From: Elias Udechime (euchime@xxxxxxxxx)
Date: Fri Oct 12 2001 - 13:17:03 GMT-3
That's what I was told when I called for support on
CiscoSecure ACS 2.3.3 on Solaris.
I guess I have to research for that.
--- Tony Olzak <tolzak@comwavz.com> wrote:
> Where did u read that they are converting ACS to
> Access Registrar? They
> are two different products: ACS is for the
> enterprise and registrar is
> for service providers. AR doesn't even have a GUI
> interface and I
> believe it's only available for Solaris. AR also
> didn't have support for
> other functions like LEAP until just recently, and
> can only be a RADIUS
> server.
>
> Tony Olzak, CCIE #6689
> ComWavz
> tolzak@comwavz.com
>
>
>
> -----Original Message-----
> From: Elias Udechime [mailto:euchime@yahoo.com]
> Sent: Friday, October 12, 2001 11:06 AM
> To: ccielab@groupstudy.com
> Subject: Re: using Cisco Secure ACS to control
> terminal access to
> routers
>
>
> Cisco is changing the CiscoSecure ACS to ACCESS
> REGISTRAR. They are the same, just more robust and
> more sessions.
>
> Are you running TACACS(+) or RADIUS?
>
>
> If you are having problems with your CiscoSecure ACS
> system, check these items first:
> 1. Make sure you are using the correct version of
> the
> Cisco IOS software for your version of the
> CiscoSecure ACS and the protocol you are using.
>
> 2. Make sure you are using a web browser that is
> supported for your version of the CiscoSecure ACS.
> See
> the release notes or the readme.txt file for a list
> of
> supported web browsers.
>
> 3. Make sure attribute values assigned to user
> profiles do not conflict with those assigned to
> their
> group profile.
>
> 4. If you are using the RADIUS protocol, any changes
> to the dictionary for one profile will affect all
> groups and users who are assigned that dictionary.
> To
> see if your dictionary has been changed, compare the
> dictionary attributes you see listed on the
> web-based
> interface line-by-line with those listed in the
> chapter "RADIUS Attribute-Value Pairs and Dictionary
> Management." If they differ, your dictionary has
> been
> changed. You can also use this technique to find out
> which dictionary has been assigned to a profile.
>
> 5. Confirm that CiscoSecure ACS installed without
> generating any errors.
>
> 6. Use a text editor, such as vi, to view the
> $BASEDIR/logfiles/cs_install.log.
>
>
> 7. Confirm that CiscoSecure ACS starts successfully.
>
>
> Here is authentication Error Message and Meaning.
> May
> be UNKNOWN NAS is UNKNOWN USER instead.
>
> Use a text editor such as vi, to examine the
> $BASEDIR/logfiles/cs_startup.log.
>
>
> Note any errors and correct them where possible.
> Authentication - User not found
> User not found in the database.
>
> Authentication - Bad type
> Bad authentication type (login, sendpass, and so
> on).
>
> Authentication - No username specified
> No username found in the database.
>
> Authentication - Unexpected data
> Authentication - Unexpected reserved data
> Bad data in the authentication packet.
>
> Authentication - Incorrect password
> Password incorrect.
>
> Authentication - Aborted sequence
> Authentication sequence aborted by the NAS.
>
> Authentication - File handling error
> Authentication encountered a file handling problem
> with the NAS.
>
> Authentication - Unknown password type
> Bad password type.
>
> Authentication - User not in file
> User not found in the database.
>
> Authentication - Error in external function
> An error occurred outside the AAA server.
>
> Authentication - Bad service
> Invalid service encountered in the PPP1, shell, or
> other component.
>
> Authentication - Bad action
> The server performed an invalid function.
>
> Authentication - Bad password
> Garbled password.
>
> Authentication - SENDPASS successful
> Authentication - SENDPASS failed
> Authentication - LOGIN successful
> Authentication - ENABLE successful
> Authentication - CHPASS successful
> Authentication - SENDAUTH successful
> Authentication - SENDAUTH failed
> Various types of authentication success/failure
> messages.
>
> Authentication - Too many tries
> User exceeded the allowable number of attempts to
> enter the correct password.
>
> Authentication - Can't change password
> Authentication - Change password failed
> An attempt to change a password failed.
>
> Check out this link also
>
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/cs_unx/c
> su23rg/troubles.htm#27271
>
> Elias
>
>
> --- Dennis Bailey <amazingplace@prodigy.net> wrote:
> > I am wondering if anyone has been able to use
> > CiscoSecure ACS (NT/2000
> > version) for controling
> > access to router console and vty lines. I am
> > currently running ACS 2.5 and
> > am using it for authentication of dialup and vpn
> > remote access users. I
> > have been trying to figure out how to use it to
> > control access to my routers
> > but seem to get to a point where authentication
> > fails and the message in the
> > failed attemps log is "unknown NAS"
> >
> > Is it necessary to define every device in cisco
> > secure for this to work? Is
> > there a default NAS config. I
> > know I must be missing something simple, I can get
> > it to work fine when I
> > configure it for terminal access on one of my
> remote
> > access routers (which
> > are defined as NAS in cisco secure) but nothing
> > else.
> >
> > Any ideas, links, examples, abuse....whatever you
> > feel is appropriate..except
> > one day lab stuff :-)
> >
> > Thanks,
> > Dennis
> > **Please
> > read:http://www.groupstudy.com/list/posting.html
> >
>
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:18 GMT-3