Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LMS integration with ACS

HI ALL, I had successfully integrated LMS3.0.1 with ACS4.2 & it was working fine. but I noticed it was very slow after integration each window was taking time to open...& HUM front page was not able to seen properly..was not able to view cpu utilization & interface error reports on front page...so I removed the integration of LMS with ACS now its working fine & its fast also. HUM is also viewable...but want to integrate with ACS. Does any body has idea why its slow after integration & why I was not able to view HUM front page (even though systemID account was configured properly was getting passed authentication in ACS.)..is there any solution for this..also when i shut down acs then i was not able to login into LMS..local authentication was not working...any kind of help will be appreciated..

1 REPLY
Cisco Employee

Re: LMS integration with ACS

You need to add an entry for the ACS server into the LMS server's local hosts file. that will correct the performance problem. If pieces of HUM were not working with ACS integration, then I imagine you did not integrate correctly. Make sure that your System Identity User and your login user both have the necessary tasks rights and device access in ACS. For the System Identity User, you must grant all access for HUM for all devices.

Note: there is also a bug in HUM 1.0 if the System Identity User is not admin where jobs can fail to work. The bug is CSCsr93292, and is fixed in 1.0.2 (available from http://www.cisco.com/cgi-bin/tablebuild.pl/cw2000-hum ).

Local authentication is not meant to work when ACS is unreachable. In that case, you have maybe one fallback user (configured in the TACACS+ login module) who can login, and make emergency changes. Typically, though, the solution is to [temporarily] set the login module back to local using the NMSROOT/bin/ResetLoginModule.pl script. A better alternative is to setup multiple ACS servers for redundancy.

132
Views
0
Helpful
1
Replies