4.2 ACS profiles with Ganymede?

Similar Questions

• 5.2 ACS with Ganymede + can not support switch Alcatel.

  I have a few Alcatel Switch and I want to use tacscs + ACS 5.2 for Alcatel Switch admin authentication.

  the reason: 13011 failure not valid GANYMEDE + query package - possibly mismatched shared Secrets

  But I've been checking the secrecy is correct.

  Before I tried ACS associated with vision 4.2 is working.

  Pls review of attachment for the ACS report.

  Thanks for giving me suggest.

  Hello

  Can't give an you answer, but witch alcatel model/version do you run?

  I have the same problem with OS6250 (6.6.1.636.R01) and acs5.2 unpatched. I'm looking for alcatel or acs bugtrack

  you looked: 144246 PR on:

  http://www.alcadisipsolutions.nl/files/Support_files/Alcatel-Lucent/OmniSwitch/OS6250/Firmware/OS6250%20AOS%206.6.1%20-%206250%20+%206250M%20models/OS6250%20AOS%206.6.1.739%20R01/OS6250%20AOS%206.6.1.739%20R01%20Release%20Notes.pdf

  David

• Nexus, authorization to order with GANYMEDE.

  Hello.

  Can anyone provide an example of configuration to use Cisco Secure ACS 4.2 to enable permission to order with GANYMEDE.

  Thank you.

  Kind regards.

  Andrea

  Hello Andrea,

  We moved to GBA 5.3 now - but we had our 5520 Nexus running against our old 4.2 ACS before this - so I chose the relevant bits of the config below:

  username admin password network-admin role; user local administrator

  feature Ganymede +; turn on Ganymede

  radius-server host key; set the key for RADIUS server
  AAA server Ganymede group + Ganymede; create the group called "Ganymede".
  Server; set the IP address of the RADIUS server
  the vrf use management; tell him to use the default 'management' vrf to send queries for Ganymede
  source-interface mgmt0;... .and send mgmt interface

  AAA authentication login default group Ganymede; Use Ganymede for auth login
  AAA authentication login console Group Ganymede; Use Ganymede for auth login console
  AAA authorization config-commands by default local group Ganymede; use Ganymede for permission to config command
  AAA authorization by default Ganymede local group orders; use Ganymede for normal control authorization
  Default accounting AAA group Ganymede; Send documents to Ganymede

  I hope that works for you!

  (This may change a bit, when you move to ACS 5.x - that we chose not to do complex auth command (using only shell profiles) to remedy this you go back as a nexus for the 5 k - and it makes the command auth (operator network vs network-admin) based on the one - if you just do not configure authorization to order aaa on the 5 k)

  Rob...

• ACS 5.2 GANYMEDE + and two-factor authentication?

  I am trying to wrap my head around this topic and fault.  I want to configure two-factor authentication via ACS 5.2 GANYMEDE + without having to use a token (such as RSA).  Is it possible to do?

  More information:

  Users of the areas without AD link will connect to routers and switches.

  Is there an available certificate server to generate certificates.

  SSHv2 is the current Protocol of the connection.

  Thank you!

  Without RSA, I don't see a way to do this.

  With Ganymede all you have

  username:xxxxxx

  password: xxxxxx

  ciscoasa > activate

  password: xxxxxx

  above you use 2 login password and activate it.

  Jatin kone

  -Does the rate of useful messages-

• I've just backed up with an external hard drive for the first time, but my profile with my folders for photos, documents, and movies are not there

  Hello

  So, I finally got an external hard drive. I formatted for Mac (the device has been verified as being correct), and then he started to do a backup, which stated that a full backup would take 95GB. However, it only supported 19GB.  When I have my 'open' backup drive, I saw that only 'Macintosh HD' received support upward, not my user profile with all my folders containing documents, photos, movies, etc...

  I'm quite confused, because I thought that it would save.  I plan on Snow Leopard update to El Capitan, but if something is wrong or I don't like, I'm afraid that I won't be able to restore all my personal files - but only the applications that are on my Macintosh HD.

  Should I delete everything in my backup disk and try again?

  This is an image of what's inside my external hard drive:

  

  You have not indicated how you have saved, if you've used Time Machine then you do things the hard way and you'll find very difficult TM. Please use the Time Machine interface to locate your saved data. You can benefit from the research on:

  Use Time Machine to back up or restore your Mac - Apple, Support the section you want to find is the restoration section.

• ACS 4.0 Ganymede + key

  Hello

  I try to use an ACS for switch GANYMEDE + authentic. I'm getting an incompatibility of keys, but I know more actually to the definition of a key for GANYMEDE on the GBA unit. How can I reset / know where it is?

  Thank you.

  1. side ACS:

  -Connect to ACS via web browser

  -On the main menu of ACS, check the configuration of switch (called Client AAA) State under "Network Configuration - AAA Client".

  http://www.Cisco.com/en/us/products/sw/secursw/ps5338/products_user_guide_chapter09186a0080233613.html#wp142681

  -Check the details of the switch and the secret key said. You can re-enter the same key or set the new key (without spaces or characters).

  -Compare or use this key in the switch, which is configured in the setting "radius-server."

  -Save the config

  2 switch

  -Connection to the switch CLI (console/telnet/ssh)

  -Scroll down to the "radius-server key" configuration line.

  http://www.Cisco.com/en/us/products/hw/switches/ps637/products_configuration_guide_chapter09186a008007f032.html#xtocid238207

  -Delete the existing key (normally / encrypted hash). Enter the same key - no more space or characters.

  -Make sue you're pointing to the ACS server/IP address

  -Do not save the config yet. Test the Ganymede + / authentication AAA to verify that the ACS server and the used switch button fix / identical.

  I hope this helps. Pls note all useful message (s)

  AK

• IDS with Ganymede

  Are IDS 4215 compatable sensors with Ganymede? I see nothing in the csm, guides the user ID itself which would lead me to believe it was, but I wanted to just make sure with the group.

  Thank you.

  IDS/IPS from now devices do not support external authentication using AAA servers. The only way that users can be authenticated so is using the local database on the IDS/IPS device.

  I hope this helps.

  Kind regards

  Maryse.

• AS with GANYMEDE + question

  Try to get the module ACE and IOS devices to work with GANYMEDE. I have GBA v3.2.

  The "optional" syntax does not work. No idea if the argument is valid for the version of the CSA?

  Service = exec

  Optional shell: Admin = domain Admin

  I tried it with quotes, but which didn't work either.

  Hello

  This is a doc of reference for the configuration of the ACE for authentication Ganymede +,.

  http://www.Cisco.com/en/us/docs/interfaces_modules/services_modules/ACE/v3.0

  0_A1/configuration/Security/Guide/AAA.html#wp1321891

  Under the custom for attribute Ganymede + we need to specify the attribute in the form,

  Shell: Admin * ADMIN MYDOMAIN1

  = means mandatory attribute

  * Optional means

  Information on the context/role/domain (virtualization on ACE):

  http://www.Cisco.com/en/us/docs/interfaces_modules/services_modules/ACE/v3.0

  0_A1/configuration/virtualization/guide/ovrview.html

  Default 'role' on ACE:

  http://www.Cisco.com/en/us/docs/interfaces_modules/services_modules/ACE/v3.0

  0_A1/configuration/virtualization/guide/ovrview.html#wp1051297

  HTH

  JK

  Please evaluate the useful messages-

• Profile with VCS StarterPack

  Hello

  I have a Starter Pack with jabber client video VCS and a profile with the C40.

  I am trying to attend external calls directly in the profile, but without success.

  In VCS, I can see that the Codec is registered, but seems to go to the tool spot in VCS:

  "

  • Search (10)
  • State: Completed
  • Found: Fake
  • Reason: Not found
  • Type: H323 (RSQ)
  • Number of CallSerial: 159f54de-3586-11e2-8d85-0010f323030a
  • Tag: 159f5614-3586-11e2-ae4b-0010f323030a
  • Source (1)
  • • Authenticated: True
  • • Alias (1)
    • • Alias (1)
      • • Type: H323Id
      • • Original: Unknown
      • • Value: xcom - locate
    • Area (1)
      • Nom : DefaultZone
    • • Type: By default

  "

  Put a video of jabber, receiving the external call all works fine and Locator tool to find the device.

  It is some sort of bug?

  The profile TC5.0.1 and VCS StartePack version X7.2.1 version

  Concerning

  Can provide you information about your next situation?

  • Which consists of the video URL Jabber to the profiling system?
  • What system recorded on VCS-E Starter Pack profile alias?
  • What search rule you configured on VCS-E Starter Pack?
  • Any alias transformation configured on VCS-E Starter Pack?

• Slow connection with 9 EMU using mandatory profiles with the folder redirection MSFT (Windows 7)

  I have been recently UEM9, AppVol 2.10 in my environment of Horizon 7 on some Machines Windows 7 Linked Clone (systems no-no intentionally) initially the connection time was around 30secs with Agent display 7, UEM9, AppVol 2.10 installed with a mandatory profiles with the folder redirection MSFT (Windows 7), but as I expanded stable about 30 user... and they started to use the system on a regular basis I started to do & see logins for one more minute. Nothing has changed in my environment and the material is extremely less use so Im trying to figure out what is causing the delay in the connection. Does anyone else know extremely long connections using UEM9?

  I could solve this problem by updating 10.0.6 to 10.0.8 vmware tools. This login corrected and the performance of the virtual desktop.

• Offering personalized with GANYMEDE + (ACS 5.4) - NX - OS RBAC limited access

  Hello

  I created the RBAC personalized depending on NX - OS.

  Role: Limited_Admin

  11 denies config t command. mgmt interface 0

  10 permit command read

  9 permit config t command. interface *; *

  8 allow the copy running-config startup-config command

  7 permits ping command *.

  6 allow the traceroute command *.

  I created a profile Shell with the following attributes that place the user in the role of Limited_Admin and that mapped to the rule of authorization policy.

  Cicso-av-pair attribute

  Mandatory requirement

  Shell: roles of value = "Limited_Admin".

  When I connect with the Test account - I get mapped to the custom role as shown below but I have priv 15.

  user: testrbac

  roles: Limited_Admin

  account created through the REMOTE authentication

  Credentials such as ssh server key will be cached only temporarily for this user account

  Local login is not possible

  Any help is greatly appreciated. I had this working perfectly on the 4.2. but unable to make the rules work at 5.4.

  Configuration of the AAA Nexus:

  radius-server key *.

  source-interface IP Ganymede mgmt0

  RADIUS-server host x.x.x.x

  AAA group Ganymede Server + ACS SERVERS

  Server x.x.x.x

  the vrf use management

  AAA group Ganymede Server + ACS SERVERS

  AAA authentication login default group ACS-SERVERS

  AAA authentication local console connection

  Default accounting AAA group ACS-SERVERS

  AAA authentication login error-enable

  I saw it and that's what I wanted to see and use it as a syntax/format on nx under role

  ike this
  Role: Limited_Admin
  11      deny    command                         configure terminal ; interface mgmt0
  

  However I think you tried and confirmed that it didn't ' work so I started to think it might be a bug in the Os. Glad it works for you.

  Jousset
  * Note help messages *.

  Sent by Cisco Support technique Android app

• With the help of Cisco ACS 5.2 (GANYMEDE +) with other than Cisco devices

  Hi all

  I was hoping that someone could help me with what might be a silly question. I'm trying to implement a solution whereby an operator can control all their nodes (other than Cisco) network via GANYMEDE + involved nodes are

  Juniper M10i running Junos 9.2, M120

  M320 running Junos 8.5 Juniper

  Extremes of BD8810 and BD8806 running 12.4.1.17 XOS

  3804 Alpine extreme Extremeware 7.8.3.5 running

  My question is, can I use Cisco ACS 5.2 (or 4.2) to authenticate using GANYMEDE + to these other than Cisco devices. Has anyone else done this or I have to use RADIUS? If someone has done this are problems of interoperability with Cisco CS and Junos or XOS extreme. Thank you

  / John

  John,

  We have a very large deployment of Juniper (T-series, series MX, etc.). We use Cisco ACS and GANYMEDE to manage these devices. The configuration of the ACS is fairly simple. You'll want to create users to connect and match them to the classes on your JUNOS routers. Here is an example:

  set system login user uid of engineering 2000
  Set system login user engineering genius-class class
  set the connection user uid to NOC 2001 System
  Set system login user AC AC-class class

  define the system connection Engineering-class idle-timeout 15
  define a connection system class engineering-class permissions all
  define the system connection AC-class idle-timeout 15
  define the connection class AC system class view permissions
  Set connection AC-class permissions see the system configuration

  We use two classes of genius and NOC. One is defined as a read / write and the second read-only. This is in turn then mapped in ACS (in our case version 4.2) by user or group (preferred). First, you change the configuration of the interface and add a Ganymede junos-exec service and do not enter the Protocol field. Then, you change the attributes of the user group. I've attached screenshots for both on this subject.

  Hope this helps.

  Derek

• Problem with GANYMEDE + (ACS) and cat 2950

  I have configured the 2950 as below and properly configured ACS and I can connect to the 2950 using this configuration, the problem lies after that I go to enable and try any command, I get approval to next error command failed.

  What I missed out the config that will allow me to execute commands?

  AAA new-model

  AAA authentication login default group Ganymede + local

  AAA authorization exec default group Ganymede + local authenticated by FIS

  AAA authorization commands 15 default group Ganymede + authenticated if

  AAA authorization network default group Ganymede + local authenticated by FIS

  AAA accounting exec default start-stop Ganymede group.

  orders accounting AAA 15 by default start-stop Ganymede group.

  AAA accounting network default start-stop Ganymede group.

  GANYMEDE server host ***. ***

  radius-server key 7 *.

  Thanks in advance.

  Jon

  Hi Jon,

  AAA of the switch seems ok, maybe you need to take a look at your ACS.

  Check the following information, where you have to apply it in your ACS config:

  http://www.Cisco.com/en/us/products/sw/secursw/ps5338/products_configuration_guide_chapter09186a00801fd6fc.html#wp676529

  Rgds,

  AK

• With Cisco Secure ACS for Windows GANYMEDE +, authentication fails with AD

  I'll put up a Cisco Secure ACS 4.2 server to act as a RADIUS server for switches and routers I use Windows 2003 server for the candidate countries.
  and an Active Directory of Windows 2003 server.  The ad server is very good, it is used for many other things.

  I've implemented ACS as defined nit it installation guide, including all the steps in the "Member Server" section of the installation guide
  When you use AD as an external database (e.g. setting up services to run with a domain administrator account, set up a machine called "CISCO"
  on the field, etc.).

  I've set the unknown user policy to use the database of Windows, if the internal database does not contain the details of the user.

  If I add a user to the internal database, authentication goes through fine, with an entry in the journal "Authentication," spent

  02-24-2010, 05:07:03, authentic failed, eXXXX, Network Administrators (NDG), X.X.X.X, (default), internal error, (get the internal error error message)

  I scoured google etc and just cannot come up with any reason why this should be the case.
  I followed all of the installation to the letter guides.  I need to get this up and running as soon as possible,
  so am eager to know if someone can help me with this one!

  Thanks and greetings

  Sharan

  George,

  Internal error is fairly generic, but a common situation, we see this error is when ACS is installed on a

  64-bit computer.  ACS would not work with the active Manager when it is installed on the 64-bit before machines

  ACS 4.2.1.

  -Jesse

• With Ganymede ACS authentication problem

  My organization was using ACS with AD to authenticate users for access to network devices.

  But lately, it does not work. There has been no known changes.

  Can anyone help point the possible problems or links to see how the actual configuration of the CSA to be or look like for that to work.

  My apologies if this is naïve question, am not not so easy with ACS.

  Thank you!

  Hello

  There are two ways to correct the message 'windows dialin permission required. You can either add permissions to call on the user accounts on your database of Windows, or you can remove the option "Require Dialin permissions" ACS. To do this, go to "External user databases" and select "Database Configuration". Then go in your database of Windows and click "configure". The first option is a

  box that gives you the opportunity to "make sure that grant dialin permission is checked.

  Checking this box will cause the error you get if your windows users do not have permissions to call. If you uncheck this box, it must clarify this.

  HTH

  JK