AAA and GANYMEDE servers
Hi all
I want to download a free, yet reliable servers AAA and GANYMEDE , can you guide me? Also, I need help with their configuration for study purpose.
Both of them are GANYMEDE, do you also need RADIUS (your post says AAA)? Assuming you just need GANYMEDE:
Probably the best known is:
http://www.shrubbery.NET/tac_plus/
Also, the go RANCID.
For a solution based on Windows you can also consult:
If cela messages answers your question or is useful, please consider rating it and/or mark as answered.
Tags: Cisco Security
Similar Questions
-
authorization for AAA and GANYMEDE unavailable server scenario
I installed a PIX for users authentication for telnet and enable access. I have permission to install a subset of users can run only display orders. This set works as expected.
The problem is when I simulate and network failure and try to get access the PIX console. I can't run the enable command because the command shall not be permitted. I have to use means of recovery of password to access the PIX. How to do this? Can I have permission to order processed locally? Can I associated with the command show a lower level of the priveledge? If so, how and how can I limit the user to this level of privilege (via GANYMEDE)? I confiscate doing?
Thank you
If the PIX is configured for GANYMEDE authentiaction and RADIUS server is unavailable for authentication, there is no way to rescue or get around this issue at this time.
You can configure the pix to get back to local authentication if Ganymede is not available.
Release then (I think 6.3 and above) who will be available.
-
RADIUS and Ganymede + running simultaneously?
I have a Secure ACS 5.3.40 running GANYMEDE + and I need to also run 802.1 x radius to meet DISA requirements, I've been working on it for a week. I am unable to get the characteristics of work, all AD connections are already there for GANYMEDE + and so I'm not sure how config, Ray can someone help with the procedures.
Hello
in the configuration of the aaa you must specify the two authentication 802. 1 x that points to the RADIUS and peripheral administration of Ganymede.
Configuration of the network device ACS apply both radius and Ganymede keys.
There will be no conflict for the same as the two have different sets of commands.
Thank you
Please rate if useful...
-
Can I use an ACS as RADIUS and GANYMEDE to the same ASA Server?
I want to GANYMEDE to make the accounting of the SAA, meanwhile, the ASA need RADIUS for authentication ssl vpn. Is it possible to reach this object with only a CSA?
Yes, you can use both. Allows you to add ASA as radius and Ganymede.
ACS-->---> aaa-client network configuration
(1) ASA---> 1.1.1.1---> authentic using Ganymede
(2) ASA1---> 1.1.1.1---> optout by radius
Don't forget the host name cannot be the same.
Kind regards
~ JG
Note the useful messages
-
I try to send an email to apply for a job with my resume and were invited to fill out my incoming and outgoing servers who should I go to find this information responds (in lay mans terms please)
[Moved from comments]
You should contact your provider of messaging service for this information. It is an electronic forum and communications in Windows, but it cannot dictate your information you need, as that depends on your provider. If you go through Hotmail, then ask in the forum of Hotmail here: http://answers.microsoft.com/en-us/windowslive/forum/hotmail if not, see your email provider's website. They usually have this information on it. You will also need to specify which version of Windows you are using and how you access your emails in this version. Without more information, it is unlikely that you will get more specific help.
Steve
-
Hello
Anyone know when ISE version 2.0 came and Ganymede will be supported?
Thank you in advance.
Joana.
ISE will support most of the GANYMEDE + v1.5 features. This version is scheduled for November 2015.
Please rate useful messages and mark this question as answered if, in fact, does that answer your question. Otherwise, feel free to post additional questions.
Charles Moreton
-
Switch of AAA and password Enable question
I have a switch with a config to base thereon and created some 15 local user privilege. I was copying the config of another switch and unfortunately did NOT know the secret to activate it but still added to the (stupid I know) configuration. Opening a session on the switch after being in production was working fine, until I tried to configure AAA. As the enable password I've referenced another similar switch for configuration of the AAA and I did this several times in the past and it works normally.
However, this time AAA would work not for a reason any but everything was fine because the local user account. Then I made a few other changes trying to solve the AAA and now when I login, it invited me to this password to enable a reason any? The local user works get me in but for the non-privilege mode. Can anyone shed some light on why this is happening?
It would be difficult to provide information on why your config didn't work as expected without seeing the actual config :)
So, it looks like you will need to perform a password recovery. You can follow the instructions in this link:
I hope this helps!
Thank you for evaluating useful messages!
-
Administration server and the servers managed (WebLogic Server).
Hello
What are Server Administration and managed servers , I saw these words as I read the installation guide for WebLogic server,
but I don't know what they are?
I saw them while I was reading on the Node manager that allows me to start the above mentioned.
-J' installs the WebLogic to develop applications with oracle reports and forms services.
1 - do I need a node Manager, Administration Server or managed servers?
2. is the Manager nodes, Server Administration or servers managed as EnterPrise data control manager ?
Thank you very much
Answers to most of your questions WLS lie in WLS documentation:
http://docs.Oracle.com/CD/E23943_01/Web.1111/e13752/TOC.htm
However, a simple answer to your questions could be summed up as follows.
If you are familiar with older versions of application server version 10, which include OC4J as its Java container, as a managed WLS server is basically the same thing. In the context of WLS, a managed server is responsible for hosting java applications on the server side. For example, Oracle Forms Servlet. The WLS management server is actually a java application deployed on a managed server. So, really, the "Admin" server is a kind of "Managed Server". In a typical installation of forms/States, you will find that at least three 3 managed servers are created automatically for you:
- Server Admin
- WLS_FORMS
- WLS_REPORTS
Node Manager is a separate process that is used to allow the two directors of the WLS environment such as command line allowing the administrator of the server to communicate with other servers managed, local or remote.
http://docs.Oracle.com/CD/E25178_01/Web.1111/e13740/overview.htm
Then, for simply "run" apply (forms, for example), all you need is the managed server that hosts the forms Servlet. However, if you want to change the configuration via a web interface, you must also run the administration server (and Node Manager).
All these components are much more complex than what I've described here. I would recommend to consider the documentation if you are interested in learning about them. That said, the best way to really learn about them likely will be to install the product and start using it.
-
Some servers are build via VCenter and these servers do they appear in the VRA. How can we solve this problem?
Please perform data collection and create a fake blue print.
Go to infrastructure Organizer select the cluster and in the next tab filling details such as blue print and other information, click Finish.
You can manage these servers through vRA.
-
Question about SRM and backup servers
Hello
Is it necessary to use dedicated servers for recovery automated with SRM or in a double room configuration, a cross-backup can be done using servers the virtual computer running, but with some CPU/memory available for potential backup of virtual machines from the other room?
Thank you.
Hello
Yes, it is possible. We have 4 servers in City A and 4 servers in city of B. A is protected at the city B and B in the city is protected in A city, so I can attest to the solution that you want to run No need have dedicated servers in the room has to manage the workload Bs room in tilt, as long you have availible resources
-
RADIUS and GANYMEDE + authentication
We authenticate our systems through dot1x. I also need to be able to authenticate our Cisco admins using the same ACS server. I see how to configure a switch to make the two GANYMEDE + and RADIUS, but I do not see how implement GBA to allow a switch to use GANYMEDE + and RADIUS.
Can someone give me a pointer?
Thank you
You need to put in place once the authentication on the switch.
AAA authentication login default group local Ganymede
Group AAA dot1x default authentication RADIUS
AAA authorization exec default group Ganymede + authenticated if
Group AAA authorization network default RADIUS
Cisco RADIUS-server host 2.2.2.2 keys
Cisco GANYMEDE-server host 2.2.2.2 keys
The GBA, you must add the switch twice.
ACS---> network configuration---> add aaa-clinet
Host name switch1
IP: 3.3.3.3
With the help of authentic: RADIUS IETF
Add another switch
SWITCH2 host name
IP: 3.3.3.3
With the help of authentic: Ganymede +.
Kind regards
~ JG
Note the useful messages
-
Hello.
I have PPTP server on my Cisco 3845 router with authentication on freeware GANYMEDE + Server (Linux). GANYMEDE define ACLs and IP address for users.
Recently employers decide to migrate to L2TP over IPsec. Moreover the old server PPTP should work.
Can I use GANYMEDE server to authenticate L2TP users?
I like this config on GANYMEDE.
user = {User1
CHAP clear = "password."
Member = vpdn
Service = ppp Protocol = {ip
addr = 172.20.20.200
inacl = 2005
}
}
Sorry for my Enflish.
Please see the document below. This document describes how to configure the 2 layer Tunnel Protocol (L2TP) with GANYMEDE. It includes the configurations of the sample for L2TP (LAKE) GANYMEDE access concentrators servers + network L2TP (LNS) GANYMEDE Server + servers and routers.
http://www.Cisco.com/en/us/Tech/tk827/tk369/technologies_configuration_example09186a0080118d5f.shtml
-
If I had this configuration:
RouterA #show config
username password forum 0 A34@#
AAA new-model
Authentication login ENTER local AAA.
AAA TO_CONSOLE authentication group Ganymede + local
Line con 0
authentication of the connection TO_CONSOLE
VTU line 0-3
password class
authentication of connection TYPE
Depending on the configuration above, users that telnet to the router must be authenticated via the line labeled AAA "ENTER." This line indicates that the local user database should be used, so users who enter the 'forum' as username and "A34@#" as a password to access the router.
What will be the use of the password: 'class', do we need?
This password is known as the line password as it is configured on the command-line interface. In your configuration, it does not at all and can probably be removed.
This password is used as the password when you are not using "aaa new-model". This password is probably the surplus of the days before you used AAA for authentication on the device.
If you want you can add the line password to your line of aaa authentication:
local line AAA authentication login ENTER
... in this case, access telnet would use local user names and passwords, but if these are not available for some reason any (maybe because you forgot to create them or accidentally deleted) the device could fall back to using the line for authentication password. This is not really useful we use local mostly as a backup for a source of authentication network Ganymede + in the case where the Ganymede server + is inaccessible over the network, which is much more likely that a problem occurring with your local user accounts.
-
Since December 2010 my business about known Windows 2008 and Windows 2003 servers takeing 50 minutes or more to complete the boot process. In general, they are sitting at the screen from Windows startup to full time. Well, a month ago I activated the boot record and found that the NDPROXY.sys file was not loading the start-up newspaper.
...
Loaded driver \SystemRoot\system32\DRIVERS\rdpbus.sys
Loaded driver \SystemRoot\system32\drivers\swenum.sys
Loaded driver \SystemRoot\system32\drivers\umbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\luafv.sys
Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
Did not load driver \SystemRoot\system32\DRIVERS\MpFilter.sys
Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys...
So I studied this and found that there is a patch, http://technet.microsoft.com/en-us/security/bulletin/MS10-099, systems of 2003 was published in December 2010 that touched this file. Coincidentally, it was at the time we started long reboot problems. Windows 2008 systems were not affected by this patch, but they always NDPROXY.sys running.
I would like to know if this file is causing this anomaly on my systems, and if so, can it be turned off?
Hello
Your question of Windows 2008 is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the TechNet Forum. You can follow the link to your question:
http://social.technet.Microsoft.com/forums/en/winserverNAP/threads -
WRT54G v7 color Web sites and proxy servers
I have a wrt54g.when I am connected with ethernet its all right, BUT when I'm connected wireless of some Web sites cannot open and some proxy servers can not be Born like (sjphone, xfire)
can someone help me please?
Please, trigger ports 443 to 447 and change the MTU to 1365 by opening the router configuration page.
Maybe you are looking for
-
Keyboard stops working temporarily
Twice in the last week or so the keyboard on my middle MBA 2012 13 "became unresponsive for a period of about 10 to 20 seconds. Both times I noticed when pressing CMD + TAB to change to another application and then tried typing in a textbox not avail
-
Satellite U500 - 10L - Windows must be activated
Hello. I bought Satellite U500 - 10L of WATER and windows vista has been installed on it. After I bought the laptop by message 4 months appear telling me that windows is not original, and it must be enabled. I contact Microsoft but they told me to go
-
HP Windows 7 unable to upgrade to Windows 10 laptop
I trust HP for years since we got the first programmable HP hand-helds to JK Gill in 1976. To find out that HP laptop I paid a lot for in 2010 is going to be completely obsolete is too sad for words. Is there SOLUTION No. at all for my computer? It
-
Best method of communication between the Application LV
Hello together, I'm looking for the best way of communication between two Applications LabVIEW. As VI is clear, I can use a queue or a global variable and so on. But what is the best, when I compile the screw later for DLLs or Applications. So far, w
-
HP Pavilion 500-214: how update BIOS for a 500-214 Pavilion
I'm going to install a new video card, and it recommends, by ensuring that the BIOS of the motherboard is underway. How can I know that whether she is up to date, and if not, how can I update?