09-24-2010 01:39 PM - edited 02-21-2020 04:05 AM
Hello Everyone!
I have an issue with Integration between Cisco Security Manager and ACS. I did the integration, but the user system identity does not have enough privileges. I know what is the problem, but i do not know how i can change the login from ACS to CSM local?
I found a file that specify the following:
Q.
Are there any backend script or command-line interface options to change the login module from ACS to CicsoWorks local?
A.
To revert the LMS server from ACS mode back to local user mode, shut down the CiscoWorks
daemons and run the following script:
NMSROOT/bin/perl ResetLoginModule.pl
(for Solaris)
NMSROOT\bin\perl ResetLoginModule.pl
(for Windows)
Then restart the daemon.
I did that, but does not work, any idea??
Solved! Go to Solution.
10-02-2010 04:15 AM
Hello,
I guess you can try to go through the following FAQ on troubleshooting CSM and ACS integration:
Few things might have gone wrong:
1- this command needs to be executed on the CSM Server cmd prompt (be sure you are not on the client machine)
2- NMSROOT is the directory were CSM Server is installed. Usually is c:\Progra~1\CSCOpx
3- you need to stop the deamon manager before performing this action (and then restart )
For example if the directory is the one above to reset the login to local you might try the following:
net stop crmdmgtd ----> this stops the Daemon Manager (can be done by the services window)
c:\Progra~1\CSCOpx\bin\perl c:\Progra~1\CSCOpx\bin\ResetLoginModule.pl ----> resets to local authentication
net start crmdmgtd -----> restart the Daemon Manager
Can you maybe try again and let me know how it goes?
Thanks
10-02-2010 04:15 AM
Hello,
I guess you can try to go through the following FAQ on troubleshooting CSM and ACS integration:
Few things might have gone wrong:
1- this command needs to be executed on the CSM Server cmd prompt (be sure you are not on the client machine)
2- NMSROOT is the directory were CSM Server is installed. Usually is c:\Progra~1\CSCOpx
3- you need to stop the deamon manager before performing this action (and then restart )
For example if the directory is the one above to reset the login to local you might try the following:
net stop crmdmgtd ----> this stops the Daemon Manager (can be done by the services window)
c:\Progra~1\CSCOpx\bin\perl c:\Progra~1\CSCOpx\bin\ResetLoginModule.pl ----> resets to local authentication
net start crmdmgtd -----> restart the Daemon Manager
Can you maybe try again and let me know how it goes?
Thanks
10-04-2010 04:40 PM
Thanks Stefano,
The problem was i did not run correctly the command from the prompt. I could change the authentication from ACS to Local, but when i try to change again from Local to ACS I have a problem with the System Identity User, when the CSM check the communication with the ACS appears a window with the following message:
System Identity User: Not configured properly for cwhp, csm, autoupdate.
Like the following image:
I think that the problem could be the user admin who i need create like administration of ACS or user who is belong to the group admin, whic is used for the network devices. But i can not find the problem. Any idea??
Thanks,
10-06-2010 03:04 PM
Hello Katherine,
This looks a misconfiguration on ACS but I do not know how exactly what to suggest because I do not know the way you have configured your ACS
I will try to post an how to guide on ACS integration if you are not able to find the root cause. (if it is really urgent please open a TAC case and we will take care of it )
Out of curiosity, which ACS version you are using?
Stefano
10-10-2010 03:41 AM
i have a same type off issue with (not configured properly for -(cwhp,csm,autoupdate)) could u please suggest how did u fixed that issue...
10-10-2010 03:55 AM
What is the ACS version your are using?
10-10-2010 04:05 AM
10-11-2010 03:07 AM
Hi,
this should be an informational only log, If you click on apply, does the integration works fine?
Stefano
10-11-2010 10:43 PM
after this if i apply and restart deamon manger.. and then try to log into the CSM it shows that the server is not ready and did not comes at the user name password window... at this time actually the deamon manger is not stated... if i try to start it manually it did not start so i evantually need to remove the integration of acs from that certaiin commands .. after that i need to reset the casuer... after that csm start working... i was suspecting that the issue is issue is in system identity user as it is showing the message.. that not configured propely for (cwhp, csm, auto update).
further this CSM is installeed on the domain ... do u hink that some doamin polices are creating this deal ..
10-20-2010 10:13 AM
The problem was a privilege inside to the ACS, I had to create a group with full permision only for the CSM and then I tried again and works it!!
Regards,
10-21-2010 12:49 AM
thanks for youtr reply.. actually i did done the same again .. and after doing the same process... i had reset the casuser ... and it started working... as i told u that this sysetem was on the domain .. so i think that the domin policies.. are .. having this issue..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide