Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
504
Views
1
Helpful
2
Replies

CSM 3.2 with ACS 4.1.4 integration.

skipi
Level 1
Level 1

‎06-17-2008 01:44 AM - edited ‎02-21-2020 10:21 AM

Hallo.

I'm trying to integrate this versions of CSM and ACS. CSM is installed on HW as required. ACS is virtual machine on the VMware server.

When I try to switch AAA mode on CSM to acs/tacacs+ I get "AAA Client Not Configured" message, although CSM and every one managed devices are configured in ACS as AAA client devices (as requested in integration guide). In log files I've found only this message (in C:\Program Files\CSCOpx\MDC\tomcat\logs\stdout.log):

error while getting devicegroupname

java.io.IOException: Server returned HTTP response code: 500 for URL: http://<ACS_IP_ADDRESS>:2002/acsAutomate.exe?action=networkDeviceGroup_listGroup

... (lots of java dump ...)

I'm not sure what can be the problem in this case.

Thanks for any help...

Labels:
0 Helpful
2 Replies 2

hadbou
Level 5
Level 5

‎06-23-2008 12:52 PM

First, make sure all TCP ports are open for administration on the ACS server. Then, if this is the ACS appliance, make sure you are NOT using the appliance administrator as the ACS administrator user in LMS. If you are, create a new administrative user in ACS, and grant that user all privileges. Then use that username to do the integration. Finally, try temporarily

switching from HTTPS to HTTP for the initial integration.

Refer "Security Manager Integration With ACS" present in the url below:

http://www.cisco.com/en/US/products/ps6498/products_configuration_example09186a00808eada8.shtml#tro

skipi
Level 1
Level 1
In response to hadbou

‎06-27-2008 05:07 AM

First, this is not an appliance, this is win2k3 server, with ACS install. admin account for CSM was chosen separately from ACS admin. ACS is using only HTTP .

Second, I have followed that guide throughout whole integration.

Additionally, we have hardened underlying OS of ACS server for security. hardening included:

Audit policy,Password policy, Log settings,

Registry settings - TCPIP, LANMAN, SA,

Priviledge Rights, File security for files in %systemRoot%\System32\ and Disabling some unused services.

Maybe some of these security changes made it impossible to integrate ACS and CSM.

0 Helpful
Customers Also Viewed These Support Documents