Cisco ACS 5.1 in VirtualBox

After much swearing and hackerizing I’m happy to post a screenshot of Cisco’s ACS running in VirtualBox :)

Before I explain what I’ve done, a quick message for “the stupids”

No I won’t post a virtual machine for you to download
Buy a license or an appliance

The rest of this post is a run though of what I did, if you get bored easily skip to the summary.

The story is I’ve got a customer who wants dot1x with ACS5 and I need a box to play with before breaking their network; having read through the docs on cisco.com I noticed that vmware was a supported platform for evaluation, as awesome as that is, carrying around an ESXi server isn’t as convenient as you’d think so I boldly dropped the CD into my VirtualBox and booted to see what happened…. if only it was that simple!!!!!

As expected the installer crapped out early on complaining that VirtualBox is not a valid hardware configuration, so I decided to have a poke around the ISO image and had a moment of realisation.. THANK YOU CISCO FOR CHOOSING CENTOS!

Cisco choosing an open-source installation mechanism means that with a bit of googling I could customise the install process to work in VirtualBox…. sweeet!

To get started I followed the install guide to build a VirtualBox appliance that resembled the supported vmware machine, some things to note:

  • The disk is on a SCSI controller
  • The processor is PAE
  • You need a serial port enabled

This is a summary of my VirtualBox configuration…

  • General
    • Name: Cisco ACS 5
    • OS Type: Red Hat
  • System
    • Base Memory: 1024 MB
    • Processor(s):1
    • Boot Order:Floppy, CD/DVD-ROM, Hard Disk
    • VT-x/AMD-V:Enabled
    • Nested Paging:Enabled
  • Display
    • Video Memory:12 MB
    • 3D Acceleration:Disabled
    • 2D Video Acceleration:Disabled
    • Remote Display Server:Disabled
  • Storage
    • IDE Controller
      IDE Primary Master (CD/DVD):Empty
    • Floppy Controller
      Floppy Device 0:Empty
    • SCSI Controller
      SCSI Port 0:CiscoACS.vdi (Normal, 65.00 GB)
  • Misc
    • Audio
      Disabled
    • Network
      Adapter 1:PCnet-FAST III (Host-only adapter, ‘vboxnet0′)
    • Serial Ports
      Port 1:COM1, Disconnected
    • USB
      Disabled
    • Shared Folders
      None

If you’re hoping to follow my process, I assume you’ve already downloaded from cisco a copy of the ACS_v5.1.0.44.iso and sorted an eval license.

Looking at the contents of the CD I could see that the KickStart file was rejecting my hardware configuration. In my early attempts I edited ks.cfg removing everything between %pre and %post removed the line that said %include and rebuilt the ISO; this had limited success, I could boot further on my new ISO but found that anaconda crapped out as it was unable to find the CD from which it booted … Very Odd!

Messing with the kickstart file and having to rebuild the ISO each time got boring very quickly, especially since it wouldn’t boot into anaconda stage two. I decided to move to a network based installed, I setup a web server on my laptop, downloaded CentOS-4.7-i386-bin1of4.iso and booted my guest from that using linux askmethod at the loader. On my web server I copied the contents of the ACS CD into a directory (including . hidden files), during the centos boot I was able to install “everything” from the ACS directory on web server giving me yet more limited success (Everything was installed – including the Cisco packages – but unusable).

The next step was to get my web installation to read my kickstart file, the ks.cfg has a load of finalization which looked like it created files that the cisco packages would need. I had to change the permissions of the directory to give me write access (CD files copied as RO since the CD was RO). So my edited ks.cfg has nothing between %pre & %post plus the %include line deleted, the result had massive drawback, I’d inadvertently removed the disk layout; I have since concluded that my earlier attempt with everything installed but broke also had issues due to incorrect filesystem partitions.

To put the filesystem layout back into the kickstart file I inserted the following:

part / --fstype ext3 --size=100 --grow
part /localdisk --fstype ext3 --size=5120
part /recovery --fstype ext3 --size=1008
part /storedconfig --fstype ext3 --size=981
part /storeddata --fstype ext3 --size=2048
part swap --size=2048

To get the Centos Server to now boot from both the kickstart file and install from my webserver I now have to boot with linux ks=http://192.168.56.1/~nick/ACS/ks.cfg (this is instead of linux askmethod) and replace the line that says cdrom with url --url http://192.168.56.1/~nick/ACS.

After all that trial & error I was finally there! I have attached my ks.cfg for your reference and here is a summary of the steps to reproduce.

Install Summary:

  1. Download ACS
  2. Download Centos
  3. Install a web server
  4. Copy the contents of the ACS CD to your web server (look out for .discinfo)
  5. Replace ks.cfg with your edited version (or mine)
  6. Create a virtualbox machine
  7. Boot the VirtualBox machine from the CentOS CD with linux ks=http://URL
  8. As soon as you see a blue “installer” screen eject the CentOS CD
  9. Wait
  10. Done

Note: During my playing the anaconda installer crapped out a couple of times, just starting the process again seemed to fix the issue, some bottleneck on virtualbox disk accesses could be the problem.

Hope that all makes sense, happy hacking!

rgds,

Nick

ACS 5.1 ks.cfg

ACS 5.1 ks.cfg

Kickstart your Centos /ACS install from this puppy

25 thoughts on “Cisco ACS 5.1 in VirtualBox

  2. Hi,

    I tried to follow your instructions, however I seem to end up in the normal CentOS install dialogue. Did you burn the CentOS ISO to a CD? I booted from the ISO as a harddisk file, does that perhaps make a difference? If I select eject I get errors.

    Fred

    Reply

    • Hi Fred,
      Try linux askmethod ks=http://youfile.ks you should get a “normal” CentOS installer to select your IP address and Install method (HTTP) but after that the kickstart should complete the install… i.e. no more configurable choices.
      HTH,
      Nick

      Reply

  3. Hi,

    As it turns out the problem was the network adapter setting, with host only I didn’t get an IP-address, once I changed it to pass-through installation worked.

    Thanks for the help

    Reply

  4. Hi,

    I’ve followed your instructions but im stuck at the last part. When i eject the CentOS CD, and choose the HTTP install, it asks me for the Web serveur IP and CentOS folder it says “Unable to retrieve stage2.img”
    I’ve checked the rights etc, and all the files are available.
    Do you have any idea how I can solve this problem ?

    I use a II7 web serveur on my virtualbox host

    Thanks

    Reply

    • Does stage2.img download if you point your web browser at it?

      (I think IIS by default doesn’t let you download files with “unknown” file type, so you may need to add .img in somewhere)

      Good Luck!

      Reply

  5. Yes i can download stage2.img from my browser
    should I try with a apache web serv?

    I also read on other forums about that (unable to retrieve) it seems common, it could be because of the network configuration change, after the boot from ks file

    Reply

    • I don’t think IIS vs Apache would make a difference if the download works in ur browser.

      My KS has network --device eth0 --bootproto dhcp in it, I take it you’re booting stage1 with DHCP?

      Reply

  6. in the part install a web server? how do I do that? you mean apache server or what? sorry for the question it is a stupid question but i do no tknow what to do.

    Reply

  8. Pingback: Cisco ACS 5.2 works in VirtualBox - [LINICKX].com

  9. Hi,

    i was able to get a Cisco ACS 5.2 running on VirtualBox thanks to your help.
    Although i had some Problems during installation – it all ended with a kernel panic – the ACS seems fo function normal.

    Thank you very much!

    Reply

  10. Pingback: ACS 5.1 with Active Directory Integration [Part II] | FirstDigest

  11. Hi,

    Do you think this process could work for ACS v5.3 by changing the variables on the ks.cfg file ? If so would you have any ideas on what I should change ?

    Reply

    • I’ve not yet tried 5.3. If the upgrade/changes from 5.2 to 5.3 is the same as 5.1 to 5.2 then you should only need to check the ade-version in the kickstart file on the CD.

      Reply

      • Hi Nick,

        Thanks for replying. I have followed your method and I can complete the installation (albeit with an error at the end which says “Backtrace, trying to fix it but reboot required), however when I run the setup program after reboot, when I get to the the admin password section I get an error saying “Error loading setup library cannot set default password policy”, and can continue no further. Any idea how I can resolve this ?

        Reply

  12. I managed to get it installed fine in VirtualBox without using the method above. I’ll blog it and post a link here. Basically, I created a VHD but linked it on the IDE controller, not on the SATA or SCSI controller. If you dont do this, the installer cannot see the file system and ‘craps out’ lol. I also used the default ks.cfg file but modified the parameter for the smallest HD to 10gb. It crashed out when my VHD was 10GB but worked when it was set at 12GB. Only about 5.5GB of the VHD was used. I also had to extract the ISO, modify the ks.cfg and recreate the ISO again but making sure its still bootable by taking a copy of the boot loader. You can use magic ISO for this. Thought this might help someone out. I have spent hours on this! Need it for my virtual lab environment.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>