Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

cw LMS and ACS

hello

i am trying to let cw administrators authenticated and authorized by ACS.

i changed the authentication from local to ACS/tacacs and i choose the option :Register all installed applications with ACS .

results:

-authentication is ok

-i obtained in groups new tables concerning cw such as : cwhp/Custom attributes ; ciscoview/custom attributes...

i added devices to these tables.

now, in cw i can see the list of devices i am responsible of.

my problem is that in device center i am not getting the same interface as before. many things disappeared.

i am afraid this is because i did not put any things in "custom attributes".

any help

5 REPLIES
Cisco Employee

Re: cw LMS and ACS

ACS integration is tricky. You should go through the document in this post:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc1878c/0#selected_message

And verify the settings are correct. In particular, the LMS System Identity User must have access to all devices in ACS, and its group must have access to perform all LMS tasks.

Silver

Re: cw LMS and ACS

thank you very much for the link. unfortunally my LMS is 2.6 and not 3.0.

i think that's why Super Admin group does not exist in my ACS. should i create it manually?

Cisco Employee

Re: cw LMS and ACS

The instructions I gave you are for 2.6. Yes, you must create the Super Admin role manually in LMS 2.6 for each LMS application. This is documented in the HTML file.

Silver

Re: cw LMS and ACS

thanks again.

ok i followed the instructions and i am getting the authentication ok and authorization is ok for only 1 group (cw group is ok too).

i am getting this error when trying to access device center:You are not authorized to request the Action associated with screenID: "/device.center".

when i look to reports/failed attempts in ACS i find:authorization failed with authorization data: service=cwhp authorize-device=10.50.10.150 cmd*cmf_dc.

strange problem.

Cisco Employee

Re: cw LMS and ACS

This indicates a problem with the role configuration, or possibly the group configuration for your ACS user group. Troubleshooting this over the forum is quite tedious. It would be faster if you opened a TAC service request, and had your engineer review your ACS settings over WebEx. This could probably be solved in a matter of minutes once all of the ACS screens can be analyzed.

221
Views
3
Helpful
5
Replies
CreatePlease to create content