This section describes how to import a text file into the CiscoSecure User Database. This allows you to add new users to the database and modify users authentication information. The use of the CSUtil.exe allows you to add or modify information for many users. The import utility, CSUtil, is located in the directory C:\Program Files\CiscoSecure ACS v2.0\Utils when the default location is used during installation.
Creating the Text File
You have two options for running the CSUtil program:
ONLINEdatabase updates are performed while the CiscoSecure ACS continues to run. This slows down the performance of CSUtil.
OFFLINEdatabase updates are written directly to the CiscoSecure User Database. CSAuth must be stopped to run in this mode. The import is much faster but services are down as long as CSAuth is stopped.
Each entry must have the following information on a single line using colons to delimit the fields:
Username
ADDKeyword to add user information to the CiscoSecure User Database. If the username already exists, no information is changed.
UPDATEKeyword to update the information associated with the existing username in the CiscoSecure User Database.
Note If the username does not exist, an error message is returned. Use the
ADD keyword in this case.
DELETEKeyword to remove the user information from the CiscoSecure User Database.
Authentication type
PLAINIndicates that the name should be authenticated against the CiscoSecure User Database.
NTIndicates that the name should be authenticated against the Windows NT User Database.
TOKENCARDIndicates that the name should be authenticated against a token card server.
CHAPIndicates that a CHAP password is required for authentication.
User Group
PROFILEindicates the group number to which the user is assigned. This must be the group number from 0 to 99 not a name.
Note If you do not provide a profile number, the user is added to the default group 0.
Here are examples of the syntax for the import text file:
-q: Quiet mode. Does not prompt, use before other options.
-c: Re-calculate database CRC values
-d: Dump whole database to dump.txt
-g: Dump group info only to group.txt
-l: Load database from dump.txt or named file (use -n -l to initialize and load)
-e: Export users to export.txt
-i: Import users from import.txt or named file
-m: Decode error number to ascii message
-n: Create new database and index
-s: Make database smaller by removing deleted users
-y: Dump registry configuration info to setup.txt
-x: Display this message
CSUtil processes parameters left to right, guaranteeing the order in which they are executed.
Enter the following commands after you have completed creating the import text file:
Merge the import text file with the current CiscoSecure User Database.
csutil -i filename.txt
Note The database is modified not destroyed. You should see information scrolling
down the screen indicating that the information is being modified or merged with the
existing database.
Overwrite the current CiscoSecure User Database with the import text file.
csutil -n -i filename.txt
Note The existing database is destroyed and rewritten.
Stores group configurations in the groups.txt file and removes all users. It then reloads the group configurations and adds user information from the import.txt file.
csutil -g -n -l groups.txt -i import.txt
Note All user information is destroyed. Group information still exists in the groups.txt
file and can be used with the import.txt file to add new users with existing group
information.
There is no warning when information is overwritten.