Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Troubleshooting Cisco Security Manager Integration with Cisco ACS

Hello Everyone!

I have an issue with Integration between Cisco Security Manager and ACS. I did the integration, but the user system identity does not have enough privileges. I know what is the problem, but i do not know how i can change the login from ACS to CSM local?

I found a file that specify the following:

Q.

Are there any backend script or command-line interface options to change the login module from ACS to CicsoWorks local?

A.

To revert the LMS server from ACS mode back to local user mode, shut down the CiscoWorks

daemons and run the following script:

NMSROOT/bin/perl ResetLoginModule.pl

(for Solaris)

NMSROOT\bin\perl ResetLoginModule.pl

(for Windows)

Then restart the daemon.

I did that, but does not work, any idea??

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Troubleshooting Cisco Security Manager Integration with Cisc

Hello,

I guess you can try to go through the following FAQ on troubleshooting CSM and ACS integration:

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/3.0/troubleshooting/guide/rbacts.html#wp1043629

Few things might have gone wrong:

1- this command needs to be executed on the CSM Server cmd prompt (be sure you are not on the client machine)

2- NMSROOT is the directory were CSM Server is installed. Usually is c:\Progra~1\CSCOpx

3- you need to stop the deamon manager before performing this action (and then restart )

For example if the directory is the one above to reset the login to local you might try the following:

net stop crmdmgtd ----> this stops the Daemon Manager (can be done by the services window)

c:\Progra~1\CSCOpx\bin\perl c:\Progra~1\CSCOpx\bin\ResetLoginModule.pl  ----> resets to local authentication

net start crmdmgtd -----> restart the Daemon Manager

Can you maybe try again and let me know how it goes?

Thanks

10 REPLIES
Cisco Employee

Re: Troubleshooting Cisco Security Manager Integration with Cisc

Hello,

I guess you can try to go through the following FAQ on troubleshooting CSM and ACS integration:

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/3.0/troubleshooting/guide/rbacts.html#wp1043629

Few things might have gone wrong:

1- this command needs to be executed on the CSM Server cmd prompt (be sure you are not on the client machine)

2- NMSROOT is the directory were CSM Server is installed. Usually is c:\Progra~1\CSCOpx

3- you need to stop the deamon manager before performing this action (and then restart )

For example if the directory is the one above to reset the login to local you might try the following:

net stop crmdmgtd ----> this stops the Daemon Manager (can be done by the services window)

c:\Progra~1\CSCOpx\bin\perl c:\Progra~1\CSCOpx\bin\ResetLoginModule.pl  ----> resets to local authentication

net start crmdmgtd -----> restart the Daemon Manager

Can you maybe try again and let me know how it goes?

Thanks

New Member

Re: Troubleshooting Cisco Security Manager Integration with Cisc

Thanks Stefano,

The problem was i did not run correctly the command from the prompt. I could change the authentication from ACS to Local, but when i try to change again from Local to ACS I have a problem with the System Identity User, when the CSM check the communication with the ACS appears a window with the following message:

System Identity User: Not configured properly for cwhp, csm, autoupdate.

Like the following image:

I think that the problem could be the user admin who i need create like administration of ACS or user who is belong to the group admin, whic is used for the network devices. But i can not find the problem. Any idea??

Thanks,

Cisco Employee

Re: Troubleshooting Cisco Security Manager Integration with Cisc

Hello Katherine,

This looks a misconfiguration on ACS but I do not know how exactly what to suggest because I do not know the way you have configured your ACS

I will try to post an how to guide on ACS integration if you are not able to find the root cause. (if it is really urgent please open a TAC case and we will take care of it )

Out of curiosity, which ACS version you are using?

Stefano

Re: Troubleshooting Cisco Security Manager Integration with Cisc


i have a same type off issue with (not configured properly for -(cwhp,csm,autoupdate))  could u please suggest how did u fixed that issue...

Cisco Employee

Re: Troubleshooting Cisco Security Manager Integration with Cisc

What is the ACS version your are using?

Re: Troubleshooting Cisco Security Manager Integration with Cisc

ACS version 4.2 and CSM 3.1 the error is

not configured properly for -(cwhp,csm,autoupdate)

attached screen shoot

thanks for ur reply

Cisco Employee

Re: Troubleshooting Cisco Security Manager Integration with Cisc

Hi,

this should be an informational only log, If you click on apply, does the integration works fine?

Stefano

Re: Troubleshooting Cisco Security Manager Integration with Cisc

after this if i apply and restart deamon manger.. and then try to log into the CSM it shows that the server is not ready and did not comes at the user name password window... at this time actually the deamon manger is not stated... if i try to start it manually it did not start so i evantually need to  remove the integration of acs from that certaiin commands ..  after that i need to reset the casuer... after that csm start working... i was suspecting that the issue is issue is in system identity user as it is showing the message.. that not configured propely for (cwhp, csm, auto update).

further this CSM is installeed on the domain ... do u hink that some doamin polices are creating this deal ..

New Member

Re: Troubleshooting Cisco Security Manager Integration with Cisc

The problem was a privilege inside to the ACS, I had to create a group with full permision only for the CSM and then I tried again and works it!!

Regards,

Re: Troubleshooting Cisco Security Manager Integration with Cisc

thanks for youtr reply.. actually i did done the same again .. and after doing the same process... i had reset the casuser ... and it started working... as i told u that this sysetem was on the domain .. so i think that the domin policies.. are .. having this issue..

1842
Views
0
Helpful
10
Replies
CreatePlease to create content