RDBMS synchronization

I'm trying to do two things:

1. I would like to remove a particular user by using this method and

2. I want to move a user from one group to the other.

I've attached what I thought was the proper way to remove a user from ACS, but apparently, it isn't.

What I am doing wrong?

Thank you

Dwane

Copy the attached file to remove and change user group,

First entry is to remove the user

Second entry is to change group

It works very well

Kind regards

~ JG

Note the useful messages

Tags: Cisco Security

Similar Questions

RDBMS with Action Code 123 sync error

Hello. I tried to create a .csv file to import into my safe acs 3.3. Most of the file works, except the lines with the Code of the 123 Action (ADD_DIAL_ACCESS_FILTER). The line looks like this.

20, 0, username, 123, "" peripheral Site, *, *, * ", Port/AAA Client, 25/06/2008-09:46, 0, 0"

After the synchronization run, I'll report of RDBMS. "When it comes to these lines in the csv file, I get the ERROR: Parse Error: reason - Value out of Range" [if = 20 A = 123 United Nations = 'User name' GN = "" I = "" VN = "" V1 = "" Site-device * * "V2 = V3" AAA/Client Port"=" ' "]

I tried messing around with the VI section, but can't seem to do things.

I was able to use the Code 122 for the ADD_NAS_ACCESS_FILTER Action. I want that this user cannot access devices listed in this section.

Help, please.

Thank you

Andrew S.

Hello

V2 should have one of these literal values (without the quotes):

"CLID".

"GWENDOLINE".

"CLID/DNIS.

' NAS/PORT '.

The value of the V1 will be must match to be unique clid or dnis value or handsets clid/dnis or nas/port

for example "1.2.3.4/tty0" or "214-300-123/001800123456".

Although I wrote a lot of RDBMS synchronize... I don't think that this piece was mine!

Addition of VSA on the GBA unit

Dear all,

How to add other attributes specific to the seller on the GBA unit? Normally on the software, we use the command line "CSutil" to add the ASB, but as the device is not interface to the windows system, there is no way to configure it. No one knows how to do?

Appreciate for any idea

Starting from 3.1, supported ACS VSA custom with RDBMS synchronization, also. This was done specifically to take charge of the unit. Action codes 350 per 355 support config and custom VSA definition.

So, consult the ACS 3.2 user guide device for information on the use of RDBMS Synch.

Some links:

Topic on the RDBMS support for VSA import:

http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacsapp/user/sad.htm#451579

Beginning of the RDBMS feature doc:

http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacsapp/user/sad.htm#451426

Synch. Annex codes:

http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacsapp/user/AG.htm

Table with the relevant action codes:

http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacsapp/user/AG.htm#1372

Consolidation/merger 4.2 ACS servers

Hi, we have 2 servers ACS each handling of different sets of hundreds of devices. I need to merge 2 databases (users, groups, and devices) in a third 4.2 ACS server.

My thoughts are to make a backup of one and do a restore on the new server. Now, I need to find a way to import users, groups, and devices of the second ACS server in the new consolidated CAs. I searched and I have not found a way to import users, groups, and devices without removing the devices that have been added since the first ACS sever. Does anyone have recommendations?

Try this. On each ACS server, run CSSupport (or support in ACS Admin page) to generate a cab package.

If you open the booth there will be two files CSV - one for NDG and one for devices.

Using excel you can merge these two CSVs. To find data ACS, you will need to create an account actions CSV file and deal with RDBMS synchronization.

Action code 250 adds a NDG

220 action code add one unit of

Action code 252 assigns the device in NDG

This may seem like a chore, but its largely a cut and paste exercise.

If you regularly use RDBMS sync to add your devices this means that you will always have a file of shares of update that you can throw to another server if you wish.

Lots of information about sync of RDBMS to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_RDBMS.html

The easiest way is to download the SQL Anywhere Developer tools and ask for Cisco on the loading tables ndg and device directly from CSV files. It can be done, but I doubt they'll give you the password in its database.

ACS and Brocade switch support!

Hi Experts,

I have two questions: -.

(1) does support switch of Broacade CSA?

(2) I am configuring a Brocade switch for Radius Authentication on an ACS server. But the right to the user and not a right admin?

Can you please tell me how to assign the admin for brocade switch?

Thanks in advance.

Concerning

Neha.

Configure the ACS unit to import your CSV

A. go to the Interface of Configuration > Advanced Options

B. check RDBMS synchronization and click on submit

C. go to the System Configuration > RDBMS synchronization

D. Enter the name of the CSV in the Actions file field

E. Enter the IP of the server FTP, the directory where the CSV file resides on the server FTP and the username and password for ACS to use to access the FTP server in the fields suitable

F. choose manual synchronization

G. make sure your server is listed in the column to synchronize synchronization partners section and click on submit

H. go back into the RDBMS synchronization and click Synchronize now and updates must take place.

Cisco ACS

Hello

I am currently looking into setting up acs to provide authentication Ganymede. I have not had much experience with ACS until now, but have set up a base in place. We run ACS 4.2.

The question I have is in what regards adding network devices. We have over 1000 switches - all these should be created as individual network devices in ACS? Or is there a way to import them, say in a list of IP addresses?

If everyone must be added individually, it seems quite an overload of the admin.

How are they managing guys this task?

Thanks in advance.

Hi Edison,

ACS offers a feature to Bulk import of usernames, etc. through a feature called RDBMS synchronization of network devices. Through this, you'd be able to add all devices, without having to go into each of them.

You can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html to learn more about this feature.

Kind regards

Kush

How do Active/Backup (replication config) ACS 4.1

Hello

I tried to find a way by which I can do on my ACS active & the other as secondary IE how I can reproduce the config made on an asset to the backup of the acs. I m using ACS SE 4.1

Thanks in advance for your suggestions.

-Piyush

Hello

You can use the box RDBMS synchronization to synchronize the 2 boxes of ACS, but I don't think that there is a way to make an active and the other secondary on the ACS itself.

If you are authenticating users of your switches wireless etc... You can do first appears in ACS 'active' and 'secondary' GBA listed second. This secondary GBA would only used it actively it was not available.

HTH

Craig

Shared key change in bulk for the customers of ACS 4.2.1

Hello

is it possible to change the secret key that is shared for all devices in bulk instead of return to each clients and hand over the keys in ACS 4.2.1?

Please let me know if is it possible to execute more quickly.

Thank you

Hi Nitin,

Well, if you have all the devices in a single NDG, then simply click on the NDG > downstairs, click on change the properties > enter the new secret key shared it and it will prevail there. Although if you click on any customer to AAA within this NDG, it will show the OLD shared secret key, but due to the presence of this feature, where the key of NDG always overwrites the AAA client, this will probably work for you.

If you are not convinced by the above suggestion and I really want to change the shared secret key and then let me know.

You use ACS SE or windows ACS. I'm assuming that you have ACS SE

Here you need a CSV file with the code for the action of some NAS and you should be able to synchronize the CSV with RDBMS for the database to help
version 4.2

Code 224 - UPDATE_NAS

VN = AAA client name

V1 = IP address

V2 = shared secret key

V3 = vendor

Import RDBMS synchronization definition
http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html#wp148322

Action codes to change the Network Configuration
http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html#wp78096

HTH

Jousset

Note the useful posts ~

Cisco CSA 4.2 + RADIUS + HP procurve switches

Hello!

We mixed network environment with cisco / HP hardware.

We are currently assessing the Cisco ACS 4.2 to manage network access network equipment.

Cisco equipment works very well, but we have problems the RADIUS and procurve switches (Ganymede works very well)

I googled around and it seems that you need to create a new '(VSA, Vendor) vendor-specific attributes' for procurve switches and the IETF radius settings according to the variables on the right which must match the HP equipment.

Problem is that I can't find this information online.

Anyone who manages to solve this problem?

Would really appreciate help!

Thank you

BR

Generally, you should download VSA for acs. You must get the HP ini file. Once you have you need create a vsa and transfer it to acs.

Because we need to add a specific seller attribute in the TAS, then we must first

Create a file 'accountActions.csv' using the format specified in "RDBMS synchronization."

Import definition', once we are ready with the file, then we must do an RDBMS

Synchorization folder of ACS (SE) and then go on:

Reports and activity > RDBMS synchronization and make sure that the synchronization has been

done it without error. Once this is done, you must re - start the ACS SE, then

We can create a new AAA client and use the new RADIUS (xxxx), and the attributes that we

added can be made visible for:

The interface configuration > and select the newly added Radius VSA attribute.

: RDBMS synchronization:

http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacsapp/CSA

PP40/ugse40/sad.htm#wp756877

: Import a definition RDBMS synchronization:

http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacsapp/CSA

PP40/ugse40/AG.htm

Kind regards

~ JG

Wildcard AAA Client ACS4.1

Hi I am trying to solve the following problem:

I use ACS for authority accounting & administrative support to network devices, and I would like to distinguish which users have access to devices. I have about 2500 network devices in my network, and instead to add each one to the DB of the CSA, I created a generic client AAA with IP *. *. *. *.

It has worked well so far, extremely simple installation, I know, but now I want to add FWs and other sensitive devices and restrict access using NAR. The idea was to create new AAA customers for each type of device and deny access to restricted groups with NAR. The problem is that when you define new groups of an IP address conflict is detected with generic AAA client.

Is there another way to solve this problem outside the importation of all network devices and create NDG? That's what I wanted to avoid.

Any help is greatly appreciated.

Thank you

Niels

Niels,

First of all, I would not recommend to have this kind of facility. Anyone can plug aaa-client and send many wondering of acs caused a delay in the processing of legitimate applications. It's like opening the doors of the CSA for everyone.

For your question, there is no way that you can add separate IP since wildcard covers the full range.

Best way is to download your aaa devices. You can use the RDBMS synchronization to download everything at once.

Other easy way is to add networks like, 10.5. *. * / 30.34. *. * / 30.35. *. *

Kind regards

~ JG

Note the useful messages

Adding accounts on ACS using SNMP

Hi people,

I use ACS 4.2 and I was just wondering if it is possible to add user accounts by using snmpset? If so, anyone found any documentation on what needs to be done? I have the SNMP running on it and check with the ACS using snmpget.

Thank you, S.

Hi Shane,

It is unfortunately not possible. You cannot add users via SNMP.
However, you can add multiple users at once using RDBMS synchronization.

HTH

Amjad

Sent by Cisco Support technique iPad App

ACS dictionary file

Hi Security Experts,

I have a requirement to add a box of third-party (niksun device used to sniff the packets) as a radius client in ACS 4.2.

I went through the configuration of niksun guide to see how it should be done.

According to their documentation, I need to create a file on the ACS server (our ACS is installed on a windows 2003 Server), and this file should include Niksun Vendor ID. So, I have to include this file in the dictionary of ACS file.

Could you give me an example of how this is done on GBA 4.2? FYI our ACS is installed on a windows 2003 server.

PS: I rate of useful messages.

Thank you

Boudou

Well well

You're talking about the definition of the custom ACS RADIUS vendor.

This can be done by using RDBMS synchronization feature, by having the file of actions.csv of built-in account based on the definition of the dictionary of the third party provider and import back to GBA.

Click on the following link for more info:

http://www.Cisco.com/en/us/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html#wp148322

the following codes of least should be the basis for the realization of your task:

350 ADD_UDV

352 ADD_VSA

353 SET_VSA_PROFILE

ADD_VSA_ENUM 354

355 ADOPT_NEW_UDV_OR_VSA

-------------------------------------------------------------------

Make sure the correct answer rate

Add new OPNET VSA ACS 4.2

I need to add attributes Radius OPNET ACS 4.2. How can I add a specific attribute again GBA? Google search points me to CSUtil.exe and I can not find this utility in the ACS installation files.

These are the values I need added to OPNET.

When configuring the RADIUS server to take over of the ACE Live device, use the Code provider and specific attribute of the following (VSA) provider:

Manufacturer code: 7119

VSA: 33

Thanks for your help.

Faucher

Well well well, you can use the RDBMS synchronization feature to add the new custom provider ACS with its custom attributes that complement the standard list of the IETF.

What you need to do is set the file accountactions.csv with the actions needed to add the new custom as well as its attributes provider.

As a reference to how to implement the accountactions.csv file, please see the following link:

http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html#wp148322

Walk through all of the above chapter.

One last thing, you need to find the file of the dictionary for OPNET with their custom attributes.

If you need the fish, just provide the dictionary file and I will make the file for you.

------------------------------------------------------------------

Pleae make sure that correct rate

Synchronization of the comments of the column from the relational model to the data dictionary?

I changed/added comments of column to a table in my relational model. When I try to sync the database data dictionary changes are never included the observations of the new column. In fact, I see that the values in the field 'Commentary in RDBMS' are different in the preview window to compare, but the line is not highlighted in red I guess that, in fact it is even dimmed. Also, I can not check the check box "selected".
Is there a way to get comments to synchronize? I don't miss any option that I first? Is this a bug or an expected behavior?
I use the version 4.0.3 x 64 of the Data Modeler.
Any help would be appreciated,
Charlie

Hi Charlie,

but the line is not highlighted in red I guess that in fact it is grayed out even.

"that means property is excluded from the comparison - the same dialog box click on tab -" Options > properties filters '-you can control the properties to include in compare it it is to say ' comment in RDBMS ' must be checked.

Press the button "Refresh trees" after the properties are set correctly.

Philippe

data synchronization
Hello
RDBMS: Oracle 10.2 standard edition

I have Production, test, and staging server.
Now, I want to make a plan to synchronize the data in the tables from production to test and the staging server.
Constraint is data existing on the test and put in scene maybe stay same for comparisons.

One thing I can do is (production) Expdp and Impdp (test, staging). Data size is about 10 GB.
I want to know you, the experts, what is the best way to accomplish this task?
816422 wrote:
I have Production, test, and staging server.
Now, I want to make a plan to synchronize the data in the tables from production to test and the staging server.
Constraint is data existing on the test and put in scene maybe stay same for comparisons.

One thing I can do is (production) Expdp and Impdp (test, staging). Data size is about 10 GB.
I want to know you, the experts, what is the best way to accomplish this task?

Import/Export is an excellent choice. The size of the data is relatively low, so it shouldn't be a lot of work. Data pump default compress for your fill of export will be less than 10 GB. You can also do a pump of data directly on the network (parameter NETWORK_LINK) in order to avoid the total dump file.

Oracle Streams is another option - I do not know it is available in Standard, but it's one of those things you set up once and then the tables between databases are synchronized forever.

You can also update via SQL using the links in the database.

Finally, you might consider the use of transportable tablespaces, even if it means putting the source tablespaces in read-only mode for a while then you copy them.

RDBMS synchronization

Similar Questions

Maybe you are looking for