Cisco ACS db corrupt?? [7:46882]
I have a problem with the local database on a 2.6(6) ACS server. All users use an external database for authentication (NT or RSA) but I want to create a user with a password stored in the ACS server. I can create a new user and assign all the correct attributes without any errors, however when I try to login with the user they are rejected. The logs show the user is rejected due to the CS password : CS password invalid . I have tried to create other users and also to change users account setting so that they authenticate using the CS password, with no luck. So I think there is a problem with the passwords stored in the ACS server We have upgraded the server twice in the past 8 months for new features and bug fixes whether this has caused the problem I don't know. Any ideas on how to verify or fix this? Cheers Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46882t=46882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco ACS db corrupt?? [7:46882]
Patrick Donlon wrote: I have a problem with the local database on a 2.6(6) ACS server. All users use an external database for authentication (NT or RSA) but I want to create a user with a password stored in the ACS server. I can create a new user and assign all the correct attributes without any errors, however when I try to login with the user they are rejected. The logs show the user is rejected due to the CS password : CS password invalid . I have tried to create other users and also to change users account setting so that they authenticate using the CS password, with no luck. So I think there is a problem with the passwords stored in the ACS server We have upgraded the server twice in the past 8 months for new features and bug fixes whether this has caused the problem I don't know. Any ideas on how to verify or fix this? Cheers Pat Here's the correct version info CiscoSecure ACS v2.6 for Windows 2000/NT Release 2.6(4) Build 4 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46883t=46882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco ACS db corrupt?? [7:46882]
Are you by chance using a UNIX browser to do this? Only browsers on Microsoft operating systems will properly enter a password into a user. There's a DDTS (CSCdu40827), but it's been postponed. Other than that -- yes, it's possible for the database to be corrupt. To rule this out, I would recommend the following steps. These are run from a command prompt in the UTILS directory, with all services running: csutil -q -b recovery.cab net stop csauth csutil -q -d -n -l net start csauth This will make a full backup, then do a text dump of the user database, wipe the user database, and reimport the text dump. Thanks, Shawn Patrick Donlon wrote: Patrick Donlon wrote: I have a problem with the local database on a 2.6(6) ACS server. All users use an external database for authentication (NT or RSA) but I want to create a user with a password stored in the ACS server. I can create a new user and assign all the correct attributes without any errors, however when I try to login with the user they are rejected. The logs show the user is rejected due to the CS password : CS password invalid . I have tried to create other users and also to change users account setting so that they authenticate using the CS password, with no luck. So I think there is a problem with the passwords stored in the ACS server We have upgraded the server twice in the past 8 months for new features and bug fixes whether this has caused the problem I don't know. Any ideas on how to verify or fix this? -- Shawn Heisey Cisco Systems USA Technical Lead for SLC-SECURITY team Direct: +1 801 736 3939 ext 55153 Toll Free: +1 800 553 2447 Shift: Mon-Fri 8:30a-5:00p Mountain Daylight Time Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46895t=46882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
