LMS PRIME 4.2 integrating with ACS 4.2

Hello,
i would like to integrate new lms prime 4.2 with acs.4.2 . .. !!
is there document or user guide for this version of lms?
Thanks in advance.
Marwan

IN LMS 4.2 there is nothing which is known as Integration (like LMS 3.x), since it added feature RBAC.
Now ACS can just be used as PAM to have ciscoworks authenticated for Tacacs+ or Radius. After the auth is done, you should have a authorization set in LMS locally for user, else it will be given a default HELP DESK access.
For more details check :
Authentication Using Login Modules - Overview
-Thanks

Similar Messages

  • Cisco Works LMS 3.1 Integration with ACS v5.2

    Hello Experts,
    our customer has a working integration with the Cisco Works LMS 3.1 and an ACS v3.3 as it is described in this document:
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_white_paper0900aecd80613f62.html
    Now we are changing the old ACS Servers to the new ACS v5.2 platform. Is it possible to integrate the LMS to the new ACS Server? We want to use a granular user access restriction for SuperAdmins, Hotline Users an so on...
    Thanks,
    Florian

    Hi Florian,
    actually the ACS 5.2 is not supported in CS 3.2
    here is a list of the supported ACS servers under LMS 3.1
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.2/user/guide/admin.html#wp865998

  • LMS 3.2 integration with ACS 5.1

    Hi
    Is it
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin-top:0cm;
    mso-para-margin-right:0cm;
    mso-para-margin-bottom:10.0pt;
    mso-para-margin-left:0cm;
    line-height:115%;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;
    mso-fareast-language:EN-US;}
    possible to integrate LMS 3.2 with ACS 5.1? I know it works with ACS 4.X, but I can't get it to work with ACS 5.1.
    Here is a link to how to do it with ACS 4.X:
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_white_paper0900aecd80613f62.html
    Regards
    Reidar

    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin-top:0cm;
    mso-para-margin-right:0cm;
    mso-para-margin-bottom:10.0pt;
    mso-para-margin-left:0cm;
    line-height:115%;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    Thanks Reidar.... hmm very strange. I really wish an expert would respond to this thread as it will help a lot of people who might be planning to deploy these versions and they can help put this matter to rest once and for all. Not sure why LMS 3.2 will not support ACS 5.1 and it might help to know when it will (updates etc). Kindly let me know if you get any further information. My deployment is so large that setting a local username and password on all the devices is not an option unfortunately .......

  • Cisco Prime NCS integration with ACS 5.1

    Hello,
    We've an issue with authorization on NCS system. NCS successfully integrated witch ACS, but there is a problem with one user. All users have equivalent rights under root. There is shell profile with all possible tasks (exported from NCS server) configured on ACS. All users exept this one (unlucky one:)) authorizes successfully.  In  ACS logs, authentification and authorization status for this user is passed and all attributes (policy, profile, AV-pairs e.t.c.) is the same as for another users. This 'unlucky' user gets a following message:
    There is surely no browser or network issue. Tried from different PCs with same result. There is no any local info related to this username on the NCS server. When i change one charecter in the username on his ACS account, everything works well. What could be a possible reason of this behaivour?  Thanks!
    Our ACS v
    Version 5.1.0.44.X
    And NCS
    Version : 1.1.2.X

    this question should be moved to the Security > AAA forums as this sounds more like an ACS issue than NCS.
    HTH,
    Steve
    Please remember to rate useful posts, and mark questions as answered

  • MARS 5.2.7 integration with ACS 4.1

    Hello
    I cannot find any documentation I can follow to integrate MARS with ACS. I mean I want to use ACS to authenticate user in MARS.
    Any of you know if MARS 5.2.7 has this feature? If yes can please give some info where to find docs?
    Thank you really much
    Best regards Antonello.

    HI ,
    LMS 4.0 no longer integrates with ACS the way that LMS 3.x did.  You  can still use ACS for authentication in LMS 4.0, but for authorization,  each user must have a local account in LMS, and the roles will be  assigned using LMS 4.0's new RBAC.  Users are defined under Admin >  System > User Management > Local User Setup, and roles are defined  under Admin > System > User Management > Role Management  Setup.
    By default, if a user does not have an account in LMS, they will receive the Help Desk role
    Please check the below link:
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/security.html#wp1100379
    Thanks-
    Afroz
    [Do rate the useful post]

  • All the devices not showing after CSM integration with ACS

    Hi all
    I integrated ACS with CSM and added all the security devices into ACS as client devices.But after integration with with ACS only few devices are shown in the CSM when i logged in as super admin.for all other users (system admin,network operator etc.),no devices are shown in the CSM.Please give me a solution to solve this.

    Did you have devices already in CSM when you integrated it into ACS ? Did you make sure that the hostname of the devices is exactly the same in acs and csm ?

  • Juniper SSG TACACS+ Integration with ACS 5

    Hi,
    I'm working on TACACS+ integration on Juniper SSG firewall with ACS 5, but failed login on the SSG. After checked the log on ACS, it passed the authentication. Do I need to import any dictionary file on the ACS 5 first?
    Please advice,
    Cheers,
    Ryan

    I was able to config SSG authenticate using RADIUS.  In order to work with RADIUS, I have to create RADIUS dictionary using netscreen dictionary found @ Juniper.  Attach the dictionary.
    I'm not sure how to import, but I create the dictionary manually.

  • LMS 3.1 Slow after integrating with ACS

    Dear All, have any one faced issue of slowness after integrating LMS3.1 with ACS4.2. I dont know how can I resolve this issue. Is there any patch to resolve it...
    Any kind of help will be very helpful.

    I'm using LMS 3.2 into ACS 4.0 and it actually seemed a bit faster after ACS integration. Nothing I measured but subjectively it seems faster. Both my servers are on Windows and the ACS is across the WAN from my CiscoWorks.
    How do your devices fare with their ACS? You can debug tacacs at the router/switch level as one tool. I'm sure one of the cisco guys on here will point you to one of the many logs that LMS generates, possibly with debugging activated, to dig deeper there also.

  • LMS 3.2.1 integration with Clarity NMS for snmp trap forwarding

    Our client have integrated Clarity NMS to Ciscoworks LMS 3.2.1. So far they are receiving raw alarms/snmp traps but it lacks information/inventory of the originating device. Kindly see sample raw alarms below:
    2420: 2011-11-25 12:10:46 Received trap ==> Received SNMPv1 Trap
    Community=ciscoworks
    Enterprise=1.3.6.1.6.3.1.1.5
    Generip trap type=2
    Specific Trap Type=0
    Trap From=10.220.10.1
    Trap ID=1.3.6.1.6.3.1.1.5.2
    Trap Time=-1436283373
    1.3.6.1.2.1.2.2.1.1.83=83
    1.3.6.1.2.1.2.2.1.2.83=GigabitEthernet1/40
    1.3.6.1.2.1.2.2.1.3.83=6
    1.3.6.1.4.1.9.2.2.1.1.20.83=Lost Carrier
    EndTrap
    10933: 2011-11-24 11:57:53 Received trap ==> Received SNMPv1 Trap
    Community=ciscoworks
    Enterprise=1.3.6.1.4.1.9.1.291
    Generip trap type=2
    Specific Trap Type=0
    Trap From=10.220.10.1
    Trap ID=1.3.6.1.4.1.9.1.291.2
    Trap Time=1628056965
    1.3.6.1.2.1.2.2.1.1.8=8
    1.3.6.1.2.1.2.2.1.2.8=E1 0/0/0
    1.3.6.1.2.1.2.2.1.3.8=18
    EndTrap
    As you can see, those raw alarms doesn’t contain any information about the originating equipment or the physical card, port related information where those alarms were generated. Instead those alarms received are just NMS level alarms.
    How do we resolve this so that the inventory of the equipment would be part of the trap to be received by Clarity from Ciscoworks.

    Hi,
    Is the issue you have the source IP address of the forwarded trap?  Per RFC it is the IP of the actual device sending the trap.  The originating IP should be contained within the packet. I have included some additional information you may find helpful.
    Q. What is the difference between SNMP Raw Trap Forwarding and SNMP Trap alert/event Trap Forwarding? Does DFM support both?
    A. You can configure raw trap forwarding at DFM > Other configuration > SNMP Trap forwarding, and processed event/alert trap forwarding at DFM > Notification Services > SNMP Trap Forwarding. Processed trap is "when DFM receives certain SNMP traps, it analyzes the data found in fields (Enterprise/Generic trap identifier/Specific Trap identifier/variable−bindings) of each SNMP trap message, and changes the property value of the object property (if required)". Raw trap is the trap that the device forwards to DFM and DFM has yet to process it. For more information, refer to the DFM User Guide. Yes, DFM supports both ways of trap forwarding.
    http://www.cisco.com/en/US/products/sw/cscowork/ps2421/products_qanda_item09186a0080a9b35b.shtml
    DFM will only forward SNMP traps from devices in the DFM inventory. It will not change the trap format—it will forward the raw trap in the format in which the trap was received from the device. However, you must enable SNMP on your devices and you must do one of the following:
    Configure SNMP to send traps directly to DFM
    Integrate SNMP trap receiving with an NMS or a trap daemon
    The versions of SNMP traps supported by DFM are described in SNMP and ICMP Polling. For information on forwarding processed and pass-through traps, see Processed and Pass-Through Traps, and Unidentified Traps and Events.
    Pass-through traps are traps that DFM receives from devices that are not in the DFM inventory, and DFM has not processed. Forwarding these traps is controlled using Configuration > Other Configurations > SNMP Trap Forwarding. These traps are shown in the Alerts and Activities display because of their relevance to fault monitoring. Pass-through traps are displayed as follows:
    As one of the following events:
    > InformAlarm
    > MinorAlarm
    > MajorAlarm
    With the device type and the device name from which it was generated.
    If DFM does not know which device generated the trap, it ignores the trap. Pass-through traps will be cleared after a default interval of 10 minutes to one hour
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_device_fault_manager/3.2/user/guide/dfm32ug_Book.html

  • Prime NCS: TACACS+ Integration into ACS 5.1

    Hello,
    i'd like to integrate TACACS+ Integration into NCS.
    I configured my ACS 5.1 correctly, but I get an "Access is denied to NCS" at the web login page. In the ACS i see a successful authentication.
    Any ideas?
    regards
    Alex
    Here is my Shell Profile Configuration

    I finally could log in, but not the default Ambassador view.
    Thats really strange. Here is the authorization result from my ACS server.
    {Type=Authorization; Author-Reply-Status=PassAdd; AVPair=role0=Lobby Ambassador; AVPair=task0=GLOBAL; AVPair=task1=Lobby Ambassador User Preferences; AVPair=task2=Basic; AVPair=task3=Configure Guest Users; AVPair=task4=Check License; AVPair=virtual-domain0=ROOT-DOMAIN; }

  • Cisco Security Manager integration with ACS

    Has anybody got this working yet.
    I have tried but as yet have been unsucessful in registering csm with the ACS server.
    I am following the the instructions however, nothing seems to work all i get is failed to registar.
    Any help would be appreciated
    Regards
    Jason

    Check out this link...
    http://www.cisco.com/en/US/products/ps6498/prod_troubleshooting_guide_chapter09186a00806e23e3.html

  • Ciscoworks 3.2 login issue with ACS

    Hi All,
    I am facing an issue with login into Ciscoworks portal from the LMS server, which is integrated with ACS tool.
    Now I am unable to login to the portal with the username and password, which is already configured in the ACS server.
    I have ended up with reinstalling the ciscoworks software and restored the backup, still problem persists. Please let me know how to fix it.
    If I again reinstall it, how would I restore the backup - since back restoration again gives the login issue.
    If Im using only the dcrcli exported devices list after the reinstallation, all the devices gets stuck in DFM question status, hence I restored the proper backup. Now I am stuckup. please help.

    You need to sort out your DNS get the lookup and reverse lookup working.
    Say your device is a box with
    Fa 0/0 10.10.1.1
    Lo 0    172.32.1.1
    If you get you dns to resolve the address of port Fa 0/0  (10.10.1.1)  to the DNS "name adevice.yournetwork.com".
    Next you get your DNS to resolve the name "adevice.yournetwork.com" to 172.32.1.1 with happens to be to Lo0 interface of the device
    Then you can get LMS to use the address you want as it is configured in DNS
    Cheers,
    Michel

  • Cisco Works LMS R3.1 with ACS R5.1

    I search on internet about the AAA integration between LMS R3.1 y ACS R5.1, and all the information that I found it's related to ACS R4.1. It's possible to integrate with ACS R5.1.
    Regards and thanks in advanced
    Luis Martinez

    Nael,
    Sorry to batter you, but I was trying to migrate my Cisco Works LMS R3.1 to R3.2 and from the support page of CISCO I just can donwload the following version LMS R3.2.1 (LMS R3.2 service pack 1). I tried to install that version but i got an error that saids "LMS R3.2.1 needs LMS R3.2 installed on the server"
    Could you please tell me where can I download the complete and initial LMS R3.2.
    Thanks in advanced for your kindly help.
    Luis Martinez

  • LMS Authentication with ACS 5.1

    Hi, I am using LMS authentication via ACS. I am able to login to LMS successfully with ACS user name and password but I can not execute most of the task it says you are not authorised. do i need to anything in LMS except enabling login module to tacacs...
    Let me know if I missed something.
    Thanks
    Ninja

    Integration with ACS 5.1 is not yet supported.  You can do authentication only with ACS 5.0, and 5.1 should work, but you will not be able to use full AAA integration.  Disable AAA mode, and set the login module to be TACACS+.  Point that to your 5.1 server, and you should be able to login, and run tasks in LMS.  However, you will still need to create local accounts in LMS for all of your users to do the authorization piece.

  • ACS 5.3 Integration With RSA

    Hi People,
    I have Integrated the ACS 5.3 with AD.
    Now my next goal is to Integrate ACS with RSA in such a way that all my Cisco devices should use the username and password from the AD.
    The enable privilege level should come from the RSA Token OTP.
    Is it possible to do such a thing with ACS 5.3???
    If so how could i do it???
    Thanks,
    Manoj

    I think that can try and make a rule in the identity policy based on the Service attribute in the TACACS+ dictionary
    (this is not tested and based on my recollection so would need your verification)
    1) Create a custom condition for the service attribute in TACACS+ dictionary
    Policy Elements > Session Conditions > Custom
    Create: Dictionary: TACACS+ ; Attribute:Service
    2) Utilize in a rule in Device Admin identity policy
    Access Policies > Access Services > Default Device Admin > Identity
    Sselect a rule based
    Customize based on condition in 1
    Create a rule for when Service is "Enable". Select identity source as RSA in this case

Maybe you are looking for

  • Edit Hotspots - Dreamweaver 8

    http://http://forums.adobe.com/message/276856#276856 All: Apologies in advance, (I really do try to not ask repetative questions), but since it looks like webkazoo's question from 2006 never got answered I'll try again.  (The original question is lin

  • Student CC price has gone up?

    I just noticed that the price has gone up from $22 to $33 for my monthly payments for the student creative cloud and am wondering why? Thanks

  • Substituting the field PROJK of BSEG table using Substituting Exit

    Hi All, Actually I am using substituting the PROJK field using substitution exit U901. but after this form routine standard routine in program GBTC2FIJ is getting called which is reverting my changes. because there is a  temp structure which is not h

  • Moving data from old computer to new computer. where does Palm Desktop app find conduit apps?

    Please help, I have backed up my old database files from my Palm programs off of my old computer (The hard drive and computer were going bad, and then it died). Question:  what directories and where do I copy the old data, so I can hotsync? I hotsync

  • Verizon 4G LTE Router lights flashing at the same time

    Just today I noticed that some of the lights on my Verizon 4G LTE Router are all flashing at the same time and in sync. These are the lights that indicate the internet, wifi and LAN network activity. It seems it might have rebooted today as well - pe