Cisco Security Manager integration with Cisco ACS troubleshooting
Hi all!
I have a problem with the integration between Cisco Security Manager and ACS. I've done the integration, but the identity of the user system doesn't have enough privileges. I know what the problem is, but I don't know how I can change the login of the ACS to the local MSC?
I found a file that specifies the following:
Q.
Is there a backend script or command line interface options to change the ACS to local CicsoWorks connection module?
A.
To restore the server LMS ACS local user mode mode, stop the CiscoWorks
demons and run the following script:
NMSROOT/bin/perl ResetLoginModule.pl
(for Solaris)
NMSROOT\bin\perl ResetLoginModule.pl
(for Windows)
Then, restart the daemon.
I did it, but does not work, any idea?
Hello
I guess you can try to go through the question on WSC and GBA integration troubleshooting:
Few things might have gone wrong:
1 - this command must be run on the server MCS cmd prompt (make sure that you are not on the client computer)
2 - NMSROOT is the directory were MSC Server is installed. Is usually c:\Progra~1\CSCOpx
3. you must stop the deamon Manager before performing this action (and restart)
For example if the directory is the one above to reset the connection locally, you can try the following:
net stop crmdmgtd---> that stops the daemon Manager (can be done by the services window)
c:\Progra~1\CSCOpx\bin\perl c:\Progra~1\CSCOpx\bin\ ResetLoginModule.pl---> restores local authentication
net start crmdmgtd---> restart the Daemon Manager
Can you maybe try again and let me know how it goes?
Thank you
Tags: Cisco Security
Similar Questions
-
Operations Manager integration with vSphere Web Client
Hello
One of the new features that I keep seeing credited for vCenter Operations Manager v5.6 is 'integration with vSphere Web Client'.
I went through the process of getting vCOps operational v5.6 (and everything works fine), but I don't see any integration with the Web Client. Am I missing something obvious? Where is the integration? I have to do something to activate it?
See you soon,.
David
Take a look at the video on Eric Sloof vCOPS 5.6 integration with VMware vSphere Client Web blog post where he explains how to use the vCenter integration of Operations Manager with the Web Client vSphere.
-
ACS integration with Microsoft Active Directory Services
Hi all
I was responsible for developing the integration of GBA with MS AD. What I want to know is below assuming I have a software ACS or ACS device and the authentication protocol's RADIUS
-What is the criterion of the announcement to integrate with ACS to device software
-Should that AD hosted on the domain controller or not?
-Otherwise, on what (DC, tree, forest, branch, flower, Fruit) the announcement must be hosted on?
-What should I do to authenticate users logging into Cisco ACS Security Manager integrated with AD?
-Are there other dependencies that I'll have to speak categorically in my description?
Thank you
Rishi
First of all, I love the flower fruit one keep it up.
If ACS is for windows, it can be installed on the domain controller or member server. For detailed information about installation tasks post must have full integration, please see the following link that contains fancy things you are looking for:
If ACS is soultion engine then you need piece of software called remote agent to be installed either on the domain controller or member server, also check the following link for more details on how to integrate it with AD:
I hope this was informative for you.
-----------------------------------------------------------------------------
Please ensure good answers to rate
-
Integration of Cisco ACS and Cisco NAC Manager - downloadable ACLs
Hello
I have Setup Cisco NAC in my environment. These are all works well. The users themselves will get authenticated via Cisco NAC Manager. The Cisco NAC Manager meets with Cisco ACS for the part of the user database. These are all works well. I would like to activate downloadable ACLs. I tried to use the CISCO-AV-PAIR method and creating a downloadable ACL entry in the shared components, but nothing works. It's either I'm doing wrong or this configuration of the mine does not support downloadable ACLs? Please advice kindly.
Kind regards
RAM
+ 6 012-2918870
Hello
It is not possible.
You cannot push the ACL in the NAC manager.
If you make the Radius of NAC authentication manager, you can do is create roles the NAC Manager, and on the roles you define traffic strategies.
Using the Radius attributes you can then map users to roles.
Please, take a look at this:
HTH,
Tiago
--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.
-
Cisco ACS 5.1 and RSA Authentication Manager 6.1
Hi all
We recently had a Cisco Secure ACS 1120 and I improved the Unit 5.1 5.0 with all your support
Now, I need to integrate Cisco ACS 5.1 with RSA Authentication Manager 6.1. I have config file of RSA ACE Server successfully downloaded and exported to 1120 ACS.
I also added as NetOS Agent ACS in the RSA server during the process, I found a few warnings. The ACE Server is not able to resolve the IP address to the name (is it necessary?).
I have not created any file of secret key for communication between FAC and RSA and I used encryption is FOR.
Now, when I log into ACS and search for devices in the identity store sequences I am not able to get Sever Token RSA.
Let me know what was wrong, where can I fix and also please tell me what is the communciaction between the RSA and ACS?
Hoping that you guys help me as usual when I'm in a hurry...
Sree
Were you able to successfully create the RSA identity server. After selecting the sdconf.rec and you press on submit what happened? The RSA instance created OK?
If you go to
Users and identity stores > external identity stores > RSA SecurID Token servers, what do you see in the list?
-
API License - Cisco Security Manager
I would like to know the license API to integrate a solution Algosec Cisco CSM. This license would cost or not?
Q. what are the features of the API?
A. based on the API access Cisco Security Manager to share information with other services essential network such as respect and analysis of advanced security systems to streamline their operations, security and compliance. Using a representational state transfer, external firewall compliance systems can directly request access to data from any security device managed by the Cisco Security Manager. Several suppliers of conformity of safety including Tufin Algosec and Skybox, have updated their products to work with the new APIs in the Cisco Security Manager
http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps5739/ps6498/qa_c67-727089.html
I'm waiting for return,
Aldo Melo Lopes
Yes. The fare is US$ 5,000.
The product number is 'L-CSMPR-API' (Cisco Security Manager Pro - license for access to the API).
-
Hello
I have a question about Cisco Security manager. We manage approximately 70 firewalls and bought the MSC to manage with policies, etc.
Is it possible to make changes in SSH or ASDM If Cisco Security Manager is inaccessible?
I need a way to backup for the configs before I can deploy.
Any advice will be appreciated
Kind regards
Ian Oliver
You can always return to the local management.
If you do, you need to be sure to use functionality of the CSM 'Detect changes in band.
http://www.Cisco.com/c/en/us/TD/docs/security/security_management/Cisco _...
You need to reconcile and integrate those changes in band CSM once it is available / accessible so that it fit, any change in its baseline for the camera - otherwise he crushes them in the next deployment.
-
Cisco ACS 1113 appliance v4.1 - integration of RSA Securid v6.1
The Windows of Cisco ACS version seems to have the ability of integration with RSA Securid its listed in external databases. It can also support the SDI Protocol if you install the agent on the Windows ACS platform. I need to use a Cisco ACS 1113 but RSA Securid does not appear in the section external databases. This mean that I won't be able to use the SDI Protocol only available RADIUS.
And Yes you are right,
With ACS, we need to configure using RADIUS, on ACS SE it won't work with SDI.
Kind regards
Prem
-
Install Cisco Security Manager 4.7 on Hyper-V
Hello
Our clients want to install Cisco Security Manager on a Machine virtual Windows virtualized with Hyper-V. The only references documentation install the software on a Virtual Machine on Vmware systems.
Can be installed without problems, and the installation will rely on the TAC if we open a support case?
Best regards
David
While he expected to work (since CSM is essentially an application running on a Windows Server), it is not a system that meets the requirements of the Setup Guide.
Then... If the TAC has found a problem related to this configuration when you need their help, they would be within their rights to say your installation is unsupported.
-
With the help of Cisco ACS 5.2 (GANYMEDE +) with other than Cisco devices
Hi all
I was hoping that someone could help me with what might be a silly question. I'm trying to implement a solution whereby an operator can control all their nodes (other than Cisco) network via GANYMEDE + involved nodes are
Juniper M10i running Junos 9.2, M120
M320 running Junos 8.5 Juniper
Extremes of BD8810 and BD8806 running 12.4.1.17 XOS
3804 Alpine extreme Extremeware 7.8.3.5 running
My question is, can I use Cisco ACS 5.2 (or 4.2) to authenticate using GANYMEDE + to these other than Cisco devices. Has anyone else done this or I have to use RADIUS? If someone has done this are problems of interoperability with Cisco CS and Junos or XOS extreme. Thank you
/ John
John,
We have a very large deployment of Juniper (T-series, series MX, etc.). We use Cisco ACS and GANYMEDE to manage these devices. The configuration of the ACS is fairly simple. You'll want to create users to connect and match them to the classes on your JUNOS routers. Here is an example:
set system login user uid of engineering 2000
Set system login user engineering genius-class class
set the connection user uid to NOC 2001 System
Set system login user AC AC-class classdefine the system connection Engineering-class idle-timeout 15
define a connection system class engineering-class permissions all
define the system connection AC-class idle-timeout 15
define the connection class AC system class view permissions
Set connection AC-class permissions see the system configurationWe use two classes of genius and NOC. One is defined as a read / write and the second read-only. This is in turn then mapped in ACS (in our case version 4.2) by user or group (preferred). First, you change the configuration of the interface and add a Ganymede junos-exec service and do not enter the Protocol field. Then, you change the attributes of the user group. I've attached screenshots for both on this subject.
Hope this helps.
Derek
-
Install cisco Security Manager
Hello:
I aquire a license CSM and need to install, just have a server and it is installed 3.2 LMS.
Follow the installation instructions, I found that this CSM cannot be installed on the same server as LMS.
This is the paragraph:
"We do not support the coexistence of Security Manager with any third-party software or other software from Cisco (including any brand CiscoWorks 'solution' or 'package', such as the LAN Management Solution [SGA] or the [MV] security/VPN Management Solution), unless we declare explicitly otherwise in this guide, or http://www.cisco.com/go/csmanager .
"
Someone can tell me if this is permanent or can install both on the same server.
Thank in advanced
No problem at all :). Please rate if you find useful messages.
Concerning
Farrukh
-
IPS Manager Express or Cisco Security Manager?
Hi all
We think buy the license for the 5512 IPS - that of above (IPS Manager Express or Cisco Security Manager) is the right tool to read about management purposes? Or I can be selected? If I can choose either, which guy are you advocating?
See you soon!
M
How many systems do you have? If the number is high, the CSM is the way to go. Manage many systems (and keep them in sync with the same political) with IDM and IME is a nightmare. But if it is a single system, the EMI is the right tool for you. It works very well for the follow-up (up to 10 devices) and can also manage them (individually, it is not so easy for more then another system). And it's free.
--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni -
Does Cisco ACS 1113 v4.2 device work with Windows 2008
Hello
I have a wireless currently in production infrastructure. All my Cisco LWAP is managed by Cisco WLC. Authentication is done via RADIUS through my device Cisco ACS 1113 running on version 4.2. The Cisco ACS 1113 device communicates with my Windows 2003 Active Directory. Everything is good now.
Next month, we plan to update Active Directory from Windows 2003 to Windows 2008? Will be all fine and good, or will it be questions? Please advice kindly.
I saw another post in this community that the States https://supportforums.cisco.com/thread/1003597?tstart=0. I am now confused. Help, please.
Kind regards
RAM
+ 60122918870
ACS 4.2 does not work with Windows 2008R2. I had a case of TAC open about this, and basically, they told me that I had to switch to 5.2 ACS. I've been doing demonstrations there and it authenticates with Windows2008R2 very well.
-
Cisco ACS 5.2 VMware 'Management' process hangs
Hello
We recently purchased the Cisco ACS 5.2 VMware must be installed on VMware ESXi 4.1. However, after commissioning the virtual machine with the requirements set out in the Cisco installation guide, GBA is unable to start properly.
We don't get messages visible error, but when checking on the process of the CSA, I see that the process of 'management' is suspended in the "initializing" State
Any ideas how to solve this problem?
Thank you
Gilbert
ESX 4.1 is not supported with ACS 5.1
Virtual Machine requirements
The minimum configuration for the virtual machine must be similar to the hardware configuration of the server series CSACS-1120.
Table 6-1 lists the minimum system requirements to install ACS 5.2 on a VMware virtual machine.
Table 6-1. minimum system requirements
Type of requirementMinimum requirementsCENTRAL PROCESSING UNIT
Intel Core2; 2.13 GHz
Memory
4 GB OF RAM
Hard drives
500 GB of disk storage
NIC
1 GB NETWORK interface
Hypervisor
VMware ESX 3.5 or 4.0
Installation of ACS 5.2 on VMware
Kind regards
Jousset
-
NCS and Cisco Security Manager 4.2 servers
Hi all
I spec'ing on two new servers; one is for a box of first NCS and other area of Cisco Security Manager 4.2. I have decided to go with the range servers Cisco UCS, but am a little unsure of something on the said recommended in the datasheet for the AC.
The NCS data sheet
... reads as follows:
******************************
If the first Cisco NCS deployment as a virtual appliance on a server provided by the customer, one of the following versions
VMware ESX or ESXi can be used:
Version of VMWare ESX or VMWare ESXi 4.1
******************************
This means that the NCS software MUST be be virtualized, or can it be installed and simply turn on something like Windows Server 2008? If Yes, through a serious disk image?
Secondly,.
the two servers are running RAID arrays and I was wondering what are your views on the execution of any (OS, Cisco software, records and other data) set on the RAID array, or the OS and Cisco software on a separate boot disk and store data only on the RAID?
I see no reason why it would not run together on the RAID, but I'm curious to know what you think about it.
In addition, we are upgrading our WCS courses and I was wondering if some kind of migration is necessary or can we just install fresh NCS on the server and configure it accordingly.
See you soon,.
-Dave
Dave,
For the first part, the NCS works only as a virtual machine. You can buy the device hardened to it, but it's still a virtual machine, NCS is presented as a .ova.
Regarding separate them, with NCS I don't think you'll be able to.
Steve
Maybe you are looking for
-
Before I updated to the current version, I checked for "reserves" and found nothing to indicate that the Zone Alarm Extreme Security, ForceField was not compatible with the Version 16.0.2. If I had known that I would not have updated. Y at - it no us
-
Satellite M30 (PSM33C-00100E) - Display driver for Windows 7?
I have had no trouble to Windows 7 Home Premium installation on this computer. The only changes that I made were installing the XP drivers for nVIDIA GeForce FX Go5200 and SD Host Controller. Granted I get only the performance level 1 because of my o
-
IdeaPad Y560, no chance to update the graphics?
Hello community of lenovo, I own an Ideapad Y560 with Windows 7 64 bit. In September, she celebrates her second "birthday". The graphics of the games are improving, then the graphics chip for the Y560 is no longer up-to-date. Is it possible to replac
-
I started my family tree in this program and I only have the printed data... I don't know where are the original files (I guess in an old HD) so I'll retype the data anyway. I liked the configuration of EASYTREE. Y at - it a newer version of this pr
-
My desktop screen is upside down. How he turned around in the right position?
The top of the mu screen is upside down. How di me he turned around in the right position?