Acs user database

Similar Messages

• ACS User database Backup

  Is it possible to have the ACS user database in an excel sheet

  Hi,
  You can open .dmp file in notepad but that will not provide any info as its not user readable.
  You need to export the lsit of users in .txt extension
  here is the command that you need to run from the command prompt where ACS is installed
  start > run> cmd > go to this dir
  C:\Program Files\CiscoSecure ACS v4.2\bin>net stop csauth
  CSUtil.exe -u user.txt
  C:\Program Files\CiscoSecure ACS v4.2\bin>net start csauth
  Then you can easily access user.txt file in notepad.
  HTH
  JK

• ACS User Database Export

  Is it possible to export the user database stored in the Cisco Secure ACS Database to some file. I need to see all the user accounts and their group assignments etc to be able to do reporting on this.
  Any ideas?

  yes... csutil -d will dump the db.
  look at aaa-reports (www.extraxi.com) they can import the dump file and run reports off it.

• ACS User database problem

  I have installed an ACS 3.3 on win 2003 server and I've encountered this problem:
  Durin a mudification of some user (group belongings)some of this users, have been duplicated and une of this assigned to default group.
  At this time these users (default group)is not possible to delete it.
  Can anyone help me?
  Tranks and Regards

  This appendix contains details on the Cisco Secure ACS command-line utility, CSUtil.exe. You can use CSUtil to import username, password, and group information all at once from a standard text file to back up and maintain your database.
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt26/usergd26/apimport.htm

• How to manipulate the large Cisco ACS user database?

  e.g. I have to change the settings of "disable the account if failed attempts exceed times" one by one. Is there a batch method of operation?

  Use the JDBC-ODBC driver which is already installed with the JDK.
  The best place to look is the Java Tutorial on JDBC which will gve you the basics, check out
  http://java.sun.com/docs/books/tutorial/jdbc/basics/index.html
  This will show you how to get a connection and from there it should be a matter of using standard SQL calls

• ACS 4.2.1.15 External User Database 'Authen DLL '

  Having CSACSE-1113-K9 with ACS 4.2.15.
  I want to confiure windows user database under extrenal user database but i get an error  (attached) 'An error has occured while processing the Authen DLL Configure pagebecasue an error occured....'
  External User Database----->database configuration --->Windows Database------>Configure.
  I tried to stop the services and start agian but the same issue.
  Th eappliance is secondary (backup) ACS. On the primary it is working fine.
  Any help would be appreciated.
  Regards,
  BJ

  Hi Abdul,
    Can you check if the remote agent on the windows server box is running the same 4.2.1.15 version as well.
  Like if  ACS -4.2.1.15   then make sure that remote agent is also 4.2.1.15
  or
  if ACS is running 4.2.1.15 patch 2 then remote agent should also be 4.2.1.15 patch 2
  Let me know if the version is same and if not then install the remote agent correctly and try again.

• ACS and Windows 2000 user database communication port

  Could my Windows 2000 SP4 + ACS v3.23 can install any new Windows 2000 service pack ?
  I'm affraid to infect ACS Service.
  So, I want to install firewall on this server to block malicious traffic.
  However, my ACS used external user database Windows 2000 for authentication.
  Who can tell me What protocols or port list they are communication?
  I have to avoid these traffic on my firewall.

  Hi cheng
  I think you can install any servie pack without problem and the SP4 is the latest one for WIN2000 and you server already has this SP
  For your second question you need to specify many protocols according to your active directory config in this link you can find a list of this protocols and the best way is to make debug or logging or use a siniffer to know the exactly protocols flow between your ACS and AD server
  http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
  Best Regards

• ACS support Kerberos User Database?

  Hi,
  I've a customer currently having kerberos user database. I proposed to him to implement ACS to enable 802.1x on wireless client. Can ACS support or integrate with Kerberos User Database? If yes, any user guide which list out the steps on doing so?
  I searched through Cisco website but failed to find any info related to the integration of ACS with Kerberos User Database.
  Thank.
  Delon

  For network users who are authenticated by a Windows user database, Cisco Secure ACS supports user-changeable passwords upon password expiration. You can enable this feature in the MS-CHAP Settings and Windows EAP Settings tables on the Windows User Database Configuration page in the External User Databases section.

• Export User-Database between ACS-Server

  Hi everyone ,
  an ACS 2.3 is running under Unix with 3000 based user. The job is, to migrate the user-database to a new ACS-Server under Windows.
  On the unix-version 2.3 there is no way to export the database to external.
  The only way, i hope, is to mirror the old and the new server as redundant server and if the database is mirrored on both server, than the database is ready for export.
  Is this correct?
  Is there an other way?
  Thanks for your input.
  Ralf

  The migration should go to version 3.1 or 3.2 .
  Ralf

• Intergrating ACS with user database in windows DC

  Please,
  I just installed and configured ACS on window 2003 server on my network. The next task is to integrate the user database in my DC with the ACS. I need you to tell me in steps what else that need to be done.The documentaion is not specific.
  (I heard about 'remote agent' please what is this,and is it required?)

  I think you can map your DC groups to ACS group
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/qg.html#wp940538
  M.

• ACS external database issue

  Hi
  I have the following issue, user exists on both the ACS and token server authenication is set to external database with no unknown user policy as the user is known to the ACS! this fails authenication error message is CS user unknown... Now if the unknown user policy is set to the external database the authenication works fine this is on 3.3. I have checked for bugs to no avail.
  Any assistance would be good...
  Thanks MJ

  Hi JG
  Many thanks for your response, it is configured this way due the documentation below:
  Known Users -Users explicitly added, either manually or automatically, into the CiscoSecureACS database.
  These are users added through User Setup in the HTML interface, by the RDBMS Synchronization feature, by the Database Replication feature, or by the CSUtil.exe utility. For more information about CSUtil.exe, see "CSUtil Database Utility".
  CiscoSecureACS attempts to authenticate a known user with the single database that the user is associated with. If the user database is the CiscoSecure user database and the user does not represent a Voice-over-IP (VoIP) user account, a password is required for the user. If the user database is an external user database or if the user represents a VoIP user account, CiscoSecureACS does not have to store a user password in the CiscoSecure user database.
  This is from the following link....
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user/qu.htm
  Many thanks MJ

• ACS internal database replication

  I have setup ACS internal database replication and it works once then the secondary config is overwritten and doesn't contain the AAA server of the primary.
  primary               - 10.100.253.25
  ACS 1113 running 4.2
  secondary          - 10.100.253.26
  ACS 1113 running 4.2
  Example of before and after
  Before replication
  The primary has these AAA servers listed under network components.
  self - 127.0.0.1
  acs2 - 10.100.253.26
  The secondary has these AAA servers listed under network components.
  self - 127.0.0.1
  acs1 - 10.100.253.25
  After replication
  The primary has these AAA servers listed under network components.
  self - 127.0.0.1
  acs2 - 10.100.253.26
  The secondary has these AAA servers listed under network components.
  self - 127.0.0.1
  acs2 - 10.100.253.26
  therefore after the first replication subsequent attempts will fail because the secondary won't accept attempts from unknown AAA servers. Is this to be expected or can I mitigate it in someway?

  Please try setting the original ip address by using "Set ip" Command from the console connection of the ACS Solution engine. Once you successfully changed the ip address, you can apply the patch 11 or above (latest is patch 16) on the ACS SE (This will fix the problem).
  In majority of cases set ip command fails but sometime works too.
  In case it doesn't help then we have 2 options:
  1.] Open a TAC case, send the database file to delete the entry.
  2.] If you are not intrested sending your database then try the below listed steps:
  In order to remove the loopback entry from the Database, we need to follow following steps,
  Please download ACS 4.2 trial from following link, if you do not have ACS Full version for Windows purchased.
  http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-eval- eval-ACS-4.2.0.124-SW.zip
  [1] Install eval version on Windows 2000/2003 server. Please also ensure that JAVA is installed on that server.
  [2] Take a backup from ACS SE from, System Configuration > ACS Backup >Backup Now.
  [3] Restore the database backup on ACS eval.
  [4] On eval ACS , go to Network Configuration > find the AAA Server entry with 127.0.0.1 entry. Edit it and give it some other IP for
  example, 1.1.1.1. Submit + Apply.
  [5] On eval, Restart CSAdmin service.
  [6] On eval, go back to Network Configuration and search for the changed IP address and delete that entry, Delete + Apply.
  [7] Take a backup from eval ACS, System Configuration > ACS Backup > Backup Now.
  [8] Restore the database backup from eval ACS into ACS SE from option, System Configuration > ACS Restore, choose the database backup. Check Check option "User and Group Database" and "CiscoSecure ACS System Configuration", then press Restore Now.
  [9] On ACS SE, go to Network Configuration, make sure that 127.0.0.1 entry is not there and for ACS SE's hostname we have the correct IP address. Go to Proxy Distribution Table > (Default). Move the server’s hostname entry that has correct IP for this ACS SE into "Forward To" column, if not already. Then press "Submit + Restart".
  Reference defect, CSCso36620 - Toggle nic command changes AAA server ip address to "127.0.0.1" in GUI.
  Regards,
  Jatin
  Do rate helpful posts-

• How to bind ACS users to only one SSID?

  Hello!
  I have ACS 4.2 and AP 1240. I`m use two SSID - guest and user. Guest ssid must use PEAP authentication, user ssid must use EAT-TLS authentication (acs user local database). All work correctly. But when i create user for EAP-TLS, i`m create with username of DN certificate and some password. And somebody can use DN as username and password for PEAP authentication for ssid Guest and ssid Users.
  How can i make for ssid guest that work only PEAP authentication and for ssid work only EAP-TLS authentication?

  Are you using autonomous or lightweight AP's? If you have a controller you could setup the Radius attributes to specify which WLAN the user can authenticate to.
  Another option would be to setup dynamic VLAN assignment. This would work for either type of AP. The user might still be able to authenticate to either WLAN but after passing authentication they would be dumped into the VLAN you define.
  http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42sol.html#wp1086421

• Difference between ACS Administrator account and ACS user account?

  Does an ACS administrator by default have full rights to every device it manages?
  I thought ACS administator accounts and user accounts were different.
  I have an acs admin account called admin_1. then i created another user account called admin_1 (for switch/router access)
  when i set the password for admin_1(user accounts), when i tried to login into the switch it wouldn't take. It would only take the password set for the ACS admin account.
  Is this by design?

  My understanding was that this is not the case, Ive just tested my installation again to make double sure and the user accounts and the admin accounts are clearly seperated
  The RADIUS server does not make use of the Admin user database.

• Memory error after C042 errors on users database

  Hi,
  We recently have memory error messages on the POA and on the Client.
  The error seemed to follow several C042 errors:
  The database function 53 reported error [C042] on user4mn.db
  Error: Memory error. Memory function failure [8101] User:
  I cannot find any process that is accessing the user database at that time (GWcheck, Backup)
  The user also gets a memory error and has to restart the client.
  any ideas?

  On 9/7/2011 2:16 AM, pdjongh wrote:
  >
  > Hi,
  >
  > We recently have memory error messages on the POA and on the Client.
  > The error seemed to follow several C042 errors:
  > -The database function 53 reported error [C042] on user4mn.db
  > Error: Memory error. Memory function failure [8101] User:-
  >
  > I cannot find any process that is accessing the user database at that
  > time (GWcheck, Backup)
  > The user also gets a memory error and has to restart the client.
  >
  > any ideas?
  >
  >
  Have you run a full contents and structure check on the user?