Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
595
Views
3
Helpful
5
Replies

cw LMS and ACS

ohassairi
Level 5
Level 5

‎10-20-2008 11:44 PM

hello

i am trying to let cw administrators authenticated and authorized by ACS.

i changed the authentication from local to ACS/tacacs and i choose the option :Register all installed applications with ACS .

results:

-authentication is ok

-i obtained in groups new tables concerning cw such as : cwhp/Custom attributes ; ciscoview/custom attributes...

i added devices to these tables.

now, in cw i can see the list of devices i am responsible of.

my problem is that in device center i am not getting the same interface as before. many things disappeared.

i am afraid this is because i did not put any things in "custom attributes".

any help

Labels:
0 Helpful
5 Replies 5

Joe Clarke
Cisco Employee
Cisco Employee

‎10-21-2008 09:18 AM

ACS integration is tricky. You should go through the document in this post:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc1878c/0#selected_message

And verify the settings are correct. In particular, the LMS System Identity User must have access to all devices in ACS, and its group must have access to perform all LMS tasks.

ohassairi
Level 5
Level 5
In response to Joe Clarke

‎10-21-2008 09:26 PM

thank you very much for the link. unfortunally my LMS is 2.6 and not 3.0.

i think that's why Super Admin group does not exist in my ACS. should i create it manually?

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to ohassairi

‎10-21-2008 09:30 PM

The instructions I gave you are for 2.6. Yes, you must create the Super Admin role manually in LMS 2.6 for each LMS application. This is documented in the HTML file.

0 Helpful

ohassairi
Level 5
Level 5
In response to Joe Clarke

‎10-22-2008 01:33 AM

thanks again.

ok i followed the instructions and i am getting the authentication ok and authorization is ok for only 1 group (cw group is ok too).

i am getting this error when trying to access device center:You are not authorized to request the Action associated with screenID: "/device.center".

when i look to reports/failed attempts in ACS i find:authorization failed with authorization data: service=cwhp authorize-device=10.50.10.150 cmd*cmf_dc.

strange problem.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to ohassairi

‎10-22-2008 09:01 AM

This indicates a problem with the role configuration, or possibly the group configuration for your ACS user group. Troubleshooting this over the forum is quite tedious. It would be faster if you opened a TAC service request, and had your engineer review your ACS settings over WebEx. This could probably be solved in a matter of minutes once all of the ACS screens can be analyzed.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents