ACS 5.1 changepassword admin for different groups

Similar Questions

• iRecruitment Site external candidate for different groups of companies

  Hello
  
  Is it possible to create several Sites of external candidates iRecruitment each linked to a group of different record companies?
  The client instance has 3 business groups.
  
  Is it possible to implement this standard / recommended?
  
  
  
  We have created three responsibilities of custom external candidates, each was to grant the set of permissions to the external candidate of IRC and IRC profile option: join Business Group has been set at the level of RESP. The guest user has only the responsibilities of the custom external candidate.
  
  
  Kind regards
  Buxant

  If you have 3 different "external pages" for the different BGs, then simply associate the BG record a different value for each external page.

  Concerning

  Tim

• Is it possible to define different "Default category Set" purchase for different groups of companies?

  Hello

  We define another point for the test category structure in the environment of demonstration of the Vision. In fact, we have created all the new settings including BG, THE, OR, OI, ledger, responsibilities etc. to simulate the setting for our client in the demonstration environment.

  But it happens that I can't change the "Set to default category" for the purchase of functional area. This means that ONLY one element category structure can be used in a single case?

  Thank you

  Leo

  Hi Leo,

  Yes, for a single instance, we can have only a single 'category default together' for a functional area.

  You can change the category by default a functional space to define certain conditions. You must ensure that each element within the functional area belongs to the new series of default category. If the element by setting the attribute of the functional area is controlled at the level of the organization then the new game of the default category must also be controlled at the level of the organization.

  Thank you

  -Arif.

• ACS 3.2 - users 'ghosts' of a group

  It is a bit of a strange. We run ACS 3.2 (1) on a Windows 2000-based computer. We have about 30 groups for different users. The only group (Group 1) always tells us that we have 30 users that are actually part of the group. The group says 90 users but when you list users there is only 60. I moved all users to a new group and now it says there are 30 users in the group, but when you a list of people, it gives you nothing. I have backed up the database, did a new install of 3.2 (2) on another machine and perform a restore to this area and I always get the same result. I'm trying to find out if the Group has not correctly or if there are 30 users 'ghosts' somewhere! I recently inherited the ACS boxes so I don't know when this problem started.

  There seems to be all known bugs related to this. Has anyone else seen this before?

  Thank you!

  We have definitely corrected the issue and the matter is now closed. What we did that I sent him a copy of backup of ACS server so he could watch. He then sent back me a backup file saying they found the problem and restore the backup file to the ACS. The TAC Guy sent email me looked like this:

  "We cannot create a Dump.txt we can do on ACS installed on Windows Server by the csutil-d option basically on the device.

  This dump.txt is a readable format of the database unlike the .dmp

  I downloaded the .dmp sent by you on the ACS (Windows Server) service at my end created a dump.txt, corrected by running the perl script and downloaded and then turn it back on to the ACS server by the-l option of csutil. They I took a backup of the ACS and sent it. I have check the .dmp even on the device at my end to confirm the correction.

  It basically an indexing problem, caused when the admin deletes users and link pointer not are deleted in the registry of the origin of the problem.

  As discussed, regular backup, and performance of the dbcompact should help prevent this problem.

  I have attached the perl script, you can use it if necessary in the future.

  Hope this helps, feel free to contact me if you have further questions. At this point I go ahead and close the request service, as discussed. »

  If you want I can send you the email of the script that the guy sent me. But obviously as it said and what I thought, it's a matter of pointer in the database.

• Create different group with VPN remote access

  Hello world

  The last time, I ve put in place a VPN for remote access to my network with ASA 5510

  I ve access to all my internal LAn helped with my VPN

  But I want to set up a vpn group in the CLI for a different group of the user who accesses the different server or a different network on my local network.

  Example: computer group - access to 10.70.5.X network

  Group consultant network - access to 10.70.10.X

  I need to know how I can do this, and if you can give me some example script to complete this

  Here is my configuration:

  ASA Version 8.0 (2)
  !
  ASA-Vidrul host name
  vidrul domain name - ao.com
  activate 8Ry2YjIyt7RRXU24 encrypted password
  names of
  DNS-guard
  !
  interface Ethernet0/0
  nameif outside
  security-level 0
  address IP X.X.X.X 255.255.255.X
  !
  interface Ethernet0/1
  nameif inside
  security-level 100
  address IP X.X.X.X 255.255.255.X
  !
  interface Ethernet0/2
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Ethernet0/3
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Management0/0
  Description Port_Device_Management
  nameif management
  security-level 99
  address IP X.X.X.X 255.255.255.X
  management only
  !
  2KFQnbNIdI.2KYOU encrypted passwd
  passive FTP mode
  DNS server-group DefaultDNS
  vidrul domain name - ao.com
  access-list 100 scope ip allow a whole
  access-list extended 100 permit icmp any any echo
  access-list extended 100 permit icmp any any echo response
  vpn-vidrul_splitTunnelAcl permit 10.70.1.0 access list standard 255.255.255.0
  vpn-vidrul_splitTunnelAcl permit 10.70.99.0 access list standard 255.255.255.0
  inside_nat0_outbound list of allowed ip extended access all 10.70.255.0 255.255.255.0
  pager lines 24
  Outside 1500 MTU
  Within 1500 MTU
  MTU 1500 management
  IP local pool clientvpngroup 10.70.255.100 - 10.70.255.200 mask 255.255.255.0
  ICMP unreachable rate-limit 1 burst-size 1
  ASDM image disk0: / asdm - 602.bin
  don't allow no asdm history
  ARP timeout 14400
  Global 1 interface (outside)
  NAT (inside) 0-list of access inside_nat0_outbound
  NAT (inside) 1 10.70.0.0 255.255.0.0
  Access-group 100 in the interface inside
  Access-group 100 interface inside

  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout, uauth 0:05:00 absolute
  dynamic-access-policy-registration DfltAccessPolicy
  Protocol RADIUS AAA-server 10.70.99.10
  AAA authentication enable LOCAL console
  the ssh LOCAL console AAA authentication
  LOCAL AAA authorization command
  Enable http server
  http 192.168.1.2 255.255.255.255 management
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
  Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
  SYSTEM_DEFAULT_CRYPTO_MAP game 65535 dynamic-map crypto transform-set ESP-DES-SHA ESP-DES-MD5
  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
  outside_map interface card crypto outside
  crypto ISAKMP allow outside
  crypto ISAKMP policy 10
  preshared authentication
  the Encryption
  md5 hash
  Group 2
  life 86400
  Crypto isakmp nat-traversal 30
  Telnet 0.0.0.0 0.0.0.0 inside
  Telnet timeout 5
  SSH 0.0.0.0 0.0.0.0 outdoors
  SSH timeout 5
  Console timeout 0
  outside access management
  dhcpd manage 192.168.1.2 - 192.168.1.5
  dhcpd enable management
  !
  a basic threat threat detection
  Statistics-list of access threat detection
  !
  class-map inspection_default
  match default-inspection-traffic
  block-url-class of the class-map
  class-map imblock
  match any
  class-map P2P
  game port tcp eq www
  !
  !
  type of policy-card inspect dns migrated_dns_map_1
  parameters
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the migrated_dns_map_1 dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the netbios
  inspect the rsh
  inspect the rtsp
  inspect the skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect the tftp
  inspect the sip
  inspect xdmcp
  Policy-map IM_P2P
  class imblock
  class P2P
  !
  global service-policy global_policy
  vpn-vidrul group policy internal
  vpn-vidrul group policy attributes
  Protocol-tunnel-VPN IPSec
  Split-tunnel-policy tunnelspecified
  Split-tunnel-network-list value vpn-vidrul_splitTunnelAcl
  value by default-field vidrul - ao.com
  test 274Y4GRAbNElaCoV of encrypted password privilege 0 username
  username admin privilege 15 encrypted password bTpUzgLxalekyhxQ
  attributes of user admin name
  Strategy-Group-VPN-vpn-vidrul
  username, password suporte zjQEaX/fm0NjEp4k encrypted privilege 15
  type tunnel-group vidrul-vpn remote access
  vpn-vidrul general-attributes tunnel-group
  address clientvpngroup pool
  Group Policy - by default-vpn-vidrul
  IPSec-vpn-vidrul tunnel group attributes
  pre-shared-key *.
  context of prompt hostname
  Cryptochecksum:d84e64c87cc5b263c84567e22400591c
  : end

  What you need to configure is to imitate the configuration on the tunnel-group and group strategy and to configure access to specific network you need.

  Currently, you have configured the following:

  vpn-vidrul group policy internal
  vpn-vidrul group policy attributes
  Protocol-tunnel-VPN IPSec
  Split-tunnel-policy tunnelspecified
  Split-tunnel-network-list value vpn-vidrul_splitTunnelAcl
  value by default-field vidrul - ao.com

  type tunnel-group vidrul-vpn remote access
  vpn-vidrul general-attributes tunnel-group
  address clientvpngroup pool
  Group Policy - by default-vpn-vidrul
  IPSec-vpn-vidrul tunnel group attributes
  pre-shared-key *.

  What you need is to create new group policy and the new tunnel-group and configure the tunnel split ACL to allow access to specific access required.

  The user must then connect with the new group name and the new pre-shared key (password).

  Hope that helps.

• Dynamically connect to different groups

  Hello
  
  Is there a way to dynamically connect to different groups?
  
  I put in scene/QA/cache clusters and work on utility to handle all those of an admin tool. For example, is it possible to dynamically attach to the QA cluster, some operations, detach, then connect to the cluster scene later? If so, how to specify the configuration for the different clusters (for example xml files override consistency) programmatically?
  
  Thank you
  Harry

  Hi Harry,.

  There are at least two ways to achieve what you want.

  1. If at the same time, you want to connect to a single cluster, then you can stop the cluster with CacheFactory.shutdown () (be sure to release all references that hang to the caches and so on...) and change some Java properties programmatically (for example one pointing to the substitution file) and start consistency again as usual (by obtaining a cache or manually from the services, etc.).

  2. If you want to connect to multiple clusters at the same time, you have to load consistency several times for shippers of class independent parents (who is not the parent of one of the other ClassLoader). This requires thinking to start new threads with a custom class loader and the communication between these classes Chargers and the original code is somewhat restricted, but it can be done. I always wanted to do a page on this topic, seems a good time to do...

  Best regards

  Robert

• Getting file names of different groups in a data portal

  Hello

  I find it difficult to recover the file names of different groups in the data portal. For example, say that I loaded two different files of the same .tdms ext data portal that automatically assigns as two distinct groups. My goal is to get two groups using VBS in diadem 11.1 the name of the file.

  Can someone help me in this regard.

  Kind regards

  X. Ignatius

  Thank you Andreas.

  I have a plugin that loads multiple files of lvm with their name sourcefile. Earlier it would be like Labview, Labview data1, data2 Labview data... When multiple files are loaded. Now, with this plugin attached in the startup script, all files are loaded with their original file names.

  Attached plugins, set the LVM Custom load event. Vbs in the script, another starter accessory is the title of the main script function.

  Kind regards

  X. Ignatius

• How can you change a password on Vista for a group of net work at home

  How can you access the area to change the password for a group of net work at home? I'm unable to find had worked well but formatted Vista computer to make it faster. Now unable to find the box to change the password. Another computer on a network running 7.

  Hello

  What password are you talking?

  If it's regarding network sharing again the sharing.

  Maybe this can help.

  To get best results connect to each computer system screen and set all the computers to be on a bearing the same name of Working Group , while each computer has its own unique name.

  http://www.ezlan.NET/Win7/net_name.jpg

  Make sure that the software firewall, AV, or other security components allow free local traffic on all network computers. If you use the 3rd group of security, firewall native Vista/XP must be disabled, and the active firewall has adjusted to your network numbers IP on what is sometimes called the Zone of confidence (see part 3 firewall instructions

  General example, http://www.ezlan.net/faq.html#trusted
  Please Note that some 3rd party software firewall/AV/security costumes continue to block aspects of the Local traffic even it they are off (off). If possible, configure the firewall correctly or completely uninstall to allow a clean flow of local network traffic.

  If you end up with the 3rd party software uninstalled or disabled, make sure that Windows native firewall is active .

  Network Win 7 with another version of Windows as a work network (works very well if all computers are Win 7 also).

  In the center of the network, by clicking on the type of network opens the window to the right.

  Choose your network type. Note the check box at the bottom and check/uncheck depending on your needs.

  http://www.ezlan.NET/Win7/net_type.jpg

  Win 7 - http://windows.microsoft.com/en-us/windows7/Networking-home-computers-running-different-versions-of-Windows

  Win 7 network sharing folder specific work - http://www.onecomputerguy.com/windows7/windows7_sharing.htm

  Vista file and printer sharing - http://technet.microsoft.com/en-us/library/bb727037.aspx

  When you have finished the configuration of the system, it is recommended to restart everything the router and all computers involved.

  -------------

  If you have permission and security issues with Vista/Win7, check the following settings.

  Point to a folder that wants to share do right click and choose Properties.

  In the properties

  Click on the Security tab shown in the bellows of the photo on the right) and verify that users and their permissions (see photo below Centre and left) are configured correctly. Then do the same for the authorization tab.

  This screen shot is to Win 7, Vista menus are similar.

  http://www.ezlan.NET/Win7/permission-security.jpg

  The Security Panel and the authorization Panel, you need to highlight each user/group and consider that the authorization controls are verified correctly.

  When everything is OK, restart the network (router and computer).

  * Note . The groups and users listed in the screen-shoot are just an example. Your list will focus on how your system is configured.

  ** Note . All the users who are allowed to share need to have an account onall computers that they are allowed to connect to.

  Everyone is an account, that means a group of all users who already have an account now as users. It is available to avoid the need to configure permission for each on its own, it does not mean all those who feel that they would like to connect.

• Cisco ACS 5.8 CLI admin account lockout

  Hi all

  We recently deployed device Cisco ACS 3495 and running on a version 5.8.

  Everything seems well while our for the CLI admin account was locked out.

  Found a bug in Cisco for the same problem with version 5.5, but no solution yet...

  ACS 5.5 CLI Admin account locked and no Log Message
  CSCur37203
  Someone out there who might have encountered the same issue and can help advise?
  Thank you and best regards,
  NDA

  Hello

  Unfortunately, the only solution for this is the DVD of password recovery.

  Once fixed, you can increase the car locked out amounted to something greater than the default value of Cisco.

• Separation of monitor only and Admin for Cisco ASDM (ASA) access for users authenticated via LDAP

  Hello

  We have two groups of ads on network Admins, one for the system administrators group. The network Admins will get Priv lvl 15 the other Priv lvl 3.

  This is the setup I use:

  TestASA # sh run ldap-attribute-map of test4
  Comment by card privileged-level name
  map-value comment fw - ro 5
  map-value comment fw - rw 15
  memberOf IETF Radius-Service-Type card name
  map-value memberOf "cn = s-FW-Admin, OR = security groups, DC = 802101, DC = local" 6
  map-value memberOf "cn = s-fw-ro, OR = security groups, DC = 802101, DC = local" 5

  The user in both groups can connect ssh and asdm but all users get the same rights priv lvl 15.

  Someone at - it an idea?

  You must visit the listed link below to configure ASA to only read access and access admin. not sure, if you have already been there.

  https://supportforums.Cisco.com/docs/doc-33843

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• different workflows for different users

  Hello

  I want to create different workflows for different users in bcc atg. As for example I login as a Bishop, I create the project, I can add assets, when the author, I have simple step like deploy to production.  When I login as a normal user, I must follow the normal flow. for this what are the steps that I followed and what files are xml I have change for the commercial user interface.

  Hello

  Finally, I got the interface user of Merchandising for my custom workflow.  to do this, I added a configuration as speedWorkflow.xml file

  PUBLIC "-Technology Group, Configuration of the Application of CCI Inc.//DTD //Art / / IN".

  "http://www.atg.com/dtds/application-configuration/application-configuration_1.0.dtd" > ""

  atg.remote.commerce.Resources

  merchandising.activity.displayName

  atg.controlcenter.view.DividedApplication

  Profile of $accessRight$ sitecatalogread: read; Profile of $accessRight$ sitecatalogfull: read;

  Profile of $accessRight$ mediaread: read; Profile of $accessRight$ mediafull: read; Profile of $accessRight$ storecontentread: read;

  Profile of $accessRight$ storecontentfull: read; Profile of $accessRight$ storesread: read; Profile of $accessRight$ storesfull: read;

  Profile of $accessRight$ promotionsread: read; Profile of $accessRight$ promotionsuser: read;

  Profile of $accessRight$ promotionsfull: read

  / ATG/Remote/ControlCenter/service/GenericDividedApplicationInitializer

  10

  /Common/commonWorkflow.WDL

  atg.remote.commerce.Resources

  merchandising.activity.displayName

  atg.assetmanager.common.view.AssetManager

  / ATG/Remote/trade/service/MerchandisingAssetManagerInitializer

  / ATG/Remote/trade/assetmanager/ContentConfiguration

  /Common/commonWorkflow.WDL

  ApplicationConfigureManager.properties

  & applicationFiles =.

  /ATG/remote/ControlCenter/service/speedWorkflow.XML

• Sharing data between the host computer stores in different groups.

  I read in several places that sharing of data warehouses between the host in different groups is possible, but I don't get the warm and fuzzies when the hosts are different versions.

  vCenter is 4.1

  Group Alpha is 4.0 vmfs 3.33

  Bravo of cluster is 4.1 vmfs 3.46

  My goal is to move the virtual machines that meet the specific criteria of group Alpha for Cluster Bravo then the availability of flowing freely between clusters.

  The only concern I have is when adding Cluster Bravo to the same host of 3PAR alpha value of Cluster sharing all the data store, Cluster Bravo will try to reformat to vmfs 3.46 break Cluster Alpha to see the virtual machines stored in the warehouses of shared data?  I don't want to present the old warehouses of data to the new cluster only break from old cluster.

  Hello vmsjsn

  ESX/ESXi 4.X supports all versions of VMFS file system.

  Using your example of Alpha and Bravo. Kudos to will write more Alpha. you will be able to cross all hosts on the shared storage.

• How to get all the records for each group - double

  Hi all
  
  I have developed customized reports, I have a three for each group, the first group is for PO number and the second is for line number Po and the third is for activity ID.
  
  
  Today the third group is based on the activity ID.
  
  Some time the activity id is unique and other data are different. If at this time its settlement only one record.
  
  For example
  
  Date of activity Id
  
  1 25 - Jan
  
  1 26 - Jan
  
  
  
  Its single record display.
  
  Can someone tell me how to avoid this separate for each group.
  
  Thanks and greetings
  Srikkanth.M

  As another user said, delete syntax regroup.
  Why do you bring here?

• Assign the different number to each different group of lines

  Hello
  I have a simple request, but I can't find any solution.
  
  I would attribute the different sequence number to each different group of my results.
  
  My goal is the following:
  
  http://img10.imageshack.us/img10/51/obieeseqnumbertogroup.jpg
  
  I tried RCOMPTE, C.V. etc... but without success...
  
  Can you help me with this?

  Hello

  You can try the steps below to get what you are looking for:

  -Assuming that your criteria has these columns date, the worker and the group. Create another column with fx as rcount (group) and apply the sort on the column group in the application type tab is necessary to generate counts of sequence based on the criteria group.
  -Then apply different conditional formatting on this new column.
  -Now in the pivot put this new column in the measure, the worker column into rows and columns date column. You should get an output according to the image displayed by you earlier.
  -If you must also sort either worker or date column, do it in pivot view, not in the criteria tab.

  I hope this helps!

  Thank you

• use queries to support for different style sheets?

  I know that this question must be asked all the time, sorry :-).  I have been working on a site and you have great help here for 2 previous questions. But now, I came across another and more than probably the last issue for this site. The page that I write is for my group, many of our fans and everyone have ipads, anodroids and soon. So just to see, I tested my site and 800 x 600 (I know the Res gets much lower than for 320 phones is the norm and 1024 x 768 for the ipad, I think, but it is the lowest, I could go on my pc to test) and I already had problems with the top of the screen being cut into pieces and well sure left and right chopped. I read up on it and I find the media to call sheets css dfferent for different resolutions.  What is togo of this problem? Also when I wrote the page that I was in 1280 x 1024, I did, as I thought it was prob. the resolution more used at this point, it is the best resolution to create? So, in a nut shell, what is the best way to address the resolution and what resolution you create in? Thank you very much for the help past as well as help with this.

  John Dullebawn

  Media Queries would be the way to go for what you want to do.

  Keep in mind that just because this resolution may be the most widespread, it probably doesn't get used very often. Here's what I mean by that...

  I my experience, very few people find anything on the web with a maximized window (I honestly can't do to think of a time where I have never seen someone using a display full-screen browser where it wasn't an accident). Most don't allow their browser to use 80% or more of their real estate property screen because they need room to click back between browser windows or other programs or just to get on their desk to find files.

  The good thing with questions from the media, is that you need not worry about this because you can make one for 1280 x 1024 for the people who use the entire screen. Then an other for 1024 x 768 or 800 x 600 480 x 260, basically everything, and all the other resolutions you want to design for.

  It's really how precisely you want to got on the number of possibilities to you.