ACS 5.4 managing users

Similar Questions

• Toshiba E-Studio printer - want to manage user impression in HIGH-LEVEL

  Hello

  I have several Toshiba E-Studio printers and I want to manage user impression in HIGH-LEVEL (my users are in Active Directory in Windows 2003)

  I tried but I can not connect department code with users of the AD and I keep getting my printed documents as invalid.
  I hope someone here will know how to solve this problem

  Thank you

  I have fear of m in this forum you will not find the printer experts.
  Most of the users here in this community are common for laptop / tablet or multimedia enthusiasts.

  But I found this page of Toshiba's interactive training manuals.
  http://business.Toshiba.com/USA/support/training/index.html
  These tutorials can help you learn how to perform various functions to your device e-STUDIO user

  It might be useful for you.

• How to run the Manager user interface programmatically

  I am looking for a method to run programmatically (from Labview), the Manager user interface, and then to connect it.

  Is there an API from .net to who?

  Thank you

  Note: I developed for earlier versions of VeriStand, a high-level application that manages projects of test benches and their versions. I want to update with the new manager of the user VeriStand interface.

  It is not a .NET API to control UI Manager, but there are some command line utilities, you can use to launch the user interface Manager, open a specific project, specify the IP address of the gateway to use and connect automatically.

  Try the following command line arguments:

  /nivsprj 'c:\project.nivsprj' Gateway localhost / connect

  They are documented in the online profile of Stimulus help editor.

• The window Task Manager users send a message to users

  Can someone help me install send a message to the user on Windows 2008rs on Windows Task Manager user...

  Well, that's the case I click with the right button on the taskbar click Start Task Manager, click user and do a right click on a user, click send a message, I type a message and click OK and it says (your message to the user Paul (sessionid = 1) could be sent. Access is denied. Can someone please help :).

  Phongng714,

  The error that you normally get is due to a lack of Message special access permission rights. You can learn more about this here. You will notice in the section Additional Considerations that he mentions this authorization. You can manage permissions on a per connection basis in Remote Desktop Session Host Configuration. The permissions are listed on the Security tab in the connection Properties dialog box.

  Could check you the permission level and see if that solves it.

• Management user per device license install.

  If my organization creates a company account to manage users I'll be able to limit what the Admin users can see in the administration console? Scenario, I have a site that will have 6 computers under license by Adobe CC licensed 'per unit '. On this site, there will be a technician who will carry out the installation, so their account must have sufficient privileges. However, I need to limit the tech to have access or being able to see all other licenses that have been purchased in the past. Is this possible?

  I'm sorry that the feature is not there.

  Admins on the team account have the same rights except for billing which is limited to only the main Administrator information.

• Manage users of OBIEE 11 g analytics with the Console of Administration of WLS?

  Hello everyone.
  I want manage users of analytics. Is there an effective way to provide access to specific folders in the catalog in the correspondence with the attributes of user? For example.
  User1: Director
  Role1: reports2011 (R)
  Role2: statistics2011 (R)
  3: wages2011 (R)
  
  User2: commonUser
  Role1 reports2011 (R)
  
  the util_3: admin
  role4: "all_folders" (RW)
  
  I'm looking for new ways to do this feature.
  
  Thank you
  Lives

  The specific roles of BI and policies in the administration Console are for this exact purpose (use of BI, BI author etc..)

  Please refer to these excellent posts: http://www.rittmanmead.com/2012/03/obiee-11g-security-week-understanding-obiee-11g-security-application-roles-and-application-policies/

  http://www.rittmanmead.com/2012/03/OBIEE-11g-security-week-subject-area-catalog-and-functional-area-security-2/

  http://www.rittmanmead.com/2012/03/OBIEE-11g-security-week-managing-application-roles-and-policies-and-managing-security-migrations-and-deployments/

  Please check if useful/correct.

• hot backup managed user problem

  Jin
  
  A few days ago, I took the managed user my database hot backup. And then, to check if the data file are in correct mode, I ran the query:
  
  SQL > select * sauvegardΘ v$.
  
  FOLDER # STATUS CHANGES # TIMES
  ---------- ------------------ ---------- ---------
  1. NO ASSETS 6302304272 23 JANUARY 10
  2. NO ASSETS 6302305573 23 JANUARY 10
  3. NO ASSETS 6302304259 23 JANUARY 10
  4. NO ASSETS 6302305573 23 JANUARY 10
  5. NO ASSETS 6302305573 23 JANUARY 10
  6 0 NO ASSETS
  7 0 NO ASSETS
  
  
  
  And, I didn't know that all data files have completed end backup mode. But today, when I query v$ datafile_header to check the column fuzzy then I was shocked to see the result below:
  
  SQL > select fuzzy from v$ datafile_header;
  
  FUZ
  ---
  YES
  YES
  YES
  YES
  YES
  YES
  YES
  
  7 selected lines.
  
  I use oracle 9.2.0.8 on windows server 2003.
  
  
  Although the view of backup $ v shows the same 'NOT ACTIVE' because all data files.this make me very confused.
  
  
  Please give me some feedback...
  
  Kind regards

  V$ BACKUP and V$ DATAFILE_HEADER are two different views. Why confuse yourself? They are there to meet different requirements.

  V$ BACKUP is used to check if a data file is in backup mode.

  V$ DATAFILE_HEADER is used to check the header of a data file. Of course a datafile is BLURRED when the database is OPENED - independently of the question whether an online backup is running or has run earlier.

  Hemant K Collette
  http://hemantoracledba.blogspot.com

• Managed user group cache

  Hello
  
  I created the Group of managed users cache as follows:
  
  create cache group writewherecache usermanaged
  AUTOREFRESH
  DIFFERENTIAL MODE
  INTERVAL OF 30 SECONDS
  STATE
  of interchange.writewhere
  (PK NUMBER NOT NULL primary key,
  VARCHAR2 (40), PROPAGATE) ATTR
  where (interchange.writewhere.pk between ' 105 'and ' 106');
  
  
  Oracle have 5 rows in the table, but now TT ' select * from interchange.writewhere ' statement doesnot show any result.
  
  
  What is the problem?
  
  Published by: user11969173 on November 4, 2009 02:30

  Yes, AUTOREFRESH State must be "suspended" to run a GROUP of CACHE of LOADING. By default, State is set on a break when the cache is created but set you it explicitly on IT in your create statement.

  When you run the LOAD CACHE GROUP statement, what was the response? It is said normally ' n instances cache loading "." He said in your case? When have you under inert atmosphere the 5 rows in oracle, you post the transaction? If you connect to Oracle using a new SQL * more (or SQLDeveloper) session you see lines in Oracle?

  Chris

• Cisco ACS 4.2 a user in several local groups

  Currently, I like this group map

  ACS groups window

  GRP of GRP-A-B-1 and PDM - 2
  GRP - A. GRP - 1

  GRP - Grp-2 B

  For example currently a user test1 is part of two groups 1 and 2 under windows and is mapped to the Grp-A-B of the CSA. Is it possible if I delete the mapping of Grp-A-B in ACS and can see the user test1 speratley in both groups (Grp - A and Grp - B) to GBA?

  Salam Muhammad,

  If you have a local user in ACS, this user cannot be a member of both groups at the same time.

  The same concept applies to external users. They cannot be mapped to two different groups at the same time.

  If you delete the configuration of Grp-A-B, the test1 user will be mapped to the first group in the list because ACS 4.2 process mapping group in the order:

  ' the snip "'

  Order of group mapping

  ACS always maps users to a single group of TISA. However, a user can belong to several groups the group mapping. For example, a user named John could be a member of the ensemble of the engineering group and California, and at the same time be a member of the combination of Group Engineering and management. If the value of group ACS mappings exist for these two combinations, ACS must determine what group John should be affected.

  ACS prevents contradictory group set mappings by assigning an order of mapping for the whole group maps. When a user who is authenticated by an external user database is assigned to a group of ACS, ACS begins at the top of the list of groups for this database mappings. ACS sequentially checks group memberships of user in the database of the external user against each group mapping in the list. Where to find the first set group mapping corresponding memberships to external users in the user database, ACS assigns the user to the group this group map ACS and ends the process of mapping.

  ' the snip "'

  Reference:http://goo.gl/cvc474

  HTH

  Amjad

  Rating of useful answers is more useful to say "thank you".

• ACS 5.2 - accounts User File Update does not work as expected

  Hello, I have a serious problem with the import of the fixed IP addresses to user accounts in ACS 5.2.

  Because this attribute cannot be migrated directly I try via "file operations--> update". I created the file update model, but entered IP addresses aren't imported - all other attributes can be changed without problem.

  If I try to "Add file operations-->" it works well, but I can't use this option.

  IPv4 address attribute in 'System Administration--> Configuration--> dictionaries--> identity--> internal users' is added correctly and appropriate field is not in user accounts.

  Do you have any idea what can be wrong?

  Hi Michal,

  Yes I submitted this as a bug recently. Sometimes after a migration from ACS 4.

  CSCtk05027 : custom fields for users after migration - import/update does not work

  Try to change one of your user input. Just add an IP manually it for example. Then do the update. She will work for this user, and it will update the ip address.

  The solution is to export all users of your DCC 5. Then remove it from the database and then to make an import file 'Add' instead of update. A bit of a silly workaround but the bug should be fixed in future patches (no information on that yet).

  Kind regards

  Nicolas

  ===

  Remember responses of the rate that you find useful

• ACS 5.2 - authentication user 802. 1 x and MSCHAPv2 using LDAP Source identity

  Hello community,

  I use the ACS 5.2 as the solution of authentication in my network. I configured two situations: access with network access policies and peripheral Administration.

  Currently, I have a few configured devices: 1 ASA (using RADIUS), WLC-5508 (using RADIUS) 1, 1 2960 S (with GANYMEDE +). And I set up an external identity store, using LDAP (I can see and select all groups without problem).

  Everything works fine. My next step was to configure users to use 802. 1 x to authenticate using ACS with my LDAP database.

  Assuming that all configurations are correct on all computers (when I use an internal database works very well), these are the following newspapers/configurations in the ACS:

  

  

  

  

  At this point, we can see the error:

  22043 current identity store does not support the authentication method; He jumps.

  Header 1

  Request for access received RADIUS 11001 11017 RADIUS creates a new session Assess Service selection strategy 15004 Matched rule Access Service - access Police selected 15012 11507 extract EAP-response/identity 12500 prepared EAP-request with EAP - TLS with challenge 11006 returned Challenge RADIUS access Request for access received RADIUS 11001 11018 RADIUS re - use an existing session 12301 extract EAP-response/NAK asking instead to use PEAP 12300 prepared EAP-request with PEAP with challenge 11006 returned Challenge RADIUS access Request for access received RADIUS 11001 11018 RADIUS re - use an existing session 12302 extracted EAP-response containing PEAP challenge-response and accepting as negotiated PEAP 12318 has successfully PEAP version 0 12800 first extract TLS record; TLS handshake has begun. 12805 extracted TLS ClientHello message. 12806 prepared TLS ServerHello message. 12807 prepared the TLS certificate message. 12810 prepared TLS ServerDone message. prepared 12305 EAP-request another challenge PEAP 11006 returned Challenge RADIUS access Request for access received RADIUS 11001 11018 RADIUS re - use an existing session 12304 extract EAP-response containing PEAP stimulus / response 12318 has successfully PEAP version 0 12812 extracted TLS ClientKeyExchange message. 12804 message retrieved over TLS. 12801 prepared TLS ChangeCipherSpec message. 12802 prepared TLS completed message. 12816 TLS handshake succeeded.

  12310 full handshake PEAP completed successfully
  prepared 12305 EAP-request another challenge PEAP
  11006 returned Challenge RADIUS access
  Request for access received RADIUS 11001
  11018 RADIUS re - use an existing session
  12304 extract EAP-response containing PEAP stimulus / response

  12313 PEAP inner method started

  11521 prepared EAP-request/identity for inner EAP method
  prepared 12305 EAP-request another challenge PEAP
  11006 returned Challenge RADIUS access
  Request for access received RADIUS 11001
  11018 RADIUS re - use an existing session
  12304 extract EAP-response containing PEAP stimulus / response
  11522 extract EAP-Response/Identity for EAP method internal
  11806 prepared EAP-internal method call offering EAP-MSCHAP VERSION challenge
  prepared 12305 EAP-request another challenge PEAP
  11006 returned Challenge RADIUS access
  Request for access received RADIUS 11001
  11018 RADIUS re - use an existing session
  12304 extract EAP-response containing PEAP stimulus / response
  11808 extracted EAP-response containing EAP - MSCHAP VERSION challenge response to the internal method and accepting of EAP - MSCHAP VERSION such as negotiated

  Evaluate the politics of identity

  15006 set default mapping rule

  15013 selected identity store-

  22043 current identity store does not support the authentication method; He jumps.
  22056 object was not found in the identity of the point of sale.
  22058 advanced option that is configured for a unknown user is used.
  22061 the option 'Refuse' Advanced is set in the case of a request for authentication has failed.
  11815 inner EAP-MSCHAP VERSION authentication failed
  11520 prepared EAP-failure of the inner EAP method
  22028 authentication failed and advanced options are ignored.
  prepared 12305 EAP-request another challenge PEAP
  11006 returned Challenge RADIUS access
  Request for access received RADIUS 11001
  11018 RADIUS re - use an existing session
  12304 extract EAP-response containing PEAP stimulus / response

  Authentication PEAP 12307 failure

  11504 prepared EAP-failure

  11003 returned RADIUS Access-Reject

  So, what can be the cause? Compatibility with LDAP?

  Plinio,

  Watch this doc,

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/eap_pap_phase.html#wp1014889

  There is a table which indicates that LDAP is not a database compatible with our EAP type (MSCHAP VERSION-2).

  LDAP, you can use with TLS, PEAP-GTC, and EAP-FAST-GTC.

  TLS uses certificates on both sides, suplicant, and server authentication server.

  * GCT if I'm not mistaken is a WBS system to use with the EAP protocol.

  Authentication Protocol EAP compatibility of database user and table B-5

  Identity store	EAP - MD5	EAP-TLS 1	PEAP-EAP-MSCHAPv2	EAP-FAST MSCHAPv2	PEAP-GTC	EAP-FAST-GTC
  ACS	Yes	Yes2	Yes	Yes	Yes	Yes
  Windows AD	NO.	Yes	Yes	Yes	Yes	Yes
  LDAP	NO.	Yes	NO.	NO.	Yes	Yes
  RSA identity store	NO.	NO.	NO.	NO.	Yes	Yes

  Identity of DEPARTMENT store

  NO.

  NO.

  NO.

  NO.

  Yes

  Yes

• ACS 4.2 external user database Windows 2012

  Hi all

  I'm confused if 4.2 ACS can manage Windows 2012 database or not. Windows 2008 seems to work very well, but I can't find a hint if 2012 works as well. Upgrade to Windows 2012 will take place soon I have to make sure that it works. Otherwise, it must use generic LDAP instead.
  Thank you very much!

  Kind regards
  URS

  4.2 CSA support not windows 2012. The latest windows OS, it works well has NO-2008R2. Since ACS 4.x is now EOL, was the end of the Software Maintenance as of October 26, 2012, we cannot yet file request for improvement to support windows 2012 as a back-end database.

  Support for Windows 2012 has been added in patch 5.4 ACS 2

  5.4 ACS patch 2 supports Windows 2012 AD.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.4/release/notes/acs_54_rn.html

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• ACS: using local as users aid ad

  Hello

  I have GBA 5.1 configured to authenticate users based on Active Directory. I have configured 802 cable. 1 x, with authentication enabled machine on ACS.

  When I have connection with the credentials which exist in the AD, it works very well. Then I have configured Windows authentication to request credentials (popup). But I have no network experience when I connect with a local account even though I have entered the correct credentials of AD.

  I want to do the following: for an existing account on the machine being authenticated (account no AD), ACS must check its local database and to successfully meet the authentication if he finds it, so that the user has network connectivity.

  I heard of sequence identity in ACS. But I still don't see the right configuration,

  any help?

  Thank you

  You can set up a sequence of identity which will first access the local database for authentication of the user and, if the user does not exist in the local database, it can then proceed to authenticate the user against the AD

  Configuration can be done as follows:

  (1) go to the users and identity stores > identity store sequences and press Create

  (2) enter a name for the sequence, then the password-based authentication method. Will see a list called "authentication and recovery research list of attributes. Hold the first internal users, then the AD1 in 'Selected' list Press 'submit' and the sequence will be created

  (3) select the sequence of the identity as the result of the policy of idnetity you use. for example, if you use the service of access 'Access to the default network' that is created by default go to:

  Access policies > Access Services > default network access > identity and select the sequence of the identity created in step 1) as the Source of the identity

• Doubt on the RA aaa using ACS 5.3 vpn user

  Hello

  I'm putting in place of the VPN on 8.4 ASA with 2 - VPNGp1 and VPNGp2. VPNGp1 groups users will access 1.2.3.0/24 and VPNGp2 users will have access to 5.6.7.0/24. User authentication will be done using RADIUS 5.3 ACS.

  On ASA, I configured pools VPN groups, ACL of VPN, IP, tunnel of groups and group for each group strategies.

  GBA, I created vpn-user1 and user2-vpn for each of the 2 groups.

  I don't know if some configurations more must be done on ASA and AC... Do I need to add new users - vpn-user1 and user2-vpn - on ASA, under each corresponding group policy, using the command political vpn-group?  Or I need to do something else on the ACS?

  Finally, how can I configure authorization and accounting for VPN users? I have to do this on GBA or ASA?

  Please advice.

  Thank you.

  Hello

  Authentication using radius aims to centralize user accounts and policies so that you will not have to configure these on the SAA. You must create a group of authentication servers that points to your ACS, then you will have to refer to this group of servers to your tunnel-group for user authentication queries will be forwarded to ACS for authentication. For accounting you will create an accounting server group and also assign to your tunnel group configuration.

  The GBA, you will need to create a network client that is ASA, and the shared secret will be the same. You create an element of authorization policy network who have the permission settings, or you can choose allowed access, which allows authentication succeed without any special authorization.

  You can debug the sessoin using crypto vpnclient 255 debugging to view the authentication stream.

  Using SSL vpn (anyconnect) for these sessions?

  Thank you

  Tarik Admani

• Group ACS 4.2 mapping user

  Hello

  We use GBA 4.2.1.15 with patch 8 on 1113 ACS SE box.

  Our requirement is to assign the ACS group Eve to the user based on the windows Nt group. Which means that I don't have to create individual users in ACS during user login, auth request will be forwarded to the AD (remote database). Depeneding on the group the user of the remote database must be mapped to the local database.

  To do this, I have configured 'database group mapping' according to the following cisco guide.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/GrpMap.html#wp940538#wp940538

  However, whenever my AD users authenticate that they get the members of the default group configured in «\Default» profile

  I use the GANYMEDE Protocol + in my routers and switches for authentication.

  Please let me know if "External user database group mapping" works with GANYMEDE + or only with the RADIUS protocol.

  If it works with GANYMEDE + let me know what other configuration to do so that my ACS can map users to the appropriate instead of default group groups.

  Hello

  Can you post a screenshot of your group mapping configuration. This will work with Ganymede.

  Thanksm

  Tarik Admani
  * Please note the useful messages *.