Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1159
Views
0
Helpful
1
Replies

CS-Mars and AAA ACS - fail

Rene Rolsted
Level 1
Level 1

‎11-26-2009 11:48 PM

I try to setup a CS-Mars to AAA Cisco ACS

I setup the mars to RADIUS(Cisco VPN 3000/ASA/PIX 7.x+) with shared secret 1234

Cisco ACS hostname: cis04ba1

CS-Mars hostname: mars01ba1

I got this error logs in Failed Attempts

Viewing CSV File

Date Time Message-Type User-Name Group-Name Caller-ID Network  Access Profile Name Authen-Failure-Code Author-Failure-Code Author-Data NAS-Port NAS-IP-Address Filter  Information PEAP/EAP-FAST-Clear-Name EAP  Type EAP  Type Name Reason Access  Device Network  Device Group AAA  Server Cisco:PA:PA-Name Cisco:PA:PA-Version Cisco:PA:OS-Type Cisco:PA:OS-Version Cisco:PA:OS-Release Cisco:PA:Kernel-Version Cisco:PA:Machine-Posture-State Cisco:Host:ServicePacks Cisco:Host:HotFixes Cisco:Host:HostFQDN Cisco:Host:Package cisco-av-pair Cisco:HIP:CSAVersion Cisco:HIP:CSAOperationalState Cisco:HIP:CSAMCName Cisco:HIP:CSAStates Cisco:HIP:DaysSinceLastSuccessfulPoll NAI:AV:Software-Name NAI:AV:Software-ID NAI:AV:Software-Version NAI:AV:Scan-Engine-Version NAI:AV:Dat-Version NAI:AV:Dat-Date NAI:AV:Protection-Enabled Trend:AV:Software-Name Trend:AV:Software-ID Trend:AV:Software-Version Trend:AV:Scan-Engine-Version Trend:AV:Dat-Version Trend:AV:Dat-Date Trend:AV:Protection-Enabled
27/11/200908:42:02Authen failedtestAdministrator..(Default)External DB user invalid or bad password....test10.1.20.100..........mars01ba1DiverseCIS04BA1..

I have tried to set CS-Mars to RADIUS(IETF) this is the same

But why is there a user with username test

I upload a pdf file with screenshots

Labels:
Preview file
130 KB
0 Helpful
1 Reply 1

Elly Bornstein
Cisco Employee
Cisco Employee

‎11-27-2009 05:16 PM

Not sure which resources you used to configure this, but this looks like Cisco ACS server, so "Generic AAA server" will cause us to parse logs from this device wrong on MARS.

Follow this guide to add the ACS server to MARS:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgAaaSv.html#wp914530

There is also a section in here on bootstrapping your ACS for MARS:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgAaaSv.html#wp914530

Make sure you have done both the above. You might even want to start over with everything you have done thus far.

-Elly

0 Helpful
Customers Also Viewed These Support Documents