CiscoWorks authentication via CiscoACS

Unanswered Question
Jul 6th, 2007

Hi,

does anyone have any instructions on how to integrate CiscoWorks with ACS, to allow the authentication of users from there? including which rights need to be given to the user and where?

Jorge

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
David Stanford Fri, 07/06/2007 - 04:58

Have a look at the following link:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_b/lms/lms25/lms25qsg.htm#wp66757

Also:

ON CISCOWORKS

===============

* Step 1: Setup up a System Identity User

-Common Services > Server >Security >Multi-Server Trust Management >System

Identity Setup

* Step 2: Ensure that System Identity User is a local User with all the roles

-Server >Security >Single-Server Management >Local User Setup

ON ACS

=======

* Step 3: Define a group for CW Admin Users in ACS

-Go to GROUP SETUP

-Rename an available Group to something suitable such as CWAdmins

-Edit Settings

-Sessions available to user = unlimited

* Step 4: Add the CW system identity user (and other Admin users in CW) to ACS

-Go to USER SETUP

-Create Users for Ciscoworks including the System Identity User in ACS

-password

-Assign all these Admin users to the Group created in Step 3

* Step 5: Add a network device group with Ciscoworks as a Client

-Go to NETWORK CONFIGURATION

-Name

-IP address or range with wildcard masks

-key

-Authenticate using: TACACS+ (Cisco IOS)

-Submit+Restart

Note: (If NDG options are not visible, you can enable Network Device Groups in ACS under

INTERFACE CONFIGURATION > ADVANCED)

ON CISCOWORKS

===============

* Step 6: Change CW AAA Mode to ACS TYPE (and register CW applications with ACS)

-Common Services > Server > Security > AAA Mode Setup

-Select ACS type

-Fill in IP address/Hostname of ACS server

-Fill in the ACS admin login information and the shared key

Note: ?ACS admin login" must be a user with full admin rights to ACS (i.e. one configured

under Administration Control in ACS with ALL options checked)

-Put a check mark in "Register all installed applications with ACS" **

-Click on apply

-Restart CW Daemon Manager for above changes to take effect.

**WARNING: Make sure that AFTER the first successful registration to any specific ACS

server, you always keep this box UNCHECKED if switching between ACS and non-ACS modes on

LMS server.

Failure to do so will erase all custom roles (SUPERUSER) and you will need to do Step 7-8

on ACS again.

jorge.s Fri, 07/06/2007 - 06:24

I've done this, all ok, but I've limited access on Campus Manager, for example I cannot delete any Network Device in Topology view, which I could before.

Aaron.Koves Thu, 07/12/2007 - 07:17

Sounds like you haven't assigned all the CiscoWorks permissions to your account in ACS.

First go into the Shared Profile Components in ACS to assign permission to roles. If you want a god account like you had before, make a role for each CiscoWorks component and give that role all tasks.

Now go into the configuration for the group your account is and assign that role to each CiscoWorks component.

Actions

This Discussion