Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LMS application register in ACS not working properly

Good day,

I have a strange problem,

I've changed LMS to ACS mode and registered all applications without errors, but when I go to ACS then I don't see any options under Group Setup that allows me to select what privilege the group has, however, when I go to "Shared Profile Components" then I see the following:

Network Access Filtering

RADIUS Authorization Components

Network Access Restrictions

Shell Command Authorization Sets

PIX/ASA Command Authorization Sets

Cisco Security Manager

Ciscoworks Common Services

CiscoWorks Portal

CiscoView

Resource Manager Essentials

Ciscoworks Campus Manager

Device Fault Manager

Internetwork Performance Monitor

I've tried to do this manually with ACSRegCli.pl and everything comes out successful, but still I can't select privileges in Group Setup. What could I be missing?

Here is output from command prompt where I tried to register the applications..

C:\Program Files (x86)\CSCOpx\bin>perl AcsRegCli.pl -listNotRegApp

List of applications not registered with ACS from this server:

CM (Campus Manager)

cwhp (CiscoWorks Common Services)

rme (Resource Manager Essentials)

ipm (Internetwork Performance Monitor)

dfm (Device Fault Manager)

CiscoView (CiscoView)

cwportal (LMS Portal)

C:\Program Files (x86)\CSCOpx\bin>perl AcsRegCli.pl -register all

WARNING: If you have already registered the applications with ACS, any custom ro

les you have created in ACS for these applications will be lost.

Do you want to continue(Y - register, N - do not register)?Y

INFO: Running command "ACSRegCli registerAll"

- Application cwhp registration :

Primary ACS server - successful

Secondary ACS server - successful

- Application cwportal registration :

Primary ACS server - successful

Secondary ACS server - successful

- Application CiscoView registration :

Primary ACS server - successful

Secondary ACS server - successful

- Application rme registration :

Primary ACS server - successful

Secondary ACS server - successful

- Application CM registration :

Primary ACS server - successful

Secondary ACS server - successful

- Application dfm registration :

Primary ACS server - successful

Secondary ACS server - successful

- Application ipm registration :

Primary ACS server - successful

Secondary ACS server - successful

C:\Program Files (x86)\CSCOpx\bin>

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: LMS application register in ACS not working properly

You could try since you say the applications do show up under shared profile components. But I've never seen this particular behavior before. What settings do you have under Interface Control > Advanced in ACS?

10 REPLIES
Cisco Employee

Re: LMS application register in ACS not working properly

What versions of LMS and ACS are you using?

New Member

Re: LMS application register in ACS not working properly

ACS Appliance 4.2.0.124

LMS 3.0.1 (5K License)

Cisco Employee

Re: LMS application register in ACS not working properly

Make sure the ACS admin user you specified in LMS is NOT the ACS appliance admin. If it is, create a new admin user in ACS (under Administration Control) with full rights, then use that user when integrating LMS to ACS. Then try re-registering the applications.

New Member

Re: LMS application register in ACS not working properly

I've already checked that... The ,,Appliance Administrator" is root and I'm using administrator that I created called cw-admin with full rights, and yes I've enabled LMS to allow special chars in username....

Cisco Employee

Re: LMS application register in ACS not working properly

Go under Interface Configuration > TACACS+ (Cisco), and make sure the checkbox under the Group column is checked for all of the CiscoWorks "New" services. Attached is a screenshot from my ACS server.

New Member

Re: LMS application register in ACS not working properly

The New Service list is empty, shall I create it by hand?

Cisco Employee

Re: LMS application register in ACS not working properly

You could try since you say the applications do show up under shared profile components. But I've never seen this particular behavior before. What settings do you have under Interface Control > Advanced in ACS?

New Member

Re: LMS application register in ACS not working properly

I manually added all of these, and now I see the option under Group Setup....

I've attached a screenshot of the Advanced settings under Interface Control....

Now I just have to login and confirm this working.... Any other info you want me to post here regarding this?

Cisco Employee

Re: LMS application register in ACS not working properly

You have a few settings which differ from my server, but none that should account for this. Go ahead, and configure the missing LMS applications, then setup your System Identity User and group in ACS, and see what LMS says.

New Member

Re: LMS application register in ACS not working properly

This works like a charm! :D Thank you so much jclarke

218
Views
0
Helpful
10
Replies