08-01-2006 02:33 AM - edited 03-10-2019 02:41 PM
Hi,
Software Version:
CiscoSecure ACS for Windows 2000/NT
Release 3.0(3) Build 6
I've created the ini file below and added it using csutil -addUDV 8 laurel-vsa.ini (tried other slots too).
[User Defined Vendor]
Name=Laurel
IETF Code=5395
VSA 1=Laurel-Login-Local-User-Name
VSA 2=Laurel-Login-Allowed-Commands
VSA 3=Laurel-Login-Denied-Commands
VSA 4=Laurel-Login-Allow-Config
VSA 5=Laurel-Login-Deny-Config
[Laurel-Login-Local-User-Name]
Type=STRING
Profile=OUT
[Laurel-Login-Allowed-Commands]
Type=STRING
Profile=OUT
[Laurel-Login-Denied-Commands]
Type=STRING
Profile=OUT
[Laurel-Login-Allow-Config]
Type=STRING
Profile=OUT
[Laurel-Login-Deny-Config]
Type=STRING
Profile=OUT
C:\Program Files\CiscoSecure ACS v3.0\Utils>csutil -addUDV 8 laurel-vsa.ini
CSUtil v3.0(3.6), Copyright 1997-2002, Cisco Systems Inc
Adding or removing vendors requires ACS services to be re-started.
Please make sure regedit is not running as it can prevent registry
backup/restore operations
Are you sure you want to proceed? (y/n)y
Parsing [.\laurel-vsa.ini] for addition at UDV slot [8]
Stopping any running services
Creating backup of current config
Adding Vendor [Laurel] added as [RADIUS (Laurel)]
Adding VSA [Laurel-Login-Local-User-Name]
Adding VSA [Laurel-Login-Allowed-Commands]
Adding VSA [Laurel-Login-Denied-Commands]
Adding VSA [Laurel-Login-Allow-Config]
Adding VSA [Laurel-Login-Deny-Config]
Done
Checking new configuration...
New configuration OK
Re-starting stopped services
C:\Program Files\CiscoSecure ACS v3.0\Utils>csutil -listUDV
CSUtil v3.0(3.6), Copyright 1997-2002, Cisco Systems Inc
UDV 0 - Unassigned
UDV 1 - Unassigned
UDV 2 - Unassigned
UDV 3 - Unassigned
UDV 4 - Unassigned
UDV 5 - Unassigned
UDV 6 - Unassigned
UDV 7 - Unassigned
UDV 8 - RADIUS (Laurel)
UDV 9 - Unassigned
All this shows that it has worked ok. However, when I look in the Interface Confirguration section on the GUI, its not there, so I can't use it. Is there something I'm missing, is it a bug with this version of ACS?
I cant upgrade at this time as we're planning to migrate to the Cisco Secure Access Control Server Solution Engine 4.0.
Thanks in advance for your help,
Lee Hecken
08-02-2006 06:25 AM
Hi
All you need do is physically re-start the CSAdmin service:
net stop csadmin
net start csadmin
You'll see the new VSAs. ACS isnt very good at reflecting changes to its "meta config" without csadmin re-starts. This might be documented somewhere in the depths of the user guide :(
Darran
08-02-2006 06:56 AM
Thanks for your reply Darran,
The ACS server has beed reload since adding the VSAs, however I tried the above just to make sure. Same issue, still not showing under Interface Configuration, just the standard enteries.
Any further suggestions? Do you have an ini file I can try that you've used that does show up?
Thanks,
Lee
08-02-2006 07:12 AM
Fixed it.
The new VSA doesnt show up in the Interface Configuration section until after you've set it as the 'authenticate using' method for a AAA client! Then you can select which properties you want to use in the user or group sections.
Rgds,
Lee
07-23-2008 01:39 AM
Hi All,
Ok, I can add UDVs with new vendors. But how can I add new Cisco VSAs? I tried the csutil.exe -addUDV, but I receive a message that "Vendor with IETF code 9 already defined".
I'd like to have the ACS to recognize and report the accountig info sent by a vocie gw.
Any idea?
Thanks,
Attila
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: