Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

Upgrade ACS to 4.1 --- Remote Agent question

I updated Cisco ACS from 3.2 to 4.1. After dealing with some issues, we finally got it installed. Now we are facing this remote agent issue. Is there a whole lot of configuration to do for this agent? Below is part of the instructions. I am not real sure what they want me to do. Where is this Cisco computer? Where do we put the Cisco account? We certainly do not have a DC on our network called Cisco. Is it more advisable to put this on a DC or a member server?

Thanks

Dwane

Step 1 Add CISCO workstation.

To satisfy Windows requirements for authentication requests, ACS must specify the Windows

workstation in to which the user is attempting to log. Because ACS cannot determine this information

from authentication requests that AAA clients send, it uses a generic workstation name for all requests.

Use CISCO as the name of the workstation.

In the local domain, and in each trusted domain and child domain that ACS will use to authenticate users,

ensure that:

? A computer account named CISCO exists.

? All users that Windows will authenticate have permission to log in to the computer named CISCO.

For more information, see the Microsoft documentation for your operating system.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Upgrade ACS to 4.1 --- Remote Agent question

Go to external user da---> DB Configuration--->Windows---->Configiure---->Remote agent---> Choose RA from the drop down--->Summit.

Now acs will use that remote agent.

Regards,

~JG

Please rate if that helps

5 REPLIES

Re: Upgrade ACS to 4.1 --- Remote Agent question

Hi,

You can install Remote agent on member server or on domain controller. My suggestions here would be to install it on member server.

Most Important thing is that the account running remote agent service should have special priv on the domain.

1) It should have act as a part of operating system.

2) Login as batch and Log on as a service rights.

That should make it up and running.

Regards,

~JG

Please rate if that helps !

New Member

Re: Upgrade ACS to 4.1 --- Remote Agent question

JG,

In the instructions, they say to add CISCO workstation. What exactly does this mean? If we installed it on a member server, the server will be previously named. If we install it on a DC, that will be named as well.

Thanks

Re: Upgrade ACS to 4.1 --- Remote Agent question

Hi,

Actaully that is not necessary to have Cisco workstation added.

It will work without it. Just giving special rights to the service account running remote agent will do it.

Regards,

New Member

Re: Upgrade ACS to 4.1 --- Remote Agent question

Assistance is desperately needed.

I think I am close.

I have configured an account on our NT domain (AD domain) and called it ACSuser. I have made sure the doamin\ACSuser can log on as a service and also Act as part of the Operating System.

I also made sure that the Computer Service CSA Agent had as it's login ACSuser. I have also requested that this Username password never expire.

I have loaded a Windows 2000 server and called it ACSagent1 for right now. It has been added to our Active Directory Users and Computers as ACSAgent1. I then added the Agent one the ACS appliance by calling it ACSagent1 with an IP address of xxx.xxx.114.15. And when I looked at the agent on the appliance, it tells me that Remote Logging and Windows Authentication is not used by this ACS.

When I test from the configuration->systems->servers->authentication servers. I click on my radius server and the it authentication rejects me right away.

I guess one question would be, how do you test your remote agent member server and ACS Se 4.1 connectivity?

Thanks

Re: Upgrade ACS to 4.1 --- Remote Agent question

Go to external user da---> DB Configuration--->Windows---->Configiure---->Remote agent---> Choose RA from the drop down--->Summit.

Now acs will use that remote agent.

Regards,

~JG

Please rate if that helps

235
Views
0
Helpful
5
Replies
CreatePlease to create content