Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS Replication

Is there away to find the shared secret of the primary ACS for replication. The primary was installed several months ago, and no one know the secret password, and I cannot get the replication to occur. I keep receiving shared_secret mismatch.

4 REPLIES
Bronze

Re: ACS Replication

Hi friend,

I didn't found a good answer for you but I found something that could help.

Look this:

###################################################################

The ACS has been reconfigured to require a user name and password to log in locally. Now everyone is locked out. How do I fix this?

The solution to this problem depends on the version of software in place. No matter what software version you have, be sure to back up the NT registry first.

In early versions of ACS, the user name and password requirement for local login is modified in the registry. Issue the regedit command and search for allow AutoLocalLogin. Change the registry value to 1 in order to allow local login, and then recycle the services.

In ACS versions 2.6 and later, issue the regedit command and remove the users in this location:

HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAA##\CSAdmin\Administrators

Under the Administrators key, see all the administrators that you have created. Delete the users and exit the registry. When you access ACS, you are not prompted for a user name and password. Once you are in the GUI, add administrators.

###################################################################

I beliave that it could help you.

This link helps to setup the replication for ACS:

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2086/products_configuration_example09186a00800e518a.shtml

Hope it help. If it does, please rate.

Regards,

Rafael Lanna

New Member

Re: ACS Replication

Do you have access to the primary ACS? If so, log in and you can access the secret in the Network Devices section. The local system will be listed as a AAA device. The secret should be visible.

New Member

Re: ACS Replication

all it shows under local is shared_secret

Silver

Re: ACS Replication

Try this...

Create a new device in network config and give it a shared key like "foo".

Next start regedit. Navigate to HKLM/SW/Cisco/CiscoAAAv3.x/Hosts

Note... replace 3.x with actual version eg 3.2

You'll see a sub-key for each entry in the network config. There will be one for the ACS server itself and the new device you added.

Drill down into the new device, you'll see a value called "key". Use "export" to dump this value to a .reg file.

Edit the .reg file, replace the devicename in the sub-keyname with that of the ACS server, then save the .reg file and re-load into the registry.

eg [HKEY_LOCAL_MACHINE\SOFTWARE\Cisco\CiscoAAAv3.3\Hosts\MyACS]

then net sttop/start all the CSxxxx services.

You've now reset the shared secret for the ACS server itself to a known value.

If it works... vote!

152
Views
5
Helpful
4
Replies
CreatePlease to create content