ACS and LMS 3.0

Unanswered Question
Mar 13th, 2008

Hello,

I have updated LMS 2.6 to 3.0, but I have a problem with implementing LMS 3.0 in ACS 3.3 (1) Build 16.

For all User there is not the correct privileges for all applications.

In ACS I've build a AAA Client (LMS-Srv)and gives Group/User "System Administration" rights for all applications.

In LMS "AAA Mode Setup" I configured Tacacs-Server address/port, register all installed applications and so on. After "Apply" the popup displays: Tacacs+, HTTP/HTTPS, AAA Clinet configured, Secret Key Verification -> all successed/configured. But on "System Identification User" displays: Not configured properly for -(rme, CM, dfm, cwportal, ipm). The System ID User is in Tacacs a Superuser.

In ACS I can see that all application are registered, but in User or Group Setup there is for all application two Intems e.g. cwhp and Cisco Works, CM and Cisco Campus Manager, rme and Ressource Manager Essentials, cwportal and Cisco Works Portal and so on.

I don't know is it correct or is it just the registration of old LMS 2.6 ???? But the problem is the privileges of users. in Tacacs-log I can see "Login in cwhp with privilege level 1". How can I change the privilege level for Cisco Works Applications in 15 or "System Administrator".

Thanks for Help.

Greeting Rene

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Thu, 03/13/2008 - 06:25

In LMS 3.0 we create a new ACS role called Super Admin (for all applications). Assuming application registration completed successfully, you should see the Super Admin role under all LMS applications. The list of applications you should have under Shared Profile Components is:

Ciscoworks Common Services

CiscoWorks Portal

CiscoView

Resource Manager Essentials

Ciscoworks Campus Manager

Device Fault Manager

Internetwork Performance Monitor

And as I said, each one should have a Super Admin role within it.

Once you have all the new attributes registered with ACS, configure your System Identity User's ACS group such that its CiscoWorks applications (all of the ones listed above) are granted Super Admin access. Once that is done, you should be able to complete registration.

Actions

This Discussion