Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
747
Views
5
Helpful
4
Replies

ACS Replication

rschwendeman
Level 1
Level 1

‎12-05-2006 05:29 AM - edited ‎03-10-2019 02:51 PM

Is there away to find the shared secret of the primary ACS for replication. The primary was installed several months ago, and no one know the secret password, and I cannot get the replication to occur. I keep receiving shared_secret mismatch.

Labels:
0 Helpful
4 Replies 4

rafa_lanna
Level 1
Level 1

‎12-05-2006 05:55 AM

Hi friend,

I didn't found a good answer for you but I found something that could help.

Look this:

###################################################################

The ACS has been reconfigured to require a user name and password to log in locally. Now everyone is locked out. How do I fix this?

The solution to this problem depends on the version of software in place. No matter what software version you have, be sure to back up the NT registry first.

In early versions of ACS, the user name and password requirement for local login is modified in the registry. Issue the regedit command and search for allow AutoLocalLogin. Change the registry value to 1 in order to allow local login, and then recycle the services.

In ACS versions 2.6 and later, issue the regedit command and remove the users in this location:

HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAA##\CSAdmin\Administrators

Under the Administrators key, see all the administrators that you have created. Delete the users and exit the registry. When you access ACS, you are not prompted for a user name and password. Once you are in the GUI, add administrators.

###################################################################

I beliave that it could help you.

This link helps to setup the replication for ACS:

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2086/products_configuration_example09186a00800e518a.shtml

Hope it help. If it does, please rate.

Regards,

Rafael Lanna

0 Helpful

jhillend
Level 1
Level 1

‎12-05-2006 09:43 AM

Do you have access to the primary ACS? If so, log in and you can access the secret in the Network Devices section. The local system will be listed as a AAA device. The secret should be visible.

0 Helpful

rschwendeman
Level 1
Level 1
In response to jhillend

‎12-05-2006 12:51 PM

all it shows under local is shared_secret

0 Helpful

darpotter
Level 5
Level 5
In response to rschwendeman

‎12-06-2006 02:10 PM

Try this...

Create a new device in network config and give it a shared key like "foo".

Next start regedit. Navigate to HKLM/SW/Cisco/CiscoAAAv3.x/Hosts

Note... replace 3.x with actual version eg 3.2

You'll see a sub-key for each entry in the network config. There will be one for the ACS server itself and the new device you added.

Drill down into the new device, you'll see a value called "key". Use "export" to dump this value to a .reg file.

Edit the .reg file, replace the devicename in the sub-keyname with that of the ACS server, then save the .reg file and re-load into the registry.

eg [HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAAv3.3\Hosts\MyACS]

then net sttop/start all the CSxxxx services.

You've now reset the shared secret for the ACS server itself to a known value.

If it works... vote!

Customers Also Viewed These Support Documents