ACS 5.1 - profile of the authorization, the RADIUS attributes

Similar Questions

• ACS 5.2 - Support for RADIUS attributes per user

  Hi all

  Does anyone know if it is possible to configure the RADIUS attributes on a per user in GBA 5.2 basis?

  That was possible under ACS 4.x, however, that I can't seem to find reference if ACS5.2 supports.

  Thank you

  Leon

  You can do this by setting by using attributes and then by substution attribute.

  You can see an example of it to set an internal user attribute to use as the value for the field address-IP-box

  This is just an example and can be applied also to any attribute RADIUS in which set an attribute of the user of the same type. Values can also be taken from an external identity as AD store

• Add under "Setting up groups" RADIUS attributes ACS 4.2

  Hi Security Experts,

  I need to add RADIUS attributes to a custom under the 'Groups Configuration' page provider ACS 4.2. From now on, I see of Cisco Aironet RADIUS attributes.

  IETF RADIUS attributes etc in the page "setting up groups. How can I ensure that the RADIUS attributes for a provider also appear on this page?

  PS: I have the useful messages rate

  Thank you

  Boudou

  Under the "Interface", you can set which you want to view the RADIUS attributes. It is probably just a missing check for your provider.

  The Options for RADIUS are described here:

  http://www.Cisco.com/en/us/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RADAtr.html

• How to configure ACS 5.2 to manage the Junos 10.4R6.5 fwl via GANYMEDE.

  Hi all

  I have a camera ACS 5.2 newly installed, integrated with our announcement and his work with cisco product, routers switches and etc.  Now I would like to include Juniper firewalls so to be authenticated via ACS 5.2 either via ssh and web access.  Can someone share me how to initiate this, creating policies.

  FYI: I have 14:00 groups regionaladm and regionalops, read/write and read-access, respectively.

  Kind regards

  Marlon

  Marlon,

  I stuck in a config below file I made for our ScreenOS Firewall work with Cisco ACS v5.2.  This configuration may not work because yours is Junos, but it could bring closer you reach to understand.  Also, if you have not been on the Juniper J-Net ask autour, give it a shot. (forums.juniper.net)

  Good luck!

  -Chris

  Title: Example configuration - GSU of Juniper and Cisco ACS v5.x

  Product: SSG320M juniper (Cisco ACS v5.x)
  

  Version: 6.3.0r10.0 ScreenOS (Cisco ACS v5.2.0.26.8)

  Network topology:

  [Juniper SSG320M]-[Cisco 3560 Switch]-[Cisco ACS VM]
  

  Description:

  Goal - authenticate GSU administrators using GANYMEDE + instead of local connections

  Description - This configuration for Cisco ACS v5.x, JTACS had only configuration v3.3.

  ACS v5.x is a VM based on Linux with a completely new user interface and structure.

  Configuration:

  Configure the Juniper (CLI)

  1. Add configuration Cisco ACS and GANYMEDE +.

  Set id CiscoACSv5 of auth-server 1
  set the auth-CiscoACSv5 server ServerName 192.168.1.100
  set server CiscoACSv5-type of admin account
  set the server CiscoACSv5 auth type Ganymede
  Define auth-server CiscoACSv5 Ganymede secret CiscoACSv5
  define CiscoACSv5 Ganymede 49 auth-server port
  Set the server auth admin CiscoACSv5
  Set admin auth distance primary
  Remote admin auth root set
  define outer-get administrator privileges

  Configure the Cisco ACS (GUI) v5.x
  1. navigate to elements of strategy > authorization and permissions > peripheral Administration > Shell profiles
  Create the profile of Shell of Juniper.
  Click the button [create] at the bottom of the page
  Select the general tab
  Name: Juniper
  Description: Custom for Juniper SSG320M attributes
  Select the custom attributes

  Add the vsys attribute:
  Attribute: vsys
  Requirement: required
  Value: root
  Click on the [Add ^] button above the field for the attribute

  Add the attribute of privilege :

  Attribute: privilege
  Requirement: required
  Value: root

  Note : you can also use "read-write", but then the local admin does not work correctly
  Click on the [Add ^] button above the field for the attribute
  Click the button [send] at the bottom of the page

  2. navigate to access policies > Access Services > default device Admin > authorization
  Create the authorization policy of Juniper and filter by IP address.
  Click [customize] at the bottom right of the page
  In terms of customize, select IP address in the left window
  Click the [>] button to add
  Click the [OK] button to close the window

  Click the button [create] at the bottom of the page to create a new rule
  In general, the name of the new rule Juniper and make sure that this option is enabled
  In Conditions, check the box next to IP address
  Enter the ip address of the Juniper (192.168.1.100)
  Under results, click the [Select] button next to the Shell profile field
  Select "Juniper" and click the [OK] button
  Under results, click the [Select] button under the command field sets (if used)
  Select "allow all the" and make sure all other boxes are not CHECKED
  Click the [OK] button to close the window
  Click the [OK] button at the bottom of the page to close the window
  Check the box next to the policy of Juniper , and then move the policy to the top of the list
  Click on the [Save] button at the bottom of the page

  Audit:

  Connect to the CLI of Juniper and GUI using an ACS internal user account and try to change something to check the level of privilege.

• TB support only certain parts of the profile (after the upgrade)

  Plattform-Details: 14.04 Ubuntu LTS x 86, Thunderbird 31.7.0

  I tried to upgrade to Thunderbird to its latest stable version (38) by downloading it and replacing the contents of the/opt/thunderbird of the folder with the data download and install the latest version. Since he did not work as planned, I just undid by removing the new folder and restoring the old (which I always had a backup).

  I now expect thunderbird to run as always and it makes the program starts well. But now, the old profile works more well. Thunderbird runs the 'system integration Wizzard' and the 'Welcome to Thunderbird Wizzard' every time at startup. In addition my E-mail-accounts, calendars and Contacts (internal and external) is not loaded. The collected addresses have however work. The Add-ons work just as well.

  Profile (about 2 gigabytes) still exists in the profile folder ~/.thunderbird and profile.ini corretly sets a path relative to this folder. In the folder, everything seems to be in order. There is for example the ImapMail with all my E-mail-accounts folder.

  Thunderbird running in safe mode doesn't change anything. Thunderbird also running the bash with option - profile and the path to the profile does not change this...

  What could be the problem? How can I fix?

  http://KB.mozillazine.org/Recovering_a_profile_that_suddenly_disappeared

• How can I add the name of the current profile to the window title?

  Environment: Windows 8.1, Tbird release both (x 64) daily.

  For performance reasons, I need more than one profile of Tbird running concurrently. I don't see an easy way to determine which window is running what hover profile taskbar Windows or the CoolSwitch (aka Alt + Tab). In most cases, there is enough information in the title tag that can help, but for various reasons, that I might have the same email address in more than one profile.

  Firefox has a nice add-on called view profile, which precedes the name of the profile for the title. However, it is not compatible with Tbird. I would like to do something similar.

  I tried the Add on Titlebar Tweaker, but it does not work. (I have not yet sent the Director). It would be fair that I quite understood yet what needs to be done.

  The search on the Internet finds several people with the same desire, but suggestions to answer, or, worse yet, allows to answer a different question.

  I am open to the update userChrome.css or other files manually in each profile.

  Does anyone have any suggestions?

  Read the paragraph 2nd here and see if the add-on does what you want.

• How to use multiple profiles within the same instance of Thunderbird

  A month ago, I got Thunderbird set up with three profiles,
  and all three could be used in a start only one of
  Thunderbird. That the PC is now gone. I've reconfigured the three
  profiles on a new PC, but can't do all three
  can be used in the same instance of Thunderbird. Can you help me?
  Both computers are / were only Windows7 64 bit.

  Thunderbird opens on the default if a profile
  or
  The Profile Manager is responsible to ask at startup it will allow you to choose which profile to open if it opens the last used profile...

  Thus, it shows a profile at a time within a single instance of Thunderbird.

  However, only one profile can have multiple e-mail accounts.
  for example: I run 4 e-mail accounts in a profile.

• Thunderbird does not work properly after copying old content profile in the new profile, what can I do

  My old laptop crashed, but fortunately I got the hard drive out, who now works as an external drive. I installed TB on my new laptop computer. I copied the contents of the old file to profile in the new profile file and start of TB. I have all my files of pace, but TB does nog works correctly. After that connection, it takes forever to load the new messages, when I leave a message to another, the first answer I get is "TB not responding' and after a few minutes, I finally get to the next message. Same story with 'reply' or 'delete '. I already tried to delete the index file and have tuberculosis still indexing message folders, but this did not help.

  I noticed that my old profile files seems to have a sort of double files in the subfolder Mail, old accounts. For example: pop.tele2.nl, pop.tele2 - 1.nl, pop.tele2 - 2.nl. I'm not sure what they are (they seem to hold different versions?) or is it relevant?

  When I search the AppData/Roaming/profiles I'll find it (on the old and the new hard disk as well) but I can not navigate on him (some parents of hidden file)? I checked the rights on the files of my account profile (Administrator rights). I don't know what to do more, so I hope to help.

  Re: for example: pop.tele2.nl, pop.tele2 - 1.nl, pop.tele2 - 2.nl.
  Here's the e-mail accounts for pop e-mail account. If you have several addresses on the same server, it will have the same name but an additional example:-1 appended to the name. If you got an e-mail account, it can also create and add the additional number. Why you have several, I can't say with certainty what caused them without knowing what you have done. The point being, you must have the directory Local pointing to one that is correct and has all your existing emails.

  Profile files are hidden files.
  http://KB.mozillazine.org/Show_hidden_files_and_folders

  Info on profile:
  http://KB.mozillazine.org/Profile_folder_-_Thunderbird

  What local directory is set to the e-mail account?
  "Tools" > "Account settings" > "Server settings" for the e-mail account
  bottom right under "Local Directory"
  It will say something like this:
  C:\Users\User account name\AppData\Roaming\Thunderbird\Profiles\abc12345.default\Mail\pop.tele2.nl

  Copy paste the info on this issue, so I don't know which e-mail account you use.

  How many email accounts you listed in the left pane in the account settings? You have just the one pop email account and local folders?

  What antivirus do you use?
  If you McAfee please read;

  • https://wiki.Mozilla.org/Thunderbird: test: Antivirus_Related_Performance_Issues #McAfee

  How many emails you have in the Inbox folder?
  It is advisable to use the Inbox folder as a mailbox for incoming mail, and not as a general storage. Suggest you create folders and move all the emails in the Inbox in other appropriate folders, then right-click on Inbox and select "Compact".

  Good info explaining what is compaction and why it is important:

  • https://support.Mozilla.org/en-us/KB/compacting-folders?ESAB=a & s = Compacting & r = 0 & As = s

  It is also a good idea to Archive mail older than a few months.
  Implemented for archive by month and keep the structure of archive folders. These emails will still be visible by 'Archives' folder and in your profile, but check-in will reduce the size of files and therefore less memory use during their opening.
  Info on archiving Options:
  https://support.Mozilla.org/en-us/KB/archived-messages

• I have to be able to open many profiles at the same time. Chrome for this. Why not Firefox?

  I knew that there are years you may have multiple profiles in Firefox, and given that Chrome is really stuffy handling games like Farmville 2 lately (don't know why, but Firefox is the browser recommended Zynga anyway), I decided to set up the profiles of boards and profile shortcuts. But there is a BIG problem. With Chrome, when I put in place of shortcuts to profiles that Chrome allows you to do in a single click, by the way, if I have a profile already open, I can open windows in all separate profiles using their shortcuts. In Firefox, I can't. If I have an open profile, the other shortcuts simply open windows in the same already open profile. This is not acceptable. It's not as if profiles are in the same directory. They are in separate directories and that there should be no problem with the opening of two or more profiles at the same time.

  You can use the - No.-remote command line switch to open another instance of Firefox with its own profile and run multiple instances of Firefox at the same time.

  • http://KB.mozillazine.org/Opening_a_new_instance_of_Firefox_with_another_profile
  • https://developer.Mozilla.org/Mozilla/Multiple_Firefox_Profiles

• How can I determine what my CURRENT profile, because the Profile Manager shows 3 and all the questions and answers are ambiguous on this issue. THX.?

  Yes, I see ambiguity. I have also some old Save profiles of boards and I have 3 profiles showing under the Profile Manager. The folder under "%APPDATA%\Mozilla\Firefox\Profiles\" shows 2 of them, but how DO I know WHICH is my current profile? So far, I have been unable to navigate up a clear answer. THX.

  You seem to have created a profile in the Profiles folder and not as you should be in an empty folder.

  You already clicked the button Choose a folder and specified the profiles folder in the profile folder?

  You must always specify an empty folder and new for the profile if you really want to create one profile other than suggest Firefox (you can change the file extension part after the '. ': for example the default user-> my < name >)

  • http://KB.mozillazine.org/Profile_Manager

  It would be preferable to cleaning the Profiles folder and delete all the files except the file profiles.ini and the default and files 'default user', although you might want to move to another location and start from scratch. If necessary, you can retrieve data from one of the two folders.

  • https://support.Mozilla.org/KB/recovering+important+data+from+an+old+profile
  • http://KB.mozillazine.org/Transferring_data_to_a_new_profile_-_Firefox

• Cannot move old profile to the new facility

  I need to move my FF profile for a new installation of FF on a new PC, but I can't get the profile to "stick".

  I tried to copy the files from the old profile into the new folder by default and the default editing the .ini to the game file, but it does not work. I tried to delete the new default profile and insert the old, but the default profile folder recreates itself. Where FF stores the new default profile number and how can I change it?

  I know that it is possible to move an existing to a new installation of FF profile, as I've done it before, but I can't make it work this time. What I am doing wrong?

  See the following articles:

  • Backup and restore Firefox profiles information
  • Copying files between profile folders
  • Use the Profile Manager to create and delete profiles Firefox

  Check and tell if its working.

• I can manually access and set up a profile outside the browser?

  I've set up a proxy in the browser using an address of a site Web proxy list and right after that I did this it crashed everytime I tried to open the browser. I searched on Chrome, trying to find a way to access my settings outside of the browser manually since I couldn't even go to the Explorer, and I was directed to my profile. No website only says how to change settings, but they said that my settings were contained in the profiles. I thought to myself, "because all my settings are in this profile, delete and reinstall of Firefox should fix." Unfortunately, there is no and now I have absolutely no way to make a new profile and whenever I try to open Firefox it says I have an instance of the application that is already running.

  Hello

  Please try firefox - p no distance in the Start > run box (or press windows + R if the box run is not present), delete all profiles with the files into it and create a new one. See also Firefox profile & files folder and backup.

  ...............................................................................................................................

  Useful links:

  Everything on tools > Options

  Beyond the tools > Options - about: config

  Subject: config entries

  Which is preferably that? module -quickly decode about: config entries - after installation, go inside on: config, right-click preferably, enable (check) results of MozillaZine Board, and once again right-click a pref and choose MozillaZine reference first.

  Keyboard shortcuts

  Watch a video in Firefox without a plugin

  Files & Firefox profile folder

  Safe mode

  Basic troubleshooting

  Extensions of the issues

  Troubleshooting Extensions and themes

  Test Plugins

  Troubleshooting Plugins

• How disable the buttons 'Delete Proflile' and 'Rename Profile' when the Profile Manager opens at startup?

  I have multiple Firefox profiles for the various people who use my computer and I'd hate for someone to accidentally delete my profile when you go online. Is there anyway I can disable this key at startup of Firefox and just work when I open the Profile Manager?

  I was originally going to just to give everyone their own Windows login, but it is easier for me to do only in this way. Help is appreciated.

  Ignore the Profile Manager by making a shortcut on the desktop for each of these profiles. You should learn to do it now, because the Profile Manager is likely to remove Firefox pretty quickly. My guess is in Firefox 9 or 10 at the end of this year or early next year.

  http://KB.mozillazine.org/Starting_Firefox_or_Thunderbird_with_a_specified_profile#Bypassing_the_Profile_Manager

• Missing of sudden of a sentence in the profile of the "moods".

  Hello world. Ten days ago I don't know how, but somehow that phrase got stuck in my profile in the section "moods". Some of my contacts saw the same thing. I noticed the phrase a day or two after. I removed it. However, one of my contacts has just opened their Skype today. Right now, under my mane of Skype, contact saw the same expression, and not long after, he disappeared, after this contact said hello to me. Then contact accused me of this phrase deleted as early early after saying hi to me. Anyone can help to explain why this contact was able to see the phrase almost 5-6 days after I removed it. Is it serious?

  NB. Its the first time I have been in contact with that contact, because this sentence has been glued in my profile to "moods".

  The explanation is probably this:

  This contact was online when you added this sentence to your mood.

  When they opened Skype the next time, the old mood message was still being broadcast, but has been updated to the new one once you have started a conversation.

• Copied bookmarks to the file in the profile on the new computer, but they do not appear.

  Bookmarks.html copied the folder from the old computer in XP and deposited the record .default in the profile on the new computer under Win7 folder. The bookmarks do not appear in Firefox, even after restart of Firefox and restart the computer.

  Since Firefox 3 favorites are stored in places.sqlite, you must copy this file instead.