Cisco ACS taccas + problem with authentication

Similar Questions

• Production server has encountered a problem with authentication

  I am creating my first app using DPS app builder, what step have been done correctly, however create the application gives the f

  the following error

  "The production server has encountered a problem with authentication.

  Everyone face this before? How to solve this problem? I can't find anything in the document files

  Sign on dashboard of DPS, agreement with terms and conditions and check your email id. This should solve the problem.

• Cisco ACS 5.2 with NX - OS (Nexus) devices user - questions

  Hey, I have a really strange problem with Cisco ACS 5.2 and Nexus NX - OS devices.

  I create an account on ACS, let's call him User1 and give privilege 15. With User1, I am able to access on all our IOS, IOS - XE, ASA and PIX devices with privilege 15.

  When I use the User1 account in our NEXUS devices, I do NOT receive the access privilege 15. As you probably know, the NEXUS devices have roles: predefined or custom roles. So I assumed I would get the role of "network-admin" (15 private read/write) User1 when you connect, but instead I got the role of 'vdc-operator' (private 1 read-only).

  Then I tried to twist User1 and give network-admin under profile Shell > Custom Attributes. I logged in the NEXUS and of course I was able to get a network-admin access. However, my access to ALL other devices (IOS, ASA, PIX, etc.) does NOT work! I am not even able to connect with my login and my password for these devices.

  Has anyone ever experience this problem? Help, please!

  Thank you

  neocec

  This is a common problem when you mix with RBAC and IOS devices authorization policies, the pair av that you created must be set 'optional' instead of 'compulsory', please make this change and you will be able to access all your devices.

  Thank you

  Tarik

• Cisco ACS. Two-factor authentication.

  Hello.

  We intend to use the connection diagram: cisco asa + cisco acs 5.4 + rsa securid.
  We use two groups on Cisco ACS. Group "A" must use two-factor authentication, and the 'B' group don't.
  How to create this rule?

  Perform the rule base identity selection with dap-tunnel-group-name as a selector.

  ASA will send auth request name of the tunnel group.

  Attached example.

• Cisco ACS installation problem

  Hello everyone.
  I have Cisco acs 4.2 on windows 2008 64 bit installation and get a very strange error when installing. V: ismg_israel_acs it gives some encryption error.
  Can someone please help me on this who have encountered the same problem. My project is stopped cause of it.
  Thanks in advance.

  Sent by Cisco Support technique Android app

  Hi Rizwan,

  If you're upgrading some version prerequisites ACS then I think you get something like this V:\ismg_israel_acs\Acs\Crypto\init.cpp

  You need to locate the old CryptoAPI container used by ACS, which may still be on the system.  This is normally located in C:\Documents and Settings\username that installed ACS> \Application\Data\Microsoft\Crypto\RSA.

  There will be one or more files will be very long filenames hexdecimal. You must identify the right one.

  Open a command prompt in that folder and type "findstr /I CiscoSecure *.» ' * ' - the file name that appears should be the

  old container of ACS.

  Let me know if you will be able to search for any file.

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• Problems with authentication

  Nice day

  I have problems with my Adobe account authentication when I try to download an e-book. Adobe does not recognize my ID or password when I put it in the box of Kalahari.com ereader authentication.

  Can you please help to solve this?

  Contact Adobe Support by chat or phone.

  Here are some links to help get in touch:

  http://www.Adobe.com/support/chat/ivrchat.html

  http://www.Adobe.com/support/download-install/supportinfo/

• SWITCH Cisco/Linksys SLM224G: Problem with the VLAN

  Hello!

  I'm trying to set up a VLAN in my baskets. I have some knowledge about VLANs, but I still can not configure in my path.

  My situation:

  I have PC that contains two virtual machines, which works as a router between three networks: LAN, WAN, LAN2. It's a bit complicated, but I'll try to draw:

                                                   |-------------||----------------------------|                   |           e1|-to-eth1-VM2-----WAN|VirtualMachine 1        eth0|---trunk-VLAN1&2---|g1         e2|-to-eth0-VM2-----LAN2|eth0=VLAN1 eth1=VLAN2       |                   |           e3|-to-eth0-VM2-----LAN2 etc.|                         PC |                   |   SWITCH  e4||VirtualMachine 2            |                   |           e5|-to-eth1-VM1---wire-to-LAN2|eth0=VLAN3 eth1=VLAN4   eth1|---trunk-VLAN3&4---|g2         e6|-to-eth0-VM1-----LAN1|----------------------------|                   |           e7|-to-eth0-VM1-----LAN1 etc.                                                 |-------------|
  
  gX = Gigabit portseX = 100Mbit portsVMX = Virtual machine numberwire-to = patch-cord connection between ports on the switch
  
  Schema of routing and logical visibility:
  
  LAN1---VM1-----VM2---WAN              |LAN2----------|
  

  Important note is that LAN1 and LAN2 must be separated (visible only through routers). WAN must be visible through VM2 to LAN2 and through by VM1 and VM2 to LAN1. It seems easy, but VLAN that I did on this passage seems doesn't work.

  I do it like this:

  Step 1: Management of VLANS / create a VLAN...

  Creation of VLANS 1, 2, 3, 4 (numbers meters right now - I have now this number 1 is restricted to the switch).

  Step 2: Management of VLAN / Port to VLAN...

  Setting up VLAN1 with ports g1, e5 (the two labelled or not identified?-I have not seen any difference)

  Implementation VLAN2 with ports g1, e6, e7, etc...

  Implementation VLAN3 with ports g2, e2, e3, etc...

  Setting up VLAN4 with g2, e1 ports

  Step 3: Management of VLAN / Port setting...

  Implementation of ports e1 to PVID4 (chassis type = all I guess, but with "capture filter"?)

  Setting up port e2 at PVID3

  Setting up port PVID3 e3

  etc...

  Setting up port e5 for PVID1

  Setting up port e6 at PVID2

  Setting up port e7 for PVID2

  etc...

  Thus, on this configuration and that the switch it does not work for me

  I know that the switch is to see Mac since VLAN which is carried out by PC, because when I arrive in "Admin / dynamic address" I see pimps on the correct ports, with good VLAN ID. So the problem is to transmit a VLAN for their ports, then clear frames of ID and let the packets to go (and return: clear packages, add the VLAN ID and send to their Gigabit ports).

  Show the configuration is one of the many I tried :/ but I think this one is the best.

  Or maybe I don't know VLAN as I think and this scheme is impossible? Please tell me.

  Concerning

  and waiting for any suggestions,

  READ

  Hello.

  These products are processed by the Cisco Small Business Support Community.

  * If my post answered your question, please mark it as "acceptable Solution".

  * Do not forget to give a 'congratulations '. Thank you!

• Problem with authentication of GBA

  I am trying to upgrade our network right now and we are replacing the archaic switches with the new 3750 s. In one of the sites, the new switch did not start upward, so I configured a 2950 as a temporary solution. My problem is with the RADIUS authentication. I use GANYMEDE as the first authentication method, with a local database as a backup. But the RADIUS authentication is not the case. He just jumps straight in front of method 1 for local authentication. RADIUS servers are in place and running as other devices you authenticate properly and this 2950 can ping the servers in question. Thus, the key is entered correctly. Any suggestions?

  And the output of 'debug Ganymede?

  My output looks like this:

  APR 17 11:30:27: TAC +: send worm package AUTHENTIC/START = 192 id = 3801177964

  APR 17 11:30:27: TAC +: using Ganymede server-group "Ganymede +" list by default.

  APR 17 11:30:27: TAC +: opening TCP/IP 10.10.10.24/49 Timeout = 5

  APR 17 11:30:27: TAC +: handle opened TCP/IP 0x80EC2700 to 10.10.10.24/49

  APR 17 11:30:27: TAC +: 10.10.10.24 (3801177964) AUTHENTIC/START/CONNECTION/ASCII queued

  APR 17 11:30:28: TAC +: (3801177964) AUTHENTIC/START/CONNECTION/ASCII processed

  APR 17 11:30:28: TAC +: worm = 192 id = 3801177964 received AUTHENTIC status = GETPASS

  APR 17 11:30:31: TAC +: sends AUTHENTIC/CONT packet id = 3801177964

  APR 17 11:30:31: TAC +: 10.10.10.24 (3801177964) AUTHENTIC/CONT in queue

  APR 17 11:30:31: TAC +: (3801177964) AUTHENTIC/CONT processed

  APR 17 11:30:31: TAC +: worm = 192 id = 3801177964 received AUTHENTIC status = PASS

  APR 17 11:30:31: TAC +: connection TCP/IP closing 0x80EC2700 to 10.10.10.24/49

  APR 17 11:30:31: TAC +: previously set server group Ganymede 10.10.10.24 +.

  APR 17 11:30:31: TAC +: opening TCP/IP 10.10.10.24/49 Timeout = 5

  APR 17 11:30:31: TAC +: handle opened TCP/IP 0x80ED50DC to 10.10.10.24/49

  APR 17 11:30:31: TAC +: open 10.10.10.24 index = 1

  APR 17 11:30:31: TAC +: 10.10.10.24 (3808800626) AUTHOR/START waiting in line

  APR 17 11:30:32: TAC +: AUTHOR/START (3808800626) dealt with

  APR 17 11:30:32: TAC +: (3808800626): received the status of response author = PASS_ADD

  APR 17 11:30:32: TAC +: connection TCP/IP closing 0x80ED50DC to 10.10.10.24/49

  APR 17 11:30:32: TAC +: attribute received 'priv-lvl = 15.

  APR 17 11:30:32: TAC +: previously set server group Ganymede 10.10.10.24 +.

  APR 17 11:30:32: TAC +: opening TCP/IP 10.10.10.24/49 Timeout = 5

  APR 17 11:30:32: TAC +: handle opened TCP/IP 0x80EC2B94 to 10.10.10.24/49

  APR 17 11:30:32: TAC +: open 10.10.10.24 index = 1

  APR 17 11:30:32: TAC +: 10.10.10.24 (422749886) ACCT/REQUEST/START queued

  APR 17 11:30:32: TAC +: ACCT/REQUEST/START (422749886) dealt with

  APR 17 11:30:32: TAC +: (422749886): received the status of response acct = SUCCESS

  APR 17 11:30:32: TAC +: connection TCP/IP closing 0x80EC2B94 to 10.10.10.24/49

  GANYMEDE server + do you use?

• problem with authentication and owa_util.redirect_url

  Hi all

  This is Pavan using apex version 4.2.3

  I have different types of connections, as it is admin and a user depends on the user or admin it redirects to a particular page, I use this with the custom authentication method that I wrote a procedure to redirect to a specific page, I called this procedure in the authentication of message calls the procedure but is not redirect his login page on same as if I remove its validation of the user name and password and go on page 1,.

  I used this procedure

  procedure post_auth_4456789976 is

  Start

  declare

  Number V_PAGE;

  Start

  Select START_PAGE in V_PAGE of LOGIN_TAB where upper (USER_NAME) = upper(:APP_USER);

  owa_util. REDIRECT_URL ('f? p ='|: APP_ID |': ' |) V_PAGE |': ' | (: SESSION: ': ');

  exception

  while others then

  owa_util. REDIRECT_URL ('f? p ='|: APP_ID |) » : 2 :'|| (: SESSION);

  end;

  end;

  may I know don't know what exactly, is the problem am I miss anything or am I was wrong, let me know,.

  Click here for the link https://apex.oracle.com/pls/apex/htmldb/f?p=52985:LOGIN_DESKTOP:1110119686316

  Thanks in advance,

  Pavan

  Hi Pavan,

  the appeal written REDIRECT_URL 'place' redirects header, but the APEX motor wants to redirect. You can control where it redirects by setting the deep link in the authentication of message. Simply set the built-in element deep link, like this:

  :FSP_AFTER_LOGIN_URL := 'f?p='||:APP_ID||':'||V_PAGE||':'||:SESSION;
  

  Kind regards

  Christian

• Problem with authentication of users

  HI, I use Dreamweaver CS4 and I made a login page using the form insert which is name login - form.php. I am connected to the database mysql via FTP and I see on the side panel I am connected, my paintings is here. So now I have went to server behaviors and choose user authentication the form1 form appears and I fill in the form with the link I made to mysql. I also perform a liaison and test and the tables are there, with the user name and password.

  OK here is my problem when I discover the login.php page direct nothing thing is now I have a blank page and the codes aren't there also. When I upload to my web sever I have the same thing if I point my browser to login.php blank page any where to connect too. If I do not use my login server behaviors - form.php will appear on the live view, but I need to be able to have the connection of the user, help please

  It looks that you encounter an error in the script, but your host has disabled the display of php errors. You must check the error log or enable the display of the error of debugging. If you go to the timeline and that you can not activate the errors on the server, I think that it a code you can place on each page to enable it. David or other more familiar with PHP should be able to help with this.

• problem with authentication windows 7 after formatting hard drive

  I formatted my hard drive and you need to reinstall windows 7, I used the same activation code that microsoft sent me when I bought digitally windows 7.  Shouldn't that I be able to authenticate with the code, since it is the same computer?

  Try the phone activation:

  How to activate Windows 7 manually (activate by phone)
   
  1) click Start and in the search for box type: slui.exe 4
   
  (2) press the ENTER"" key.
   
  (3) select your "country" in the list.
   
  (4) choose the option "activate phone".
   
  (5) stay on the phone (do not select/press all options) and wait for a person to help you with the activation.
   
  (6) explain your problem clearly to the support person.
   
  http://support.Microsoft.com/kb/950929/en-us

  However, the requirements for the media upgrade is that you have an operating system already eligible such as Windows XP or Vista installed to use it. Since the Windows 7 end user license agreement.

  15 UPDATES. To use upgrade software, you must first be licensed for the software that is eligible for the upgrade. After the upgrade, this agreement takes the place of the agreement for the software that you upgraded. After upgrade, you can no longer use the software that you upgraded.

  So, if you are always denied, you will just have to reinstall Windows XP or Vista and let it do the verification of eligibility.

• ACS 5.0 with authentication VPN

  Hello

  If you would be grateful if someone could guide me how to configure the ACS5.0 radius for authentication of remote access VPN.

  And how could I implement the Pools of IP for VPN users.

  Best regards

  Lunedor

  Hello

  An IP address assignment is not possible the GBA. However, you can configure the simple vpn authentication.

  GBA:

  access policies> default network address> identity(select internal users or if its AD then select AD) > authorization > click on customize > move the desired condition>
  
  for example> device ip address> put in the ip address of ASA(vpn device)> authorization profile> permit access.
  
  so it will be>
  access policy> default network access> identity(internal users or AD)> authorization > create rule> device ip=1.1.1.1 > authorization profile=permit access
  
  

  You can follow the link for common scenarios below:

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/common_scenarios.html#wp1152364

  Concerning

  Bellefroid

  Note the useful messages

• Capture documents Oracle + distributed capture - problem with authentication

  Hello
  
  I installed on a system win 2008 r2 std odc. The host is in AD domain. Oracle worm 11.2.0.1.0 database has been installed locally on the same host as the odc oddc on account of AD ODC_ADMIN I have initialized the database and in the Panel of the user of the odc, I have a user - ODC_ADMIN (displayed as \\DOMAIN\ODC_ADMIN). When I want to add a new user who could access odc app I don't see the domain name in the add a user window. I can add a user or group, but it is then added as \\\TEST or with 3 backslashes and of cource then left no to authenticate in odc or other components.
  
  
  Anyone know what causes this problem?

  Someone at - it the solution to this problem?

• problem with authentication RSA on ESX 3.5

  Hi guys,.

  I am trying to configure a SSH + RSA encryption between my ESX Server and my computer connection / Virtual Center.

  The objective here is to make plink command using the root (and after other account + sudo) account but passing without password.

  So I used some of the things that is already inthere,

  "How to create file keypar by dropbear http://..."but it's for ESXi and it use dropbear, which I don't have on ESX 3.5 (Finally I can't ^^).

  So I use the keygen. Here are my actions:

  -Make a ~/.ssh/authorized_keys with rights chmod 700

  -generate public / private keys using the command ssh-keygen-b 1024-t rsa .

  -copy the two files to ~/.ssh/authorized_keys with chmod 700 on them.

  -copy the private key / public, using fastSCP on my PC.

  -generate a ppk file using puttygen.exe

  -change the PuTTY to access my ESX via a root autologon, put my file ppk on SSH auth (with RSA authentication).

  -Save the change

  -exemplary public key to Pageant.exe.

  -change sshd_config to enable RSA / root login

  -try to connect...

  ESX is always ask for a password

  any ideas appreciated!

  Thomas

  Hello

  I am really convinced that it is not a good approach for a production data center to enable root SSH access. Data Center shown here, and I'm testing on is not production data center. It is a test which has by no means of access to the production data center. Two of them have no access to the internet. A quilting my correct computer is always possible, that's why I'm trying to ssh rsa encryption / access work. After I did this job with the root account, be sure to what I'm going to allow it with another account with sudo stuff.

  I would inquire on how get what you want really work and not go the road to get the root work... The same steps apply to any user. But to get the root work, other measures. What you're trying to do is very well known in the Linux space. I use it all the time and never fallen on all issues. To do this, you need to be comfortable with a Linux style editor.

  I don't understand why the publication of a public key is not good? This is not one I will use when it will work, but I assume that a brute force on a 2 with only the public key 1024 RSA key will take a lot of time? (Well I hope)

  It is a good idea never to publish all the keys. Then you need not worry about this...

  Best regards
  Edward L. Haletky
  VMware communities user moderator, VMware vExpert 2009
  ====
  Author of the book ' VMWare ESX Server in the enterprise: planning and securing virtualization servers, Copyright 2008 Pearson Education.
  Blue gears and SearchVMware Pro items - top of page links of security virtualization - Security Virtualization Round Table Podcast

• small problem with authentication biometric javacard

  Hello
  I develop fingerprints on the card and I want to use the javacardforum.org API (http://www.javacardforum.org/Documents/Biometry). My problems are:
  
  1. where can I find a java api to communicate with my sensor to obtain the finger model and send it to the map
  2-How to use the bio API javacardforum for you sign up/check the fingerprint data received (from step 1) on the map
  
  Thank you

  + 1 where can I find a java api to communicate with my sensor to get the finger model and send it to the card.
  IMHO, this question is manufacturer of sensor.