Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
922
Views
0
Helpful
2
Replies

ACS - Shell Command Authorization Sets

steve pearson
Level 1
Level 1

‎01-07-2011 07:57 AM - edited ‎03-10-2019 05:41 PM

Hi,

I have had a problem where a set of users in two groups in ACS are struggling entering commands.  The commands are set in the Shell Command Authorization Sets and this hasnt changed.  Other commands are working.  As this is spanning two groups in ACS I am thinking it's not something with the groups but the command sets itself.

Just to check, the commands are 'clear port-security' and clear mac address-table' - I have entered in Command 'clear' and the following attributes;

permit port-security
permit mac address-table'

I've also ticked 'Permit unmatched args'

At the same time as this is occuring I have been recieving the following messages from the ACS server via email;

Test Timed out for service: CSAdmin
Test Timed out for service: CSAuth
Test Timed out for service: CSDbSync
Test Timed out for service: CSLog

I have looked at other posts and have restarted CSMon.  This then stops the messages for some time, then a day or so later I get the messages again.

Could this be tied in with the command issue?  Is there something else I should look at other than restarting the server and the CSMon service again?  All other CS' services are running.

Thanks!!

Steve

Labels:
0 Helpful
2 Replies 2

Nicolas Darchis
Cisco Employee
Cisco Employee

‎01-08-2011 12:14 AM

When you are failing to authorize the commands, what is the error message ? It would be interesting to see a package.cab of that

What version of ACS are you running by the way ?

And when you restart CSMon and the message doesn't appear for a day, is your command problem gone too ?

Nicolas

0 Helpful

steve pearson
Level 1
Level 1
In response to Nicolas Darchis

‎01-08-2011 06:10 AM

Thanks for your reply!

there are no errors, the switch ios is putting the asterics as it does when you enter a command that is not recognised, i.e. for clear port-security the port-security onwards is not recognised.  On this note, the user is entered into priviledge mode and not in configure terminal mode, just base priviledge mode.  The group in ACS is set to max priviledge level 7 and have also set this on the user account in addition.

I am using ACS v 4.1.

While I receive the service messages and also when they go away - I always have the authorisation problem.

Thanks

Steve

0 Helpful
Customers Also Viewed These Support Documents