ACS and APC UPS - radius authentication

Unanswered Question
May 5th, 2008

Has anyone configured their APC UPS network managment cards to authenticate to ACS. The cards support radius, and I have that working, but the user only works as read only. How can I get them to work at at admin level ? I am not sure how to pass the attibutes back to the UPS.

Thanks for any tips.

Randy

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (2 ratings)
Jagdeep Gambhir Tue, 05/06/2008 - 05:10

Randy,

It works , no issues at all. In order to get all the options on the APC cards, you need to integrate the .ini file provided by the vendor.

With that INI we will upload APC radius attributes in acs.

Regards,

~JG

Do rate helpful posts

darpotter Tue, 05/06/2008 - 05:14

You need to return some APC Vendor Specific Attributes. These will not be defined in ACS so you'll need to add them. This process is documented in the ACS User Guide - basically you create a .ini file with the VSA info and load it with csutil or rdbms sync.

APCs vendor id is 318. You need to add a single integer attribute "APC-Service-Type" (id #1) which can take the following values:

1 adminsitrator

2 device-manager

3 read-only users

Good luck

Darran

rduke Thu, 05/08/2008 - 09:32

Guys,

Sorry I forgot to post that I had it working. It was easier than I thought because all I needed to do was add Radius IETF option #6 and select "administrative".

I did see the APC info regarding VSA's, but I did not know how you input that data. I will have to look into the csutil and rdmns sync utilities since I am new to ACS.

thanks,

Randy

nathan.eger Thu, 12/08/2011 - 14:30

FYI

I setup the same configuration in ACS 5.1 with the VSA attributes stated, with no problems. See inserted image for details.

CSCO10973017 Thu, 06/05/2008 - 16:03

Save the following into an ini file and use the CS Utils feature to import the UDF / VSA

Don't include the lines "====" bits!

You can rename the Admin/Device/ReadOnly to what ever you like as the interger value is what is important, the name is only used byt the ACS interface for displaying the options in the HTML.

=====================================

[User Defined Vendor]

Name=APC Devices

IETF Code=318

VSA 1=APC-Service-Type

[APC-Service-Type]

Type=INTEGER

Profile=OUT

Enums=APC-Auth-Type

[APC-Auth-Type]

1=Admin

2=Device

3=ReadOnly

=====================================

Actions

Login or Register to take actions

This Discussion

Posted May 5, 2008 at 12:22 PM
Stats:
Replies:5 Avg. Rating:
Views:2692 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard