Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS 2.3.(6) - Authentication prob on GSR 12012

Hi all,

I have managed to install and configure ACS 2.3.6 in a Solaris.

I am able to telnet in many diff routers such as 7004VXR, 3600, Catalyst Switces and so on. I am also able to telnet in both of our three GSRs. My problem is tha in the last GSR when I try to telnet, have debug tacacs on from a differenet vty, I get the error: CHECK KEYS. Well I did. I triple check them, I changed them in to something simple but still nothing. In this GSR we are running Version 12.0(21)ST1 IOS. I checked for bugs and etc but nothing...

Then I did something else. I put the same packet, ACS 2.3.6, in a W2K server and I finally was able to telnet. I know it's strange enough but if someone can give a clew I would appreciate it.

That's 4 the GSR. One other prob that I have, is that when I try to access my ACS from "web", in the ADVANCED mode, when the applet trys to load I get a "SECURITY ERROR" and I am logged off. I do http://my_server/cs.

I log in with username-passwd, and when I click in the ADVANCED MODE tab I get this error. The only way to do ADVANCED MODE settings is through an X-Client, directly in the server and not through any other desktop PC.

Thanks in advance,

Kostas

1 REPLY
New Member

Re: ACS 2.3.(6) - Authentication prob on GSR 12012

Well finally I found the solutions by myself. I will just post them 4 future use.

Before I do this let me say something that we say here in Greece. It's an expression that says: RTFM. Wich means: ReadTheF****Manual. :-)

So, for the authentication prob on the GSR, it was a DNS prob. The ACS by it's self doesn't look for a DNS but the Solaris does. So if u have a wrong entry in your DNS you will never get authenticated. So the solution is either have correct entries in your DNS or disable DNS lookup in Solaris. In Solaris u can do this by editing the nsswitch.conf file and removing the entries where say dns.

For the ADVANCED mode, u must put an entry in the CSConfig.ini file that will tells wich clients are valid to do ADVANCED MODE configurations.

[ValidClients]

100 = xxx.xxx.xxx.xxx

101 = xxx.xxx.xxx.xxx

102 = xxx.xxx.xxx.xxx

etc

That's all folks !

see ya !

102
Views
0
Helpful
1
Replies
CreatePlease to create content