Solved: Re: CISCO NCS with ACS 5.x

mohamed fayz · ‎01-02-2013

Hai Guys,

I integrated Cisco NCS with ACS 5.x both management and lobby admin with required attributes.

Now a new requirement is lobby administrator should possible to edit the configuration, suppose a guest account is expired, he need to edit this and assign for more time for the user. I am wondering how can i set attributes this in ACS??? Since my lobby admin account is in acs with below attributes.

Please anyone help. Its Urgent Requirement !!!!!

stefan.angerer · ‎01-02-2013

you can create a local user in NCS that has exactly the same username as your user account in the ACS database (be aware that this is case sensitive). On the NCS, modify the lobby ambassador's privileges according to your needs.

So your lobby admin will be authenticated against ACS, but its default values will be taken from the NCS user account.

If you can't configure on the NCS local user accounts what you need, you also can't do it with ACS..

hope that helps,

Stefan

View solution in original post

stefan.angerer · ‎01-02-2013

you can create a local user in NCS that has exactly the same username as your user account in the ACS database (be aware that this is case sensitive). On the NCS, modify the lobby ambassador's privileges according to your needs.

So your lobby admin will be authenticated against ACS, but its default values will be taken from the NCS user account.

If you can't configure on the NCS local user accounts what you need, you also can't do it with ACS..

hope that helps,

Stefan

mohamed fayz · ‎01-02-2013

Hai Stefan,

Thats Great . Let me try this, so what about passowrd??? is this should be same as in acs??????

Regards,

Fayz

stefan.angerer · ‎01-02-2013

The password in the NCS doesn't matter at all! Choose any password you like.

mohamed fayz · ‎01-02-2013

Thank You Steffan,

Let me try these.

Regards,

Fayz

dac_bschlueter · ‎01-08-2013

Hi Stefan,

i aleady tried this, but the problem is that the Radius User authenticate with Username@domain

But i can´t add a @domain to a local user on the WCS, so that means the lobby ambassador defaults don´t work.

Do you know how to resolve this topic.

Many thanks in advance for your help!

Regards

Ben

stefan.angerer · ‎01-08-2013

Ben,

since I don't know your environment this is maybe a stupid questions - but is there a specific reason why your users need to add "@domain" when logging in?

Actually I'm not aware of any other workaround for you than removing the domain information (and maybe solving that piece on the RADIUS server).

regards

Stefan

dac_bschlueter · ‎01-08-2013

Hi Stefan,

the reason why our users have to add "@domain" is that we are using OTP to authenticate the users.

We are doing this so that the users have the same login credentials on all the other system they need.

The users and the one time password are matched on an external system, which provides the OTP´s.

That´s why the need this suffix.

regards

Ben

stefan.angerer · ‎01-08-2013

What RADIUS server do you have in place? (ACS4/5, NPS?)

regards

Stefan

dac_bschlueter · ‎01-08-2013

We have an ACS 5.3 which matches the users with the external database

regards

Ben

stefan.angerer · ‎01-08-2013

Sorry, I'm not aware of any possibility to add a suffix to a username with ACS5.

(I was thinking of a rule like "add @domain.local to the username if the request comes from WCS")

regards

Stefan