Problem setting up ACS integration on LMS 3.1

Unanswered Question
Jul 28th, 2008

Getting a message about System Identity User not configured properly. Attaching screenshot. Any ideas?

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Joe Clarke Mon, 07/28/2008 - 13:27

You need to configure your System Identity User (as seen under Common Services > Server > Security > System Identity Setup) in ACS, and give it access to the Super Admin group for all LMS applications.

chillymac47 Mon, 07/28/2008 - 16:47

I may not be doing this correctly. For now I am only interested in having ACS do the authentication with a local user ids providing the authorization. What is the procedure to do this? Thanks.

Joe Clarke Mon, 07/28/2008 - 16:56

Simply configure the TACACS+ login module under Common Services > Server > Security > AAA Mode Setup. Do NOT select the ACS radio button.

chillymac47 Tue, 07/29/2008 - 04:42

OK that worked until I rebooted the system. After rebooting the LMS server, the authentication via TACACS still works, but I no longer have administrative authority. I have to reset the login module back to local in order to get in with administrative authority.

Joe Clarke Tue, 07/29/2008 - 06:51

It sounds like you're still integrated with ACS for authorization. If you're just using the TACACS+ login module ONLY, authorization should be handled by the local database. Of course, every user in the TACACS+ server must have a local entry in the LMS database. Make sure the username in TACACS+ matches exactly with one under Common Services > Server > Security > Local User Setup.

chillymac47 Tue, 07/29/2008 - 07:14

The usernames match exactly. Is there anyway to validate how it is trying to do the authorization with some debugging option so we can determine if it may be hanging on to some configuration from the failed attempt at using ACS for authorization, as you suggested? Thanks for your quick responses.

Joe Clarke Tue, 07/29/2008 - 07:23

You can look in NMSROOT/MDC/etc/regdaemon.xml. If the AdminModule is set to ACS, then it is still using ACS for authorization. If set to CMF, then it's using the local database.

Actions

This Discussion