User and Group Database Migration

Unanswered Question
darpotter Tue, 02/06/2007 - 23:57

Someone at Cisco decided that from 4.0 onwards they wouldnt upgrade from every previous version any more.

I think this means you'd have to upgrade the existing server to 3.1 then create a backup.

NExt install 3.1 on the new server and restore the backup.

Lastly upgrade the new server to 4.1 and cross your fingers it upgrades smoothly!

An easier (but less complete) method is simply to run csutil -d on the first server, copy the dump file to the new one and then use csutil -l. HOWEVER... this can cause problems if you're group/user config uses NDGs (eg NDG->DCS command authorisation) because only NDG indexes are in the dump file.

When you re-create the NDGs on the new server the indexes are likely all be different.

So in summary only use the csutil route if your just moving very simple groups or users.

BTW there is an option for csutil to load just the users from a dump file leaving groups untouched (run csutil -x to find out more)


ps we're seeing more people installing ACS (and aaa-reports!) under VMWare - which then makes hardware upgrades a non-issue.

amrkrish Wed, 02/07/2007 - 10:48

Its always safe to follow CISCO recommended procedures as it will be trustworthy.

ACS 4.1 supports the following upgrade paths.

These paths have been tested and are supported:

Cisco Secure ACS for Windows, release 3.3.3 to ACS 4.1

Cisco Secure ACS for Windows, release 4.0 to ACS 4.1

For releases of ACS prior to ACS 3.3.3, you must first upgrade to ACS 3.3.3, then upgrade to ACS 4.1.


This Discussion