I want to integrate LMS 3.1 with ACS 4.1.
We have two servers and the Master/Slave configuration works fine.
I read the whitepaper for this task and configured all the steps at both servers.
All fine at first, but on the slave the authentication tells "Ciscoworks local" instead of TACACS+.
The failed attempts in ACS log tells, that both servers want to login with a user called "secretuser"!
I didn't configure such a user and I didn't know where the user is in the LMS configuration?!?
Is it a default user in the depth of the configuration?
I thought that the systemiduser is configured for this part...
Okay, the workaround is to configure this user in the ACS with the same password *g*
And what shall I say, no failed attempts and the slave tells TACACS+ for authentication!
The second problem is, that I can't configure the rights for users because There are two entries for every part of LMS (CM, RME, CWHP, Portal,...). I thought that is okay because I have to servers.
But if I configure the first CWHP and then the second, the first is empty again. Configure the first once again, than the second is empty.
It looks like that the authorization on the second server does not work. On the Master I have rights for helpdesk and on the slave it is full authorization.
The third problem is, that I can't disable users on ACS to login in LMS.
I Thought setting up a user on all the ciscoworks entries to "none" in ACS the user has no rights to access to the LMS.
But he can with helpdesk rights.
Thanks for your help!