|
|
Product Number DOC-CSASC2.3UX-IG=
Use this guide to install the following CiscoSecure Access Control Server (ACS) products:
This guide contains the following sections:
| Section | Description |
|---|---|
Start with this section for factors to take into consideration before installing CiscoSecure ACS 2.3 for UNIX software. | |
Read this section for the basic CiscoSecure ACS installation procedures. | |
Read this section if you are installing on top of Solaris 2.5.1. It describes Solaris 2.5.1 patches necessary to run CiscoSecure ACS. | |
Read this section if you are upgrading from a previous version of CiscoSecure ACS. | |
Activating the DSM Module on an Existing CiscoSecure ACS 2.3 | Read this section if you are licensing and activating the DSM module on an existing or newly upgraded CiscoSecure ACS 2.3 for UNIX site that is not yet licensed or enabled to support the DSM. |
Read this section if you intend to use an Oracle database engine to support CiscoSecure ACS. It describes the preinstallation Oracle configuration requirements. | |
Read this section if you intend to use a Sybase database engine to support CiscoSecure ACS. It describes the preinstallation Sybase configuration requirements. | |
This section lists the online and printed sources of CiscoSecure documentation. | |
Read this section if you intend to install CiscoSecure ACS on a workstation with no CD-ROM. | |
Read this section if you intend to run third-party programs that directly edit the CiscoSecure profile database. | |
Read this section for a basic description of how CiscoSecure ACS software works with your other network components to provide authentication, authorization, and accounting services. | |
Read this section for a basic description of the Distributed Session Manager (DSM) feature and a summary of DSM installation and post-installation requirements. | |
Editing Configuration Files to Enable or Disable the DSM Module | Read this section if you want to enable DSM but do not have access to the CiscoSecure Administrator web pages. |
Editing CSU.cfg to Specify a CiscoSecure Software License Key | Read this section if you want to specify a new or replacement software license key for CiscoSecure ACS but do not have access to the CiscoSecure Administrator web pages. |
Read this section for guidelines on obtaining assistance and additional information from Cisco Systems. | |
Read this section for information about Cisco documentation and additional literature. |
Before you begin, consider the following situations and steps you must take before starting the basic installation procedures in the next section.
| Consideration | Requirements |
|---|---|
| You need to acquaint yourself with the basic CiscoSecure ACS system and how it works with other network components to provide authentication, authorization, and accounting services. First read "CiscoSecure System Description,". |
| You need to acquaint yourself with the max sessions control features that the optional Distributed Session Manager can provide. First read "Distributed Session Manager Features,". |
| Start with the procedures in "Basic Installation Procedures,". |
| You need to look up old configuration information to apply to the upgrade. First read "Upgrading from CiscoSecure ACS 2.x to 2.3," for additional instructions. |
|
|
|
|
| You need to purchase and preinstall Oracle Enterprise or Sybase Enterprise software for each of your CiscoSecure ACSes. First read "Setting Up an Oracle Database for CiscoSecure," or "Setting Up a Sybase Enterprise SQL Server for CiscoSecure,". |
| You need to follow special procedures for downloading and starting the installation package. First read "Installing without a CD-ROM,". |
This section describes the basic procedures for first-time installation of CiscoSecure ACS 2.3 for UNIX at most sites.
The CiscoSecure ACS package includes the following items:
The network components that interact with CiscoSecure ACS 2.3 for UNIX consist of:
Each of these components has certain CiscoSecure configuration requirements.
The Cisco Secure ACS (and its optional backup server) requires the following hardware and software:
The CiscoSecure ACS works with the following network access servers (NASes):
The web-browser-based CiscoSecure ACS workstation console requires the following hardware and software:
To support CiscoSecure database requirements, you have your choice of using the supplied SQLAnywhere database engine, or using supported versions of your own preinstalled Oracle Enterprise or Sybase Enterprise software running on your network.
Supported database engines include:
If you are supporting token servers, they must be installed on the network before you install CiscoSecure ACS. Supported token servers include:
If you are installing the CiscoSecure ACS for the first time on this UltraSPARC workstation, do the following:
Step 1 At the UltraSPARC workstation where you want to install CiscoSecure ACS, enter the hostid command to obtain the host ID of the system host. For example:
# /usr/ucb/hostid 55412315
Step 2 Note the host ID for the primary and backup CiscoSecure ACS systems.
Step 3 Note the token code on the label attached to page 2 of the form titled Requires Immediate Attention or Requires Immediate Attention (Distributed Session Manager).
Step 4 To receive your software license key immediately, access and supply the above information to the CiscoSecure licensing web site at:
http://www.cisco.com/public/sw-center/access/ciscosecure/
Alternatively, you can fill out the CiscoSecure Software Key Fax-Back form in one of the following documents and fax it to the number provided:
You can also e-mail this information to: licensing@cisco.com.
You'll receive your license key within three business days.
Step 5 When you get the license key, transcribe it into the blank for Enter the AAA Server License Key, in step D. Prepare Your Answers to the Install Questions.
The questions you will be asked during the CiscoSecure ACS installation are similar to those below.
| Caution The SQLAnywhere database engine does not support networks of more than 5,000 users, does not support database replication, and does not support the maximum session limitation feature of the optional CiscoSecure Distributed Session Manager feature. If your network requires these support features, Cisco recommends preinstalling the Oracle Enterprise or Sybase Enterprise database engine. |
Step 1 Log in as [Root] at the UltraSPARC workstation where you want to install the CiscoSecure ACS.
Step 2 Insert the CD-ROM labeled "CiscoSecure ACS 2.3 for UNIX" and enter:
pkgadd -d /cdrom/csus_23 CSCEacs
The installer displays the first of a series of installation prompts:
Is this a completely new install Y/N (Default yes, q to quit)?
Step 3 Complete the installation using the preinstallation information that you recorded in step D. Prepare Your Answers to the Install Questions. After installation is complete, the system displays:
Installation of CSCEacs was successful.
Step 4 Start the CiscoSecure ACS. Enter:
# /etc/rc2.d/S80CiscoSecure
If you installed the Distribute Session Manager module using the product labeled CiscoSecure ACS 2.3 for UNIX Distribute Session Manager, log in to the CiscoSecure Administrator web site and enable the DSM module as follows:
After starting the CiscoSecure ACS, access the CiscoSecure Administrator web site to perform some initial configuration:
Step 1 From a Windows 95 or Windows NT workstation, start your Netscape Navigator or Microsoft Internet Explorer web browser and enter the following URL address:
http://your_server/cs
where your_server is the host name (or the fully qualified domain name, FDQN, if host name and FDQN differ) of the UltraSPARC workstation where you installed the CiscoSecure ACS. You can also substitute the UltraSPARC workstation's IP address for your_server.
Step 2 When the CiscoSecure Logon window appears, enter the superuser name and password and click Submit. The default superuser name and password in a new CiscoSecure ACS installation are:
username: superuser password: changeme
Step 3 In the CiscoSecure Administrator web site menu bar, click AAA and then click General.
Step 4 In the AAA > General web page locate the Max Sessions Enabled field and select the Distributed option. This is the option that enables the full set of Distributed Session Manager features on the CiscoSecure ACS.
Step 5 To effect this setting, you must stop and restart the CiscoSecure ACS.
Step 6 Confirm that Oracle or Sybase database replication is set up and enabled between your CiscoSecure database sites. For details, see the chapter "Setting Up Database Replication Among CiscoSecure ACSes" in the CiscoSecure ACS 2.3 for UNIX Reference Guide.
Step 7 Confirm that AAA accounting functions are enabled on all client NASes. For details, see the chapter "CiscoSecure ACS Accounting" in the CiscoSecure ACS 2.3 for UNIX User Guide.
The CiscoSecure ACS 2.3 for UNIX User Guide and the CiscoSecure ACS 2.3 for UNIX Reference Guide provide information about what to do next.
For a list of the documentation available, see "Accessing CiscoSecure ACS 2.3 for UNIX Documentation,".
UltraSPARC workstations running Solaris 2.5.1 require the following 4 Solaris patches to support CiscoSecure ACS 2.3:
These patches or their latest versions can be downloaded from:
http://sunsolve.sun.com
README files for each patch are also available at this site.
You can use the Solaris showrev -p command to determine what Solaris patches are already installed on the system.
The product labeled CiscoSecure ACS Upgrade to v2.3 upgrades previous versions of CiscoSecure 2.x for UNIX to CiscoSecure ACS 2.3 for UNIX without the Distributed Session Manager (DSM) module enabled. If you are upgrading from CiscoSecure ACS 2.0, 2.1, 2.1.2, or 2.2.2, complete the following steps:
Step 1 Before you start the upgrade installation, read the file $BASEDIR/config/CSU.cfg and write down the software key value for use during installation.
$BASEDIR is the install directory for CiscoSecure that you specified at the time of installation. For example, if you specified "ciscosecure" as the install location, the file is located at /ciscosecure/config/CSU.cfg. Below is an example of the line in the CSU.cfg file that contains the software key value:
LIST config_license_key = {"a9505ad08a77f927afa4"};
Step 2 Prepare your CiscoSecure ACS 2.x database for upgrade to ACS 2.3 format:
If you are upgrading from CiscoSecure 2.0, 2.1, or 2.1.2, the CiscoSecure ACS installation will implement database schema changes for 2.3 compatibility. These schema changes include recreating a profile data table (cs_profile) as well as an accounting data table (cs_accounting_log).
Step 3 (Optional) If you want to preserve your old debug level, local time zone, TACACS+ NAS configurations, and supported authentication methods settings for the ACS, save the current $BASEDIR/config/CSU.cfg file to a holding directory.
Step 4 (Optional) If you want to preserve your old unknown_user default profile settings, save the current $BASEDIR/config/DefaultProfile file to a holding directory.
Step 5 Remove the current version of the CiscoSecure ACS from the UltraSPARC workstation. Log in as [Root] and enter:
pkgrm CSCEacs
Step 6 Install CiscoSecure ACS 2.3 for UNIX following the procedures described in the "Basic Installation Procedures,".
Step 7 During installation, enter your old software license key (either primary or backup) when prompted by the installer and complete the installation.
Step 8 If the CiscoSecure installation procedure fails during the database upgrade phase due to a fixable condition (such as database resources errors), do the following:
(a) Fix the condition that caused the failure.
(b) Manually complete the database upgrade procedure by changing to the CiscoSecure $BASEDIR/utils/bin directory and running the CSdbTool utility. Enter: ./CSdbTool upgrade
(c) Remove the CiscoSecure binary files again. Enter: pkgrm CSCEacs
(d) Restart the CiscoSecure installation. Enter: pkgadd -d /cdrom/csus_23 CSCEacs
Even though the database upgrade is now complete, running the installation procedure again ensures that all other necessary installation tasks will be carried out. Because the CiscoSecure ACS database upgrade is already complete, this portion of the installation will now be skipped.
Step 9 (Optional) After installation, if you saved your old CSU.cfg file as described in step 3, you can cut and paste your old settings from your old CSU.cfg file to the new CSU.cfg file to restore your original ACS debug level, local time zone, TACACS+ NAS configurations, and supported authentication methods settings. See the section "Server Control File" in the chapter "Tuning CiscoSecure ACS Performance and Configuration" in the CiscoSecure ACS 2.3 for UNIX Reference Guide for a listing of CSU.cfg settings.
Alternatively, you can simply reenter these settings through the new CiscoSecure ACS AAA General and AAA NAS web pages.
| Caution Do not copy the old CSU.cfg file over the new CSU.cfg file. The new CSU.cfg file contains important new settings specific to CiscoSecure ACS 2.3 for UNIX. |
Step 10 (Optional) After installation, if you saved your old DefaultProfile file as described in Step 4, you can use the CiscoSecure ACS 2.3 CSImport utility to import your old unknown_user default profile settings into your new ACS installation. Enter:
$BASEDIR/CSimport -c -p /hold_dir -s DefaultProfile
where:
$BASEDIR is the directory where you installed CiscoSecure ACS.
hold_dir is the holding directory where you stored the old DefaultProfile file.
If you are attempting to upgrade from CiscoSecure 2.2.2 or 2.2.3 to 2.3 in an existing replication environment and your environment includes non-updatable sites, when you upgrade the CiscoSecure software on the non-updatable sites, you will receive an error message at the end of the upgrade process stating that the installation failed. This occurs because the CiscoSecure tables that were set up for replication cannot be written to except by the replication process.
The workaround for this problem is to make sure that you have successfully upgraded CiscoSecure on your Master Definition site. Ignore the error message received on the non-updatable site(s). When you replicate, the tables that were not able to be updated will become updated from the Master site by the replication process.
If you are using the product labeled CiscoSecure ACS Distributed Session Manager Option (CSU-DSM) to enable the Distributed Session Manager module on an already existing CiscoSecure ACS 2.3 for UNIX installation, you do not need to run the installation program:
Step 1 Confirm that a Sybase or Oracle RDBMS site has been set up for your CiscoSecure ACSes prior to the last CiscoSecure ACS installation as described in "Setting Up an Oracle Database for CiscoSecure," or in "Setting Up a Sybase Enterprise SQL Server for CiscoSecure,".
Step 2 If you have not already done so, follow instructions in the document labeled Requires Immediate Attention (Distributed Session Manager) to obtain the special 28-character software license keys required to enable the DSM module.
Step 3 From any workstation with a web connection to the CiscoSecure ACS, open your web browser and log in to the CiscoSecure Administrator web site as superuser.
Step 4 Locate the CiscoSecure License Key field in the AAA General web page, enter the special 28-character software license key, and click Re-Initialize.
Step 5 Locate the Max Sessions Enabled field in the AAA General web page and select the Distributed option to enable the Distributed Session Manager features on this ACS.
Step 6 Stop and restart the CiscoSecure ACS to effect this setting:
Step 7 Confirm that Oracle or Sybase database replication is set up and enabled between your CiscoSecure database sites. For details, see the chapter "Setting up Database Replication Among CiscoSecure ACSes" in the CiscoSecure ACS 2.3 for UNIX Reference Guide.
Step 8 Confirm that AAA accounting functions are enabled on all client NASes. For details, see the CiscoSecure ACS 2.3 for UNIX User Guide chapter "CiscoSecure ACS Accounting."
Oracle software is not bundled with the CiscoSecure ACS. Therefore the CiscoSecure installation does not install or configure the Oracle product, create an Oracle database, or create a database user.
If you intend to use an Oracle database with the CiscoSecure ACS, make sure the Oracle database meets the following requirements before starting the CiscoSecure installation:
CiscoSecure ACS installation prompts require the following information concerning your Oracle installation:
If you want to set up database replication among multiple CiscoSecure ACS sites, assign your Oracle database administrator (DBA) to do so after CiscoSecure installation is complete. See the CiscoSecure ACS 2.3 for UNIX Reference Guide chapter "Setting up Database Replication among CiscoSecure ACSes" for details.
| Caution Database replication setup requires database administrator (DBA) expertise. If you do not possess DBA experience, assign this task to someone who does. |
Check the following items on the Oracle database:
If you intend to use a Sybase Enterprise database with the CiscoSecure ACS, make sure the Sybase Enterprise SQL server meets the following requirements.
Before you install CiscoSecure:
CiscoSecure installation will prompt for the following information related to Sybase:
If you want to set up database replication among multiple CiscoSecure ACS sites, assign your Sybase database administrator (DBA) to do so after CiscoSecure installation is complete. See the CiscoSecure ACS 2.3 for UNIX Reference Guide chapter "Setting up Database Replication among CiscoSecure ACSes." for details.
| Caution Database replication setup requires database administrator (DBA) expertise. If you do not possess DBA experience, assign this task to someone who does. |
The CiscoSecure installation might fail to update the Sybase Enterprise database for early CiscoSecure for UNIX 2.x versions. In such cases, the installation program will stop after the following series of prompts and messages:
alter table cs_password add primary key (profile_id, pwd_type)
*** SQLException caught ***
SQLState:
Message: Line 1 Error 1920 Level 16 State 1
A column in a primary key constraint's
column list is not constrained to be not null,
column name: 'profile_id'.
Vendor: 1920
Upgrading schema failed.
In such cases, you must use Sybase tools to manually update the Sybase database schema, then rerun the part of the CiscoSecure installation program that updates the CiscoSecure database schema.
Step 1 Start the Sybase SQL command tool, isql, and enter the following series of commands to update the database schema:
create table cs_password_new ( profile_id int not null, pwd_type varchar(32) not null, pwd_value varchar(255) null , pwd_from_date datetime null , pwd_until_date datetime null , pwd_opaque varchar(255) null , pwd_qualifier varchar(10) null , ) go insert into cs_password_new (profile_id, pwd_type, pwd_value, pwd_from_date,pwd_until_date, pwd_opaque, pwd_qualifier) select profile_id, pwd_type, pwd_value, pwd_from_date, pwd_until_date, pwd_opaque, pwd_qualifier from cs_password go drop table cs_password go sp_rename cs_password_new, cs_password go
Step 2 Run the $BASEDIR/utils/bin CSdbTool utility to continue the CiscoSecure database upgrade. Enter:
CSdbTool upgrade
After you install the CiscoSecure ACS 2.3 for UNIX software, the following documentation is available to you in several formats and several locations:
http://acs_server:9090/docs/csuxug23/index.htm
http://acs_server:9090/docs/csuxrf23/index.htm
http://www.adobe.com
If you do not have a CD-ROM drive attached to the UltraSPARC workstation where you want to install CiscoSecure ACS, download the installation software from the Cisco web site and run the installation program as follows:
Step 1 Make sure the UltraSPARC workstation where you want to install the CiscoSecure ACS has at least 150 MB of available disk space to accommodate the CiscoSecure installation download package.
Step 2 Go to the CiscoSecure Software Planner URL:
http://wwwin.cisco.com/cmc/cc/cisco/mkt/access/secure/
You are prompted for a username and password in order to access Cisco Connection Online (CCO).
Step 3 Using your SmartNet account, log in to CCO, specifying your username and password as prompted.
Step 4 Click Download CiscoSecure Software. The CiscoSecure Server Software Images page appears.
Step 5 Click the button beside the applicable version of CiscoSecure Solaris. If you agree to the terms of the software agreement, click Execute. You are prompted to specify the location from which to transfer the software image.
Step 6 Click the location of the CCO server that is closest to your target CiscoSecure server. You are prompted again for your CCO password.
Step 7 Enter your CCO password. A file is copied to your home directory.
Step 8 Uncompress the CiscoSecure ACS software package by entering the following command at the UNIX prompt:
uncompress CiscoSecure-2.3.x.x.solaris.PKG.Z
Step 9 Translate the package file by entering the following command at the UNIX prompt:
pkgtrans CiscoSecure-2.3.x.x.solaris.PKG /tmp
The following output displays:
The following packages are available: 1 CiscoSecure-2.3.x.x CiscoSecure Access Control Software (sun4) x.x Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]:
Step 10 Enter 1.
The download operation is now complete.
Step 11 Obtain your server license key and answer the preinstallation questions according to the instructions in the section "Basic Installation Procedures,".
Step 12 To start the installation program enter:
pkgadd -d /tmp CSCEacs
Profile cache updating must be enabled for CiscoSecure ACS servers whose CiscoSecure profile databases are modified directly by Oracle or Sybase database replication implementations or by third-party applications.
In the case of Oracle or Sybase database replication, you enable profile cache updating in the process of implementing the replication.
If you are using third-party applications that directly modify the CiscoSecure ACS profile data, use the following procedure to enable profile cache updating following the normal CiscoSecure installation.
Step 1 After completing the CiscoSecure ACS installation on your UNIX host, change to the CiscoSecure $BASEDIR/utils/bin directory and run the CSdbTool utility. Enter:
./CSdbTool cache_trigger
This installs triggers in the CiscoSecure ACS database tables that insert the changes in a special log table, cs_trans_log, whenever a third-party program alters any profile data. These changes are periodically incorporated into the profile cache.
Step 2 In the CSConfig.ini file, make sure the following parameters are set:
[ProfileCaching] EnableProfileCaching = ON ;polling period in minutes for cs_trans_log table DBPollinterval = number_of_minutes
where number_of_minutes is the time in minutes that the customer wants between profile cache updates. This interval should match the intervals at which database replication or third-party applications directly modify the ACS profile data. For example, if database replication is configured to take place every 15 minutes, then the number_of_minutes for DBPollinterval should also be set to 15.
The default value is 30 minutes.
Basic network components that interact with CiscoSecure ACS are shown in Figure 1.
.
| Node | Description |
|---|---|
Network access server (NAS) | The NASes provide the ports (through which remote users can dial in to the network), forward login requests to the CiscoSecure ACS, and carry out authentication and authorization instructions from the CiscoSecure ACS. A single CiscoSecure ACS can provide authentication, authorization, and accounting services to multiple NASes. |
CiscoSecure Access Control server (ACS) | The CiscoSecure ACS receives the login request from the NAS, pulls the profile from the user making the login request from the RDBMS and based on the profile:
If a token server is in use, the CiscoSecure ACS transmits the login request to the token server for authentication. |
CiscoSecure Profile database | The profile database contains the authentication, authorization, and accounting information for each of your users and groups. Each CiscoSecure ACS requires a relational database management system (RDBMS) engine installed to store, retrieve, and maintain this information. CiscoSecure supplies an SQLAnywhere database engine with the CiscoSecure ACS for UNIX product; however, if you intend to support profile databases larger than 5,000 users or a network of CiscoSecure ACSes using a common replicated profile database for authentication, authorization, and accounting, you must purchase and preinstall Oracle Enterprise or Sybase Enterprise RDBMS to support your RDBMS. |
CiscoSecure workstation console | The CiscoSecure workstation console provides web-based pages through which the CiscoSecure profile database can be administered by the CiscoSecure system administrator or group administrator. |
Token server | An optional third-party server for executing authentication of token card users entering one-time passwords (OTPs). The CiscoSecure ACS can be configured to forward login requests from token card users for authentication by the token server. |
Networks that provide access at multiple locations or support large numbers of users (for example, nationwide ISP networks that provide local dial-in login across the nation) are best supported by multiple ACSes with an RDBMS configured to replicate changes to any local CiscoSecure profile database to all other CiscoSecure profile database sites in the network.
In order to support database replication among your ACSes you need to purchase and preinstall Oracle Enterprise or Sybase Enterprise RDBMS software at each ACS database site where you want replication of the CiscoSecure profile database to be carried out.
The per user, per group, or per VPDN maximum session limit feature of the CiscoSecure ACS 2.3 for UNIX with DSM package requires you to configure profile database replication.
With the CiscoSecure ACS 2.3 for UNIX product, you can purchase a special software license key to enable the Distributed Session Manager (DSM). When installed and enabled, the DSM feature allows access to special DSM-specific web pages that enable the CiscoSecure system administrator to limit and enforce, on a very fine-grained basis, the number of concurrent sessions allowed per user, per group, or per VPDN either on a network-wide basis, or through a particular "point-of-presence" group of NASes.
Before you attempt to configure DSM max sessions control, make sure that you have implemented the following CiscoSecure installation and post-installation requirements:
| Caution Database replication setup requires database administrator (DBA) expertise. If you do not possess DBA experience, assign this task to someone who does. |
We strongly recommend using the Max Sessions Enabled field in the CiscoSecure Administrator AAA General web page to enable or disable the Distributed Session Manager or other supported types of max sessions control.
Alternatively, if you do not have access to a web browser, you can enable or disable max sessions control by editing the CSU.cfg and CSConfig.ini configuration files.
Step 1 In the $BASEDIR/config directory of your ACS server, edit your CSU.cfg and CSConfig.ini files as specified in the table below to enable the DSM or other supported types of max sessions control.
| Caution If you edit the CSU.cfg and CSConfig.ini files, make sure that when you enable one type of max sessions control that you also disable all other types of max sessions control. Enabling the settings for one type of max sessions control in the table below without disabling the settings for the other types of max sessions control can cause extremely slow authentication performance and out-of-memory errors. |
| Enabling this Type of Max Sessions: | Requires These CSU.cfg Settings: | And Requires These CSConfig.ini Settings: |
|---|---|---|
None (all max sessions control disabled)
|
These settings disable AAA server and DSM max sessions control. |
These settings disable DBServer-based max sessions control. |
Distributed Session1 Manager (DSM)
|
These settings disable AAA server-based max sessions control and enable the DSM. |
These settings disable DBServer-based max sessions control |
DBServer-based Max Sessions control
|
These settings disable AAA server-based max sessions control and the DSM. |
These settings enable DBServer-based max sessions control |
AAA Server-based Max Sessions control
|
These settings enable AAA server-based max sessions control and disable the DSM. |
These settings disable DBServer-based max sessions control |
| 1DSM-based session control can only take effect if the optional Distributed Session Manager module has been licensed for this installation of CiscoSecure ACS 2.3 for UNIX. |
Step 2 After making the above settings, stop and restart CiscoSecure ACS to make sure that all the above settings take effect:
If you want to specify a software license key after installing CiscoSecure ACS, or if you want to modify the software license key for an existing CiscoSecure ACS 2.3 UNIX installation because you have obtained a new key to enable the optional Distributed Session Manager module, you can use the CiscoSecure License Key field in the CiscoSecure Administrator AAA General web page.
Alternatively, you can manually edit the config_license_key variable in the CSU.cfg file:
Step 1 Open the file $BASEDIR/config/CSU.cfg.
$BASEDIR is the install directory for CiscoSecure that you specified at the time of installation. If you used the default install location, the file is located at /ciscosecure/config/CSU.cfg.
Step 2 Find the config_license_key variable and enter or modify the value for software license key number. For example:
LIST config_license_key = {"a9505ad08a77f927afa4"};
Step 3 After changing the software license key, stop and restart CiscoSecure ACS for your changes to the CSU.cfg file to take effect.
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more up to date than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar, select Documentation, and click Enter the feedback form. After you complete the form, click Submit to send it to Cisco. We appreciate your comments
Posted: Tue Sep 14 19:59:49 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.