cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
777
Views
4
Helpful
7
Replies

Problem setting up ACS integration on LMS 3.1

chillymac47
Level 1
Level 1

Getting a message about System Identity User not configured properly. Attaching screenshot. Any ideas?

7 Replies 7

Joe Clarke
Cisco Employee
Cisco Employee

You need to configure your System Identity User (as seen under Common Services > Server > Security > System Identity Setup) in ACS, and give it access to the Super Admin group for all LMS applications.

I may not be doing this correctly. For now I am only interested in having ACS do the authentication with a local user ids providing the authorization. What is the procedure to do this? Thanks.

Simply configure the TACACS+ login module under Common Services > Server > Security > AAA Mode Setup. Do NOT select the ACS radio button.

OK that worked until I rebooted the system. After rebooting the LMS server, the authentication via TACACS still works, but I no longer have administrative authority. I have to reset the login module back to local in order to get in with administrative authority.

It sounds like you're still integrated with ACS for authorization. If you're just using the TACACS+ login module ONLY, authorization should be handled by the local database. Of course, every user in the TACACS+ server must have a local entry in the LMS database. Make sure the username in TACACS+ matches exactly with one under Common Services > Server > Security > Local User Setup.

The usernames match exactly. Is there anyway to validate how it is trying to do the authorization with some debugging option so we can determine if it may be hanging on to some configuration from the failed attempt at using ACS for authorization, as you suggested? Thanks for your quick responses.

You can look in NMSROOT/MDC/etc/regdaemon.xml. If the AdminModule is set to ACS, then it is still using ACS for authorization. If set to CMF, then it's using the local database.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: