Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem setting up ACS integration on LMS 3.1

Getting a message about System Identity User not configured properly. Attaching screenshot. Any ideas?

7 REPLIES
Cisco Employee

Re: Problem setting up ACS integration on LMS 3.1

You need to configure your System Identity User (as seen under Common Services > Server > Security > System Identity Setup) in ACS, and give it access to the Super Admin group for all LMS applications.

New Member

Re: Problem setting up ACS integration on LMS 3.1

I may not be doing this correctly. For now I am only interested in having ACS do the authentication with a local user ids providing the authorization. What is the procedure to do this? Thanks.

Cisco Employee

Re: Problem setting up ACS integration on LMS 3.1

Simply configure the TACACS+ login module under Common Services > Server > Security > AAA Mode Setup. Do NOT select the ACS radio button.

New Member

Re: Problem setting up ACS integration on LMS 3.1

OK that worked until I rebooted the system. After rebooting the LMS server, the authentication via TACACS still works, but I no longer have administrative authority. I have to reset the login module back to local in order to get in with administrative authority.

Cisco Employee

Re: Problem setting up ACS integration on LMS 3.1

It sounds like you're still integrated with ACS for authorization. If you're just using the TACACS+ login module ONLY, authorization should be handled by the local database. Of course, every user in the TACACS+ server must have a local entry in the LMS database. Make sure the username in TACACS+ matches exactly with one under Common Services > Server > Security > Local User Setup.

New Member

Re: Problem setting up ACS integration on LMS 3.1

The usernames match exactly. Is there anyway to validate how it is trying to do the authorization with some debugging option so we can determine if it may be hanging on to some configuration from the failed attempt at using ACS for authorization, as you suggested? Thanks for your quick responses.

Cisco Employee

Re: Problem setting up ACS integration on LMS 3.1

You can look in NMSROOT/MDC/etc/regdaemon.xml. If the AdminModule is set to ACS, then it is still using ACS for authorization. If set to CMF, then it's using the local database.

117
Views
4
Helpful
7
Replies