Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1674
Views
0
Helpful
5
Replies

CiscoSecure ACS & CiscoWorks2000 login

aspry
Level 1
Level 1

‎10-06-2003 11:35 PM - edited ‎03-10-2019 07:30 AM

I have configured CW2000 to use tacacs+ as the login module with CW2000 local login as the fallback.

Since configuring the above I have noticed that I have been getting 2 or 3 daily failed authentication reports for the admin profile in CiscoSecureACS, stating that the CS password was invalid.

The admin password in CW2000 was changed from the default in the modify profile section.

I should be grateful for any help on this problem.

Labels:
0 Helpful
5 Replies 5

6tschraml
Level 1
Level 1

‎10-10-2003 03:04 AM

The question is:

Do you also have 2 or 3 daily failed login attempts at the login prompt of CISCO Works? Or do these messages

appear without any problems using the admin account of CISCO Works?

Bye. Thomas.

0 Helpful

aspry
Level 1
Level 1
In response to 6tschraml

‎10-13-2003 05:12 AM

Thomas,

Each user of ciscoworks has a their own username and password.

The failed login attempts shown in Cisco ACS are always at 2:00am and 1:00pm everyday.

Hope this is of help.

Thanks Andy

0 Helpful

6tschraml
Level 1
Level 1
In response to aspry

‎10-16-2003 04:05 AM

This is what I would do:

- Check if ACS had problems during that time.

- Are other logins possible during that time? Maybe during telnet to a router?

- Has ACS detected problems during that time at itself using it's

automatic login procedure?

- Increase the automatic login time period of ACS to up to 15 minutes or so.

- Disable automatic replication and automatic backup on ACS to be sure that your ACS is not busy due to it's own maintenance routines

- Reboot Cisco Works AND ACS (sounds stupid but can save time)

- What about a local CW account that is not stored on ACS. Is it possible to login at CW using this local account?

- If all this does not help then I would use a sniffer (installed on the ACS server) like ethereal to find out what's going over the line during the interesting time period.

By the way ... if user authentication fails: Is it possible to login after you retype your password or is access to the system blocked until 2pm? Do you see a "failed login" entry in ACS for every failed login attempt?

And what about a configured access restriction an ACS? Are there

users or groups that are allowed to login only from 2pm to 1am ?

Maybe your CW users are members of such a group and you have assigned them to this group without knowing that this group is *restricted* ?

Bye. Thomas

0 Helpful

pvanvuuren
Level 3
Level 3

‎10-10-2003 04:32 AM

Why do you have an "admin" user account in ACS in the first place? I suggest you remove it. It has no purpose.

Use the Ciscoworks admin local account only for fallback and other admin purposes.

0 Helpful

aspry
Level 1
Level 1
In response to pvanvuuren

‎10-13-2003 05:19 AM

I was unaware that you could delete the "admin" user account.

I have set myself as a user with all systems and adminster priviliges, but that does not allow me to modify or delete the "admin" user.

Can you please help regarding the deletion of the "admin" user.

Thanks

Andy

0 Helpful
Customers Also Viewed These Support Documents