08-01-2006 02:33 AM - edited 03-10-2019 02:41 PM
Hi,
Software Version:
CiscoSecure ACS for Windows 2000/NT
Release 3.0(3) Build 6
I've created the ini file below and added it using csutil -addUDV 8 laurel-vsa.ini (tried other slots too).
[User Defined Vendor]
Name=Laurel
IETF Code=5395
VSA 1=Laurel-Login-Local-User-Name
VSA 2=Laurel-Login-Allowed-Commands
VSA 3=Laurel-Login-Denied-Commands
VSA 4=Laurel-Login-Allow-Config
VSA 5=Laurel-Login-Deny-Config
[Laurel-Login-Local-User-Name]
Type=STRING
Profile=OUT
[Laurel-Login-Allowed-Commands]
Type=STRING
Profile=OUT
[Laurel-Login-Denied-Commands]
Type=STRING
Profile=OUT
[Laurel-Login-Allow-Config]
Type=STRING
Profile=OUT
[Laurel-Login-Deny-Config]
Type=STRING
Profile=OUT
C:\Program Files\CiscoSecure ACS v3.0\Utils>csutil -addUDV 8 laurel-vsa.ini
CSUtil v3.0(3.6), Copyright 1997-2002, Cisco Systems Inc
Adding or removing vendors requires ACS services to be re-started.
Please make sure regedit is not running as it can prevent registry
backup/restore operations
Are you sure you want to proceed? (y/n)y
Parsing [.\laurel-vsa.ini] for addition at UDV slot [8]
Stopping any running services
Creating backup of current config
Adding Vendor [Laurel] added as [RADIUS (Laurel)]
Adding VSA [Laurel-Login-Local-User-Name]
Adding VSA [Laurel-Login-Allowed-Commands]
Adding VSA [Laurel-Login-Denied-Commands]
Adding VSA [Laurel-Login-Allow-Config]
Adding VSA [Laurel-Login-Deny-Config]
Done
Checking new configuration...
New configuration OK
Re-starting stopped services
C:\Program Files\CiscoSecure ACS v3.0\Utils>csutil -listUDV
CSUtil v3.0(3.6), Copyright 1997-2002, Cisco Systems Inc
UDV 0 - Unassigned
UDV 1 - Unassigned
UDV 2 - Unassigned
UDV 3 - Unassigned
UDV 4 - Unassigned
UDV 5 - Unassigned
UDV 6 - Unassigned
UDV 7 - Unassigned
UDV 8 - RADIUS (Laurel)
UDV 9 - Unassigned
All this shows that it has worked ok. However, when I look in the Interface Confirguration section on the GUI, its not there, so I can't use it. Is there something I'm missing, is it a bug with this version of ACS?
I cant upgrade at this time as we're planning to migrate to the Cisco Secure Access Control Server Solution Engine 4.0.
Thanks in advance for your help,
Lee Hecken
08-02-2006 06:25 AM
Hi
All you need do is physically re-start the CSAdmin service:
net stop csadmin
net start csadmin
You'll see the new VSAs. ACS isnt very good at reflecting changes to its "meta config" without csadmin re-starts. This might be documented somewhere in the depths of the user guide :(
Darran
08-02-2006 06:56 AM
Thanks for your reply Darran,
The ACS server has beed reload since adding the VSAs, however I tried the above just to make sure. Same issue, still not showing under Interface Configuration, just the standard enteries.
Any further suggestions? Do you have an ini file I can try that you've used that does show up?
Thanks,
Lee
08-02-2006 07:12 AM
Fixed it.
The new VSA doesnt show up in the Interface Configuration section until after you've set it as the 'authenticate using' method for a AAA client! Then you can select which properties you want to use in the user or group sections.
Rgds,
Lee
07-23-2008 01:39 AM
Hi All,
Ok, I can add UDVs with new vendors. But how can I add new Cisco VSAs? I tried the csutil.exe -addUDV, but I receive a message that "Vendor with IETF code 9 already defined".
I'd like to have the ACS to recognize and report the accountig info sent by a vocie gw.
Any idea?
Thanks,
Attila
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide