ACS 4.2.0 two entered "self."

Similar Questions

• ACS 5.3 join two different directories Active Directory without reply in the ad.

  Hello my name is Ivan:

  I have a question...

  Can join GBA 5.3 to two different Active Directory directories that are in two different networks for the use of eap peap mschap v 2, with 2 different certificates, to authenticate users in a wireless network?

  I have

  AD 1 in the newtork with Certification Authority 1 10.25.1.0/24

  AD 2 in the network 192.168.10.0/24 with Certification Authority 2

  There is no replicate in the 14:00 users in AD 1 are totally diferent from the AD 2.

  Both of their ad I want to join my ACS 5.3.

  How can I do?

  Thanks for your replies.

  Concerning

  Here are a few things we can think in your scenario.

  >            You cannot integrate the same ACS server directly to two different areas of AD (AD1, AD2). With ACS 5.3, all you can do, establish 2-way trust between domains (AD1, AD2). This way users of the area approved by ACS installed in the local domain can authenticate. You must add a UPN or the prefix NETBIOS suffix (e.g. [email protected] / * /-name) for the user name when is authenticating with a domain (Trusted one) that the ACS is not joined to, including child domains.

  >           However, with ACS 5.4, you can join the nodes of the same deployment GBA to different areas of the AD. However, each node can be attached to a single AD domain.

  ACS 5.4 primary - domain a.

  5.4 ACS secondary - domain B

  Release notes.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.4/release/notes/acs_54_rn.html#wp71092

  >            I'm not going to give an option to integrate ACS with LDAP as an identity database because LDAP does not support Peap Mschapv2 so any object of setting up the EAP authentication will fail.

  It will be useful.

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• ACS same username with two other group, two profiles of shell

  Hello

  In my ACS 5.4 I want to have same useranme using two profiles of shell. This is the requirement.

  Profile of a shell with privileges for admin peripheral IOS 15 and another with different privilege admin WCS. Because there may be two profiles of shell on the same profile authroization, I created two different profiles and correspondence with the name of the local group of ACS. However, whenever the user tries to access it always hits 1 profiles.

  I'm not sure that I missing something, if someone has or knows how to do this please advise.

  Thank you

  Hello

  What you can do is to create two authorization rules based on the ip address.

  Use two rules:

  rule 1: If the ip address is wcs ip address then use WCS-Shell-profile

  rul3 2: If the ip address of the device do not match the wcs ip address then use: other-Shell-profile

  If you don't see the ip address in the rule options, you can always customize what options you want to compare from the button customize at the bottom right of the page.

  HTH

  Amjad

  Rating of useful answers is more useful to say "thank you".

• 5.3 of the ACS cannot work with two rules of service strategy

  Hello my name is Ivan

  I have a question about ACS v5.3 appliance.

  I have a v 5.3 ACS wo authenticate users wireless, as well as a cisco wlc. A profile is to business users and the second profile is invited.

  Business users must authenticate with Active Directory and the guest with WLC. Guest users to authenticate with the local database of GBA.

  I have set up two service political selection that correspond with the Radius protocol. The first rule is for users to Active Directory and the second is for users in

  the local database of ACS.

  When I try to authenticate users with active directory is OK, but when trying to authenticate users with the local database (Portal comments) GBA was trying to find the

  internal user in Active Directory, because math the first rule and the second profile cannot authenticate.

  When I change the order, first of all the State of users internal and second rule of users from Active Directory, internal users can authenticate in ACS, but

  in Active Directory users cannot authenticate.

  I think that my ACS authenticate only the first rule of the RADIUS to the Active Directory, not two rules of RADIUS at the same time. Or maybe there is a problem in the BONE of the ACS.

  Authentication separately is OK.

  Please could you help me to resolv this problem?

  I enclose my two rules

  Concerning

  Hello Ivan,.

  To solve your problem, you must configure your ACS so that the first selection policy (active directory) corresponds to only for users of the company and the other strategy of selection service (internal users) does not match.

  The second strategy selection of service must be only for guest users.

  If you use Cisco WLCs, it will be easier for you.

  Why?

  Because you can use 'End Station filter' easier to match the SSID.

  In feature selection policy, you build your game to the fine filter station (add it via the Customize button).

  Now, you must create two filters of end station, one is the ssid of comments and one corresponds to the ssid company. (tell how to create later)

  After you create the filter end station and match the selection policy of end station filter function, you have a political service selection matches corporate only guest SSID and other SSP the SSID matches.

  Now you can select different identity for the two SSP sources.

  Now for the filter end of station:

  End station filter is used (in our case) to distinguish the SSID.
  If I want to separate applications of different SSID, I use the end station filter to match what SSID I use.
  cretae end station filter to your SSID, follow the following image:

  

  on point number 4, write resounding brand (*) asteristk of your SSiD (case-sensitive), without spaces. Be sure to avoid spaces before or after.

  (I assume you are using cisco WLC. If not, the idea cannot be applied the way I described above).

  So far, we're OK, except one point. The default SSID guest is not sent by the Cisco WLC to the radius server when the client tries to connect to it, while the SSID of 802. 1 x is.

  To say the WLC to send the guest SSID, you must add this command to the WLC:

  RADIUS config callstationidtype ap-macaddr-ssid

  I hope I described correctly. Let me know if you got it or if you need more explanation.

  Greetings,

  Amjad

  Rating of useful answers is more useful to say "thank you".

• Comparing two enter dates in the validation of the APEX

  Hello

  I tried to implement a validation that end Date must be greater than the Date of departure.

  I mentioned the article here: https://community.oracle.com/thread/2560865

  And I tried:

  Type: Function that returns the error text

  Validation expression 1

  Begin

  If to_date(:P12_ENDDATE,'DD-MON-YYYY') < (: P12_STARTDATE, 'DD-MON-YYYY') then

  Return 'End Date must be greater than the Start Date.

  On the other

  Returns a null value.

  End if;

  End;

  However, received the error

  Processing of validation error.

  ORA-06550: line 3, column 40: PLS-00412: list of values not allowed as an argument to the function or procedure ORA-06550: line 3, column 1: PL/SQL: statement ignored

  Is someone can help me to have a look?

  Thank you!!

  Alice

  

  

  2769835 wrote:

  I tried to implement a validation that end Date must be greater than the Date of departure.

  I mentioned the article here: https://community.oracle.com/thread/2560865

  And I tried:

  Type: Function that returns the error text

  Validation expression 1

  Begin
  
  If to_date(:P12_ENDDATE,'DD-MON-YYYY') < (:P12_STARTDATE,'DD-MON-YYYY') then
  Return 'End Date should be greater than Start Date';
  Else
  Return null;
  End if;
  End;
  

  However, received the error

  Processing of validation error.

  ORA-06550: line 3, column 40: PLS-00412: list of values not allowed as an argument to the function or procedure ORA-06550: line 3, column 1: PL/SQL: statement ignored

  This is a very obscure error message, but it essentially occurs due to an error of syntax on line 3. There is a missing to_date function:

  Begin
  
  If to_date(:P12_ENDDATE,'DD-MON-YYYY') < to_date(:P12_STARTDATE,'DD-MON-YYYY') then
  Return 'End Date should be greater than Start Date';
  Else
  Return null;
  End if;
  End;
  

  However, it is much clearer and simpler to use a validation Of PL/SQL Expression :

  to_date(:P12_ENDDATE, 'DD-MON-YYYY') > to_date(:P12_STARTDATE, 'DD-MON-YYYY')
  

  with the error in the Error Message attribute text.

• Barcode entered in parallel

  Is it possible to read the two entered barcode by two different applications running in parallel in a single processor?

  
  

• button "enter text".

  Hi all

  I have a problem with how the two enter keys on the keyboard Act.
  Admission to the center of action keyboard as a newline, in other words, a line in a string of finishing and start a new.
  The entry on the digital keyboard, however, laws by pressing the button "enter text", which appears in the upper left corner of LabVIEW when you use a string.

  My question is: are there at - it a way to make the entry on the keypad to act as a line break?

  I use LV 8.6.

  I see you have 8.6, but maybe this picture (an extract from V9) will show you an approach (at least for a VI running).  You can use a key down? filter throw the Enter key or replace it with a return of the event.

  

  This image shows how to replace the back entry, you could also wire the result of the comparison to the terminal of discard to disable the Enter key.  It shows how to do for a set (current) VI, you can also use the Down button? event for a control of the channel limit the effect.

  Edit: Added LV8.6 VI

• ACS standard reports: must see attrib [04] "NAS-IP-Address.

  Hello

  We have the following topology.

  NAS--> another RADIUS of the seller (proxy)--> ACS 4.0

  AUTH works very well, but we have problems with the standard reports offered by ACS.

  The past auth report that we must see the address IP SIN original, attrib [04]. The radius of third party (acting as agent) send the attrib as expected (we check using sniffer captures GBA).

  What selection need allows us to see this attrib on report?

  thnks

  Juan

  Ahhh. I see the problem.

  The report "past authenications" uses the internal dictionary ACS (who manages the two RADIUS & GANYMEDE +).

  When CSRadius writes a sound entry using the AAA client ip address (IE peer address) as the value for NAS IP rather than the actual NAS-IP-Address attribute.

  Years ago I coded this part and I don't remember why I chose to use peers instead of the nas IP address. I suspect its because in the network config, you add the address of peers (existantespourlesproduitsphytopharmaceuti) and not to the original device. If the the auths newspaper spent has peripheral origin ip would not match the network configuration.

  I think that this can be corrected, ACS has an attribute called "Source NAS" but which I think has been added, never used. The service of CSRadius could stuff the nas-ip-address there.

  But of course I do not work for Cisco more - so you don't have to ask them to make the change!

  Mounira

• ACS database does not not after having changed the secondary ip of acs.

  Hello.. Im having 2 ACS 3.1 server. ACS01 (primary) & ACS02 (secondary). We recently moved ACS02 to another site and has changed its ip address.

  When we of database replication from ACS01, we received the error message saying ACS02 has refused the request of replication.

  Any idea what can be the problem?

  Consider these elements when you implement the database replication feature Cisco Secure:

  (1) ACS supports only supported replication of database to other ACS servers. All ACS servers participating in the Cisco Secure database replication must run the same version and patch to FAC level.

  (2) the principal server copy compressed and encrypted the database on the secondary server components. This transmission is done via a connection TCP, Port 2000. The TCP session is authenticated and using an encrypted protocol, Cisco-owners.

  (3) only hosts properly configured, valid ACS can be secondary servers. To add a secondary server, configure it in the AAA servers table in the section of this document Network Configuration. When a server is added to the AAA servers table, the server is displayed for selection as a secondary server in the list of AAA servers as replication partners, on the Cisco Secure database replication page.

  (4) the principal server must be configured as an AAA server and must have a key. The secondary server must have a primary server configured as an AAA server and its key for the primary server must match the key primary servers.

  (5) secondary servers replication takes place sequentially in the order listed in the replication list under replication partners, on the Cisco Secure database replication page. (6) the secondary server that receives the replicated components must be configured to accept replication of database from the primary server. To configure a secondary server for database replication, refer to configuring a secondary Cisco Secure ACS Server of this document section.

  (7) ACS does not support two-way replication of database. The secondary server, which receives the replicated components, check that the primary server is not on its list of replication. If this is not the case, the secondary server accepts replicated components. If so, it rejects the components.

  (8) to replicate the seller of RADIUS defined by the user and the configurations of the specific attribute (VSA) provider successfully, definitions have to be replicated must be identical on the primary and secondary servers. This includes seller RADIUS slots occupy sellers RADIUS defined by the user. For more information on the sellers of the RADIUS and the VSA attributes defined by the user, see section User-Defined RADIUS vendors and VSA sets the document Cisco Secure ACS database command-line Utility.

• Connection Error 1120 ACS cisco acs 5.0 web gui

  Hi all

  I installed the unit acs 1120 as follows

  entered in the installation in console mode command

  aiinstalle licensevia gui mode

  But when I access the gui mode it disconnect regularly

  When I ping ping is successful and shows life 128

  but after some time, the connection is estabalished and when I ping the TTL shows 64

  can someone help with this problem

  Thank you very much

  Hello

  I couldn't quite follow the description of your problem. Can clarify you the problem more in detail.

  You then mention access to the ACS GUI mode it to disconnect regularly. You lose any IP to GBA connectivity, or is the problem only through the user interface?

  Please can you include ACS cli:

  view the status of the acs application
  See the version

  Show tech

  Would also be relevant to see the output of 'display the acs application state"when the problem occurs.

  Additional troubleshooting, the support beam will also relevant information during problem occurrence timestamp. You need to enable the debug logs, for ex:

  GBA cli:
  admin #conf t
  exploitation forest admin (config) # loglevel 7
  exit admin (config) #.
  # acs admin - config
  After a few seconds,.
  You can then log in with the credentials of user/password for GUI of the CSA name.

  acsadmin(config-ACS) # debug level mgmt-acsview of-journal of debugging

  acsadmin(config-ACS) # debug level to debug-log duration
  output acsadmin(config-ACS) #.

  Following the appearance of the problem, the support beam then downloadable GUI Monitoring & Report Viewer > troubleshooting > ACS support Bundle.We will need to check on the timestamp of the problem newspapers.

  But for now, more details about the problem seem necessary as well as the output display orders of cli ACS mentioned above.

  Thank you

  Alex

• 5.1 ACS is not supported ODBC and Oracle

  Hi Netpro

  Train my familiar and careless with the old version of the ACS, ACS unit I bought two 5.1 device to work in the HA function. After installation and did ' t tried configured for use with the external database with ORACLE, I see nothing. I tried to read the paper and I saw no keyword that said this support the ODBC or Oracle version. If anyone can help me what is the workaround for ACS work with ODBC and Oracle.

  Thank you

  Pitcher

  This pitcher,

  4.2 the CSA can be installed on the CSACS-1120-K9 unit simply re-Imaging it (so not really a downgrade) with a dedicated DVD.

  You can get such a DVD through an official TAC case:

  http://Tools.Cisco.com/ServiceRequestTool/create/launch.do

  Kind regards

  Fede

  --

  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

• ACS 5.4 with AD domains

  I read the release notes and the user guide for 5.4 ACS which mentions the ability to reach the nodes of GBA of the same deployment to different areas of the AD.  But each node can be attached to a single AD domain.  My question is this... in a failover situation that it buy me?

  Hypothetical:

  I have two sites, each with a CBS, and each has its own AD domain.  The ACSS is deployed in a primary/secondary relationship, devices to ACS use A of the Site A site as principal for authentication, devices to site B use of the ACS Site B as principal for authentication.

  Scenarios:

  1. The ACS Site A if Site A devices will attempt to join the Site B ACS for authentication.  But if they use different AD Site domains a user cannot authenticate and would be denied access.  Fix?
  2. If a Site B user trying to access a device to A Site, this device attempts to authenticate the user using the Site to ACS.  This will fail because the ACS Site A reference only the AD Site A domain?

  I'm missing what advantage I deploy the two SACRED if they cannot use or access the users on the two areas.  Maybe I'm not understanding something here.  Can someone shed light on this or point me to a document that could help?

  Thank you...

  I second you on that fact, it is not very well documented. In almost every deployment, the role of the secondary server (located on another site) is to provide a total where the failure of the primary ACS server redundancy.

  In your case, if you have both the ACS are attached to two different areas, as

  Site (ACS1-primary) - domain a.

  Site B (ACS2-secondary) - area B

  We have to make sure that domain A to trust domain B and vice versa because if the secondary server is configured for replication of the primary, which means that the authorization rules will be same on both GBA. Have full 2-way trust between the two domains would be you can extract the ACS 1 B domain groups and domain from DCC 2 groups.

  The ONLY advantage of this feature will come into play during authentication. If the users in the domain B showed up at ACS2 for authentication, group recovery time would be less if it's a direct field instead of across the field.

  The purpose of redundancy will fail where there is no possibility of 2-way trust. It is not right to these deployments.

  Hope it adds few specifics.

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• [ACS 5.2] Upgrade to ACS 5.4

  Hello

  We got 2 Cisco ACS 5.2.0.26.10.

  Main server as authentication server and collector of newspaper

  Secondary server as authentication server. The replication is configured.

  I read the following guide: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/installation/guide/csacs_upg.html#wp1194934

  "There are a few exceptions to this typical configuration, you can manage as described below:

  If the primary Server 5.3 ACS also works as a newspaper collector in your deployment 5.3, you should promote one of the secondary servers in the first server in the deployment. See the promotion of a secondary to the primary server .

  This exception is combined with my case. I promote my secondary server as primary.

  I would have:

  Secondary server as authentication server and collector of newspaper

  Main server as authentication server

  Now, I think I have to cancel the registration of secondary to the main server...

  According to the guide, I upgrade the server of the newspaper collector.

  "Step 1: select a secondary server to become a newspaper collector:

  I don't have another secondary server...

  What should I do now? (upgrade secondary/log Server? backend upgrade?...)

  This guide assumes that I have 1 primary and 2 secondary...

  I don't know what steps to follow...

  Thanks for your help,

  Patrick

  You have an open requestes TAC and so you will get their orientation

  Wil share still some general clarifiactions that I'm aware of when ranging from 5.2 to 5.4 ACS ACS

  For the first step in the upgrade process, you want to upgrade the collector's journal since will the configuration data and M & T.

  (1) if the ACS 5.2 log collector is a seconday should just remove from the deployment to make independent and then upgrade the server to be ACS 5.4. He will start the new ACS 5.4 main server (this is temporary and gets rectified at the end of the whole process)

  (2) if the collector's journal is primary GBA 5.2 then promote a difference then collector journal is now secondary and can follow step 1)

  At this point have a server on CSA 5.4 and rest on ACS 5.2. Can now begin to spend the rest of 5.2 to 5.4 ACS ACS servers (as guide says: "enter the secondary server for GBA 5.4 primary server '-c' is the main temporary server as described in step 1)

  Once all servers are migrated then can select "primary long-term." as opposed to a temporary

  this writing I see that it is hard to explain. Am sure that TAC will do better

• Text disappears in the box once hit enter

  After you have clicked on enter, what I type is not visible. A red box with the sign more will appear in the lower right. It doesn't matter how big you make the box, the text never appears. Even if I get back to the text, it shows what existed before the Enter key. I've done everything I know how and can not get my text box to work properly. I reinstalled the program and reset all settings. I am at a loss and have the work I need to do! Help, please!

  The Enter key on the numeric keypad is a default column break. Some portable computers map the two enter keys together, and in these cases, the number lock toggle usually affect the behavior that see you.  Best way around, is changing the shortcuts keyboard and mak that BOTH enter keys a paragraph break in text mode.

• CSACSE-1113-K9 initial configuration for ever

  Hi all

  I'll put up a new CSACSE-1113-k9 (acs 4.2 device).

  1st step is to perform the initial configuration by a connection serial (rs-232 port on the chassis of the device).

  I already did, but whenever I try to connect to the serial port, Setup runs allover again.

  Account admin, ip address, mask, etc., all that is there, but it keeps cycling through the same sequence of script, and I need to access the CLI to issue certain commands.

  Tips/advice appreciated please.

  Thanks in advance

  JD

  Hello

  It's because you keep giving Yes for the test running on the initial Setup. When you are asked to test the network connectivity you enter N for which. Hope that clarifies your query.

  This step is essentially running a ping command to ensure the connectivity of the ACS.

  g. at the prompt, enter host name or IP address:, type the IP address or the host name of the device connected to the ACS SE and then press ENTER.

  Result: If successful, the system displays the ping statistics. The system displays the command prompt: test connectivity network [Yes]:.

  h. if network connectivity is confirmed in the previous two steps, at the prompt, [Yes] network connectivity Test:, type n, or N, and then press ENTER.

  

  Tip the system continues to provide you with the opportunity to test the network connectivity until you answer No. This means that you can fix the network connections or retyping the IP address.

  Concerning

  Knockaert