ACS 5.1 changepassword admin for different groups
Hello
Use DCC 5.1 device, created under the identity of the engineering groups
in any case to create a changepasswordadmin to allow only this changepasswordadmin to change the password of internal users belong to the engineering group. This changepasswordadmin can not touch other users in other groups all groups.
This is possible in ACS 4.2, cannot find this option is ACS 5.1
All groups: engineering
Please advise and thank you
Hi, PPP,
It is the great feature to have in 5.1. This is probably a feature request that can be included in future versions of GBA 5.x
I'm you send the deposit process feature request.
Kind regards.
~ JG
Tags: Cisco Security
Similar Questions
-
iRecruitment Site external candidate for different groups of companies
Hello
Is it possible to create several Sites of external candidates iRecruitment each linked to a group of different record companies?
The client instance has 3 business groups.
Is it possible to implement this standard / recommended?
We have created three responsibilities of custom external candidates, each was to grant the set of permissions to the external candidate of IRC and IRC profile option: join Business Group has been set at the level of RESP. The guest user has only the responsibilities of the custom external candidate.
Kind regards
BuxantIf you have 3 different "external pages" for the different BGs, then simply associate the BG record a different value for each external page.
Concerning
Tim
-
Hello
We define another point for the test category structure in the environment of demonstration of the Vision. In fact, we have created all the new settings including BG, THE, OR, OI, ledger, responsibilities etc. to simulate the setting for our client in the demonstration environment.
But it happens that I can't change the "Set to default category" for the purchase of functional area. This means that ONLY one element category structure can be used in a single case?
Thank you
Leo
Hi Leo,
Yes, for a single instance, we can have only a single 'category default together' for a functional area.
You can change the category by default a functional space to define certain conditions. You must ensure that each element within the functional area belongs to the new series of default category. If the element by setting the attribute of the functional area is controlled at the level of the organization then the new game of the default category must also be controlled at the level of the organization.
Thank you
-Arif.
-
ACS 3.2 - users 'ghosts' of a group
It is a bit of a strange. We run ACS 3.2 (1) on a Windows 2000-based computer. We have about 30 groups for different users. The only group (Group 1) always tells us that we have 30 users that are actually part of the group. The group says 90 users but when you list users there is only 60. I moved all users to a new group and now it says there are 30 users in the group, but when you a list of people, it gives you nothing. I have backed up the database, did a new install of 3.2 (2) on another machine and perform a restore to this area and I always get the same result. I'm trying to find out if the Group has not correctly or if there are 30 users 'ghosts' somewhere! I recently inherited the ACS boxes so I don't know when this problem started.
There seems to be all known bugs related to this. Has anyone else seen this before?
Thank you!
We have definitely corrected the issue and the matter is now closed. What we did that I sent him a copy of backup of ACS server so he could watch. He then sent back me a backup file saying they found the problem and restore the backup file to the ACS. The TAC Guy sent email me looked like this:
"We cannot create a Dump.txt we can do on ACS installed on Windows Server by the csutil-d option basically on the device.
This dump.txt is a readable format of the database unlike the .dmp
I downloaded the .dmp sent by you on the ACS (Windows Server) service at my end created a dump.txt, corrected by running the perl script and downloaded and then turn it back on to the ACS server by the-l option of csutil. They I took a backup of the ACS and sent it. I have check the .dmp even on the device at my end to confirm the correction.
It basically an indexing problem, caused when the admin deletes users and link pointer not are deleted in the registry of the origin of the problem.
As discussed, regular backup, and performance of the dbcompact should help prevent this problem.
I have attached the perl script, you can use it if necessary in the future.
Hope this helps, feel free to contact me if you have further questions. At this point I go ahead and close the request service, as discussed. »
If you want I can send you the email of the script that the guy sent me. But obviously as it said and what I thought, it's a matter of pointer in the database.
-
Create different group with VPN remote access
Hello world
The last time, I ve put in place a VPN for remote access to my network with ASA 5510
I ve access to all my internal LAn helped with my VPN
But I want to set up a vpn group in the CLI for a different group of the user who accesses the different server or a different network on my local network.
Example: computer group - access to 10.70.5.X network
Group consultant network - access to 10.70.10.X
I need to know how I can do this, and if you can give me some example script to complete this
Here is my configuration:
ASA Version 8.0 (2)
!
ASA-Vidrul host name
vidrul domain name - ao.com
activate 8Ry2YjIyt7RRXU24 encrypted password
names of
DNS-guard
!
interface Ethernet0/0
nameif outside
security-level 0
address IP X.X.X.X 255.255.255.X
!
interface Ethernet0/1
nameif inside
security-level 100
address IP X.X.X.X 255.255.255.X
!
interface Ethernet0/2
Shutdown
No nameif
no level of security
no ip address
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
Description Port_Device_Management
nameif management
security-level 99
address IP X.X.X.X 255.255.255.X
management only
!
2KFQnbNIdI.2KYOU encrypted passwd
passive FTP mode
DNS server-group DefaultDNS
vidrul domain name - ao.com
access-list 100 scope ip allow a whole
access-list extended 100 permit icmp any any echo
access-list extended 100 permit icmp any any echo response
vpn-vidrul_splitTunnelAcl permit 10.70.1.0 access list standard 255.255.255.0
vpn-vidrul_splitTunnelAcl permit 10.70.99.0 access list standard 255.255.255.0
inside_nat0_outbound list of allowed ip extended access all 10.70.255.0 255.255.255.0
pager lines 24
Outside 1500 MTU
Within 1500 MTU
MTU 1500 management
IP local pool clientvpngroup 10.70.255.100 - 10.70.255.200 mask 255.255.255.0
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 602.bin
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0_outbound
NAT (inside) 1 10.70.0.0 255.255.0.0
Access-group 100 in the interface inside
Access-group 100 interface insideTimeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout, uauth 0:05:00 absolute
dynamic-access-policy-registration DfltAccessPolicy
Protocol RADIUS AAA-server 10.70.99.10
AAA authentication enable LOCAL console
the ssh LOCAL console AAA authentication
LOCAL AAA authorization command
Enable http server
http 192.168.1.2 255.255.255.255 management
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
SYSTEM_DEFAULT_CRYPTO_MAP game 65535 dynamic-map crypto transform-set ESP-DES-SHA ESP-DES-MD5
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
the Encryption
md5 hash
Group 2
life 86400
Crypto isakmp nat-traversal 30
Telnet 0.0.0.0 0.0.0.0 inside
Telnet timeout 5
SSH 0.0.0.0 0.0.0.0 outdoors
SSH timeout 5
Console timeout 0
outside access management
dhcpd manage 192.168.1.2 - 192.168.1.5
dhcpd enable management
!
a basic threat threat detection
Statistics-list of access threat detection
!
class-map inspection_default
match default-inspection-traffic
block-url-class of the class-map
class-map imblock
match any
class-map P2P
game port tcp eq www
!
!
type of policy-card inspect dns migrated_dns_map_1
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the migrated_dns_map_1 dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
Policy-map IM_P2P
class imblock
class P2P
!
global service-policy global_policy
vpn-vidrul group policy internal
vpn-vidrul group policy attributes
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value vpn-vidrul_splitTunnelAcl
value by default-field vidrul - ao.com
test 274Y4GRAbNElaCoV of encrypted password privilege 0 username
username admin privilege 15 encrypted password bTpUzgLxalekyhxQ
attributes of user admin name
Strategy-Group-VPN-vpn-vidrul
username, password suporte zjQEaX/fm0NjEp4k encrypted privilege 15
type tunnel-group vidrul-vpn remote access
vpn-vidrul general-attributes tunnel-group
address clientvpngroup pool
Group Policy - by default-vpn-vidrul
IPSec-vpn-vidrul tunnel group attributes
pre-shared-key *.
context of prompt hostname
Cryptochecksum:d84e64c87cc5b263c84567e22400591c
: endWhat you need to configure is to imitate the configuration on the tunnel-group and group strategy and to configure access to specific network you need.
Currently, you have configured the following:
vpn-vidrul group policy internal
vpn-vidrul group policy attributes
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value vpn-vidrul_splitTunnelAcl
value by default-field vidrul - ao.comtype tunnel-group vidrul-vpn remote access
vpn-vidrul general-attributes tunnel-group
address clientvpngroup pool
Group Policy - by default-vpn-vidrul
IPSec-vpn-vidrul tunnel group attributes
pre-shared-key *.What you need is to create new group policy and the new tunnel-group and configure the tunnel split ACL to allow access to specific access required.
The user must then connect with the new group name and the new pre-shared key (password).
Hope that helps.
-
Dynamically connect to different groups
Hello
Is there a way to dynamically connect to different groups?
I put in scene/QA/cache clusters and work on utility to handle all those of an admin tool. For example, is it possible to dynamically attach to the QA cluster, some operations, detach, then connect to the cluster scene later? If so, how to specify the configuration for the different clusters (for example xml files override consistency) programmatically?
Thank you
HarryHi Harry,.
There are at least two ways to achieve what you want.
1. If at the same time, you want to connect to a single cluster, then you can stop the cluster with CacheFactory.shutdown () (be sure to release all references that hang to the caches and so on...) and change some Java properties programmatically (for example one pointing to the substitution file) and start consistency again as usual (by obtaining a cache or manually from the services, etc.).
2. If you want to connect to multiple clusters at the same time, you have to load consistency several times for shippers of class independent parents (who is not the parent of one of the other ClassLoader). This requires thinking to start new threads with a custom class loader and the communication between these classes Chargers and the original code is somewhat restricted, but it can be done. I always wanted to do a page on this topic, seems a good time to do...
Best regards
Robert
-
Getting file names of different groups in a data portal
Hello
I find it difficult to recover the file names of different groups in the data portal. For example, say that I loaded two different files of the same .tdms ext data portal that automatically assigns as two distinct groups. My goal is to get two groups using VBS in diadem 11.1 the name of the file.
Can someone help me in this regard.
Kind regards
X. Ignatius
Thank you Andreas.
I have a plugin that loads multiple files of lvm with their name sourcefile. Earlier it would be like Labview, Labview data1, data2 Labview data... When multiple files are loaded. Now, with this plugin attached in the startup script, all files are loaded with their original file names.
Attached plugins, set the LVM Custom load event. Vbs in the script, another starter accessory is the title of the main script function.
Kind regards
X. Ignatius
-
How can you change a password on Vista for a group of net work at home
How can you access the area to change the password for a group of net work at home? I'm unable to find had worked well but formatted Vista computer to make it faster. Now unable to find the box to change the password. Another computer on a network running 7.
Hello
What password are you talking?
If it's regarding network sharing again the sharing.
Maybe this can help.To get best results connect to each computer system screen and set all the computers to be on a bearing the same name of Working Group , while each computer has its own unique name.
http://www.ezlan.NET/Win7/net_name.jpg
Make sure that the software firewall, AV, or other security components allow free local traffic on all network computers. If you use the 3rd group of security, firewall native Vista/XP must be disabled, and the active firewall has adjusted to your network numbers IP on what is sometimes called the Zone of confidence (see part 3 firewall instructions
General example, http://www.ezlan.net/faq.html#trusted
Please Note that some 3rd party software firewall/AV/security costumes continue to block aspects of the Local traffic even it they are off (off). If possible, configure the firewall correctly or completely uninstall to allow a clean flow of local network traffic.If you end up with the 3rd party software uninstalled or disabled, make sure that Windows native firewall is active .
Network Win 7 with another version of Windows as a work network (works very well if all computers are Win 7 also).
In the center of the network, by clicking on the type of network opens the window to the right.
Choose your network type. Note the check box at the bottom and check/uncheck depending on your needs.
http://www.ezlan.NET/Win7/net_type.jpg
Win 7 network sharing folder specific work - http://www.onecomputerguy.com/windows7/windows7_sharing.htm
Vista file and printer sharing - http://technet.microsoft.com/en-us/library/bb727037.aspx
When you have finished the configuration of the system, it is recommended to restart everything the router and all computers involved.
-------------
If you have permission and security issues with Vista/Win7, check the following settings.
Point to a folder that wants to share do right click and choose Properties.
In the properties
Click on the Security tab shown in the bellows of the photo on the right) and verify that users and their permissions (see photo below Centre and left) are configured correctly. Then do the same for the authorization tab.
This screen shot is to Win 7, Vista menus are similar.
http://www.ezlan.NET/Win7/permission-security.jpg
The Security Panel and the authorization Panel, you need to highlight each user/group and consider that the authorization controls are verified correctly.
When everything is OK, restart the network (router and computer).
* Note . The groups and users listed in the screen-shoot are just an example. Your list will focus on how your system is configured.
** Note . All the users who are allowed to share need to have an account onall computers that they are allowed to connect to.
Everyone is an account, that means a group of all users who already have an account now as users. It is available to avoid the need to configure permission for each on its own, it does not mean all those who feel that they would like to connect.
-
Cisco ACS 5.8 CLI admin account lockout
Hi all
We recently deployed device Cisco ACS 3495 and running on a version 5.8.
Everything seems well while our for the CLI admin account was locked out.
Found a bug in Cisco for the same problem with version 5.5, but no solution yet...
ACS 5.5 CLI Admin account locked and no Log MessageSomeone out there who might have encountered the same issue and can help advise?Thank you and best regards,NDAHello
Unfortunately, the only solution for this is the DVD of password recovery.
Once fixed, you can increase the car locked out amounted to something greater than the default value of Cisco.
-
Hello
We have two groups of ads on network Admins, one for the system administrators group. The network Admins will get Priv lvl 15 the other Priv lvl 3.
This is the setup I use:
TestASA # sh run ldap-attribute-map of test4
Comment by card privileged-level name
map-value comment fw - ro 5
map-value comment fw - rw 15
memberOf IETF Radius-Service-Type card name
map-value memberOf "cn = s-FW-Admin, OR = security groups, DC = 802101, DC = local" 6
map-value memberOf "cn = s-fw-ro, OR = security groups, DC = 802101, DC = local" 5The user in both groups can connect ssh and asdm but all users get the same rights priv lvl 15.
Someone at - it an idea?
You must visit the listed link below to configure ASA to only read access and access admin. not sure, if you have already been there.
https://supportforums.Cisco.com/docs/doc-33843
~ BR
Jatin kone* Does the rate of useful messages *.
-
different workflows for different users
Hello
I want to create different workflows for different users in bcc atg. As for example I login as a Bishop, I create the project, I can add assets, when the author, I have simple step like deploy to production. When I login as a normal user, I must follow the normal flow. for this what are the steps that I followed and what files are xml I have change for the commercial user interface.
Hello
Finally, I got the interface user of Merchandising for my custom workflow. to do this, I added a configuration as speedWorkflow.xml file
PUBLIC "-Technology Group, Configuration of the Application of CCI Inc.//DTD //Art / / IN".
"http://www.atg.com/dtds/application-configuration/application-configuration_1.0.dtd" > ""
atg.remote.commerce.Resources merchandising.activity.displayName atg.controlcenter.view.DividedApplication Profile of $accessRight$ sitecatalogread: read; Profile of $accessRight$ sitecatalogfull: read;
Profile of $accessRight$ mediaread: read; Profile of $accessRight$ mediafull: read; Profile of $accessRight$ storecontentread: read;
Profile of $accessRight$ storecontentfull: read; Profile of $accessRight$ storesread: read; Profile of $accessRight$ storesfull: read;
Profile of $accessRight$ promotionsread: read; Profile of $accessRight$ promotionsuser: read;
Profile of $accessRight$ promotionsfull: read
/ ATG/Remote/ControlCenter/service/GenericDividedApplicationInitializer
10 /Common/commonWorkflow.WDL
atg.remote.commerce.Resources merchandising.activity.displayName atg.assetmanager.common.view.AssetManager / ATG/Remote/trade/service/MerchandisingAssetManagerInitializer
/ ATG/Remote/trade/assetmanager/ContentConfiguration
/Common/commonWorkflow.WDL
ApplicationConfigureManager.properties
& applicationFiles =.
/ATG/remote/ControlCenter/service/speedWorkflow.XML
-
Sharing data between the host computer stores in different groups.
I read in several places that sharing of data warehouses between the host in different groups is possible, but I don't get the warm and fuzzies when the hosts are different versions.
vCenter is 4.1
Group Alpha is 4.0 vmfs 3.33
Bravo of cluster is 4.1 vmfs 3.46
My goal is to move the virtual machines that meet the specific criteria of group Alpha for Cluster Bravo then the availability of flowing freely between clusters.
The only concern I have is when adding Cluster Bravo to the same host of 3PAR alpha value of Cluster sharing all the data store, Cluster Bravo will try to reformat to vmfs 3.46 break Cluster Alpha to see the virtual machines stored in the warehouses of shared data? I don't want to present the old warehouses of data to the new cluster only break from old cluster.
Hello vmsjsn
ESX/ESXi 4.X supports all versions of VMFS file system.
Using your example of Alpha and Bravo. Kudos to will write more Alpha. you will be able to cross all hosts on the shared storage.
-
How to get all the records for each group - double
Hi all
I have developed customized reports, I have a three for each group, the first group is for PO number and the second is for line number Po and the third is for activity ID.
Today the third group is based on the activity ID.
Some time the activity id is unique and other data are different. If at this time its settlement only one record.
For example
Date of activity Id
1 25 - Jan
1 26 - Jan
Its single record display.
Can someone tell me how to avoid this separate for each group.
Thanks and greetings
Srikkanth.MAs another user said, delete syntax regroup.
Why do you bring here? -
Assign the different number to each different group of lines
Hello
I have a simple request, but I can't find any solution.
I would attribute the different sequence number to each different group of my results.
My goal is the following:
http://img10.imageshack.us/img10/51/obieeseqnumbertogroup.jpg
I tried RCOMPTE, C.V. etc... but without success...
Can you help me with this?Hello
You can try the steps below to get what you are looking for:
-Assuming that your criteria has these columns date, the worker and the group. Create another column with fx as rcount (group) and apply the sort on the column group in the application type tab is necessary to generate counts of sequence based on the criteria group.
-Then apply different conditional formatting on this new column.
-Now in the pivot put this new column in the measure, the worker column into rows and columns date column. You should get an output according to the image displayed by you earlier.
-If you must also sort either worker or date column, do it in pivot view, not in the criteria tab.I hope this helps!
Thank you
-
use queries to support for different style sheets?
I know that this question must be asked all the time, sorry :-). I have been working on a site and you have great help here for 2 previous questions. But now, I came across another and more than probably the last issue for this site. The page that I write is for my group, many of our fans and everyone have ipads, anodroids and soon. So just to see, I tested my site and 800 x 600 (I know the Res gets much lower than for 320 phones is the norm and 1024 x 768 for the ipad, I think, but it is the lowest, I could go on my pc to test) and I already had problems with the top of the screen being cut into pieces and well sure left and right chopped. I read up on it and I find the media to call sheets css dfferent for different resolutions. What is togo of this problem? Also when I wrote the page that I was in 1280 x 1024, I did, as I thought it was prob. the resolution more used at this point, it is the best resolution to create? So, in a nut shell, what is the best way to address the resolution and what resolution you create in? Thank you very much for the help past as well as help with this.
John Dullebawn
Media Queries would be the way to go for what you want to do.
Keep in mind that just because this resolution may be the most widespread, it probably doesn't get used very often. Here's what I mean by that...
I my experience, very few people find anything on the web with a maximized window (I honestly can't do to think of a time where I have never seen someone using a display full-screen browser where it wasn't an accident). Most don't allow their browser to use 80% or more of their real estate property screen because they need room to click back between browser windows or other programs or just to get on their desk to find files.
The good thing with questions from the media, is that you need not worry about this because you can make one for 1280 x 1024 for the people who use the entire screen. Then an other for 1024 x 768 or 800 x 600 480 x 260, basically everything, and all the other resolutions you want to design for.
It's really how precisely you want to got on the number of possibilities to you.
Maybe you are looking for
-
I can't associate the correct .exe program for the file!
Hello I desperately need help. I have a program called 5 for Sibelius, that I installed it on my computer which uses Vista Business. I used to have 3 of Sibelius, but uninstalled. All Sibelius 3 files have now no program that opens to them. What is s
-
I drive a limo and have clear 4g on your laptop wireless internet. Basically, I want to create an account that the user can only access Internet explorer and certain Web sites, which are the live tv or radio. I connect the laptop to the audio and Vis
-
DVD/cd player does not work
I have a dell inspiron 531 Telechareger and the cd/dvd drive does not work. I did the test issue of mircosoft and he said that one or more drivers were missing or corrupt and that it has been disabled in Device Manager. I checked Device Manager and i
-
A few tracks on a CD Windows Media Player 12 will play but not others
I downloaded an album on Amazon.com MP3 to my computer. After you download the Amazon MP3 default folder, I cut and pasted into the folder my music to the title of the appropriate artist. Before ever opening Windows Media Player, I've renamed some
-
Install Oracle 11g R2 on RHEL 6
HelloI'm trying to install Oracle 11 g R2 on RHEL6 using VM Ware workstation. I went through all the controls preinstallion and now want to create directories to hold the oracle software.My UNIX box has only one primary partition which is the root pa