Integration of ACS with AD

Similar Questions

• Integration of ASA with ACS

  Hi all

  I try to incorporate some ASA (8,6) with ACS (5,7), here is the configuration of the SAA.

  SH run | in aaa
  RADIUS Protocol RADIUS AAA server
  GANYMEDE + Protocol Ganymede + AAA-server
  AAA-server GANYMEDE + (management) host 10.243.14.24
  GANYMEDE + LOCAL console for AAA of http authentication
  authentication AAA ssh console GANYMEDE + LOCAL
  Console telnet authentication GANYMEDE + LOCAL AAA
  AAA accounting console GANYMEDE + ssh
  AAA accounting command 15 GANYMEDE privilege +.
  Console telnet accounting AAA GANYMEDE +.
  AAA authorization exec-authentication server
  AAA authorization GANYMEDE + loCAL command

  The problem is that I can get connected to ASA, but I can't type all commands in the CLI, I get the error message "failure of command approval.

  I have the same sets of commands and the shell profiles created for switches and it works perfectly.

  This is the behavior of ACS journals

  1. once I am having authenticated, I can see the logs in ACS with my username
  2 but when I type any commnds, is put down my permission and I see in the newspapers of the authorization of the CSA that this username is "enable_15".

  Can someone help me identify what the problem is

  Thank you
  Reverchon

  This happens when we have control permission enabled on ASA and try to run any command level 15 on SAA. To correct this problem you must check enable authentication of a user against GBA / GANYMEDE.

  AAA authentication enable console LOCAL + GANYMEDE

  After above listed licensing order, ASA will start to check the enable password against ACS/Ganymede and you use Ganymede activate the password that we can put on by user.

  ~ Jousset

• ACS with AD-with authentication of twins

  Hi gurus

  I want to integrate my 5.1 ACS with AD, my request is to check first for the machine authentication. If the machine authentication passes the customer name to username/password must be validated and customer should be in VLAN X. If the computer authentication fails, the user/password customer name must be validated. If authentication is successful the customer should be put into VLAN Y

  Let me know if this is possible

  Thank you

  NikhiL

  Nikhil,

  You can set a condition in your authorization policy and check whether the machine authentication has been made and your result out of this basic requirement.

  Here's a guide that corresponds to your questions:

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1235978

  Thank you

  Tarik Admani

• Integration of SAP with ERPI overview

  Hello

  I've done the integration of hyperion with EBS. Here are the basic steps I've done.

  1. install ERPI.

  2 - has given the Apps schema and initialized.

  3 - Select the general ledgers.

  4. define mappings according to EBS.

  5 create the rule.

  6 import data from BSE-> hyperion.

  My questions are,

  1 - How to achieve this in SAP?

  2 - steps are almost the same? or different?

  3. how the participation of functional person is necessary?

  4. how knowledge of SAP is necessary?

  5. how many types of cards is there for the integration of the EPRI-SAP?

  6 it is recommended by oracle?

  7 - What other ways I have move given sap in hyperion? can I use informatica?

  Concerning

  What is ERPI or FDMEE?

  (1) integration SAP is documented in the FDMEE Administrator's guide and the Guide of the adapter you can download from the site of bristlecone pines

  (2) integration SAP is completely different. It has different configuration of the side steps ODI. There are also some spots on the side AS creating a user for ODI (JCo connection)

  (3) the FDMEE-SAP adapter configuration is usually performed by a technician because it requires some knowledge of ODI. A functional person would act as soon as the adapter is configured so that it can configure FDMEE with respect to any other source

  (4) generally the core SAP team will configure SAP as required for integration and you don't need really SAP kwnoledge

  5) there are 6 predefined maps (documented in the Administrator's guide). That's FDMEE, to ERPI you will need to go to the latest patch for the 6 I guess

  (6) oracle cannot recommend an adapter because it depends on what you are going to integrate. If you want NEW GL balances, then use the NEWGL adapter.

  (7) Informatica does not hyperion support > = 11.1.2.3 I guess that if you would be able to use it, but you'll have to customize adapter for Hyperion, if you have the version 11.1.2.3 +. This can be done using APIs (for example: HFM API)

  If you are in the previous version you can use but I recommend not to use because it is not supported.

  Another option would be to use autonomous ODI that uses the same approach as adapter FDMEE-SAP from the technical point of view. In deed the SAP-FDMEE adapter uses the KMs ODI - SAP

• Animate cc, the police is both by default when you change the size of the text field. Have integrated a font with the name prjFnt... but once I have change the rating in the design view of the prjFnt goes to the new roman times... what a mistake... don't

  Animate cc, the police is both by default when you change the size of the text field. Have integrated a font with the name prjFnt... but once I have change the rating in the design view of the prjFnt goes to the new roman times... what a mistake... don't have we not no matter what patch

  This problem has been fixed in the latest update to animate CC.

  You can upgrade to animate CC 15.1.0.1.13 creative use of cloud App or via the Help menu > updates.

• WED ADI error "BY PER_289872_ADI_INTGR_EXISTS: an integrator already exists with this object name.

  Hello

  I try to create a new Integrator, but get the following error when importing to create the Integrator:

  "BY PER_289872_ADI_INTGR_EXISTS: an integrator already exists with this object name.

  I created these several times and it's the first Integrator that I create for this download balance adjustments.

  Any suggestions on what I am doing wrong?

  Thank you.

  Do you get the error even if you use a different name?

  Thank you

  Hussein

• What is the technology used for the integration of java with Flex application?

  How we integrate java into a Flex application or how to build flex applications that use Java as a backend?

  BlazeDs is currently used in businesses to serve the above purpose?

  Or is there a better technology that is used in businesses for the integration of Java with Flex application?

  What is the latest version of BlazeDs?

  Also, please give me a few important article links which shows a sample application in Flex using Java development as a backend.

  Thank you in advance.

  BlazeDS is the way to go. Just google BlazeDS and you will find many examples of link Java to Flex via Remoting and BlazeDS.

• Integration of Captivate with Flash

  Hello
  
  I save several movies with Captivate 3 and publish as Flash (SWF) files. I load this film into a Flash application using the class public AS3 Loader (see attached code). Also I create custom playback controls in this Flash animation. I test this regular flash movies loading technique and it works very well. But loading films Captivate, I can't control the movie because I had a Null object reference error, the worst is that I can't unload the first film when trying to load a second.
  
  As output is getting a lot of "onLoad = null m_movie.
  
  Where is the documentation for the integration of Captivate with Flash?

  Hey! Never mind. I just read Pipwerks blog post on the subject and his legacy Captivate class loader.
  Check it out

  http://pipwerks.com/journal/2008/04/03/new-legacycaptivateloader-class/

• Integration of ACS 5.2 with AD windows 2000 SP4 advanced

  Hello!

  I'm having a problem when setting up Cisco ACS 5.2 device 1121 to integrate windows 2000 Active Directory as a database of external users.

  I use an account with administrator privileges on AD (can create computer objects).

  AEC is saved successfully to the field, but it is not retrieve ad groups, even when I change the search base and filter.

  This link says that ACS supports AD on Windows 2003, 2008 and 2008R2, but he says not that is not supported in Windows 2000.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.2/device_support/sdt52.html#wp71115

  If someone can confirm that if AD 2000 is not taken in charge or have the solution I will apreciate your help

  This not is not supported, when ACS try to join the domain, it needs to know which version of the domain controller is in the as well as the functional domain level. Please see this guide on how to solve this problem for you reference and maybe you can try to get this to work on your own, however you will be able to benefit from support based on information you condition.

  https://supportforums.Cisco.com/docs/doc-26787

  Tarik Admani
  * Please note the useful messages *.

• Integration appliance ACS 1113 with RSA-Urgent

  Hi Experts,

  I got the following steps to install the fix on ACS 1113 V 4.0 Box.

  Instructions on how to install the patch

  ========================================

  1 extract the ACS CSAuth.exe - 4.0.1 - RSA - SW -CSCsc12614- CSCsd41866.zip

  2 stop the CSAuth service

  3. locate \bin and save a copy of the current CSAuth.exe

  4. copy the extracted the zip to \bin CSAuth.exe new

  5 start the CSAuth service

  In step 3, it was mentioned that locate \bin and save a copy of the current CSAuth.exe (i.e. on device ACS 1113). Could someone help me with the steps to locate the ACS ACS 1113 unit dir.

  Thank you

  Smail

  Satish,

  These steps are for windows-based acs. For the steps of the device are different. You need patch for the device.

  Steps to download for device attached is patch

  You can download the patch from the unit of

  http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-Soleng-3DES

  Please note if assistance

  Kind regards

  ~ JG

• ACS with ldap Unix

  Hi, I'm in a project security information, and I think ACS software integration with ldap hosts in Unix machine: Samba

  his works?

  Is there a trial version of GBA? any version 4.2, 5.1, etc...

  Thank you

  Try this

  ACS 4.2

  http://www.Cisco.com/cgi-bin/software/tablebuild/doftp.pl?ftpfile=Cisco/crypto/3DES/ciscosecure/ACS/win/90-dayeval/eval-ACS-4.2.0.124-SW.zip&app=tablebuild&status=showC2A%3E

  ACS 4.1

  http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-win-eval

  ACS 5.1

  https://supportforums.Cisco.com/thread/2024417

• KB3121461 with Windows 7 x 64 causing violations of integrity when parsing with SFC

  Hello

  KB3121461 is security necessary, and yet when I installed and then scanned with "sfc /verifyonly" as usual to make sure everything went well spent, it reports violations of integrity. All the other updates installed very well, just that. If I come back with the restoration of the system, SFC reports once again no problem. I do not understand why this would be the case, as far as I know SFC compares a secure file saved with one used? Or something like that, then why would the update causes a problem? I have chkdsked hard drive, no problem. Is anyone else having the same difficulty? I use Windows 7 x 64

  Thank you

  Hi Mike,.

  Thanks for posting your query in Microsoft Community.

  According to the description of the issue, I suggest you refer to the section: "How replace manually a file system damaged by a known good copy of the file" in the following article, and check, if it helps.

  Use the System File Checker tool to repair missing or corrupted system files

  Hope this information is useful. Let us know if you need more help, we will be happy to help you.

   

• HP integrated module crashes with an error btwusb.sys

  I have a laptop Compaq nx 7400. Whenever I load the HP Integrated bluetooth module blue laptop screens with an btwusb.sys error. I downloaded the drivers from hp. Anyone who has a work around this

  I downloaded the drivers for compaq 6820 s and they work. SP34842

• Authentication of ACS with PEAP / MSCHAPv2 - customer rejecting Server

  Hello

  Have a network setup wireless with Cisco 1131AG towers, c6500 WISN module test (4404-WLC) is authenticating with a Cisco ACS appliance (1113) using PEAP and MSCHAPv2 authentication.

  The laptops have the Cisco SSC customer (in collaboration with Mgmt SSC utility).

  A self-signed certificate created on the fate of ACS and root exported and installed on the laptop computer of TCL.

  IF CSSC box 'validation Server' is not selected, the authentication process works and I am able to connect to the network.

  IF CSSC "Validation of server" is checked, the authentication will fail.

  The problem, it appears that the customer refuses the server certificate:

  "Server certificate chain is not valid.

  The GBA, in the 'fail' authentication logs, message the following is stated:

  "Authentication failed during SSL negotiation" (which obvioously refers to the strand of string not valid)

  Any ideas?

  When you create a self-signed certificate, is there a specific directory, when the server certificate must be located? as c:\cert\certificate.cer

  Also, the certificate name must match host name of GBA?

  i.e." CN ="

  Any advice or pointers would be appreciated.

  Thank you

  Questions, it's that when you check the validation of server Box, you must make sure you have the certification authority in the root Certification Authority trusted. For example, in windows, there is a list of servers CA where you check the server certificate validation and also one of the root certification authority is on the list. If the root CA is not listed, then you must add to the list and check it out.

  You are right on the client rejecting the sever cert... Authentication failed during SSL negotiation

  This doc will give you an overview:

  http://www.Cisco.com/en/us/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml

• Integration of business with CIM data

  Hello

  I have a few questions:

  1 - What types of databases can be integrated with ICM? ODBC?

  If Yes, are we not to install the ODBC driver before configuring the lookup tables in Configuration Manager so that we can use the node search for DB?

  2 - Application Gateway allow a search for any type of database?

  Thank you very much.

  Installed and configured DBWorker can only search on a Microsoft SQL Server database. You configure the connection information (host name, user and password) SQL in the registry for the router and configure the table and query in the script editor and Config tool. There are a number of restrictions in DB search.

  So, no - you must install any driver. The DBworker process can manage the connection and run the query that you are configuring.

  An Application Gateway is a totally different beast.

  You can do one of these Unix in C, Windows in VB.NET and so on. The Protocol between she and ICM is well defined, but the principal server can do what you want - talk to a database, a web service, read a file.

  Cisco dislikes what it does on this side, as long as it includes the requests and responses and supports the heartbeat thread.

  The third way to make a DB business search is IP IVR or CVP (I guess UCCE). You can write custom Java classes to talk to any database, any web service and so on.

  Kind regards

  Geoff