MARS 5.2.7 integration with ACS 4.1

Hello
I cannot find any documentation I can follow to integrate MARS with ACS. I mean I want to use ACS to authenticate user in MARS.
Any of you know if MARS 5.2.7 has this feature? If yes can please give some info where to find docs?
Thank you really much
Best regards Antonello.

HI ,
LMS 4.0 no longer integrates with ACS the way that LMS 3.x did.  You  can still use ACS for authentication in LMS 4.0, but for authorization,  each user must have a local account in LMS, and the roles will be  assigned using LMS 4.0's new RBAC.  Users are defined under Admin >  System > User Management > Local User Setup, and roles are defined  under Admin > System > User Management > Role Management  Setup.
By default, if a user does not have an account in LMS, they will receive the Help Desk role
Please check the below link:
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/security.html#wp1100379
Thanks-
Afroz
[Do rate the useful post]

Similar Messages

  • Cisco Prime NCS integration with ACS 5.1

    Hello,
    We've an issue with authorization on NCS system. NCS successfully integrated witch ACS, but there is a problem with one user. All users have equivalent rights under root. There is shell profile with all possible tasks (exported from NCS server) configured on ACS. All users exept this one (unlucky one:)) authorizes successfully.  In  ACS logs, authentification and authorization status for this user is passed and all attributes (policy, profile, AV-pairs e.t.c.) is the same as for another users. This 'unlucky' user gets a following message:
    There is surely no browser or network issue. Tried from different PCs with same result. There is no any local info related to this username on the NCS server. When i change one charecter in the username on his ACS account, everything works well. What could be a possible reason of this behaivour?  Thanks!
    Our ACS v
    Version 5.1.0.44.X
    And NCS
    Version : 1.1.2.X

    this question should be moved to the Security > AAA forums as this sounds more like an ACS issue than NCS.
    HTH,
    Steve
    Please remember to rate useful posts, and mark questions as answered

  • LMS PRIME 4.2 integrating with ACS 4.2

    Hello,
    i would like to integrate new lms prime 4.2 with acs.4.2 . .. !!
    is there document or user guide for this version of lms?
    Thanks in advance.
    Marwan

    IN LMS 4.2 there is nothing which is known as Integration (like LMS 3.x), since it added feature RBAC.
    Now ACS can just be used as PAM to have ciscoworks authenticated for Tacacs+ or Radius. After the auth is done, you should have a authorization set in LMS locally for user, else it will be given a default HELP DESK access.
    For more details check :
    Authentication Using Login Modules - Overview
    -Thanks

  • Cisco Works LMS 3.1 Integration with ACS v5.2

    Hello Experts,
    our customer has a working integration with the Cisco Works LMS 3.1 and an ACS v3.3 as it is described in this document:
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_white_paper0900aecd80613f62.html
    Now we are changing the old ACS Servers to the new ACS v5.2 platform. Is it possible to integrate the LMS to the new ACS Server? We want to use a granular user access restriction for SuperAdmins, Hotline Users an so on...
    Thanks,
    Florian

    Hi Florian,
    actually the ACS 5.2 is not supported in CS 3.2
    here is a list of the supported ACS servers under LMS 3.1
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.2/user/guide/admin.html#wp865998

  • All the devices not showing after CSM integration with ACS

    Hi all
    I integrated ACS with CSM and added all the security devices into ACS as client devices.But after integration with with ACS only few devices are shown in the CSM when i logged in as super admin.for all other users (system admin,network operator etc.),no devices are shown in the CSM.Please give me a solution to solve this.

    Did you have devices already in CSM when you integrated it into ACS ? Did you make sure that the hostname of the devices is exactly the same in acs and csm ?

  • Juniper SSG TACACS+ Integration with ACS 5

    Hi,
    I'm working on TACACS+ integration on Juniper SSG firewall with ACS 5, but failed login on the SSG. After checked the log on ACS, it passed the authentication. Do I need to import any dictionary file on the ACS 5 first?
    Please advice,
    Cheers,
    Ryan

    I was able to config SSG authenticate using RADIUS.  In order to work with RADIUS, I have to create RADIUS dictionary using netscreen dictionary found @ Juniper.  Attach the dictionary.
    I'm not sure how to import, but I create the dictionary manually.

  • LMS 3.2 integration with ACS 5.1

    Hi
    Is it
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin-top:0cm;
    mso-para-margin-right:0cm;
    mso-para-margin-bottom:10.0pt;
    mso-para-margin-left:0cm;
    line-height:115%;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;
    mso-fareast-language:EN-US;}
    possible to integrate LMS 3.2 with ACS 5.1? I know it works with ACS 4.X, but I can't get it to work with ACS 5.1.
    Here is a link to how to do it with ACS 4.X:
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_white_paper0900aecd80613f62.html
    Regards
    Reidar

    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin-top:0cm;
    mso-para-margin-right:0cm;
    mso-para-margin-bottom:10.0pt;
    mso-para-margin-left:0cm;
    line-height:115%;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    Thanks Reidar.... hmm very strange. I really wish an expert would respond to this thread as it will help a lot of people who might be planning to deploy these versions and they can help put this matter to rest once and for all. Not sure why LMS 3.2 will not support ACS 5.1 and it might help to know when it will (updates etc). Kindly let me know if you get any further information. My deployment is so large that setting a local username and password on all the devices is not an option unfortunately .......

  • LMS 3.1 Slow after integrating with ACS

    Dear All, have any one faced issue of slowness after integrating LMS3.1 with ACS4.2. I dont know how can I resolve this issue. Is there any patch to resolve it...
    Any kind of help will be very helpful.

    I'm using LMS 3.2 into ACS 4.0 and it actually seemed a bit faster after ACS integration. Nothing I measured but subjectively it seems faster. Both my servers are on Windows and the ACS is across the WAN from my CiscoWorks.
    How do your devices fare with their ACS? You can debug tacacs at the router/switch level as one tool. I'm sure one of the cisco guys on here will point you to one of the many logs that LMS generates, possibly with debugging activated, to dig deeper there also.

  • Cisco Security Manager integration with ACS

    Has anybody got this working yet.
    I have tried but as yet have been unsucessful in registering csm with the ACS server.
    I am following the the instructions however, nothing seems to work all i get is failed to registar.
    Any help would be appreciated
    Regards
    Jason

    Check out this link...
    http://www.cisco.com/en/US/products/ps6498/prod_troubleshooting_guide_chapter09186a00806e23e3.html

  • Ciscoworks 3.2 login issue with ACS

    Hi All,
    I am facing an issue with login into Ciscoworks portal from the LMS server, which is integrated with ACS tool.
    Now I am unable to login to the portal with the username and password, which is already configured in the ACS server.
    I have ended up with reinstalling the ciscoworks software and restored the backup, still problem persists. Please let me know how to fix it.
    If I again reinstall it, how would I restore the backup - since back restoration again gives the login issue.
    If Im using only the dcrcli exported devices list after the reinstallation, all the devices gets stuck in DFM question status, hence I restored the proper backup. Now I am stuckup. please help.

    You need to sort out your DNS get the lookup and reverse lookup working.
    Say your device is a box with
    Fa 0/0 10.10.1.1
    Lo 0    172.32.1.1
    If you get you dns to resolve the address of port Fa 0/0  (10.10.1.1)  to the DNS "name adevice.yournetwork.com".
    Next you get your DNS to resolve the name "adevice.yournetwork.com" to 172.32.1.1 with happens to be to Lo0 interface of the device
    Then you can get LMS to use the address you want as it is configured in DNS
    Cheers,
    Michel

  • ACS 5.3 Integration With RSA

    Hi People,
    I have Integrated the ACS 5.3 with AD.
    Now my next goal is to Integrate ACS with RSA in such a way that all my Cisco devices should use the username and password from the AD.
    The enable privilege level should come from the RSA Token OTP.
    Is it possible to do such a thing with ACS 5.3???
    If so how could i do it???
    Thanks,
    Manoj

    I think that can try and make a rule in the identity policy based on the Service attribute in the TACACS+ dictionary
    (this is not tested and based on my recollection so would need your verification)
    1) Create a custom condition for the service attribute in TACACS+ dictionary
    Policy Elements > Session Conditions > Custom
    Create: Dictionary: TACACS+ ; Attribute:Service
    2) Utilize in a rule in Device Admin identity policy
    Access Policies > Access Services > Default Device Admin > Identity
    Sselect a rule based
    Customize based on condition in 1
    Create a rule for when Service is "Enable". Select identity source as RSA in this case

  • ACS Express integration with Active Directory

    Hello,
    I have ACS Express version 5.0.1 installed on Cisco ADE; I'm trying to get it integreated with an Active Directory without sucess.
    I did packet captures on the ASA that is in between and I can see communication going thru just fine. I ran a diagnostic on the ACS express and got this:
    DIAGNOSTIC USING THE IP ADDRESS OF THE DOMAIN CONTROLLER:
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Tabla normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    Output of AD Domain Diagnostics:
    IP Diagnostics
    Local host name: he-zfm-acs-01
    Local IP Address: 172.31.67.10
    Not found in DNS!Make sure it is in Reverse Lookup Zone.
    FQDN host name:he-zfm-acs-01.clarocr.americamovil.ca1
    Domain Diagnostics:
    Domain: 172.24.2.93
    Subnet site:
    WARNING! Unable to locate computer's subnet site in Active Directory.
    Ask your Active Directory administrator to add this computer's subnet
    to the appropriate site.
    DNS query for: _ldap._tcp.172.24.2.93
    Found no SRV records!
    Computer Account Diagnostics
    Not joined to any domain
    AD Agent Process Status: Not joined to any domain
    DIAGNOSTIC USING THE AD REALM:
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Tabla normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    Output of AD Domain Diagnostics:
    IP Diagnostics
    Local host name: he-zfm-acs-01
    Local IP Address: 172.31.67.10
    FQDN host name:he-zfm-acs-02.clarocr.americamovil.ca1
    Domain Diagnostics:
    Domain: CLAROCR.AMERICAMOVIL.CA1
    Subnet site: TELECOM
    DNS query for: _ldap._tcp.CLAROCR.AMERICAMOVIL.CA1
    Found SRV records:
    rom-pro-dc-03.clarocr.americamovil.ca1:389
    Testing Active Directory connectivity:
    Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1
    ldap: 389/tcp - good
    ldap: 389/udp - good
    smb: 445/tcp - good
    kdc: 88/tcp - good
    kpasswd: 464/tcp - good
    ntp: 123/udp - good
    Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:389
    Domain controller type: Windows 2003
    Domain Name: CLAROCR.AMERICAMOVIL.CA1
    isGlobalCatalogReady: TRUE
    domainFunctionality:
    forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
    Forest Name: AMERICAMOVIL.CA1
    DNS query for: _gc._tcp.AMERICAMOVIL.CA1
    Testing Active Directory connectivity:
    Global Catalog: rom-des-dc-01.desa1sv.americamovil.ca1
    gc: 3268/tcp - timeout
    No TCP LDAP response, giving up on rom-des-dc-01.desa1sv.americamovil.ca1
    Global Catalog: rom-amv-dc-02.americamovil.ca1
    gc: 3268/tcp - good
    Global Catalog: rom-tlc-dc-01.telecom.americamovil.ca1
    gc: 3268/tcp - good
    Global Catalog: rom-pro-dc-03.clarocr.americamovil.ca1
    gc: 3268/tcp - good
    Global Catalog: rom-tlc-dc-02.telecom.americamovil.ca1
    gc: 3268/tcp - good
    Global Catalog: rom-amv-dc-01.americamovil.ca1
    gc: 3268/tcp - good
    Domain Controller: rom-amv-dc-02.americamovil.ca1:3268
    Domain controller type: Windows 2003
    Domain Name: AMERICAMOVIL.CA1
    isGlobalCatalogReady: TRUE
    domainFunctionality:
    forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
    Domain Controller: rom-tlc-dc-01.telecom.americamovil.ca1:3268
    Domain controller type: Windows 2003
    Domain Name: TELECOM.AMERICAMOVIL.CA1
    isGlobalCatalogReady: TRUE
    domainFunctionality:
    forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
    Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:3268
    Domain controller type: Windows 2003
    Domain Name: CLAROCR.AMERICAMOVIL.CA1
    isGlobalCatalogReady: TRUE
    domainFunctionality:
    forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
    Domain Controller: rom-tlc-dc-02.telecom.americamovil.ca1:3268
    Domain controller type: Windows 2003
    Domain Name: TELECOM.AMERICAMOVIL.CA1
    isGlobalCatalogReady: TRUE
    domainFunctionality:
    forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
    Domain Controller: rom-amv-dc-01.americamovil.ca1:3268
    Domain controller type: Windows 2003
    Domain Name: AMERICAMOVIL.CA1
    isGlobalCatalogReady: TRUE
    domainFunctionality:
    forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
    domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
    Forest Name: AMERICAMOVIL.CA1
    Computer Account Diagnostics
    Not joined to any domain
    AD Agent Process Status: Not joined to any domain

    Dennis,
    TIme in sync on the ACS and AD servers?
    Faisal

  • Cisco Works Integration with MARS

    Can cisco works be integrated with MARS. I mean cisco works is acting as a syslog server for some switches. Can mars pull the records from Cisco Works and use it for its co-relation

    As Michael pointed out, configuring two syslog destinations on your switch is possible, and allows the switch to send to both CiscoWorks and CS-MARS simultaneously.  This affords the safety that should one system be down, the other system will continue to receive syslog events from the switches.  Should you not wish to configure two logging destinations on your switch, you could configure your switches to send their syslogs to CS-MARS and configure CS-MARS to relay the received syslog messages to CiscoWorks.  This options is outlined in the CS-MARS user guide:
    http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/cfgOver.html#wpmkr181270
    Scott

  • Can a single ACS appliance be integrated with a diff OU in the AD (maybe with a diff IP address range).

    Hello Everyone,
    Can a single ACS appliance be integrated with a diff OU in the AD (maybe with a diff IP address range). If yes, how?
    Thanks,
    Rishi

    Rishi,
    Are you looking to leverage certain group in AD to be assigned to a specific subnet? If yes, then this can be done through dynamic vlan assignment.
    Thanks,
    Tarik Admani

  • Autheticating useing Cisco ACS 4.2 integrated with Active Directory 2003

    How do i check that users are Autheticated useing Cisco ACS 4.2 integrated with Active Directory 2003, any one help me in this thanks

    You can't actually see the user's membership from ACS. All you can do, create group-mapping under external database >> group mapping section. This would give you an option to map external (AD) group with an Internal group.The group memberrship need to be modified under Active Directory.
    Once user is succussfully authenticated and learned as a dynamic user in ACS user setup database, it would be mapped with an ACS internal group based on group mapping we did.
    Let me know if you have any doubts.
    Regards,
    Jatin

Maybe you are looking for

  • Regarding Renaming INDEX Partitions

    Hi All, I have the following syntax for renaming table partitions/subpartitions : ALTER TABLE SMTP_MSG_TRAFFIC_FCT RENAME PARTITION FOR (20100310) TO BASE_FACT_20100310; ALTER TABLE SMTP_MSG_TRAFFIC_FCT RENAME SUBPARTITION FOR (20100310,19) TO BASE_F

  • Listbox set to NOT editable cells; EditRow property seems to override

    Hi All, I have several listboxes that I programmatically set to Editable Cells or not, depending on the runtime status. When I have it turned OFF, I do not want the user to be able to edit the text values in the cells. However, I have a RTM for the l

  • .currentThread().getContextClassLoader().loadClass(value)

    Hi What the difference between Thread.currentThread().getContextClassLoader().loadClass(value) and Class.forname(value)? I'm using property files and storing the name of class file in propert file .I want to use Class.forname(value).In that condition

  • Modify High Level User Interface

    Respected Sir i am using MIDP2.0 for my application. i want to modify some High Level User Interface in my application. i mean that for TextBox High Level User Interface i want to change(Modify) TextBox predefined size , color,etc.... Is it Possible.

  • New Symbols for Keynote 3... again

    Updated my Symbols file again. http://web.mac.com/makentosh/iWeb/tipsfromtheiceberg/Blog/5A47CA49-D686-425C-97B C-03440517B907.html This time, I left out stars since Keynote does a great job of creating those automagically within the program. This is