Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to create multiple group mappings with Windows Active Directory on Cisco Secure ACS

Core issue

This issue is due to presence of Cisco bug ID CSCeh13105.

In this issue while you create new Microsoft Windows Database mapping in ACS, after the selection of the groups from a list, assign them to some groups in ACS and submit. The result is the display of All other combinations as it is assigned to the chosen ACS group and not the list of selected Windows Domain Groups.

This bug is not consistent and can require that services restart between the creation of the Windows DB configuration and Windows DB Mapping.

The issue is seen with Java version 1.5.0.6 and later. If you use 1.5.0.2 or 1.4..x.x, the problem is seen with low frequency. Newer releases have a 100 percent chance of hitting this problem.

Resolution

The workaround for this issue is to use previous Java VM 1.4 and earlier. It is also possibile to have several Java Virtual Machines (JVM) on the same machine from different vendors, such as Sun, MS, and IBM, and/or different versions of the JVM from the same vendor. In this case, it is possible to force Microsoft Internet Explorer to work with a specific version of JVM if you complete these steps:

In Tools, open Internet Options dialog box. Choose the Advanced tab and check or uncheck the specific JVM that you want to work with and several options should be available.  Restart IE, which is required after that action. 

In order to completely resolve this issue, download and install ACS 4.1.3.12.2 accumulative patch from Cisco Downloads.

Complete these steps in order to install the patch:

  1. Stop all ACS services.

  2. Locate the ACS_INSTALL_DIR\CSAdmin\WWW directory and back up main_b.htm.

  3. Locate ACS_INSTALL_DIR\bin\ directory and back up CSAdmin.exe, CSRadius.exe, CSLog.exe, CSDBsync.exe, Vendors.dll, and NTlib.dll.

  4. Locate ACS_INSTALL_DIR\Support directory and back up csvLog.dll.

  5. Locate ACS_INSTALL_DIR\CSAdmin\WWW\java directory and back up setBuilder.class and simpleSelect.class

  6. Place Acs-4.1.3.12.2.zip in ACS_INSTALL_DIR\.
       
    1. Right-click on Acs-4.1.3.12.2.zip and choose winzip. Then choose Extract to here.

    2. When you are asked if you want to write over the files, choose the Yes to all tab.

    3. Start all ACS services.
       
  7. This is the alternative of step 6:
       
    1. Extract CSAdmin.exe, CSRadius.exe, CSLog.exe, NTLib.dll, CSDBSync.exe, csvLog.dll, Vendors.dll, setBuilder.class, simpleSelect.class, and main_b.htm from Acs-4.1.3.12.2.zip.

    2. Locate ACS_INSTALL_DIR\CSAdmin\WWW directory and place with the new main_b.htm.

    3. Locate ACS_INSTALL_DIR\bin directory and place with the new CSAdmin.exe, CSRadius.exe, CSLog.exe, NTLib.dll, CSDBSync.exe, and Vendors.dll.

    4. Locate ACS_INSTALL_DIR\Support directory and place with the new csvLog.dll.

    5. Locate ACS_INSTALL_DIR\CSAdmin\WWW\java directory and place with the new setBuilder.class and simpleSelect.class.
       
  8. Start all services.
Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:11 PM
Updated by:
 
Labels (1)
Everyone's tags (4)