Similar Questions

• problem with DNS on the active directory server unique

  I have a client that I'm having a problem with DNS that they do not have active directory structure.  I tried just about everything and at my wits end.  Customers can get online, but the problem is that they cannot see the DNS.  Any help would be much appreciated.

  Ask in the forum Windows Server:
  http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

• Active Directory Server conversion

  Hi all

  I was wondering if there are problems when converting to a secondary Active Directory Server? or a second server active directory that does any of the FSMO roles.  Are there any known issues with this kind of a P2V flip? or problems with replication, the Ad Server online as a virtual machine?

  You are better off creating a new virtual machine fresh and execution of dcpromo. Then, run dcpromo on the former to remove it. In all projects that I did it, it's how I recommend doing.

  Dave Convery

  VMware vExpert 2009

  http://www.dailyhypervisor.com

  Prudent. We do not want to make of this.

  Bill Watterson, "Calvin and Hobbes".

• Create different group with VPN remote access

  Hello world

  The last time, I ve put in place a VPN for remote access to my network with ASA 5510

  I ve access to all my internal LAn helped with my VPN

  But I want to set up a vpn group in the CLI for a different group of the user who accesses the different server or a different network on my local network.

  Example: computer group - access to 10.70.5.X network

  Group consultant network - access to 10.70.10.X

  I need to know how I can do this, and if you can give me some example script to complete this

  Here is my configuration:

  ASA Version 8.0 (2)
  !
  ASA-Vidrul host name
  vidrul domain name - ao.com
  activate 8Ry2YjIyt7RRXU24 encrypted password
  names of
  DNS-guard
  !
  interface Ethernet0/0
  nameif outside
  security-level 0
  address IP X.X.X.X 255.255.255.X
  !
  interface Ethernet0/1
  nameif inside
  security-level 100
  address IP X.X.X.X 255.255.255.X
  !
  interface Ethernet0/2
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Ethernet0/3
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Management0/0
  Description Port_Device_Management
  nameif management
  security-level 99
  address IP X.X.X.X 255.255.255.X
  management only
  !
  2KFQnbNIdI.2KYOU encrypted passwd
  passive FTP mode
  DNS server-group DefaultDNS
  vidrul domain name - ao.com
  access-list 100 scope ip allow a whole
  access-list extended 100 permit icmp any any echo
  access-list extended 100 permit icmp any any echo response
  vpn-vidrul_splitTunnelAcl permit 10.70.1.0 access list standard 255.255.255.0
  vpn-vidrul_splitTunnelAcl permit 10.70.99.0 access list standard 255.255.255.0
  inside_nat0_outbound list of allowed ip extended access all 10.70.255.0 255.255.255.0
  pager lines 24
  Outside 1500 MTU
  Within 1500 MTU
  MTU 1500 management
  IP local pool clientvpngroup 10.70.255.100 - 10.70.255.200 mask 255.255.255.0
  ICMP unreachable rate-limit 1 burst-size 1
  ASDM image disk0: / asdm - 602.bin
  don't allow no asdm history
  ARP timeout 14400
  Global 1 interface (outside)
  NAT (inside) 0-list of access inside_nat0_outbound
  NAT (inside) 1 10.70.0.0 255.255.0.0
  Access-group 100 in the interface inside
  Access-group 100 interface inside

  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout, uauth 0:05:00 absolute
  dynamic-access-policy-registration DfltAccessPolicy
  Protocol RADIUS AAA-server 10.70.99.10
  AAA authentication enable LOCAL console
  the ssh LOCAL console AAA authentication
  LOCAL AAA authorization command
  Enable http server
  http 192.168.1.2 255.255.255.255 management
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
  Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
  SYSTEM_DEFAULT_CRYPTO_MAP game 65535 dynamic-map crypto transform-set ESP-DES-SHA ESP-DES-MD5
  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
  outside_map interface card crypto outside
  crypto ISAKMP allow outside
  crypto ISAKMP policy 10
  preshared authentication
  the Encryption
  md5 hash
  Group 2
  life 86400
  Crypto isakmp nat-traversal 30
  Telnet 0.0.0.0 0.0.0.0 inside
  Telnet timeout 5
  SSH 0.0.0.0 0.0.0.0 outdoors
  SSH timeout 5
  Console timeout 0
  outside access management
  dhcpd manage 192.168.1.2 - 192.168.1.5
  dhcpd enable management
  !
  a basic threat threat detection
  Statistics-list of access threat detection
  !
  class-map inspection_default
  match default-inspection-traffic
  block-url-class of the class-map
  class-map imblock
  match any
  class-map P2P
  game port tcp eq www
  !
  !
  type of policy-card inspect dns migrated_dns_map_1
  parameters
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the migrated_dns_map_1 dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the netbios
  inspect the rsh
  inspect the rtsp
  inspect the skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect the tftp
  inspect the sip
  inspect xdmcp
  Policy-map IM_P2P
  class imblock
  class P2P
  !
  global service-policy global_policy
  vpn-vidrul group policy internal
  vpn-vidrul group policy attributes
  Protocol-tunnel-VPN IPSec
  Split-tunnel-policy tunnelspecified
  Split-tunnel-network-list value vpn-vidrul_splitTunnelAcl
  value by default-field vidrul - ao.com
  test 274Y4GRAbNElaCoV of encrypted password privilege 0 username
  username admin privilege 15 encrypted password bTpUzgLxalekyhxQ
  attributes of user admin name
  Strategy-Group-VPN-vpn-vidrul
  username, password suporte zjQEaX/fm0NjEp4k encrypted privilege 15
  type tunnel-group vidrul-vpn remote access
  vpn-vidrul general-attributes tunnel-group
  address clientvpngroup pool
  Group Policy - by default-vpn-vidrul
  IPSec-vpn-vidrul tunnel group attributes
  pre-shared-key *.
  context of prompt hostname
  Cryptochecksum:d84e64c87cc5b263c84567e22400591c
  : end

  What you need to configure is to imitate the configuration on the tunnel-group and group strategy and to configure access to specific network you need.

  Currently, you have configured the following:

  vpn-vidrul group policy internal
  vpn-vidrul group policy attributes
  Protocol-tunnel-VPN IPSec
  Split-tunnel-policy tunnelspecified
  Split-tunnel-network-list value vpn-vidrul_splitTunnelAcl
  value by default-field vidrul - ao.com

  type tunnel-group vidrul-vpn remote access
  vpn-vidrul general-attributes tunnel-group
  address clientvpngroup pool
  Group Policy - by default-vpn-vidrul
  IPSec-vpn-vidrul tunnel group attributes
  pre-shared-key *.

  What you need is to create new group policy and the new tunnel-group and configure the tunnel split ACL to allow access to specific access required.

  The user must then connect with the new group name and the new pre-shared key (password).

  Hope that helps.

• Version of Cisco ACS 5.1.0.44.3 integrate with active directory server from Microsoft windows 2012?

  Version of Cisco ACS 5.1.0.44.3 integrate with active directory Microsoft windows 2012 R2 server?

  Unfortunately, it does not support R2 2012

  5.1 ACS supports all editions of:

  Windows Active Directory (AD) 2000

  Windows AD 2003

  Windows AD 2003 R2

  Windows AD 2008

  Source

  Windows AD 2012 R2 is supported after ACS 5.5 patch 1 and following.

  Source

  Please find below the steps to go from 5.1 to 5.5 hotfix 1:

  STEP	FILE	COMMAND
  Apply the 5.1 patch 6	5-1-0-44 - 6.tar.gpg	ACS patch install repository 5-1-0-44 - 6.tar.gpg ftp_repository_name
  Apply 5.3	ACS_5.3.0.40.tar.gz	application upgrade ACS_5.3.0.40.tar.gz ftp_repository_name
  Apply the patch 5.3 8	5-3-0-40 - 8.tar.gpg	ACS patch install repository 5-3-0-40 - 8.tar.gpg ftp_repository_name
  Apply the sharp Patch	Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg	ACS patch installs Pointed-PreUpgrade -CSCum04132- 5-3-0 - 40.tar.gpg repository ftp_repository_name
  Apply 5.5	ACS_5.5.0.46.tar.gz	application upgrade ACS_5.5.0.46.tar.gz ftp_repository_name
  Apply the patch 5.5 1	5-5-0-46 - 1.tar.gpg	ACS patch install repository 5-5-0-46 - 1.tar.gpg ftp_repository_name

  Best regards ~ jousset

• Can I run Backup Server (Symantec BackupExec), accounts (fast book) on the single domain Active Directory server software

  Dear all,

  I am under domain, Active Directory and the backup server (Backup Exec) and called to account quick book on the same server.

  Does make all the problems? Kindly looking for answers.

  Hello

  Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.

  http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

  See you soon.

• I activated the Server 2003 Enterprise, but it stops after each hour and indicates that the owner of the copy has expired.

  Server 2003 EnterpriseR2 copy eval

  I installed a Server 2003 Enterprise eval copy, because we have not find the cd installation media.

  Everything was very well, we have activated by Microsoft, until yesterday. 180 days later, our server wants to stop every hour, because the eval copy has expired.

  It is a licensed version and has been activated.

  Why the hell do you want to ask in a forum of Windows XP?

  Post in the Windows Server Forums:
  http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer/

• Need help with unblocking Port 80 on Windows Server 2003

  Web browsing is disabled on a computer that is running Windows Server 2003. I think that Port 80 is the block, but there is no installed firewall or the router it blocks. Using the command IPCONFIG I can ping www.yahoo.com, but I can not connect to www.yahoo.com on the web browser. Backup software remote works very well.

  In addition, there is no set of proxy server, everything is automatic "as it should". I have triple checked all the settings with Internet Explorer and Firefox.

  Thank you for visiting the Microsoft Answers site. The question you have posted is related to Windows Server 2003 and would be better suited to the Windows Server TechCenter community. Please visit the link below to find a community that will support what ask you:

  
  http://social.technet.Microsoft.com/forums/en-us/winservergen/threads

  Cody C
  Microsoft Answers Support Engineer
  Visit our Microsoft answers feedback Forum and let us know what you think.

• Integration of AAA with RADIUS NPS Microsoft Active Directory

  Hi all...

  We are looking to centralize administrative authentication of our switches and routers using domain AD groups. The oldest switches being 3560 s. There are a lot of great guides online on how to do it using MS NPS, but they all seem to require NPS to the use of the PAP and SPAP for authentication methods between the RADIUS (switches) clients and NPS-clear text protocols. It is the only option to make this work? Of course, the main concern would be the high-level AD user passwords transmitted through the wire. Am I right in thinking that the AD passwords are indeed involved in the process and NOT only verification of the Shared Secret between the NPS RADIUS clients... and then membership in one group AD?  Also, what would be a safe alternative where AD passwords would not be sent in clear text. Any clarification would be great...

  Thank you... Dennis

  Hello Dennis.

  The password is not sent in clear text. Instead, it is encrypted by the n (in your case the switch) until this draft is forwarded to the Radius server. The 'shared secret' is used in the encryption process, that's why the secret is not sent over the network. In addition, this is why the shared secret should be complex. For more information, see the links below:

  http://www.Cisco.com/c/en/us/support/docs/security-VPN/Remote-Authentication-Dial-user-service-RADIUS/12433-32.html

  http://TechNet.Microsoft.com/en-us/library/cc771660%28V=WS.10%29.aspx

  I hope this helps!

  Thank you for evaluating useful messages!

• Set the name of the network on a Windows 2012 without Active Directory Server

  I have a Server Windows 2012 I use for DHCP, DNS and NAT on a network without a domain controller, and I don't want to create a domain.

  When my Windows 7 clients connect, they identify the network with the name of 'network '. Is there a setting on the server, Windows 2012, that will allow me to change the name that clients identify the network with? I want something that is on the side Server and not to go and rename it on each client manually.

  I noticed low-end devices how as access points, modems etc use their own custom network that clients identify their network with, so I guess it cannot be something too difficult...

  Thank you in advance.

  Support is located in the Windows Server Forums:
  http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer/

• Best way to upgrade of domain Active Directory from 2003 to 2008

  I have a specific situation.  I need to upgrade an AD 2003-2008r2.  We are not comfortable making the leap for 2012.  Basically, the original design was 5 offices of each with a domain controller.  Each domain controller has a file share, but also the "Users" folder  I thought up starting with the new servers side by side.  DCPromo the 2008r2 new servers to domain controllers.  What is the best method to move the file shares and files users in this case?  Once files are moved I can then DCPromo down servers 2003 and raise to the 2008 field.  All IP addresses are static throughout the environment.  He didn't design this way... but having to deal with it.

  This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
  http://social.technet.Microsoft.com/forums/en-us/home
  http://social.msdn.Microsoft.com/forums/en-us/home

• Cisco ASA 8.3 ldap AAA configuration Microsoft active directory server fails

  Hello

  I'm trying to implement authentication ldap for remote vpn ssl users like the image below:

  

  When I try the test button and enter a user name and password I get the message ' authentication rejected: user not found. "

  Why? Please help, I am running out of options here... Thank you much much in advance.

  Use the DN of connection according to the following format.

  [email protected]/ * / _name and let me know how it goes.

  If the suggestion above does not work then please run the debugging ldap 255 and paste the result here.

  Rgds, jousset

  The rate of useful messages-

• 4.2 ACS Cisco with Active Directory integration

  Hello

  I m new in the administration of the ACS, we have recently implemented on ACS version 4.2 Server

  to manage all the authorization of users in our network.

  We are in an environment with at least one Active Directory server, group, and users.

  Now, I m just able to create a new user in ACS and work with the switch of the customer, do I have to do, is to integrate my 4.2 ACS with Active Directory.

  to work with the user and group that a registry in my ad.

  Can someon help me please?

  Hello

  If you use windows server for CE 4.2 Installing you just need to do this the domain member server.

• Cisco Secure ACS groups 5.1 Active Directory and RSA Authentication Manager 7.1 for profiles

  / * Style definitions * / table. MsoNormalTable {mso-style-name: "Table Normal" "; mso-knew-rowband-size: 0; mso-knew-colband-size: 0; mso-style - noshow:yes; mso-style-priority: 99; mso-style - qformat:yes; mso-style-parent:" ";" mso-padding-alt: 0 cm 0 cm 5.4pt 5.4pt; mso-para-margin: 0 cm; mso-para-margin-bottom: .0001pt; mso-pagination: widow-orphan; font-size: 11.0pt; font family: 'Calibri', 'sans-serif"; mso-ascii-font-family: Calibri; mso-ascii-theme-make: minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-make: minor-fareast; mso-hansi-font-family: Calibri; mso-hansi-theme-make: minor-latin ;}"}

  Hello

  I'm deploying an ACS connected to an RSA AuthManager (that is connected to an Active Directory domain)

  I create several groups within the Active Directory server, I try to give to users for their groups different access rights.

  I tried to define an access policy "NetOp/NetAdm" and two authorization rules:

  Rule-1 AD - AD1:ExternalGroups contains all dir. INTRA/groups/NETOP 'Auth for net operators' 0

  Rule 2 AD - AD1:ExternalGroups contains all dir. INTRA/groups/NETADM 'Auth net admin' 0

  Default: refuse

  In the identity, I have configured the RSA identity source, so that users get authenticated by the RSA Authentication Manager.

  But I still refuse to get access, RSA authentication is successful, but the group membership, active directory does not work, even with the unix attributes or group principal defined for the user.

  My question is this valid configuration scenario? Is there another way to define several profiles according to the Group of users of external source?

  The stages of monitoring:

  Measures

  Request for access received RADIUS 11001

  11017 RADIUS creates a new session

  Assess Service selection strategy

  15004 Matched rule

  Access to Selected 15012 - NetOp/NetAdm service policy

  Evaluate the politics of identity

  15004 Matched rule

  15013 selected identity Store - server RSA

  24500 Authenticating user on the server's RSA SecurID.

  24501 a session is established with the server's RSA SecurID.

  24506 check successful operation code

  24505 user authentication succeeded.

  24553 user record has been cached

  24502 with RSA SecurID Server session is closed

  Authentication 22037 spent

  22023 proceed to the recovery of the attribute

  24628 user cache not enabled in the configuration of the RADIUS identity token store.

  Identity sequence 22016 completed an iteration of the IDStores

  Evaluate the strategy of group mapping

  15006 set default mapping rule

  Authorization of emergency policy assessment

  15042 no rule has been balanced

  Evaluation of authorization policy

  15006 set default mapping rule

  15016 selected the authorization - DenyAccess profile

  15039 selected authorization profile is DenyAccess

  11003 returned RADIUS Access-Reject

  Thank you

  Christophe

  I think you need to do is to create a sequence of identity with RSA as a selection in

  Authentication and recovery research list of attributes and AD in the additional attribute list recovery research. Then select this sequence as a result of the politics of identity for the service

• Has anyone created new security groups... and how did you do

  We have problems with giving people the opportunity to view and modify other emails/forms/etc.   Anyone who sets up security to pull away, specifically, groups the possibility to remove or modify?  Not everyone who uses our system needs to change or remove, so I wasn't sure if someone had created security groups that pulls this ability of some specific users...

  Thank you!

  When I told our CSM, she said you have to contact support and they can do it on a case-by-case basis.  But we seek to implement the same thing, it would be interesting if you managed to get this Setup.