Configuring the ACS server on windows server
Hello
I started to prepare my CCNA security and tried to configure AAA using ACS 4.2 on windows server 2003.
I have configured the router to use the AAA authentication with the laboratory of cbtnuggets from ACS server.
I checked the accessibility of the ACS server to client router and vice versa and also configuration.
The problem is I'm not able to authenticate using ACS server, the router uses local authentication and I have no why the router communicates not eith ACS server.
Help PLZ.
Configuration of my router from AAA.
===============================================
AAA new-model
!
!
AAA authentication login default group Ganymede + local
exact AAA authentication login group Ganymede + local
AAA authorization exec default local
RADIUS-server host 192.168.1.25 single-connection key ciscoacs--> (192.168.1.25 ACS, the key configured on the ACS server server is also ciscoacs)
line vty 0 4
exact connection authentication
================================================
I created a user on ACS server and I believe that when I'm trying to telnet to the router I should use the user name and password configured on the ACS server.
When I try to use, authentication fails, and also if the router accepts locallly configured user details then I think there was no communication between the router and the other GANYMEDE ACS server + will be used for authentication and if no communication between the router and acs server then only it should be the responsibility of local user
Please help me.
reports and activity--> passed authentication
reports and activity--> failed attempts
Rating of useful answers is more useful to say "thank you".
Tags: Cisco Security
Similar Questions
-
How to configure the LDAP connector in windows server 2012 R2 Active Directory?
How to configure the LDAP connector in windows server 2012 R2 Active Directory?
Hello
Please post your question in Server TechNet Forums.
http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer
See you soon.
-
local user name and password if the ACS server fails
Hello
I have every router and switch configuration for authentication of the connection via the ACS server. I used these 12 lines below and it works very well. Each engineer has their own account.
AAA new-model
AAA of default login authentication group Ganymede + activate
the AAA authentication enable default group Ganymede + activate
AAA authorization exec default authenticated if
AAA authorization commands 15 default group Ganymede + authenticated if
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
AAA - the id of the joint sessionRADIUS-server host x.x.x.x
RADIUS-server application made
radius-server key, regardless of----------------------------------------------
I would add to this a local username and password so that if the ACS server was offline engineers have yet to connect with a knowledge of username and default password
username privilege 15 secret mypassword MYUSERNAME
line vty 0 4
local connectionQ. How do I make ACS a first preference and connection server only local users username and password if the ACS server is down?
Kind regards
Kevin
Now you have the password to enable as the fall back method:
AAA of default login authentication group Ganymede + activate
Change 'enable' for 'local' and the local (to the router) database of user names and passwords is used.
The same works to activate authentication (the second line "authentication, aaa... ("in the config that you posted).
-
Whence the ACS server get the DNS Info for the IP pools?
I'm changing the DNS servers that my VPN users are assigned from the pools of IP on the ACS server. Where IP pools Gets the DNS server information. I changed the IP addresses of the DNS on windows server and rebooted. But VPN clients are always assigned the old DNS servers.
ACS ip pools do not grow the DNS server information
It is either transmitted from the setup of group for the VPN concentrator or
It is to be send to the setup of the user/group ACS > attributes Radius (VPN 3000) > [026/3076/005] primary DNS.
I hope this helps.
Concerning
Rohit
-
Can not activate sharing / "unable to configure the workstation server.
Everything was going well until I made the mistake of upgrading to 12.1.1 build-3770994 12.0 (?)
For some reason any sharing became disabled after upgrade.
I can't activate the sharing, I get "unable to configure the workstation server.
Seems every time I've upgraded to VMWare Workstation, something breaks
I had to moce the VMs shared virtual machines 'normal' so I could run them.
I fixed it, uninstalled and reinstalled and still the same failure.
I took a look at the downloaded files and datastores.xml is empty, which is a little weird.
Hostd.log, he crashed during the analysis of the datastores.xml file:
2016-05-26 T 10: 11:07.572 - 07:00 verbose spend [08848] [sub Originator@6876 = Hostsvc] StorageNativeProvider: inventory filepath is C:\ProgramData\VMware\hostd\datastores.xml
2016-05-26 T 10: 11:07.573 - 07:00 panic pass [08848] [Originator@6876 sub = default] error: class Vmacore::Xml:XMLParseException(not_well-formed_(invalid_token))
2016-05-26 T 10: 11:07.580 - 07:00 panic pass [08848] [sub Originator@6876 = Default] backtrace:
You may try to remove the config files during uninstall Workstation, and then reinstall the workstation.
-
How to configure the print server on multiple machines?
Hello
Can you get it someone please let me know the installation process of print server on multiple machines?
That's what I thought.
1. install Ghostscript on all machines.
2 configure the print server on all machines.
3. I guess I should point the IP address somewhere as a final step?
Thanks in advance
PMThe steps you mentioned is correct.
When you configure the print service, you can set the URL of the web application server financial information in .properties and this file will get stored in the HSS registry (this is the step where you run the FRprintserversetup.cmd). So when you run Setup of each print server there will be created for this purpose in the HSS registry entries. Then, there will be an internal logic that will work on what server should take what process.
THX
-
How to configure the SMTP server for the osb 10.3.1
Hi all
Anyone can share information on how to configure the SMTP server for the osb 10.3.1
and then how to send an email to OSB 10.3.1
Thanks in advance!See this url:
https://blogs.Oracle.com/christomkins/entry/sending_an_email_from_oracle_s -
Configure the ACS 5.1 device to connect to the AD
Pls advise.
This is a new installation. I had to configure the ACS to connect to the ad to authenticate users and retrieve user information for the group as a result of step mapping.
Go to the users and identity stores > external identity stores > Active Directory and enter the domain name
appoint and give a name of user and password which will allow to connect to the domain. Then, click Test connection to validate join them the domain.
I got successful connection test. But when I click on save changes. I got error.
How has the problem been resolved?
Best regards
Boonkiat
It can be many things.
DCs how do you have in your area? They are all accessible by the ACS?
You return the SRV records for your ad?
-
Windows domain account to view reports / manage the ACS server.
All,
We have a Cisco ACS 5.2 deployment (device). It has existing integration with Active Directory. We use it with RADIUS to authenticate our users wireless and GANYMEDE to manage our network equipment.
RAY reports are useful for other teams (except my own) in order to resolve account lockouts and password (everyone forgets to change the password on his phone).
I would like to allow this team and other access to the report of RADIUS authentications.
I want them to be able to use their domain account to do this.<------- this="" is="" mandatory,="" based="" on="" our="" security="">------- >
We tried using an account local and which works very well.
My system tells me that domain accounts cannot access the administrative parts of ACS.
Is this true?
We have the support to allow us to upgrade to the latest version of the ACS.
5.4 of the ACS, it is possible to authenticate and authorize the directors of external stores, including AD accounts
-
Print file .rep directly on the printer, configure the application server
Hello
I spent several hours on this forum and unfortunately not found a solution yet so hoping someone has an idea that can help me solve this problem.
Using forms/States of oracle 11g with a linux application server, we develop on windows machines. Printing reports using compiled .rep files.
We have a network printer sharing (HP) that is configured on the application server, and we can print on the correct printer directly on the application server.
Problem is when I try to print a report when executing the forms of oracle on my machine of development directly to the printer.
I tried:
SET_REPORT_OBJECT_PROPERTY (l_repid, report_destype, printer);
SET_REPORT_OBJECT_PROPERTY (l_repid, report_desname, 'APPSERVER_PRINTER_NAME');
When I put the report_desformat in 'pdf' format I can see the reports to enter the print queue, but they do not reach a 'State' order ' print file empty. "
When I remove report_desformat, he sends in eps and as I understand it, it prints, but with bad formatting (I work remotely and run by what their colleagues say.)
CUPS 1.4.2 reference printer queue tab.
The report generates in the browser if I change the destype to produce and use web_show_document to display it as we usually do.
I understand there are solutions using a java bean or involving the installation of the software on the client computer, but my employer is unwilling to go to that direction. We have only a handful of reports that require the ability to print directly to the printer.
That someone has an idea of what the problem might be or help provide additional steps, I can take to solve problems? I have no idea how to do to configure printers, our IT Department managed this and they say, it's good so I don't know if there is a problem with what I'm doing or there was something installation related rate with this network printer.
Thanks in advanced for any assistance!
I have given up trying to use a report_desformat of pdf and paste it with the default value of the eps, after review, it seems pretty close match that generates pdf format and despite the fact that the queue on the application server throws a misprint even with the eps format it actually always draws for the good enough for now. Would be nice to know what happened here, but the problem has been resolved.
-
Hi all
I was trying to restore the configuration to a TFTP server, but it fails.
VIC-acs01 / admin # repository restore ACE-Config-160922 - 1542.tar.gpg repository acs
Restore requires a restart of the ACS services. Continue? (yes/no) Yes
Start the restore. Please wait...
% of ongoing restoration: from restoration... 10% have completed
% of ongoing restoration: recover the repository backup file... 20% completed
GPG: decrypt_message failed: unknown system error
tar: this doesn't look like a tar archive
tar: backup/appcomponent/db/acs.db: not found in archive
tar: backup/appcomponent/db/acs*.log: not found in archive
tar: leave with State failure due to previous errors
% of current restore: backup data decryption... 25% completed
% Error: unable to complete the restore of the ACS: the backup file decryption failed. Key encryption incorrect or corrupted download of the repository)VIC-acs01 / admin # sh historic restoration
Thu Nov 10 20:06:16 PST 2016: ACE-Config-160922 - 1542.tar.gpg the repository repository restore: error - acs script error
Thu Nov 10 20:19:37 PST 2016: ACE-Config-160922 - 1542.tar.gpg the repository repository restore: error - acs script error
Thu Nov 10 20:28:36 PST 2016: ACE-Config-160922 - 1542.tar.gpg the repository repository restore: error - decrypt failed
Thu Nov 10 20:30:11 PST 2016: ACE-Config-160922 - 1542.tar.gpg the repository repository restore: error - decrypt failed
Thu Nov 10 20:34:00 PST 2016: ACE-Config-160922 - 1542.tar.gpg the repository repository restore: error - decrypt failed
VIC-acs01 / admin #.VIC-acs01 / admin # sh run | repo b
repository repository
URL of tftp://10.10.79.13/
!VIC-acs01 / admin # repository repository sh
% Protocol can't list directories
VIC-acs01 / admin #.Any help would be appreciated.
FC
Hey FK,.
Yes, you can add another repository.
Kind regards
Kanwal
Note: Please check if they are useful.
-
Configure the application server after you change the database
Dear all,
We use ORACLE EBS R.12.1.2. Database: 11.1.0.7. 2 RedHat linux servers.
We are validating failover scenarios keep oracle database data.
Scenarios is that; We fail on the primary database and primary database role has opted for sleep.
Should what changes we make on the Application Server?
Should we change configuration of application server to connect to the new database (name, address of db server... etc). and how?
Thanks in advance,
Shareef
PL see Section 6 in MOS Doc 1545920.1
-
Configure the remote server and test
I installed Dreamweaver CS 6 and 10 CF and MS SQL server on the same computer.
I use Dreamweaver CS 6 to create a test web site and to set up the remote and testing server.
Dreamweaver invite me to enter the host name and the full directory.
I would like to know what I need to enter information?
hostname is localhost?
complete diretory will C:\inetpub\wwwroot or C:\ColdFusion10\cfusion\wwwroot?
Your information and your help is much appreciated,
Kind regards
iccsi,
Iccsi,
Yes. Host name to the title of "Test Server" is the hostname of the server test - in your case, since you're using CF, it must be the path in which CF works. It will be localhost:8888 or something similar - depending on what port you have configured for the webroot when installing CF. you could check in CF dashboard. Or, you could start CF server, open your browser, enter localhost. If the loading of the page Web of the CF by default, it's just localhost. If this isn't the case, add the port number.
The remote server is your real Web server. It may be http://www.somesite.com or if you run it in a separate folder within your main site, it will be http://www.somesite.com/test - depends on you want to download the files of remote work.
The complete directory under local configuration is the place where your files are located on your local system. Still, if you use CF, you can thus use CF webroot to create / store files - this way, you don't have to make copies of files in 2 places since that you configure the same folder as your test server too.
-ST
-
Translation in MAX problem when you configure the SSH server on a cRIO-9068
Hello
In my view, that there is a problem with the German translation of the remote switches max on the new cRIO-9068. When you look at the English Version, you see "Enable Secure Shell Server". In the German Version, you see "Secure Shell Server deaktivieren" which meens to disable the SSH server. The box did the same features, so after you disable SSH in can access. This it seems that it is probably just a translation problem.
I have attached two screenshots.
Andreas
Thank you Andreas.
This has already been supported in Nov 2013 and should be fixed soon.
Marco Brauner NIG.
-
Configure the FTP server using the command line
After IIS FTP server on Vista (or XP) starts the "default FTP Site" has only "read permissions".
How can I set the FTP server to the CONTROL LINE HELP, to allow 'write' also.I believe that access is denied is possible if,
the law is already assigned has.)
you do not have administrator rights (b.)Anyway, you can avoid the prompt (Y/N) by the presence of echo on the batch file
echo y | Cacls filename /g username :permissionRefer to Microsoft KB on How to Use CACLS.EXE in a Batch File .
-----------------------------------------------------
Remember to Vote as helpful for others and accept the the proposed Answer if it is relevant to build KB in this Forum.
Maybe you are looking for
-
A shippers sometimes emails get the timestamp of 31/12/1969 18:00. Why?
A sender of guaranteedrate.com has had three of his e-mails on five or six receive the timestamp of 31/12/1969 18:00 when in fact he sent them in the past two weeks. This place well in the slot more early possible date and found only because they app
-
Vista 64 just keeps freezing randomly
I bought a new laptop and it came with pre installed Vista Home premium 64-bit with SP1. The information system is the chipset Intel GM45, integrated graphics, 4 GB of RAM and 320 hard drive. The system hangs at random without error regardless of wha
-
Constantly freezes, vista, e-machine
HelloI constantly get freeze ups. Download the page blue kernal, mini dump, crash dump, etc..Especially when I try to run your antivirus software. I had AVG, it kept the fact that. Then I put Avast. Computer won't let other antivirus, but windows to
-
Windows Vista crashed, and we do not have the original installation disc for Vista. Can you buy Vista Ultimate and proceed to install it?
-
U2412M, is no longer recognized by Windows 10?
Hello I have a Dell XPS and two monitors Dell, a U2412M and a U2415. Yesterday, I had to do a Windows 10 reset due to a software problem. However, now 10 Windows recognizes only the U2415. The U2412M he sees as a generic PnP monitor and sets a horrib