cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
899
Views
0
Helpful
10
Replies

LMS application register in ACS not working properly

gudvardur
Level 1
Level 1

Good day,

I have a strange problem,

I've changed LMS to ACS mode and registered all applications without errors, but when I go to ACS then I don't see any options under Group Setup that allows me to select what privilege the group has, however, when I go to "Shared Profile Components" then I see the following:

Network Access Filtering

RADIUS Authorization Components

Network Access Restrictions

Shell Command Authorization Sets

PIX/ASA Command Authorization Sets

Cisco Security Manager

Ciscoworks Common Services

CiscoWorks Portal

CiscoView

Resource Manager Essentials

Ciscoworks Campus Manager

Device Fault Manager

Internetwork Performance Monitor

I've tried to do this manually with ACSRegCli.pl and everything comes out successful, but still I can't select privileges in Group Setup. What could I be missing?

Here is output from command prompt where I tried to register the applications..

C:\Program Files (x86)\CSCOpx\bin>perl AcsRegCli.pl -listNotRegApp

List of applications not registered with ACS from this server:

CM (Campus Manager)

cwhp (CiscoWorks Common Services)

rme (Resource Manager Essentials)

ipm (Internetwork Performance Monitor)

dfm (Device Fault Manager)

CiscoView (CiscoView)

cwportal (LMS Portal)

C:\Program Files (x86)\CSCOpx\bin>perl AcsRegCli.pl -register all

WARNING: If you have already registered the applications with ACS, any custom ro

les you have created in ACS for these applications will be lost.

Do you want to continue(Y - register, N - do not register)?Y

INFO: Running command "ACSRegCli registerAll"

- Application cwhp registration :

Primary ACS server - successful

Secondary ACS server - successful

- Application cwportal registration :

Primary ACS server - successful

Secondary ACS server - successful

- Application CiscoView registration :

Primary ACS server - successful

Secondary ACS server - successful

- Application rme registration :

Primary ACS server - successful

Secondary ACS server - successful

- Application CM registration :

Primary ACS server - successful

Secondary ACS server - successful

- Application dfm registration :

Primary ACS server - successful

Secondary ACS server - successful

- Application ipm registration :

Primary ACS server - successful

Secondary ACS server - successful

C:\Program Files (x86)\CSCOpx\bin>

1 Accepted Solution

Accepted Solutions

You could try since you say the applications do show up under shared profile components. But I've never seen this particular behavior before. What settings do you have under Interface Control > Advanced in ACS?

View solution in original post

10 Replies 10

Joe Clarke
Cisco Employee
Cisco Employee

What versions of LMS and ACS are you using?

ACS Appliance 4.2.0.124

LMS 3.0.1 (5K License)

Make sure the ACS admin user you specified in LMS is NOT the ACS appliance admin. If it is, create a new admin user in ACS (under Administration Control) with full rights, then use that user when integrating LMS to ACS. Then try re-registering the applications.

I've already checked that... The ,,Appliance Administrator" is root and I'm using administrator that I created called cw-admin with full rights, and yes I've enabled LMS to allow special chars in username....

Go under Interface Configuration > TACACS+ (Cisco), and make sure the checkbox under the Group column is checked for all of the CiscoWorks "New" services. Attached is a screenshot from my ACS server.

The New Service list is empty, shall I create it by hand?

You could try since you say the applications do show up under shared profile components. But I've never seen this particular behavior before. What settings do you have under Interface Control > Advanced in ACS?

I manually added all of these, and now I see the option under Group Setup....

I've attached a screenshot of the Advanced settings under Interface Control....

Now I just have to login and confirm this working.... Any other info you want me to post here regarding this?

You have a few settings which differ from my server, but none that should account for this. Go ahead, and configure the missing LMS applications, then setup your System Identity User and group in ACS, and see what LMS says.

This works like a charm! :D Thank you so much jclarke

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco