUS token server) in ACS under External databases.I have added AAA client in Network configuration (selected authenticate using RADIUS(VPN 3000/ASA/PIX 7.0) from the drop down.
Here how do i make ASA recognize that it has to send the request to ACS server. Normally when you use ACS as RADIUS server you can add an AAA server in ASA and test it.But here we are using an external RADIUS server which has been configured in ACS, so how do i make ASA to send the requests to ACS server?
View 6 Replies
View Related
Jan 18, 2013
I work at a campus and use the WCS to control access to my network for staff and only internet access for students. The Staff are assigned Username/password thru active directory and the student uses another SSID with only WPA --a password for all. I was tasked with adding more securing for students -- by adding a user/password. I do not want them connecting to my Active Directory for two reason--security risk and I have too many to input (over 1000). So, I wanted to use our internal database to validate users. I create a webpage with "WebAuth" that opens my logon page from my site and validates the login fields against the database. It works and this allows the user to navigate thru my website but not outside the site. If they try an outside url it redirect them to my logon script. I now understand why, so I'm looking for code I can add to my logon page that would allow me to redirect me to the controller's (once users are authenticated by my database) to call the WCS controller so I can enter a preset username/password so the policy management file would allow them access. I presently use "External" and don't know if "Custom" would work. Finding a way in using a database instead of adding one person at a time?
View 3 Replies
View Related
Sep 22, 2011
We are running ACS 5.2 patch 6 and want to restrict access for users to be able to add devices to the system.For example, admin person in site A can only add devices into the site A group and cannot see/access other sites groups.
View 1 Replies
View Related
May 27, 2013
I would like to know if its possible setup database replication from Cisco ACS 4.2 server to ACS 5.4 server ?
View 3 Replies
View Related
Feb 18, 2013
i configured pix 525 for easy vpn. About 100 to 200 people will use this service. i dont have much knowledge about radius and tacacas servers. Is local data base enough for extended authentication or should i configure the server for it ?
View 2 Replies
View Related
Mar 27, 2011
Firstly the ACS 4.2.1 for Windows database replication does any one have and documentation on the processes required?Secondly I have a single system installed which is providing TACACS authentication for management access to a Cisco 5508 WLC, the controller prompts with a login box on connection to the web interface. When you put in the username and password pair the box comes back as if the authentication has failed. On the ACS I was unable to see any failed authentications so enabled passed authentication reporting and can see the user passing the process. The WLC is running software version 6.0.199.4. On the ACS I have added the extra two options within the TACACS interface configuration and have a ‘role1=all’ against both the user and the group the user is part of so I am confused as to why the user is still denied access.
View 3 Replies
View Related
Jun 16, 2010
Just installed ACS 5.0.0.21. Monitoring and reports database was working, but now is not. When trying to open, I get "Monitoring and reports database currently unavailable. Trying reconnect in 5 minutes." From CLI "sho application status acs" gives me the following:
ACS role: PRIMARY
Process 'database' runningProcess 'management' runningProcess 'runtime' runningProcess 'adclient' runningProcess 'view-database' runningProcess 'view-collector' runningProcess 'view-jobmanager' runningProcess 'view-alertmanager' running
Also, logs show nothing unusual.
View 6 Replies
View Related
May 26, 2013
Would like to check up either Microsoft SQL Express 2012 is able work with ACS 5.3 remote database?
View 5 Replies
View Related
Apr 23, 2013
We have recently upgraded acs 5.1 to 5.3 ( normal upgrade process), all secondary (ACS-B) was deregistered from primary (ACS-A , used as configuration server and log collector) and updated successfully. But while upgrading primary acs server was rebooted manually. But later primary server was re upgraded successfully to 5.3.
Just to ensure database is not lost on primary acs (ACS-A) , primary acs was registered to one of the secondary acs (ACS-B). Initially ACS-A registered with ACS-B, both ACS was showing proper role now. ACS-A ( secondary ) and ACS-B (primary). But on New primary ACS (ACS-B) is showing new secondary (ACS-A) offline and replication pending. Whereas on Secondary ACS-B its shows primary ACS-A online and updated. But ACS replication id is gradually incrementing. ACS system is in this system for last 2 day, But not sure if there is real replication happening at backend? How long it take place to replicate completely? and how to check / verify status of upgrade?
View 3 Replies
View Related
Mar 16, 2011
I have a Cisco ACS 5.2 and have set it up as a RADIUS server. I was wondering if there is a way to add and update users automatically? We have a large number of users > 1000 that need to be added into the system and I don't want to do this manually. These users also update their passwords on a regular basis so I would need a script that would update the users automatically without any user intervention.
View 4 Replies
View Related
Jul 31, 2012
on the dashboard of the "Monitoring & Report Viewer" I see a lot of system alarms related to the database.The explanation of the alarm says to look at the Collector logs for the details.
View 3 Replies
View Related
Mar 22, 2011
i'm trying to configure acs 5.2 to LDAP external idenity store, when LDAP failes ACS 5.2 should use internal indenity store. I configured A sequence to use LDAP 1st then Internal and i shut off the link to the LDAP but ACS will not use internal, AAA Diagnostics keeps telling me that Cannot establish connection with LDAP server and will not use the internal store.
View 7 Replies
View Related
Sep 27, 2012
I am working on project with Secure ACS 5.2. I am trying to determine the proper External Database to use. LDAP or direct to AD?
Additionally, the Domain that I am connecting to has Multiple sub domains. All of the users are currently in the Sub domains, but will be moving to root domain later. How should I configure the connection, do I need to connec to each sub domain or can I just connect to the root?
View 2 Replies
View Related
Jan 17, 2012
What's type of ACS v4.2 Database password hash?
example:
-------------------------------------------------
Name : ###postureuser
Password : 0x0020 fe fc f0 11 24 dc dd bd 0f d9 78 56 b8 4a fc f4 40 d0 bd 1d 19 5b 56 7e 14 f0 4e 1a b0 83 66 24
Chap password : 0x000e 22 07 e4 28 c0 09 7f 1a b7 e6 2a 78 a1 52
-------------------------------------------------
View 1 Replies
View Related
Apr 19, 2012
On Cisco ACS 5.2.0.26 Patch 10, I got this system alarm:Incremental backup is not configured. Configuring incremental backup is necessary to make the database purge successful. This will be useful to avoid disk space issues. View database Size is 2.92GB and size it occupies on the harddisk is 2.91GB
In "Monitoring Configuration > System Operations > Data Management > Removal and Backup", we got this information:
Database Purging:If database size exceeds 120 GB, a backup (if configured) and purge will be initiated. If database size exceeds 150 GB, a purge will be initiated.
Could View database size reach 120 GB ?I want to know how long will Cisco ACS works without problem and if I need to hurry to configure purge.
View 2 Replies
View Related
Jan 24, 2012
I'm currently looking for a solution in order to restrict the modification of the host internal identity store (add or delete MAC host) per group. The default administrator roles does not include "per group restriction". Under the ACS I defined one group per department? My objective it to allow each department to access their ACS MAC database to add or delete MAC addresses as required.
How to restrict internal identity store per group?Do I need to create new roles? and how?I was not able to get an answer from the ACS ADMIN manual.
View 1 Replies
View Related
Apr 26, 2011
I am running windows based acs 3.3 in my lan environment going to be replaced with acs 1120 appliance running acs 4.2.1.15 , ACS 3.3 database has been built upto 4.2.0.124 ,step by step by upgrade process
1) acs 3.3.3.14---> 4.1.1.24
2) acs 4.1.1.24 ----> 4.2.0.124 .
now my database is with 4.2.0.124 dmp file , I cannot upgrade my database to 4.2.1.15 because 4.2.1.15 patch is not applicable & executable on 90 days evalution package of 4.2.0.124 of windows platform .
can i import my windows based 4.2.0.124 datbase directly to my acs appliance running 4.2.1.15.3 ??? , else its requires any step to be done to modify the windows based databse matching to appliance windows verison once .
I could see on appliance under restore settings the following options (restore from 4.2.0 backup file to acs 4.2.1)
View 8 Replies
View Related
Mar 26, 2012
I am configuring new ACS 1121 appliance with version 5.3 and wanted to know how to configure Remote Database settings in ACS5.3 Is that necessary to configure that option ?
Also one more thing I can see that ACS 5.3 generates lots of logs is there any solution to reduce such logs. It seems many unuseful logs which are system related are getting logged into device which might no be good for memory requirements of device.
View 6 Replies
View Related
Feb 28, 2012
I have a weird issue. I recently setup an ASA 5510 and had SSH working. To make it easier on my VPN users I then decided I wanted to setup a Windows 2008 Network Policy Server for RADIUS authentication. Ever since I added the RADIUS part to aaa authentication, when I use SSH to connect to the ASA it will not take the local user name and password I have setup. I can however get in using a Domain user name and password. Below is the SSH and AAA configuration. Am I missing something here? The username and password in the ASA is not on the domain and it's like the ASA is not even trying LOCAL when it tries to authenticate. I want it to use the local username and password if possible. I'm kind of new to ASA's..
On another note, I have never been able to SSH in on the internal interface. I always get a "The remote system refused the connection" error message. I can only use the outside interface.
Site-ASA# sh run | in ssh
aaa authentication ssh console SERVER_RADIUS LOCAL
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
[code]....
View 2 Replies
View Related
Aug 2, 2011
I tried the solution posted at [URL] however it did not work on my ASA5505 8.4(2). I thought that it may be because I only have a single public address so the web server is responding to port forwarding through the one public IP already. looking in ASDM it appears to indicate that a configured access list is blocking the server from responding to the internal hosts.
object network Private_IP
host 192.168.1.15
object network Public_IP
host 1.1.1.1
object-group network internal_net
[code]....
Can I fix an access list (or something) to make this work or am I wishing for too much with only one public IP? This worked by default on my Netgear firewall.
View 4 Replies
View Related
Oct 8, 2012
On ACS 4.2.0.124 version installed on Appliance 1113.We are getting error code as "Internal error" and also "Enabling Tacacs+ is not allowed for this Access Server" while client authentication.
View 5 Replies
View Related