CSM 4.3 Users Cannot Log In to CSM Client Applications After Upgrade

Introduction

This document describes issues you might encounter after you upgrade to the Cisco Security Manager Version 4.3 (CSM 4.3). It also discusses the Role-Based Access Control (RBAC) issues you might encounter when you log in to CSM Client Applications. While this document focuses on CSM 4.3, the same problem and solutions might apply to other CSM versions that use the 4.3 Local-RBAC feature as well.

Problem

Once you upgrade to CSM 4.3, you receive this error when you log in to CSM client applications:

This happens when any Local RBAC Authentication, Authorization, and Accounting (AAA) Mode is selected:

If the AAA Mode Setup is Local RBAC, CSM 4.3 implements native RBAC for non-Cisco Secure Access Control Server (ACS) AAA Modes. This means that any user who logs in is checked for a role against the Common Services Local User list.

Solution 1

The best practice is to add users to the Common Services Local Users list and assign them to the proper roles. You can do this in the Local User Setup section in Common Services. You can also find it in the CSM Configuration Manager in Tools > CSM Administration > Server Security.

You can log in to the CSM Client with the administrator account that was set up with CSM at the initial installation of the original version.

Solution 2

There is a check box in Tools > CSM Administration > Server Security > that allows login for user IDs that are not available in the Local User Database.

You can log in to the CSM Client with the administrator account that was set up with CSM at the initial installation of the original version.

Related Information

• Cisco Security Manager 4.3 Installation and Upgrade Guide
• Technical Support & Documentation - Cisco Systems