Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MARS AAA Authentication with Cisco ACS not working

I have tried to integrate CS-MARS with Cisco ACS for AAA Authentication as per the document.

http://www.cisco.com/web/services/news/ts_newsletter/tech/chalktalk/archives/200711.html

I had added my two ACS Appliances to the CS-MARS and I when I am doing a "test connectivity" and using ACS usernames I am successuflly able to authenticate (as shown in attached picture).

Once I change to AAA Server mode and logout, I am unable to login using AAA (ACS usernames). Don't know what is the problem.

Can someone help me.

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: MARS AAA Authentication with Cisco ACS not working

Your screenshots show that testing authentication (in general) works.  Did you configure local usernames on the CS-MARS box that match the account names in ACS?

> If authentication is set to local, setup user accounts with names and passwords that match the credentials in ACS.  For example, setup an account named "test", as it appears that account is in your ACS server.

> If authentication is already set to AAA, setup users that match (no password necessary).

Also, make sure that the account has the proper permissions in ACS for the MARS device.  Have you done all of this?

3 REPLIES
New Member

Re: MARS AAA Authentication with Cisco ACS not working

Your screenshots show that testing authentication (in general) works.  Did you configure local usernames on the CS-MARS box that match the account names in ACS?

> If authentication is set to local, setup user accounts with names and passwords that match the credentials in ACS.  For example, setup an account named "test", as it appears that account is in your ACS server.

> If authentication is already set to AAA, setup users that match (no password necessary).

Also, make sure that the account has the proper permissions in ACS for the MARS device.  Have you done all of this?

New Member

Re: MARS AAA Authentication with Cisco ACS not working

Hi Michael,

      Thanks, it is working now.

Since I had already set to AAA mode. I had to add only the usernames.

But this kinda beats the purpose of using AAA authentication, since now I have to add all the usernames in CS-MARS also. If I have a new user, I will have to add in the Cisco ACS as well as the CS-MARS.

New Member

Re: MARS AAA Authentication with Cisco ACS not working

Ok, good to know it's working.

You're absolutely right about the duplicate effort of creating the accounts in MARS.  However, it potentially has an upside for some situations (like mine).  If an admin has control of the MARS server and accounts, but not the accounts in the ACS server, it's a bonus.  No one can get access to the MARS server without acknowledgment from the MARS admin.

Considering the kind of information maintained in MARS, that could be a Good Thing™.

765
Views
5
Helpful
3
Replies