Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1309
Views
0
Helpful
2
Replies

Problem Authentcation CiscoWorks LMS 4.1 with ACS 5.3

mohamed-elsherif
Level 1
Level 1

‎03-12-2013 09:12 AM

Dear

i have a problem authenticating cisco LMS user through ACS 5 whenever tries  to run a DCR Job  verification it fails to telnet , however it used to work with the pervious ACS 4 but after upgrade , it seems to be a problem , and when i tries to login with this specific user with third party terminal it works fine.

here is logg in the ACS monitor

Failure Reason > Authentication Failure Code Lookup

Failure Reason :

13031 TACACS+ authentication request missing user Password

Generated on:March 12, 2013 7:09:37 PM AST

Description

The TACACS+ authentication request did not provide a user Password

Resolution Steps
The  device is sending a TACACS+ authentication request that is missing  information needed by ACS. Check the device to verify that it is working  properly and has up-to-date software

Labels:
0 Helpful
2 Replies 2

srego4
Level 2
Level 2

‎03-12-2013 04:15 PM

LMS 4.0 allowed only ACS (tacacs) authentication - not authorization. You would have to define roles on the LMS server for authorization. With ACS 5 - there really is no support to add in roles (as in ACS 4.0) in the ACS server. I may not be stating this exactly right, but LMS 4.X broke the integration with ACS ... someone else maybe able to give a better explanation.

0 Helpful

Mat Barry
Level 1
Level 1
In response to srego4

‎03-13-2013 08:21 AM

I'm running the latest version of both, and it's running fine for me.  You may have to change your TacacsPromts.ini file to include the right prompts.  I think it's:

[TELNET]

USERNAME_PROMPT=

PASSWORD_PROMPT=

You'll have to put in your own prompts, though.   Whatever your prompts are, is what goes afterward.

If my prompt is Myspecialprompt: and pass is Myspecialpassword:, I'd use

[TELNET]

USERNAME_PROMPT=Myspecialprompt:

PASSWORD_PROMPT=Myspecialpassword:

If you have more devices with different prompts, just use a comma after the colon.  Btw, you don't need the credentials in there, just the custom prompts.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents