Cisco ACS v4.1 - User Export incl. Authentication Method

Unanswered Question
Aug 4th, 2010
User Badges:

Hi,

I wish to export a list of all our users, to include their group and more importantly, their password authentication method. We have a combination users that authenticate using both ACS internal database and also external RSA Secure ID database. Basically I need to identify all users who are NOT authenticating against Secure ID.


I ran CSUtil.exe -u   , however this only gives me the user & group, doesn't list the authentication method per user.


Thanks,

Brian

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
brianlilly Fri, 08/06/2010 - 03:36
User Badges:

From reading other posts within the forum, it seems the extraxi aa reporting tool can give me exactly what I need. I downloaded the trial version and tested it succesfully. I can extract the exact information I require but the reports on the trial version purposely only show 50% of the records, so I can't get all the information I need. The software is expensive to licence so not an option at the moment.


Anyone any ideas how I can extract this information from the ACS database? The information I require is:


User Name

Group Name

Database Type


The information is obviously in the database, I just need to figure out a way of extracting it! Cheers.

Jatin Katyal Fri, 08/06/2010 - 04:48
User Badges:
  • Cisco Employee,

Brian,


Unfortunately, CSUtil.exe will only list the users & group they are a member of. So the simple answer is no.


If the goal is to set everyone to use token authentication, you could get export a list of all users with CSUtil.exe, then use the client import option to update database used for authentication of all users. Here is the url for documentation on this and other CSUtil.exe options.


=====================
Via Csutil

Created a file in text format

ONLINE
UPDATE::EXT_SDI
ADD::EXT_SDI:PROFILE:
DELETE:

csutil -i
=====================


If you feel adventerous, you could explore the contents of the dump.txt. by running csutil -d

This file does contain the information you are looking for. However, there is no documentation or support available for reading or decrypt it.,



Regards,

Jatin


Do rate helpful posts-

brianlilly Fri, 08/06/2010 - 05:53
User Badges:

Jatin,


Thanks for the information. The goal at this stage is just to identify users who are authenticating against the ACS internal database. I used csutil -d and imported the dump.txt file into a trial version of Extraxi AAA-Reports. Using the query builder within the application I can easily grab the information I require (although the trial version will only show me 50% of the results/output)


I've already been looking manaully through the dump.txt file, I haven't been able to easily distinguish users who authenticate againts RSA Secure ID v ACS internal database, yet!


Thanks again for your help.

Brian

Actions

This Discussion

Related Content