01-02-2013 02:07 PM - edited 07-03-2021 11:17 PM
Hai Guys,
I integrated Cisco NCS with ACS 5.x both management and lobby admin with required attributes.
Now a new requirement is lobby administrator should possible to edit the configuration, suppose a guest account is expired, he need to edit this and assign for more time for the user. I am wondering how can i set attributes this in ACS??? Since my lobby admin account is in acs with below attributes.
Please anyone help. Its Urgent Requirement !!!!!
Solved! Go to Solution.
01-02-2013 02:32 PM
you can create a local user in NCS that has exactly the same username as your user account in the ACS database (be aware that this is case sensitive). On the NCS, modify the lobby ambassador's privileges according to your needs.
So your lobby admin will be authenticated against ACS, but its default values will be taken from the NCS user account.
If you can't configure on the NCS local user accounts what you need, you also can't do it with ACS..
hope that helps,
Stefan
01-02-2013 02:32 PM
you can create a local user in NCS that has exactly the same username as your user account in the ACS database (be aware that this is case sensitive). On the NCS, modify the lobby ambassador's privileges according to your needs.
So your lobby admin will be authenticated against ACS, but its default values will be taken from the NCS user account.
If you can't configure on the NCS local user accounts what you need, you also can't do it with ACS..
hope that helps,
Stefan
01-02-2013 02:36 PM
Hai Stefan,
Thats Great . Let me try this, so what about passowrd??? is this should be same as in acs??????
Regards,
Fayz
01-02-2013 02:45 PM
The password in the NCS doesn't matter at all! Choose any password you like.
01-02-2013 03:00 PM
Thank You Steffan,
Let me try these.
Regards,
Fayz
01-08-2013 06:42 AM
Hi Stefan,
i aleady tried this, but the problem is that the Radius User authenticate with Username@domain
But i can´t add a @domain to a local user on the WCS, so that means the lobby ambassador defaults don´t work.
Do you know how to resolve this topic.
Many thanks in advance for your help!
Regards
Ben
01-08-2013 10:33 AM
Ben,
since I don't know your environment this is maybe a stupid questions - but is there a specific reason why your users need to add "@domain" when logging in?
Actually I'm not aware of any other workaround for you than removing the domain information (and maybe solving that piece on the RADIUS server).
regards
Stefan
01-08-2013 10:39 PM
Hi Stefan,
the reason why our users have to add "@domain" is that we are using OTP to authenticate the users.
We are doing this so that the users have the same login credentials on all the other system they need.
The users and the one time password are matched on an external system, which provides the OTP´s.
That´s why the need this suffix.
regards
Ben
01-08-2013 10:44 PM
What RADIUS server do you have in place? (ACS4/5, NPS?)
regards
Stefan
01-08-2013 10:49 PM
We have an ACS 5.3 which matches the users with the external database
regards
Ben
01-08-2013 11:00 PM
Sorry, I'm not aware of any possibility to add a suffix to a username with ACS5.
(I was thinking of a rule like "add @domain.local to the username if the request comes from WCS")
regards
Stefan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide