cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1715
Views
0
Helpful
3
Replies

How to add network device groups/users to Tacacs using API or perl/Expect

ravi.malghan
Level 1
Level 1

Hi: our group today adds new network device groups, devices, users manually to tacacs using Web GUI. I am trying to automate this process. I have the capability to connect to database and insert/update/delete records from our trouble ticketing system or run Expect like scripts. Is there anyway to use this capability to perform these functions?

Thanks

Ravi

3 Replies 3

darpotter
Level 5
Level 5

Hi Ravi

Check out the RDBMS Sync feature in ACS. You basically add transaction rows into a table (csv or odbc based) which ACS processes. You can add/configure users and groups, devices and device groups.

ACS can run the import on a scheduled basis too.

The ACS docs are here: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/configuration/guide/rdbms_sync.html

with specific descriptions of the actions codes you need here: http://www.ciscosystems.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/ag.html#wp89549

Hi: thanks for the details. This is what my TACACS administrator recommended as well. The only problem with this solution, I have no way of knowing if the import created my transactions successfully other than logging into the GUI in looking for the entry. I want my system to know if a new request the system requested was successfully completed and eliminate manual intervention as much as possible. I was hoping there is some command I can execute with the csv file as a option and look at the return code to decide if the action was successful. Let me know if you have any comments.

TIA

Ravi

lanstreamer
Level 1
Level 1

If you are using ACS 4.x and possibly earlier there are some fairly basic import functions for users, NDGs etc available using the csutil.exe utility on the ACS Windows server.

You have to create a text file in a particular format then run the csutil utility on the master ACS server to import.

Check out http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_CSUtil.html

I had heard that ACS 5.0 was going to introduce APIs to make system administration and integration with other systems easier but reading through the documentation available on cco as of now there's no sign of that yet.

Hope that helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: