08-20-2009 06:40 AM
Good day,
I have a strange problem,
I've changed LMS to ACS mode and registered all applications without errors, but when I go to ACS then I don't see any options under Group Setup that allows me to select what privilege the group has, however, when I go to "Shared Profile Components" then I see the following:
Network Access Filtering
RADIUS Authorization Components
Network Access Restrictions
Shell Command Authorization Sets
PIX/ASA Command Authorization Sets
Cisco Security Manager
Ciscoworks Common Services
CiscoWorks Portal
CiscoView
Resource Manager Essentials
Ciscoworks Campus Manager
Device Fault Manager
Internetwork Performance Monitor
I've tried to do this manually with ACSRegCli.pl and everything comes out successful, but still I can't select privileges in Group Setup. What could I be missing?
Here is output from command prompt where I tried to register the applications..
C:\Program Files (x86)\CSCOpx\bin>perl AcsRegCli.pl -listNotRegApp
List of applications not registered with ACS from this server:
CM (Campus Manager)
cwhp (CiscoWorks Common Services)
rme (Resource Manager Essentials)
ipm (Internetwork Performance Monitor)
dfm (Device Fault Manager)
CiscoView (CiscoView)
cwportal (LMS Portal)
C:\Program Files (x86)\CSCOpx\bin>perl AcsRegCli.pl -register all
WARNING: If you have already registered the applications with ACS, any custom ro
les you have created in ACS for these applications will be lost.
Do you want to continue(Y - register, N - do not register)?Y
INFO: Running command "ACSRegCli registerAll"
- Application cwhp registration :
Primary ACS server - successful
Secondary ACS server - successful
- Application cwportal registration :
Primary ACS server - successful
Secondary ACS server - successful
- Application CiscoView registration :
Primary ACS server - successful
Secondary ACS server - successful
- Application rme registration :
Primary ACS server - successful
Secondary ACS server - successful
- Application CM registration :
Primary ACS server - successful
Secondary ACS server - successful
- Application dfm registration :
Primary ACS server - successful
Secondary ACS server - successful
- Application ipm registration :
Primary ACS server - successful
Secondary ACS server - successful
C:\Program Files (x86)\CSCOpx\bin>
Solved! Go to Solution.
08-20-2009 07:33 AM
You could try since you say the applications do show up under shared profile components. But I've never seen this particular behavior before. What settings do you have under Interface Control > Advanced in ACS?
08-20-2009 06:42 AM
What versions of LMS and ACS are you using?
08-20-2009 06:51 AM
ACS Appliance 4.2.0.124
LMS 3.0.1 (5K License)
08-20-2009 06:52 AM
Make sure the ACS admin user you specified in LMS is NOT the ACS appliance admin. If it is, create a new admin user in ACS (under Administration Control) with full rights, then use that user when integrating LMS to ACS. Then try re-registering the applications.
08-20-2009 06:54 AM
I've already checked that... The ,,Appliance Administrator" is root and I'm using administrator that I created called cw-admin with full rights, and yes I've enabled LMS to allow special chars in username....
08-20-2009 07:23 AM
08-20-2009 07:28 AM
The New Service list is empty, shall I create it by hand?
08-20-2009 07:33 AM
You could try since you say the applications do show up under shared profile components. But I've never seen this particular behavior before. What settings do you have under Interface Control > Advanced in ACS?
08-20-2009 07:38 AM
08-20-2009 07:41 AM
You have a few settings which differ from my server, but none that should account for this. Go ahead, and configure the missing LMS applications, then setup your System Identity User and group in ACS, and see what LMS says.
08-20-2009 08:05 AM
This works like a charm! :D Thank you so much jclarke
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide