Posts tagged: access control server

ACS 5.2 and AD Client

I had an experience this morning and figured I’d share it. I’m running ACS 5.2 to provide a rich Authentication, Authorization and Accounting (AAA) environment for our equipment. I like it – it provides an extremely rich feature-set and is very extensible.

Our environment uses AD on the back-end, however what happens when AD is inaccessible, what then? This happened to me today – here’s what I did.

  1. SSH to the ACS server
  2. Check the status of the adclient ACS process

  3. ACS/admin# sh app status acs

    ACS role: PRIMARY

    Process 'database' running
    Process 'management' running
    Process 'runtime' running
    Process 'adclient' Execution failed
    Process 'view-database' running
    Process 'view-jobmanager' running
    Process 'view-alertmanager' running
    Process 'view-collector' running
    Process 'view-logprocessor' running

    ACS/admin#

  4. Oops – it’s not running, so let’s stop the whole ACS process and start it back up

  5. ACS/admin# app stop acs

    Stopping ACS.
    Stopping Management and View...............................................................
    Stopping Runtime.......
    Stopping Database...
    Cleanup.....

    ACS/admin# app start acs

    Starting ACS ....

    To verify that ACS processes are running, use the
    'show application status acs' command.

    ACS/admin#

  6. All things running now?

  7. ACS/admin# sh app status acs

    ACS role: PRIMARY

    Process 'database' running
    Process 'management' running
    Process 'runtime' running
    Process 'adclient' running
    Process 'view-database' running
    Process 'view-jobmanager' running
    Process 'view-alertmanager' running
    Process 'view-collector' running
    Process 'view-logprocessor' running

    ACS/admin#

Keep in mind that it takes awhile for ACS to stop, as well as start back up (the CLI returns almost immediately after telling it to startup the ACS app, however it will be several minutes until all of the processes are running).

Now it might be totally unnecessary to take down all of ACS, rather than just telling it to start (would it be smart enough to only start the one failed process?). I didn’t try this today – just got things back up-and-running.

Until next time…

WordPress Themes