Access to ACS admin console (the ACS web interface menu) is for all ACS admin users (not normal user account that authenticated by ACS).
The web interface allows you to login onto this server either locally from the server itself or remotely (both via web browser).
Login locally means you can have direct access to ACS server management console via web interface without ACS admin authentication.
But if you need to login remotely, i.e from other pc in the same network or other segment, this is where you need to use ACS admin account. You can limit/control the IP Address of the host you can use to login, or the ACS admin account/user privileges to include/exclude certain ACS admin capabilities.
When you refer to the ACS admin account are you talking about the administrator account for the server? When I try the account I created during setup or administrator from Windows they both do not work.
Do you mean even if you access the ACS admin console@GUI from the server hosting ACS itself you can't access the admin console (via web browser)?
By right, no username & password is required to access the admin console. But you need to login to the server using the same user account when you installed the ACS.
BTW, if you double-click on the "Cisco Secure ACS" button, what's the error message you get?
Does your ACS run on Windows 2003? IF so, the ACS administrator account that runs the ACS services must have a Domain Administrator account to authenticate against Windows 2003.
BTW, what's your ACS version & platform?
Yes I am running 2003. Yes the administrator account which created during installation "CSACS" is a domain account in our NT domain. The ACS server is also in our domain. ACS Version 3.3.
My ACS server does not have a domain admin account it's only a normal account. Why would the ACS server require a domain admin status?
I ma having the same problem. I installed ACS 3.3 on a new W2K3 server and I simply want to access the GUI Admin via http://ip address:2002
What login would I use here? Is there a default? I authenticate AAA clients via local database so I don't tie in the windows domain user accounts.
This sounds like a bug. If you access http://127.0.0.1:2002 you should not have to enter any credentials.
By default ACS will always allow unauthenticated local access. This can be changed under Admin Config / Session Policy "Allow automatic local login"
Could be an issue with v3.3 on Server 2003
I'd contact the TAC.
Actually, you bring up another issue I am having. Locally on the server from a web browser if I enter http://127.0.0.1:2002 I just get a blank screen.
From my laptop over the network when I enter http://ip address:2002 I do get the login screen, but back to my original statement I have know idea what to enter for credentials??
This is a catch-22 Im afraid.
Until you log in locally you can't create admin users as this can only be done via the web interface.
If you cant login locally (and you've ruled out java issues on the browser) your only option is to remove, clean & re-install.
I've seen the issue with the blank page when connecting locally. In Internet Explorer, I had to add the loopback address as a trusted site. (Tools, Internet Options, Security).