Cisco ACS Appliance and Passed Authentication Logs

I'm seeing something on our ACS appliance logs that looks kind of odd (but it is working fine).
When I look at the "Passed Authentication" logs, the users seem to show up about 3 time a minute (each). Maybe I am missing something, but this seems like some type of over-reporting.
Any ideas why this would be happening? I'm probably missing something obvious, but since I'm new to this I can't find the problem.
Thanks for any suggestions!

What version of CSACS are you running? Has this just started happening, or was the problem just identified? It could be a performance issue if in fact everything was reauthenticating every 20 sec. Are all your devices showing up, or just wired or wireless? It could be a slight misconfiguration that could be hard to find. If you have the capability, you might want to capture the traffic going to your CSACS server to see if the authentications are actually happening, or like you mentioned...just reporting issues. I ope this helps.

Similar Messages

  • Passed Authentication Logs on ACS 4113 SE appliance

    I need to get a copy of all Passed Authentication logs from our appliance. Is there a way that I can ftp all those files to another device? Or is there another way that I can retrieve those files?
    Thanks
    Dwane

    Dwane,
    Yes, you can send logs to another system on the network using remote agent.
    Remote Logging for ACS SE with ACS Remote Agents
    The Remote Logging feature enables ACS to send data to one or more ACS Remote Agents. The remote agent runs on a computer on your network. It writes the data that ACS sends to it into CSV files. You can configure many ACS Solution Engines to point to a single remote agent, thus making the computer that runs the remote agent a central logging server.
    For more information about installing and configuring an ACS Remote Agent, see Installation and Configuration Guide for Cisco Secure ACS Remote Agents Release 4.1
    Regards,
    ~JG
    Do rate helpful posts

  • ACS appliance and remote agent testing

    Having problems with integrating ACS appliance with Active Directory. Have installed the remote agent on a member server and from the ACS appliance can enumerate the Active Directory groups correctly so there is at least some communication happening.
    Looking at the remote agent logs whenever a request for the AD groups comes through you see corresponding log entrys. When a user tries to authenticate though there are no logs coming through to the remote agent. So maybe it is not being sent to remote agent?
    In the failed authentications log on the ACS the error is unknown user, it does show the correct username + domain as the person trying to authenticate.
    The Windows server is setup for unknown user policy.
    ACS version is 4.1.1.23, Remote Agent is latest version available.
    Any ideas or things to check?

    Hi,
    As per your last line, It seems that ACS and RA ver are not same. Please note that ACS appliance and RA software ver has to be same else it won't work.
    Regards,
    ~JG

  • [Cisco ACS] 11036 The Message-Authenticator RADIUS attribute is invalid

    Hi,
    I got many Cisco AP which are linked to 2 Cisco WLC.
    On each WLC, I configured a primary and a secondary RADIUS Server.
    RADIUS servers are Cisco ACS 5.2.0.26 (patch 10)
    Primary and secondary ACS configurations are synchronized.
    There are no problem between primary WLC and Cisco ACS (primary and secondary).
    When secondary WLC requests primary Cisco ACS, I get this error "11036 The Message-Authenticator RADIUS attribute is invalid"
    Secondary WLC automatically contacts secondary Cisco ACS and it works fine.
    Cisco ACS description for this error: "This maybe because of mismatched Shared Secrets."
    The two Cisco ACS are synchronized so I should have same error on them...
    Why does primary ACS generate this error?
    Thanks for your help,
    Patrick

    Tarik Admani wrote:Amjad,That is a good observation, shouldnt 7.3 (which recently released) help put these types of issues to rest? I hear that the configuration can now be replicated from one controller to the next in a failover setup.Thanks,Tarik Admani
    *Please rate helpful posts*
    Yes. That is a good point.
    With 7.3 you can use high availability (HA) between two WLCs and you can configure only one WLC (the primary) and all the configuraiotn can be replicated and synched to the other WLC (the secondary).
    The two WLCs in the HA must be on same subnet though. Otherwise hot-standby HA between WLCs can't be used.
    Rating useful replies is more useful than saying "Thank you"

  • Cisco ACS 1121 version 5.3 - Logging

    Hi There
    I'm new to Cisco ACS 5.X. From what I have read, the Cisco ACS can act as a Logging Server. Does this mean, all the syslog messages from all the other ACS and network devices can be stored by ACS? I'm a bit confused on this part.
    Lastly, I understand that Cisco ACS has many or maybe 2 instances? When do we use these instance? What is this instance?
    Regards,
    Ram

    In the distributed deployment, you should specify one acs server as the Logcollector. All other servers send logs to the Logcollecter.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/logging.html
    In distributed deployment, each acs server is one instance. So you have one primary instance and multiple secondary instances.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/introd.html#wp1058054
    Sent from Cisco Technical Support iPad App

  • ACS PASSED AUTHENTICATION LOG

    Hi
    I am trying to export my passed/failed authentication log to MS-EXCEL . Since my log in acs is huge MS-EXCEL has a restriction on the number of rows and columns. How do i delete the old logs and have the logs between specified dates.
    Or is there any other mechanism so that i can open this log file in .csv format without truncating the content of the log file.
    Any help is appreciated
    Thanks in advance

    There are utilities about that allow you to split a file into a series of files but only containing N lines.
    Alternativly have you looked at AAA Reports from Extraxi, that allows you to do a whole host of reports and handles all the issues of archiving and management of the data.

  • Using Cisco ACS for Solaris login authentication

    Hi all
    I am planning to authenticate ssh logins to Solaris 8/9 systems using PAM and radius (while radius is considered the primary solution, tacacs+ could be used, too). The radius/tacacs+ server is provided by a Cisco ACS.
    Can anybody out there confirm that the combination "Solaris & PAM & radius/tacacs+ & Cisco ACS" is correctly doing this authentication stuff? Is there anything to specially consider?
    Thanks, David

    Hard to comment with any certainty but provided the client implementation of RADIUS is sound AND the authentication protocol is one that ACS supports, eg PAP, CHAP, MSCHAP, LEAP, EAP (PEAP/FAST/TLS/GTC/MSCHAP) then should be fine.

  • Cisco ACS 4.2.1 authentication problem

    We are using cisco ACS 4.2.1 on windows 2003  to authenticate  with windows 2003 Actice Directory. We have update Active directory server windows 2008 version. We have checked the configuration of ACS on windows database and no problem but we can't see in ACS dynamic user. I have authentication problem ACS 4.2.1 to Windows 2008 R2 active directory.

    Hi there,
    There is a section in the ACS 4.x where you can define if the ACS should show the dynamic users or not, make sure that this option is unchecked, for this go to External User Databases/Unknown User Policy/Configure Caching Unknown Users
    Also if you are facing authentication issues with ACS 4.x and Windows 2008 R2, you may want ready my previous answer.
    Let me know if this helps.

  • Windows Update for Cisco ACS appliance

    Due to the recent security alert from Windows I wish to make sure my systems are updated, but the cisco ACS appiance (cisco 1113) runs a specialized version of win2k with console access disabled. Is there any way get the windows critical security updates, and do I need to?

    If the patch is necessary on acs appliance then they will be releasing it soon.
    As of now we can't apply any windows patch on appliance.

  • Cisco ACS appliance max clients?

    Hello,
    I am trying to find out if cisco ACS 4.2 or 5.2 Appliance has a built in limit on the amount of AAA clients that can authenticate against it.Is it session based or depending on the ammount of clients listed in the setup?
    Thank you

    got lucky on google. i guess I'll need to learn to navigate this site better.
    https://supportforums.cisco.com/message/3159718

  • Cisco ACS Appliance

    I'm trying to customize the Appliance, which is running ACS 3.3.2.1, via the web interface. When I click on Interface configuration, only "User Data Configuration" and "Advanced Options" selections are displayed. We are customizing this appliance as a Tacacs Server. The "TACACS+ (Cisco IOS)" selection is missing or hidden. How do I get this selection to appear under Interface Configuration?

    You need to have a device configured in the network section to use TACACS+ for auhtentication before this option appears.

  • I setup a Cisco Home Network and Need help Logging into It

    Hello, I have four 2521 routers and three 2954 switches.  I connected my ISPs modem from the ethernet port and plugged it into port 24 of one of my switches.  I also configured the switch for VTY access and gave it a login password.  I would like to log into the switch to configure it and telnet into all the other devices from a remote location.  But I am unable to ping the public address assigned to me by my ISP.  So I can't even telnet to the switch.  Help

    With help from elsewhere, I have learned how to change the colors and figured out a few other things. I have another question, though.
    I want to put a Twitter widget and a comment box on my website. I have the widget code from Twitter, but it is HTML and javascript or something. Can I just put these codes into the modules of the flash template? If you look at the template, you should see that it has modules that have editable HTML  text areas, but I don't know if it is limited to text or something, or if it will function correctly if I put other HTML codes in it such as script codes, etc in it.
    Also, if that works, does anyone know where I can get a code to put the comment box in one of the modules? I don't mean a contact box, I mean a widget where people can leave comments and the comments display on the page, like on a myspace profile. Just something simple that allows a visitor to leave a name and a text-only comment. I would also like to be able to selectively delete comments in case of spammers, etc.
    I found this, which might be what I am looking for, just a simple comment box, but this one is flash:
    http://activeden.net/item/commenting-with-no-database/69183?sso?WT.ac=search_item&WT.seg_1 =search_item&WT.z_author=flashBrian
    Message was edited by: ESJoeProductions

  • Remove a device from Cisco ACS Appliance v 4.2

    I am trying to remove a device that was added.
    I know I have to do this via RBDMS synchonization since the device name is over 32 characters long.
    I cannot seem to find my example or the action codes to delete this device.
    If the device name is deviceabcde.all-equipment.mine.com.  I know it is not 32 characters, but removal via sync'ing will be the same.
    Any help would be appreciated.
    dwane

    You can try using the Device and Credentials Repository command line interface (dcrcli). Instructions for its use care located here.
    If the issue is with the Fault tool (also known as DFM) then please see this thread about re-initializing the DFM databases.

  • Cisco ACS 4.2 authenticating Cisco 4710 ACE appliance failed

    Hi,
    I've got a problem with Cisco ACS 4.2 authenticating Cisco 4710 ACE appliance.
    ACS4.2 has been configured to use both internal and external database. It's been working fine for a couple or years.
    Recently we bought a Cisco 4710 ACE appliance. When I use ACS4.2 internal username and password to login the Cisco 4710 ACE appliance, I have no problem. I can also see the passed authentication log on ACS4.2. However, if I use AD username and password, I couldn't login in. The message is "Login incorrect". I checked the failed attempts log on the ACS4.2, there was no log regarding the failed attempt. My AD username and password works fine on all other cisco routers and switches.
    I've posted my AAA configuration of the 4710 ACE below. ACE is running on the latest version A4(1.1). Please help.
    tacacs-server key 7 "xxxxxxxxxxxxx"
    aaa group server tacacs+ tac_admin
      server xx.xx.xx.xx
    aaa authentication login default group tac_admin local
    aaa authentication login console group tac_admin local
    aaa accounting default group tac_admin

    Hi,
    Since the ACS is receiving the request.
    Could you please ensure that In ACE on every context (including Admin and other) you have  following strings:
    tacacs-server host x.x.x.x key 7 "xxx"
    aaa group server tacacs+  tac_admin
       server x.x.x.x
    aaa authentication login default group  tac_admin local
    aaa authentication login console group  tac_admin local 
    aaa accounting default group x.x.x.x
    On ACS side for group named "Network  Administrators" you should configure in TACACS settting:
    1. Shell  (exec) enable
    2. Privilege level 15
    3. Custom attributes:
               shell:Admin*Admin default-domain
        if you have additional  context add next line
              shell:mycontext*Admin  default-domain
    After  loging to ACE and issuing sh users command you should see following
    User             Context                                                                  Line     Login Time   (Location)        Role   Domain(s)   
    *adm-x        Admin                                                                    pts/0   Sep 21 12:24  (x.x.x.x)    Admin   default-domain
    Hope this helps.
    Regards,
    Anisha
    P.S.: please mark this thread as answered if you fee your query is resolved. Do rate helpful posts.

  • With Cisco Secure ACS For Windows TACACS+, authentication fails with AD

      I am setting up a Cisco Secure ACS 4.2 server to act as a TACACS server for Switches and Routers  I am using Windows 2003 server for the ACS,
    and a Windows 2003 Active Directory server.  The AD server is fine, as it is used for many other things.
    I have set up ACS as defined nit he installation guide, including all the steps in the 'Member Server' section of the install guide
    when using AD as an external database (i.e. setting up the services to run with a domain admin account, setting up a machine called 'CISCO'
    on the domain etc).
    I've set the unknown user policy to use the Windows database if the internal database doesn;t contain the user details.
    If I add a user to the internal database, the authentication goes through fine, with an entry in the 'Passed Authentications' log,
    02/24/2010,05:07:03,Authen failed,eXXXX,Network Administrators(NDG) ,X.X.X.X,(Default),Internal error,,(geting error message as INternal Error)
    I've scoured google etc, and just cannot come up with any reason why this should be happening.
      I've followed all the install guides to the letter.  I need to get this up and running as soon as possible,
    so am looking forward to finding out if anyone can help me with this one!
    THanks and regards
    Sharan

    Hi  Jesse,
    Thasts a great answer and Soution.
    My previous version was 4.2 and it was installed on 64 bit machine hence getting internal Error.
    After this answer i have upgraded it to ACS4.2.1 and its started working fine
    Thanks very much for the help
    Dipu

Maybe you are looking for