cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1455
Views
0
Helpful
3
Replies

The problem with importing Internal Users on Cisco ACS

Hrosik1985
Level 1
Level 1

Hi,

I have a problem. Missing passwords or hash when I export the Internal User into CSV. In Template of CSV is columb "password:String(32):Required". But this columbs are empty in export file. Import CSV fails. The problem is missing "password:String" in import file.

 

 

HEADER (Template):

name:String(64):Required,description:String(1024),"dateExceedsEnabled:Boolean(true,false):Required",dateExceeds:Date(yyyy-Mmm-dd),"passwordNeverExpires:Boolean(true,false):Required","enabled:Boolean(true,false):Required","changePassword:Boolean(true,false):Required",password:String(32):Required,enablePassword:String(32),passwordType:String(256):Required,UserIdentityGroup:String(256)
 

USER LINE:

krejci,"Vaclav Krejci, Techsupport",false,,false,true,false,,,Internal Users,All Groups:CDT-users:CDT-technical

 

FOCUS:

--- false,********,,Internal Users ---

******** here is missing String "password:String(32):Required".

 

Any idea? How to export user and password?

 

Thanks for your help.

3 Replies 3

Hrosik1985
Level 1
Level 1

I attach log. It is during import:

 

2015-05-19 19:50:56: Record number: 1, Internal User krejci: Import Failed
Missing mandatory attribute in record number 5, field number 8
-------- Summary --------
Total Number of Records Processed:212
Number of Records Failed:212
Number of Records Imported:0
---------- End ----------
 

Hi there, just wondering if you ever found a resolution to this problem?

I had several problems.
 
First:
In users descriptions was incorrect characters. There can not be characters like punctuation (ěščřžýáíé), comma (because it is a separator in CSV export), exclamation mark, etc.
 
example:
Users and Identitty Stores -> Users -> Description
we use: name/company/contact/additional information
wrong is: Karel Novák, Company, tel.: 123 456 789, !!! Do not deactivate !!!
must be: Karel Novak / Company / 123 456 789 / Do not deactivate
 
The same problem is in the description of Identity Groups.
 
Second:
In version 5.2 was weak password policy. In version 5.6 is stronger password policy. Users who did not have adequate password, he can not be activated.
 
System administration -> Users -> Authentication Settings -> Password Complexity
we use: 6 characters minimum length and no additional requirements (password 123456 is OK)
new version have default: 8 characters minimum length
 
Solution
I corrected manually all descriptions (users, group, ACL etc.)
A user with poor password is disable. I must change user password when he calls me.
 
 
I have problem witch HA mode. That is problem in error: Registration failed due to invalid Certificate. I must disable "Enable Nodes Trust Communication" in System Administration >  Configuration >  Global System Options >  Trust Communication Settings
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: