CS-Mars and AAA ACS - fail

Unanswered Question
Nov 26th, 2009
User Badges:

I try to setup a CS-Mars to AAA Cisco ACS

I setup the mars to RADIUS(Cisco VPN 3000/ASA/PIX 7.x+) with shared secret 1234


Cisco ACS hostname: cis04ba1

CS-Mars hostname: mars01ba1


I got this error logs in Failed Attempts


Viewing CSV File

Date Time Message-Type User-Name Group-Name Caller-ID Network  Access Profile Name Authen-Failure-Code Author-Failure-Code Author-Data NAS-Port NAS-IP-Address Filter  Information PEAP/EAP-FAST-Clear-Name EAP  Type EAP  Type Name Reason Access  Device Network  Device Group AAA  Server Cisco:PA:PA-Name Cisco:PA:PA-Version Cisco:PA:OS-Type Cisco:PA:OS-Version Cisco:PA:OS-Release Cisco:PA:Kernel-Version Cisco:PA:Machine-Posture-State Cisco:Host:ServicePacks Cisco:Host:HotFixes Cisco:Host:HostFQDN Cisco:Host:Package cisco-av-pair Cisco:HIP:CSAVersion Cisco:HIP:CSAOperationalState Cisco:HIP:CSAMCName Cisco:HIP:CSAStates Cisco:HIP:DaysSinceLastSuccessfulPoll NAI:AV:Software-Name NAI:AV:Software-ID NAI:AV:Software-Version NAI:AV:Scan-Engine-Version NAI:AV:Dat-Version NAI:AV:Dat-Date NAI:AV:Protection-Enabled Trend:AV:Software-Name Trend:AV:Software-ID Trend:AV:Software-Version Trend:AV:Scan-Engine-Version Trend:AV:Dat-Version Trend:AV:Dat-Date Trend:AV:Protection-Enabled
27/11/200908:42:02Authen failedtestAdministrator..(Default)External DB user invalid or bad password....test10.1.20.100..........mars01ba1DiverseCIS04BA1..


I have tried to set CS-Mars to RADIUS(IETF) this is the same


But why is there a user with username test

I upload a pdf file with screenshots

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Elly Bornstein Fri, 11/27/2009 - 17:16
User Badges:
  • Cisco Employee,

Not sure which resources you used to configure this, but this looks like Cisco ACS server, so "Generic AAA server" will cause us to parse logs from this device wrong on MARS.


Follow this guide to add the ACS server to MARS:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgAaaSv.html#wp914530


There is also a section in here on bootstrapping your ACS for MARS:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgAaaSv.html#wp914530


Make sure you have done both the above. You might even want to start over with everything you have done thus far.



-Elly

Actions

This Discussion