Solved: Upgrade ACS to 4.1 --- Remote Agent question

dpatkins · ‎07-12-2007

I updated Cisco ACS from 3.2 to 4.1. After dealing with some issues, we finally got it installed. Now we are facing this remote agent issue. Is there a whole lot of configuration to do for this agent? Below is part of the instructions. I am not real sure what they want me to do. Where is this Cisco computer? Where do we put the Cisco account? We certainly do not have a DC on our network called Cisco. Is it more advisable to put this on a DC or a member server?

Thanks

Dwane

Step 1 Add CISCO workstation.

To satisfy Windows requirements for authentication requests, ACS must specify the Windows

workstation in to which the user is attempting to log. Because ACS cannot determine this information

from authentication requests that AAA clients send, it uses a generic workstation name for all requests.

Use CISCO as the name of the workstation.

In the local domain, and in each trusted domain and child domain that ACS will use to authenticate users,

ensure that:

? A computer account named CISCO exists.

? All users that Windows will authenticate have permission to log in to the computer named CISCO.

For more information, see the Microsoft documentation for your operating system.

Jagdeep Gambhir · ‎07-13-2007

Go to external user da---> DB Configuration--->Windows---->Configiure---->Remote agent---> Choose RA from the drop down--->Summit.

Now acs will use that remote agent.

Regards,

~JG

Please rate if that helps

View solution in original post

Jagdeep Gambhir · ‎07-12-2007

Hi,

You can install Remote agent on member server or on domain controller. My suggestions here would be to install it on member server.

Most Important thing is that the account running remote agent service should have special priv on the domain.

1) It should have act as a part of operating system.

2) Login as batch and Log on as a service rights.

That should make it up and running.

Regards,

~JG

Please rate if that helps !

dpatkins · ‎07-12-2007

JG,

In the instructions, they say to add CISCO workstation. What exactly does this mean? If we installed it on a member server, the server will be previously named. If we install it on a DC, that will be named as well.

Thanks

Jagdeep Gambhir · ‎07-12-2007

Hi,

Actaully that is not necessary to have Cisco workstation added.

It will work without it. Just giving special rights to the service account running remote agent will do it.

Regards,

dpatkins · ‎07-13-2007

Assistance is desperately needed.

I think I am close.

I have configured an account on our NT domain (AD domain) and called it ACSuser. I have made sure the doamin\ACSuser can log on as a service and also Act as part of the Operating System.

I also made sure that the Computer Service CSA Agent had as it's login ACSuser. I have also requested that this Username password never expire.

I have loaded a Windows 2000 server and called it ACSagent1 for right now. It has been added to our Active Directory Users and Computers as ACSAgent1. I then added the Agent one the ACS appliance by calling it ACSagent1 with an IP address of xxx.xxx.114.15. And when I looked at the agent on the appliance, it tells me that Remote Logging and Windows Authentication is not used by this ACS.

When I test from the configuration->systems->servers->authentication servers. I click on my radius server and the it authentication rejects me right away.

I guess one question would be, how do you test your remote agent member server and ACS Se 4.1 connectivity?

Thanks

Jagdeep Gambhir · ‎07-13-2007

Go to external user da---> DB Configuration--->Windows---->Configiure---->Remote agent---> Choose RA from the drop down--->Summit.

Now acs will use that remote agent.

Regards,

~JG

Please rate if that helps