10-09-2011 07:40 PM - edited 03-10-2019 06:28 PM
Has anyone updated to ACS 5.3 yet? If so, any complications?
Sent from Cisco Technical Support iPad App
12-12-2011 11:23 PM
There have been issues seen with using tftp for large file sizes; like a backup and restore. It is recommended to use ftp
There are two flavors of backup commands:
On primary will backup OS config + ACS db. On secondary will backup OS config only
On primary will backup ACS db. Nothing to backup on secondary.
Similarly restore. The restore you are looking will therefore look for operating system data which may not be there due to tftp issues
12-13-2011 12:01 AM
Ok, lesson learned, never use TFTP. But why the heck it is available as the protocol option? Who wants to invite problems anyway ? Quick question though. What's the difference between OS config and ACS db. I mean what would I need to back from the OS if it is hardened Red Hat Linux and we only work with ACS application.
12-13-2011 12:31 AM
By ACS db I am referring to the configuration information for ACS performed from within the ACS application
It is possible to make changes to the OS config from the CLI and this is what gets backed up when OS config is backed up. It is less relevant if use the ACS GUI only
There are issues historically with tftp. The original protocol has a file size limit of 32 MB. Thjs was later extended to 4 GB. So need to also make sure that tftp servers supports larger files. I will try and ascertain status of tftp support
12-13-2011 12:38 AM
Aha... My backup file is only 6 MB of size. Then I wouldn't expect any size limitation for TFTP. The actual error message was about not being able to find operating system data in the backup and I did the backup using the first option via CLI (see your listing of two flavours). Does it mean there's still an underlying problem with TFTP or I'm missing something?
12-13-2011 04:17 AM
>What's ADE user, Rob ?
ADE is Application Deployment Engine - which is the OS that the ACS 'application' runs on. ie. cisco have developed their flavour of linux into a hardened OS - that they then run ACS and other applications on.
When you connect to the CLI - that's ADE - so thats your 'admin' user. When you connect to the web-interface and login with 'acsadmin' - thats ACS.
So you've got:
- ADE users - eg. admin - local to the box (although there's options to refer to a TACACS server as I mentioned (but haven't tried)
- ACS Administrators - eg. acsadmin - local to ACS - but in ACS 5.4 - may be able to refer to external user directories
- ACS users - ie. users you create in ACS (we don't have any as we're using our Active Directory for all user-auths)
Same ACS/ADE split with the backups:
- ACS backup just backs up the ACS configuration. Can do scheduled backups from the GUI. Comes from the primary only
- 'backup' backs up ACS + ADE (console/ssh - and 'show run') - but only manual from CLI. If you run from the secondary - only includes ADE config
Rob...
01-18-2012 05:55 AM
freshly succesfully installed an ACS on a VMWare. i am having problem in accesing the web gui. a console PC residing on the same network with the ACS can ping but cannot browse throught the ACS' Web GUI. please help. do i miss out some needed configuration to have it accesible. thanks!!!
01-18-2012 06:08 AM
Couple quick first suggestions
login as "admin" into CLI on box and check that all services are running with the following command
show application status acs
ACS role: PRIMARY
Process 'database' running
Process 'management' running
Process 'runtime' running
Process 'view-database' running
Process 'view-jobmanager' running
Process 'view-alertmanager' running
Process 'view-collector' running
Process 'view-logprocessor' running
Check that all processes are running; especially management
If not issue the following commands to restart the processes and then check again
applicaiton stop acs
application start acs
01-18-2012 06:11 AM
ok try this out tomorrow. thanks!
01-18-2012 04:35 PM
Hi,
i have checked the status of the ACS but the ADE can't display any application. Output is "error finding status information for the application:acs". I am trying to start and stop the ACS via the ADE but it can't start the application. "application failed to start".
04-29-2012 09:56 AM
Praetoleiad,
Did you ever get your issue resolved ?
praetoleiad wrote:
Hi,
i have checked the status of the ACS but the ADE can't display any application. Output is "error finding status information for the application:acs". I am trying to start and stop the ACS via the ADE but it can't start the application. "application failed to start".
04-10-2012 08:48 AM
Hi ,
using version 5.3 upgrade 5-3-0-40-2.
not able to add more than 10 tacacs attributes when trying to configure Shell profile for my WCS wireless controller. it kiks me out. i then decide to use WCS on local mode. any help will be hightly appreciated.
04-10-2012 08:52 AM
Yes. There is an issue on patch 2 as follows:
CSCtx18638 Cannot add custom shell attribute with keyword alert
This is resolved to be resolved in patch 3 which is due to be released early next week.
Issue was introduced on patch 1 of ACS 5.3 so to work around that will need to remove all 5.3 patches
04-16-2012 09:40 AM
Patch 3 for ACS 5.3 has now been posted on CCO and includes a fix for
CSCtx18638 Cannot add custom shell attribute with keyword alert
04-16-2012 09:55 AM
Hi,
I have already downloaded the patch, but I cannot see the release notes - I would like to check what else has been fixed.
Does it get posted later ???
Regards
04-16-2012 10:04 AM
I think it is just taking time to make its way through the system
I am posting the list of CDETS below. Note there are a significant number of fixes related to interaction with active directory
- CSCtx11180 ACS sometimes fails to fetch group info for users in trusted domain
- CSCtw71563 ACS gets disconnected from AD if received duplicate A records for DC
- CSCtu15832 ACS 5.2 will not recover from an RPC failure with a domain controller
- CSCtx71254 ACS 5.3 disconnecting from AD "unlatch" is seen in adclient logs
- CSCty19628 Unassign Mschapv2 group retrieval failure Duplicate of CSCtx11180
- CSCty60915 ACS 5.3 pre-authentication failures with AD for some users
- CSCtw59129 ACS5 tries to contact domains not in trusted list based on username
- CSCty11627 ACS5 sends MS-CHAP-MPPE-Keys attribute in all access-accept packets.
- CSCtx90637 ACS MSCHAPV2 is not hashing the mschap success correctly
- CSCtx18638 Cannot add custom shell attribute with keyword alert
- CSCtx83260 NDG locations not showing up on GUI
- CSCts14694 Accounting requests seen as authentication requests
- CSCty60512 User auth fail when having Authorization rule with built-in group
- CSCtz03041 AD Agent cores management
- CSCty88457 ACS support bundle does not include adclient core files
- CSCtz03084 /opt and /var full-Large ADAgent file containing file descriptor errors
- CSCtz03036 AD Agent cache should be flushed when core is generated
- CSCtz03943 ACS exposes the AD account username and password
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide