IDS authentication help via SSH

soc · ‎10-17-2005

I am able to get to the login screen via SSH. I login with my username and password but receive the following Error: Cannot communicate with authenticationApp (getUserAccountConfig). Please contact your system administrator.

Would you like to run cidDump?[no]:_

So far, I have tried to login using the service account to restart the .cids services but i am unable to shuttdown the CIDS. I am getting the response:

Remove cidmodcap: cidmodcap: Operation not permitted.

I have also seen:

cidmodcap module not loaded - nothing to do!

I need help on how to resolve this. I have rebooted the IDS sensor from the service account. I don't think the mainApp is starting. Any suggestions?

Thank you!

brymiller · ‎10-17-2005

When you configure the IDS from the CLI you type 'setup' and one of the questions asks you if you want to modify the network access list. You need to type yes and identify the IP address of the host you are going to manage the IDS from.

soc · ‎10-17-2005

This device has already been configured with all intial settings. The access-lists already permit me as a host. I used to be able to authenticate via ssh just fine. I'm guessing that I am not explaining my scenario very well. Let me try again:

I can pass my username and password credentials to the unit, however instead of receiving the #, I receive:

Error: Cannot communicate with authenticationApp (getUserAccountConfig). Please contact your system administrator.

Would you like to run cidDump?[no]:

I cannot get past this point. If I hit enter, my ssh connection is lost. Keep in mind that I am able to login with the service acct that I have configured and I am able to change directories, reboot, etc.

I also stated earlier that my mainApp is not started.

How can I overcome these issues?

Thank you for your time.

marcabal · ‎10-17-2005

authenticationApp in version 5.0 is a part of mainApp.

So if mainApp is Not Running then authenticationApp is also Not Running.

authenitationApp in version 4.1 is a separate application, but the authenticationApp can not usually be reached in mainApp is down.

So the problem is likely not with your setup of SSH or your username or password. The problem is that your sensor has encountered a bug of somekind that caused mainApp to stop running.

What to do:

1) Reboot your sensor. If you have physical access to the sensor you can just flip the power switch Off and On. If you are remote to the sensor try logging in as the user service then switching to user root. As user root you have the following possibilities that might work:

a) Execute "/etc/init.d/cids stop" wait for all cids processes to stop. Then execute "/etc/init.d/cids start" to restart the cids processes. Then switch to user "cisco" and execute the "reset" command. The cids stop and start shoudl clean up most things, but I would recommend following it with the "reset" just to ensure everything is properly cleared up because of the mainApp bug you've run in to.

b) Execute the "reboot" command as user root

c) Execute "init 6" as user root.

2) Ensure that mainApp starts back up after the reboot. Ensure that you can SSH into the sensor as user cisco.

3) Check what version you are running. Apply the latest Service Pack if necessary. There are several issues that have been fixed in recent service packs.

If running version 4.1 then ensure Service Pack 4.1(5) is installed.

If running version 5.0 then ensure Service Pack 5.0(4) is installed.

4) If this happens again, then you need to contact the TAC. At the error prompt "Would you like to run cidDump?[no]" you should answer "yes" and send the output to the TAC as part of your case.

Engineering will evalutate the cidDump output to try and determine what the bug is.

Marco