Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2621
Views
0
Helpful
3
Replies

Cisco ACS v4.1 - User Export incl. Authentication Method

brianlilly
Level 1
Level 1

‎08-04-2010 04:55 AM - edited ‎03-10-2019 05:18 PM

Hi,

I wish to export a list of all our users, to include their group and more importantly, their password authentication method. We have a combination users that authenticate using both ACS internal database and also external RSA Secure ID database. Basically I need to identify all users who are NOT authenticating against Secure ID.

I ran CSUtil.exe -u   , however this only gives me the user & group, doesn't list the authentication method per user.

Thanks,

Brian

Labels:
0 Helpful
3 Replies 3

brianlilly
Level 1
Level 1

‎08-06-2010 03:36 AM

From reading other posts within the forum, it seems the extraxi aa reporting tool can give me exactly what I need. I downloaded the trial version and tested it succesfully. I can extract the exact information I require but the reports on the trial version purposely only show 50% of the records, so I can't get all the information I need. The software is expensive to licence so not an option at the moment.

Anyone any ideas how I can extract this information from the ACS database? The information I require is:

User Name

Group Name

Database Type

The information is obviously in the database, I just need to figure out a way of extracting it! Cheers.

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to brianlilly

‎08-06-2010 04:48 AM

Brian,


Unfortunately, CSUtil.exe will only list the users & group they are a member of. So the simple answer is no.


If the goal is to set everyone to use token authentication, you could get export a list of all users with CSUtil.exe, then use the client import option to update database used for authentication of all users. Here is the url for documentation on this and other CSUtil.exe options.


=====================
Via Csutil

Created a file in text format

ONLINE
UPDATE::EXT_SDI
ADD::EXT_SDI:PROFILE:
DELETE:

csutil -i 
=====================


If you feel adventerous, you could explore the contents of the dump.txt. by running csutil -d

This file does contain the information you are looking for. However, there is no documentation or support available for reading or decrypt it.,



Regards,

Jatin


Do rate helpful posts-

~Jatin
0 Helpful

brianlilly
Level 1
Level 1
In response to Jatin Katyal

‎08-06-2010 05:53 AM

Jatin,

Thanks for the information. The goal at this stage is just to identify users who are authenticating against the ACS internal database. I used csutil -d and imported the dump.txt file into a trial version of Extraxi AAA-Reports. Using the query builder within the application I can easily grab the information I require (although the trial version will only show me 50% of the results/output)

I've already been looking manaully through the dump.txt file, I haven't been able to easily distinguish users who authenticate againts RSA Secure ID v ACS internal database, yet!

Thanks again for your help.

Brian

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents