Cisco VCS and LDAP for authentication of users
I have a question about setting up LDAP for authentication of the user on the VCS. I want to have redundancy in my LDAP link. I believe that this is possible by setting a FULL domain name to the address of the LDAP server, then selecting a type of SRV resolution. What I'm not clear on is what the value for the server address would be if I used actually as SRV type of resolution. I should also add that I am looking to use TLS
To clarify, if my AD domain name is myad.netcraftsmen.net. I have set the field as server address:
myad.netcraftsmen.NET: assuming that VCS properly interrogate the DNS for the _service._proto correct parameters?
or would I need to create an SRV record to that effect and set the field server address with the address (including the fields of _service._proto)
or I need to specify one of the SRV records formats used by MS AD areas (there are several).
If the latter, then what SRV record for TLS. I don't see records with port 389 (non-secure).
My intuition tells me that this is probably the first option, but I could be far away.
Anyway, thanks in advance for any input.
Kind regards
Bill
Hi William,.
I just checked it on a X6.1 VCS, and it seems that VCS searches SRV _ldap._tcp.domain (where 'domain' has been entered as the server address), both when the encryption is set to 'None' and 'TLS '.
Hope this helps,
Andreas
Tags: Cisco Support
Similar Questions
-
during installation it asks proxy username and password for authentication. What should I fill in here?
Hello
Please see Support of Proxy in creative cloud products
Kind regards
Sheena
-
Here's my situation:
I try to connect a user through the 4402 wireless using an LDAP server for the SECURE network. VLAN for secure network is 102.
Security, LDAP (port 389) is authenticated and not anonymous.
Local wireless networks, (profile name) SECURE, no security layer 2, layer 3 is none, web strategy & authentication are checked. AAA Server LDAP Server tab listed under server 1 and only LDAP is listed under "used for authentication of the order.
Access point has a DHCP address, but the wireless still happens as without IP address limited connectivity.
Switch proCurve connected to the 4402 a 111 (native), 112 (SECURE) and 131 (GUEST) to shared resources. 112 & 131 do not exist on all other ports.Any help would be appreciated.StuStuart,
This looks like a DHCP problem. What VLAN is the WLAN in? I want to make sure you say sure is 102, but then later about 112 and 131. That provides DHCP for the WIFI network? What do you see when you rang a client of debugging < client="" mac="" addres=""> ?
-
Cisco VCS and integration Lync2013
Hello!
Could you tell me please, when CISCO officially support Lync2013 - free new software for VCS - C and documentation on integration?
The main interest is the possibility of transferring video between CISCO/MCU and Lync endpoints on the H.264 Protocol, who hails from Lync2013.
Right now, I've got VCS - C and RTM Lync2013 X7.2. During the video call without AMGW appeal established as audio only.
When using with Lync2010, it worked on Protocol H.263 and CIF resolution.
Evgeniy salvation,
We are currently investigating the possibilities to achieve interoperability between Lync 2013, VCS and video devices on the side of the VCS standards-based, it is a work in progress and at this stage, it is to early to provide any factual information on when interop will be available.
In contrast to Lync 2010, Lync 2013 does not support H.263 for video and it so that will remove the OCS/Lync integration. I do however think that you should be able to make a two-way video between Lync 2013 and VCS-joined endpoints if you use an AMGW tried that yet?
Thank you
Andreas
-
Available attribute schema ldap for the OAM User Manager
Hi people,
I need view the attributes of ldap multi-value (no objectClass) schema in the OAM User Manager. Somehow, only a handful of attributes are visible. When I go in the Console System identity, User Configuration Manager, tabs, users, change attributes, the attribute that I need isn't on the list.
Any help is appreciated.
Thank you, novelHi Roman,
Not quite, the method would be:
1. create the new object defined by the user (such as auxiliary)
2. only add additional attributes (besides the ones I see already) I need to display in the user for it to a schema Manager
2.5 identity restart them
3. in common Config OAM, add this object (hopefully)
4 Add attributes to control panel usersFor step 1, I don't know how to create an auxiliary object class in the Sun Java Console (I'm not saying that this is not possible, it's just that I don't know the method). Another method is to create an objectclass to an ldif (which also gives you a permanent record of the objectclass) and you can use the files identity, oblix, data, common identity as a model for this server directory. For example, consider the file iPlanet_oblix_schema_add.ldif and look for the oblixorgperson entrance, which looks like:
DN: cn = schema
ChangeType: modify
Add: identifiers
identifiers: (1.3.6.1.4.1.3831.0.1.13 NAME 'oblixorgperson' DESC 'Oracle Access Manager defined objectclass' SUP top AUXILIARY MAY (obuiconfig $ oblocationdn $ obrectangle $ obpsftid $ obdirectreports $ obindirectmanager $ obuseraccountcontrol $ obobjectclass $ obver $ oboutofofficeindicator))You can create your own auxiliary objectclass use this as a template.
Hope it makes sense.
Colin -
Permission of files and folders for the same user on multiple computers
Is it possible to set permissions files and folders different for the same user when he connect on different computers in the same domain?
Example:
There is a folder named "Folder1".
When "User1" enter this folder by "Computer1" must have "Read & Execute" permission
When "User1" enter this folder in "Computer2" must have permission 'change '.Thank you
Hello
Your question is beyond the scope of this community.
Please post your question on the TechNet forums:
https://social.technet.Microsoft.com/forums/Windows/en-us/home
Kind regards
-
Cisco VCS and MCU - Conference does not
Dear community members
I have problems in the VCS configuration to work with the MCU to join to several endpoints in a conference. The components that I use:
-Cisco VCS control v8.7.
-Cisco 5300 MCU 5310 v 4.5 (1.72)
-3 x SX20 end points
I recorded every endpoint and MCU on VCS, but I'm not able to do a conference call 3-way, the only option is 1 video and 1 audio (I disabled the Multisite option). It seems that VCS does not yet call the MCU in the game.
Kindly help us with it.
Can you tell us how you set up the Conference and how you have configured MCU and endpoints?
From the sounds of it, you call each end point of one of the SX20s, but you must call simply directly in the Conference on the MCU. If you want to have a conference point to point between two end points and then degenerate into a multipoint conference on the MCU, you must configure Multiway.
-
Mismatch in number of index n/b dba_segments and dba_indexes for the same user in the database.
Hi all
I had incompatibility number n/b dba_indexes and dba_segments index. Please find the details below.
SQL > select SEGMENT_TYPE, count (*) from dba_segments where owner = group 'VIM_SCH01' of SEGMENT_TYPE.
LOBINDEX 11
LOBSEGMENT 11
TABLE 68
INDEX 52-> I see 52 index are here
SQL > select count (*) from dba_indexes where owner = 'VIM_SCH01 '; --> See 63 index here for the same user in dba_indexes
63
SQL > select count (*) from dba_tables where owner = "VIM_SCH01"; -> showing the same number of tables from dba_segments
68
Why it's showing the different number for the index.
Thank you
Bhavani.
No doubt, because your LOBINDEX 11 segments are has index in DBA_INDEXES. You have 52 index and 11 LOB for a total of 63. Corresponds to DBA_INDEXES entries.
You can validate the fact that. Run something like
SELECT index_name FROM dba_indexes WHERE owner = 'VIM_SCH01' MINUS SELECT segment_name FROM dba_segments WHERE owner = 'VIM_SCH01' and segment_type = 'INDEX'
Which will return 11 index names in DBA_INDEXES but not in DBA_SEGMENTS with a segment_type of the INDEX. If you compare these indices against the 11 sectors LOBINDEX, I expect you to see them at the height.
Justin
-
link and prompt for authentication
Build the following conditional url it dipslays the link correctly icon when prod_zone is in (1,2,3). But when I click on the link icon, I still encounter authentication application screen. This page is part of the application and already authentication occurred before you reach this page. Why he asked for authentication when I click the icon?
Can u share your thoughts? Thank you.
select case when prod_zone in (1, 2, 3) then '{a href="f?p=' || :APP_ID || ':11:' || :SESSION_ID || '::::P11_PROD_ID,P11_PROD_name:' || prod_name || '"}' || "< img src="/i/edit_big.gif" alt=""> || '{/a}' else prod_name end prod_name, prod_id, prod_zone, prod_quantity from TEST {code} TaiReplace: SESSION_ID with: APP_SESSION
-
Help: VISTA is only in BLACK and WHITE for the admin user
I went to another user in a game that worked well, but when I logged in this user and back in my usual admin user account, every day the screen is black and white while charging. Everything still functions very well except there is no color - all settings in the control panel and NVIDIA Control Panel suggests that it is the color display. If I connect to another account the color returns. Unfortunately system restore has been disabled for some reason any so that I can't restore to an earlier time. I downloaded and re-installed the latest driver for my graphics (NVIDIA 260 M GTX), but this does not solve the problem.
Google search suggests some people have had this same problem, but still there are no solutions. Any help much appreciated.
Hi Krisbell1,
Try to change the theme and see if it makes a difference.
- Open theme settings by clicking the Start button, clicking on Control Panel, appearance and personalization, customization, and then click theme.
- Under theme, select the theme you want, and then click OK. Bottom of the form
http://Windows.Microsoft.com/en-us/Windows-Vista/change-desktop-theme
Bindu S Microsoft Support
Visit our Microsoft answers feedback Forum and let us know what you think -
Limit the control panel and IE for the Standard user account
I'll set up a new computer for a 91 year old customer in a retirement home, who don't use the computer for e-mail and an occasional Wordpad document. His son wants to put computer in place so that it cannot get to the Internet Explorer browser, or go to control panel, because he bumbles around the keyboard causing all sorts of problems requiring frequent service for me calls.
The operating system is Windows Vista Home BASIC, so gpedit.msc is not installed. I have activated the system administrator account for my use when I am called to repair the computer and set the Standard user to user account. The problem is that the only way I found to disable IE and the Control Panel causes them be turned off in BOTH accounts. I wish I could disable them ONLY in the user account.
The only solution I found to disable the control panel is a registry hack in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current versionpolicies where I put a DWORD 32-bit "NoControlPanel" with a value of 1. I tried to do that in the HKEY_CURRENT_USER hive, but it had no effect. This kind of work, but there are two problems then; Mises_a_jour Windows 1) won't install and 2) when I have to go to work on the computer, I first change administrator user, then change the DWORD value to 0 and finally to restart the computer, causing additional assignments, lengthen my time at work.
Second, the only solution I could find to disable IE was in the default protrams Panel, which disables the administrator as well.
Can someone tell me if there is another way to achieve this, while IE and control panel are disabled only for the user?
Change the security to the IE executable rights? Remove 'Users', while you keep the administrator rights.
For control panel see 'Method Two' in this link:
http://www.Vistax64.com/tutorials/120951-Control-Panel-show-specific-icons-only.html
"creacontech" wrote in the new message: * e-mail address is removed from the privacy... *
Thanks for your response, but will not solve problem of this "gentleman". The object is not so much to limit internet access, as it should restrict access to programs. He is 91 years old, has small hands and types rapidly with two fingers, but made many mistakes. Disability is before everything to prevent clikety snap everywhere, because he creates sort of a zillion copies shortcuts of the webpage on his desk, until everything hangs and I have to go a push up on his mess. The same reason applies to the Contorl Panel. We don't want it to be able to get to the Panel "printers." When a document will not be printed for a reason, he go, dummy click around and created a bunch of copies of the printer, with a gazillian of documents clogged up in the queue of the coil. I had to cclear up to 100 documents from the spool on 50 copies printer queue. It's really an economic problem for his son.
-
Cisco VCS and composition to an IP address
I have a question about the composition of address Ip and VCS. In the Administrator's guide, he says that VCS determines that an IP address that will be called if it is:
-is the IP of a locally registered endpoint
-Beach one of the subzone of address membership rules is the responsibility of intellectual property
The second point is that of interest. As part of the way in which it is presented, I take this means that if a subarea membership rule has a range of IP addresses that includes the address of a non-registered endpoint then VCS will still attempt to place the call to the endpoint not registered regardless of the setting "Calls for unknown IP addresses" (under the numbering plan). For example,.
Assume the end point has (EP - A) is enrolled in a VCS control that is configured to use the mode indirectly for "calls to unknown IP addresses. The idea here is that there is a highway of VCS. Suppose that there is an end point (EP - B) on the internal network that EP - A wants to call. EP - B is behind the firewall, but it does is not registered in the VCS - C. Finally, suppose the SCV - C has a subarea (let's call it "Internal-Unregistered") with a membership of 10.10.10.0/24 rule.
Now, if the address IP of EP - B is 10.10.10.10 and EP - A dials by IP, will be the call successfully established? Based on the Administrator's guide, the VCS will see the EP - B IP as "known." The Administrator's guide does, really, that the call would be placed. I'm stuck sorta messaging RAS, since EP - B would not be exchanging messages with the VCS - C RAS.
I also wonder about calls from unregistered endpoint. EP - B could call EP - A directly. I don't want to support this behavior in the design (I recommend rather using the numbering of the URI. I am considering set up the Alias of relief on the VCS - C to channel calls from unknown devices to an attendant on the MCU. Regardless, what I was asking is the following:
If I have a membership rule subarea as above and EP - B sends a message of call setup to the VCS - C, the VCS - C would still see the call as coming from the default Zone of the local area? The reason I wonder is because of the way the Administrator's guide defines "known IP addresses.
Thanks in advance.
Kind regards
Bill
Hi Bill,
to answer your question about the first scenario (where EP at dials the address IP of the EP B), VCS would attempt to place the call if there is a rule of type search 'AnyIPAddress' for the local area on the VCS - C (and assuming that the previously mentioned subzone containing 10.10.10.0/24 exists). VCS would be in this case send a message of CONFIGURATION H225 EP B.
For the second scenario, where EP B contains the IP of the EP, EP B would send that an INSTALLATION H225 EP EP a. message would then for the message INSTALLATION with an INSTALLATION containing a reason 'routeCallToGatekeeper", instructing EP B to dial the address IP of VCS instead, since the VCS want to be included in the call, signaling path.
To answer your last question, with regard to the area in which a call of an endpoint not registered (when the IP address of endpoint belongs to a subnet-type subfield) comes on, the answer is that the appeal turns on the default Zone. Calls will be local area if the call comes from a real end point recorded.
I hope this helps.
-Andreas
-
Hub - Backup for authentication of users
Users in the
Group should be authenticated through RADIUS. Therefore, I put the ipsec authentication to RADIUS. Everything works fine, but when the RADIUS server is not accessible, users cannot connect through the hub. In this case, the hub must switch on the internal server process. Is this possible?
Thank you
Edgar
Once you set up a group to use Radius Authentication, then it will only use the Radius Authentication, it will not fail during theInternal of database failure.
What you can do is to set up a second Radius server in the hub, and if it is not answer first that there are failed over and try the second. As I said though, it will not failover to a different authentication mechanism.
-
12 c and LDAP for RAD formulas
Hello
I have problem with 12 c and OID (11.1.1.7) forms.
Usually, we stored all the connections of the db for forms in OID. I'm trying to configure forms to get the db connection but without a bit of luck.
Safety forms, there are 4 options:
(1) administration of OPSS forms resources
(2) administration of LDAP forms resources
(3) associations of Runtime LDAP forms
(4) migration of resources
In option 3), I managed to connect with the OID forms, but in the other three options 1, 2 and 4, I 'is not a valid connection. Correct entry of LDAP credentials to continue. »
I checked the credentials for sleep and the port of oid, everything is OK.
Anyone?
Concerning
Matthew
It is confirmed by the Oracle we have a bug here:
Bug 22336350 : CANNOT CREATE the RAD FOR FORMS 12 c WITH IDENTITY OID AS STORE
Concerning
-
Requirements of LDAP for SSL - VPN on ASR 1002
Hi all
I intend to implement SSL - VPN (AnyConnect) on a rputer ASR 1002 running IOS - XE Software Version 15.1 (3) S2.
I need to use LDAP for authentication of users and need to understand what are the requirements for RADIUS/GANYMEDE use LDAP.
What I have to use Cisco ACS or can I use something like Microsoft IAS or free Raduis?
Any helo will be greatly appreciated.
Thank you
Dmitry.
Yes, you can use either use LDAP, Radius or Ganymede protocols to authenticate users of SSL VPN.
You can use no matter what authentication server (doesn't have to be Cisco ACS), as long as they have either 3 supports authentication (ldap, radius or Ganymede) protocols.
Hope that answers your question.
Maybe you are looking for
-
Hello guys,. I saw an example of car wash (the example of the CLD test), discovered a lvclass could be used as an attribute? It is similar to the cluster? I never use it before, could someone give me any explanation for this? So enjoy!
-
Re-activation of original window re-setup on the same computer
I recently needed to upgrade my Internet Explorer V 11, otherwise my Quickbooks business software will stop working for online banking. I could not get the prerequisite updates for download, and support the Customer window came to the conclusion that
-
Resolve errors in Windows 7 event planner
I have a Dell Studio XPS 9100 - Windows 7 x 64. Errors listed on my planner of events for today. Just learned about this feature and there are many mistakes that go the way of the return. I have 10 IE and Firefox browsers. Any help would be greatl
-
HP is dropping the ball by not providing drivers for Win 7 machines upgraded to Win 8
I have a p7-1003w I bought this summer. I need the machine then, but knew that win 8 coming soon. I understand "no problem, I'll upgrade when it is released." Now I like HP did not have the drivers for my machine to win 8, so with my upgrade, a lar
-
Alienware 17 of xbox via HDMI input
My input (HDMI-IN) does not work. Im trying to play my Xbox360 on my Alienware 17 displays and he says he can. I went on YouTube and I saw other people play screens I don't know how to use my screen. I mean I don't know how to turn on step by step.