Several groups of ACS/announcements in NDG

Similar Questions

• Several groups of RADIUS auth on a single Windows Server

  We have several groups RA VPN on a 3845 router.

  Authentication RADIUS which is currently happening between the 3845 and one Windows 2008 Server.  We have a group of specific windows which AD users are members, and they are allowed to connect through the VPN.

  I create a new group of VPN, which should only allow different users of the AD.  Is it possible to create another association of RADIUS on the same server, or do I need to authenticate to a different Windows Server?

  Thank you

  Tyler

  Hey Tyler,

  If I understand the question, here's what you have to say.

  There are several groups on the announcement. currently 1 user group special on AD connect very well to the RAVPN.

  Now you want to connected VPN or authorized for another group on AD. Basically, you want to control access to resources based on the groups that they belong to the advertising. Am I wrong?

  You use the aaa server is the RADIUS. I don't think you can do authentication and control of access based on the ad groups using RADIUS.

  I would say try LDAP.

  http://www.Cisco.com/en/us/docs/iOS/sec_user_services/configuration/guide/sec_cfg_ldap.html

  I hope this helps.

  Kind regards

  Anisha

  P.S.: Please evaluate the useful messages

• Card AD single user to multiple groups identity ACS 5.8

  It is possible to map a single to several groups of identitiy ACS AD user account?

  I tried to create two different security groups AD with the same user in the two groups.  I then created two different maps each SEO group.  It's only the first mapping is hit.

  Thank you.

  John

  John,

  Unlike ACS 4 (and earlier versions), the need to map users to groups is much diminished, because you can create policies for leave with a lot of flexibility and to make reference to ad groups and many other criteria.

  You can consider creating strategies authorization that don't depend on identity groups and group membership just reference AD and/or any other criteria.

  Javier Henderson

  Cisco Systems

• VPN access query remote ASA - several group policies for the unique connection profile

  Hi all

  Two quick questions here that I need to help.

  1. in an ASA 5525, is it possible to have several group policies for a single connection profile?

  Scenario: A customer is running F5 Firepass to their VPN solution and this device is used by them to have multiple strategies group by the connection profile. We plan to migrate them to ASA (5525) and I don't know if the ASA can support that.

  2. in an ASA-5525 for Clientless Remote access VPN, can pass us the page to connect to an external server? For example, if I have a connection with a URL profile setup: "'https://wyz.vpn.com/ ';" for the LDAP/Radius Authentication, but for https://wyz.vpn.com/data and https://wyz.vpn.com/test I want to HTTP based authentication form and this page needs to be sent to an external server that is to say ASA step will manage this page, but rather the first page for this is served by the external server.

  Scenario: One of our clients is running F5 Firepass to their VPN solution. On the F5 they have pages of configuration such as the https://wyz.vpn.com/ that the F5 shows to the user when they connect via VPN without client; However if the user types https://wyz.vpn.com/data in the browser, the traffic comes to the F5, but F5 redirects this traffic to an external server (with an external url as well). Then it's this external server that transfers the first page of the user requesting authentication for HTTP form based authentication information.

  Thanks in advance to all!

  Hello

  You can have fallback to LOCAL only primary method.

  http://www.Cisco.com/c/en/us/TD/docs/security/ASA/asa90/configuration/gu...

  HTH

  Averroès.

• We cannot draw power ratio cli for single user of VDI which is a member of VDI several groups in Active Directory?

  Hi all

  Is it possible to identify single user VDI which is a member of VDI several groups in Active Directory from power Cli script

  Thank you

  VM2014

  Oops, my mistake. Try this

  Get-ADUser-filter *-MemberOf properties |

  where {$m = $_.} MemberOf | where {$_-match 'app-view'}; $m - not $null - and @($m). {Count - gt 1} |

  Select the Name,@{N='#VDI groups; {E = {$m.Count}}.

  @{N = 'Groups of VDI'; E = {($m | Get-ad group | Select name - ExpandProperty) - join ' | '}}

• I need some information on the use of several groups on or off?

  Hello

  I'm trying to implement several groups to toggle in javafx (one for the radio button) and one for the toggle buttons.

  By choosing one of the option buttons, toggle buttons appear and I need to perform an operation based on the value of the selected toggle button.

  But for me only the radio button failover works.

  The toggle button is to come as being disabled.

  Please help me.

  Can you post a short, independent, good example that demonstrates the problem? The following example works fine for me:

  import javafx.application.Application;
  import javafx.scene.Scene;
  import javafx.scene.control.RadioButton;
  import javafx.scene.control.ToggleButton;
  import javafx.scene.control.ToggleGroup;
  import javafx.scene.layout.HBox;
  import javafx.scene.layout.VBox;
  import javafx.stage.Stage;
  
  public class MultipleToggleGroupExample extends Application {
  
    @Override
    public void start(Stage primaryStage) {
    final ToggleGroup radioButtonGroup = new ToggleGroup();
    final RadioButton rb1 = new RadioButton("Choice 1");
    final RadioButton rb2 = new RadioButton("Choice 2");
    rb1.setToggleGroup(radioButtonGroup);
    rb2.setToggleGroup(radioButtonGroup);
  
    final ToggleGroup toggleButtonGroup = new ToggleGroup();
    final ToggleButton tb1 = new ToggleButton("Choice A");
    final ToggleButton tb2 = new ToggleButton("Choice B");
    tb1.setToggleGroup(toggleButtonGroup);
    tb2.setToggleGroup(toggleButtonGroup);
  
    final HBox root = new HBox(10);
    final VBox radioButtons = new VBox(5);
    radioButtons.getChildren().addAll(rb1, rb2);
    final VBox toggleButtons = new VBox(5);
    toggleButtons.getChildren().addAll(tb1, tb2);
    root.getChildren().addAll(radioButtons, toggleButtons);
  
    toggleButtons.visibleProperty().bind(rb2.selectedProperty());
  
    primaryStage.setScene(new Scene(root, 600, 400));
    primaryStage.show();
    }
  
    public static void main(String[] args) {
    launch(args);
    }
  }
  

• VCenter: User in several groups with different permissions, smaller approvals

  Hello

  We finally hit the use of our VCenter setup where we need to begin to use permissions group instead of the individual user's permissions.  I have set up several groups (QA, automation, App, VCenter users and administrators) for our users.  However - I ran into a problem where a user must be in QA Automation and administrators, and I put the appropriate permissions on a pool of resources (QA - unalterable, automation and administrators full control).

  When you connect as long as user is as VCenter uses by default the * least * permissions for the object being verified and the user has only read-only for the resource pool (and spread points).  Is this expected authorizations and vcenter behavior?  I guess the user must get the permissions for all the groups, they are in.

  Thank you

  Ben

  If you set permissions in vCenter level, then Yes, you need to uncheck spread it to child objects.  What you can do then is add permissions on each individual resource pool.

  Is the ultimate goal only allow these members to have access to resource pools, any VI?

• Several groups of ports with the same VLanID

  Ask a question on peoples experience or knowledge, because we had a little chat here at work. If you have several groups with the same VLanID virtual port in the same cluster, does or that will cause a problem?

  Tom - we do that regularly.

  We have large quantities of VLAN - and often will be have 2 VMs hosted on the same Vlan environments for the purposes of the Dev - but when we move to production, we want to be able to isolate the dependent VMs to the configured network - with the same Vlan in use. . with a name different from the ways that we can quickly determine which is which.

  In addition

  I have hhave 1 vSwitch, with 2 natachasery (set up for tolerance of failure... not load balancing). . 2 groups of ports. . even vLan. . but I can get then Port Group1 to Teddy defauilt 1 and Port Group2, or Teddy bear 2 - which means I can isolate traffic e.. except in an emergency.

• 10g: unable to set the default dashpoard (CheminPortail) to several groups

  Hi all
  
  I am facing a problem while defining the portal path for several groups.
  I have two RPD groups and each group need to have its own default table in the form of ready page.
  
  We use authentication RPD and cannot use the database table to record the CheminPortail for each user or group.
  
  
  What I've tried so far is the following:
  
  We have two groups, Group1 , Group2 , who need to have the default dashboard * \shared\_portal\dashboard1* and * \shared\_portal\dashboard2* respectively.
  
  
  Approach 1: Create a block INIT of Session with the following query:
  Select case when ""="Group1: GROUP ' then '\shared\_portal\dashboard1' another '\shared\_portal\dashboard2' end of the double"
  
  Result: Failure - because all users are directed to "\shared\_portal\dashboard2". Somehow *': group ' * Gets not the affected GROUP.
  
  Even tried to replace ": GROUP ' with"VALUEOF (GROUP)"in the SQL query, however, it did not help."
  
  
  Help to get the same functionality will be appreciated.
  
  
  Kind regards
  Khalid

  Khalid,

  Here you go... use example below and change as you need.

  Create a SESSION - INIT BLOCK with this query... Say CRTAP

  SELECT CASE WHEN ' VALUEOF (NQ_SESSION. GROUP)' = "DASH_usr" THEN "/ shared/test ' WHEN ' VALUEOF (NQ_SESSION. GROUP)' = "DASH_ctr" THEN "test1/shared / ' END OF DOUBLE

  Set it to a variable with the name CHEMINPORTAIL and default to say anything ' / abc / ".

  This will work for sure... You can test this by RPD as well.

  Hope this helps

• JMS server targeted to several groups

  Hello
  
  I am facing a problem with my configuration of JMS in weblogic (version 10.3.4.0). I have two clusters. Following the [practical best JMS | http://forums.oracle.com/forums/message.jspa?messageID=9455261#9455261] I created a JMS server in each server managed within the cluster. I created that one Module JMS with a subdeployment. The JMS Module is for all servers managed within the two groups, and the subdeployment caters to all JMS servers in clusters.
  The JMS module, I created a connection factory targeted the subdeployment, until then everything is ok.
  Subsequently, I try to create a uniform distributed queue (UDQ) targeted the subdeployment and WebLogic throws the following error:
  
  A UDD must target servers within a single cluster or a single stand-alone server, rather than Cluster ClusterA and Cluster b
  
  The only solution I found is to create a JMS-subdeployment Module by JMS server. Is it possible to have just a JMS Module and use it in all the server managed by several groups? or I have to put in place the same parameters (ConnectionFactories + queue quota) in each Module JMS.
  
  Thank you much in advance.
  
  See you soon,.
  Oscar

  Hello

  The error is expected because a UDD is a distributed cluster whose scope is by definition. I think you have two options:

  -Not the best practice: use two different subdeployments in module - one for each set of JMS servers in a specific cluster and configure the number of UDDs couble (with names different mbean, one set per cluster).

  -A recommended best practice: use two different modules - one for each set of JMS servers in a particular cluster, each with a subdeployment and its own set of UDDs.

  I think the best statements of practices something that you use one module per each "homogeneous group of JMS servers. A homogenous whole of JMS servers is a set of servers JMS host (A) run in the same cluster and (B) all the same destinations spread...

  Kind regards

  Tom

  Published by: falls on April 11, 2011 10:07

• Several group

  Hello
  
  Could someone tell me how I might have several group from the different count function?
  Here's what I'm trying to do.
  
  

  select x.prev_categ, x.next_categ,
         count(distinct user_id) as countprev2next,
         count(distinct user_id) as countprev2any,
         count(distinct user_id) as countany2next,
         count(distinct user_id) as countany2any
  (
       select user_id, prev_categ,  next_categ,
                 dense_rank() over (order by prev_categ, next_categ) as rankprev2next,
                 dense_rank() over (order by prev_categ) as rankprev2any,
                 dense_rank() over (order by next_categ) as rankany2next,
                 dense_rank() over() as rankany2any
          from next_categ_data
          where x.prev_categ IS NOT NULL and x.next_categ IS NOT NULL
  )x
  group by x.prev_categ, x.next_categ
  ;

  In the group by clause, I would like to have group by in the following terms:
  (1) prev_categ and next_categ as shown in the query
  (2) only prev_categ
  (3) only next_categ
  (4) user_id
  
  By this motion, I am trying to accomplish the following:
  For example, I have a transaction in which category A is passed to category B.
  I want to count distinct users who moved from category:
  (1) A to B (A2B)
  (2) A to any category (A2X)
  (3) any to B (X2B)
  (4) all for the whole (X2X)
  
  This must be done for all possible transactions.
  

  Sample Data
  create table final as
  
  (
  select 1 user_id,2 product_id,A categ_id, to_Date('1/1/2009','MM/DD/YYYY') dt from dual union all
  select 1 user_id,3 product_id,B categ_id, to_Date('1/1/2009','MM/DD/YYYY') dt from dual union all
  select 1 user_id,4 product_id,C categ_id, to_Date('1/3/2009','MM/DD/YYYY') dt from dual union all
  select 1 user_id,5 product_id,D categ_id, to_Date('1/3/2009','MM/DD/YYYY') dt from dual union all
  select 1 user_id,6 product_id,E categ_id, to_Date('1/3/2009','MM/DD/YYYY') dt from dual union all
  select 1 user_id,7 product_id,F categ_id, to_Date('1/10/2009','MM/DD/YYYY') dt from dual union all
  select 1 user_id,8 product_id,G categ_id, to_Date('1/11/2009','MM/DD/YYYY') dt from dual union all
  
  select 2 user_id,2 product_id,A categ_id, to_Date('1/1/2009','MM/DD/YYYY') dt from dual union all
  select 2 user_id,3 product_id,B categ_id, to_Date('1/2/2009','MM/DD/YYYY') dt from dual union all
  select 2 user_id,4 product_id,C categ_id, to_Date('1/4/2009','MM/DD/YYYY') dt from dual union all
  select 2 user_id,5 product_id,F categ_id, to_Date('1/5/2009','MM/DD/YYYY') dt from dual union all
  select 2 user_id,6 product_id,H categ_id, to_Date('1/6/2009','MM/DD/YYYY') dt from dual union all
  select 2 user_id,7 product_id,F categ_id, to_Date('1/12/2009','MM/DD/YYYY') dt from dual union all
  select 2 user_id,8 product_id,G categ_id, to_Date('1/15/2009','MM/DD/YYYY') dt from dual union all
  
  select 3 user_id,2 product_id,A categ_id, to_Date('1/11/2009','MM/DD/YYYY') dt from dual union all
  select 3 user_id,3 product_id,C categ_id, to_Date('1/12/2009','MM/DD/YYYY') dt from dual union all
  select 3 user_id,4 product_id,B categ_id, to_Date('1/13/2009','MM/DD/YYYY') dt from dual union all
  
  ) ;

  Sample output
  Prev_categ | Next_categ | countprev2next | countprev2any | countany2next | countany2any
  ---------------------------------------------------------------------------------------
    A            B              2                 3              3               3
    A            C              1                 -              3               3
    B            C              2                 2              -               3
    C            B              1                 3              -               3
    C            D              1                 -              1               3
    C            F              1                 -              2               3
    D            E              1                 1              1               3
    E            F              1                 1              -               3
    F            G              2                 2              2               3
    F            H              1                 -              1               3
    H            F              1                 1              -               3

  Could you also tell me how I could make the County be repeated? For example, I want to count 3 to print for the two A to B and a-C
  under column of prev2any.
  
  I appreciate all help.
  
  Thanks again,

  Hello

  You can do it with the analytical COUNT function:

  SELECT DISTINCT
  ,       prev_categ
  ,       next_categ
  ,       COUNT (DISTINCT user_id) OVER (PARTITION BY prev_id
                            ,           next_id
                           )               AS countprev2next
  ,       COUNT (DISTINCT user_id) OVER (PARTITION BY prev_id)     AS countprev2any
  ,       COUNT (DISTINCT user_id) OVER (PARTITION BY next_id)     AS countany2next
  ,       COUNT (DISTINCT user_id) OVER ()               AS countany2any
  FROM       next_categ_data
  WHERE       next_categ     IS NOT NULL
  ORDER BY  prev_categ
  ,       next_categ
  ;
  

  Sorry, I'm not a database now, so I can't test it for 12 hours.

  Looking at the code you posted, it seems as if you were on the right track with the partitions, only you were trying the wrong analytical function.

  You really have a table like next_categ_data? Most people would use a view, if this isn't a subquery for this, unless the query speed was very important.

• Several groups of cfoutput

  I have a report and have need of the results displayed in several groups. The result set of a query, I use the cfoutput with the group attributes tag and the query to display the results (types and number of workers) per meal (lunch and dinner). It works fine but I also need the types of workers grouped (with every meal) by which part of the restaurant, they work in (front, rear, management). To do this within the aforementioned cfoutput tag, I added another tag cfoutput with a second group option. It almost worked, but the problem is that I get only the first row of data for each of the subgroups (where they work) and not all the lines. I tried to add the attribute of the cfquery attribute nested query, but which is not allowed.
  
  This is what we used several nested cfoutput Tags group attributes? Can it be done? If so, what hours I don't hurt. If not, is there another way?
  
  Thank you
  
  Jason
  

  CF will not allow you to embed two query driven cfoutput tags. I posted this question to my group and they were able to answer.

  ANSWER:
  At the lowest level, you want a simple cfoutput without group to this topic.

  Answered by Matt Jones and Brad Wood Group KCDevCore. Thank you guys!

• How to edit several groups in Secure ACS?

  I have 20 or if groups of users with GBA and I want to edit a field in each of them (say I want to change the primary [3076\005] DNS domain in each of them having the same). Is there a way to do this only once (either through download a txt using csutils?), or I have to edit this group at the same time?

  There is a Code of Action (163 - ADD_RADIUS_ ATTR) RDBMS, but it would change only the IETF RADIUS attributes.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_RDBMS.html#wp78074

  I do not believe there is no option to accomplish what you are trying to do...

  You must enter one by one each group and make the necessary changes.

• Restrict access for device groups in ACS 4.0 SE

  I have limitation of logging configured on groups in Cisco ACS 4.0 SE

  Here's what I want to achieve.

  There will be two groups siteA and siteB

  I also create 2 groups of network devices say NDG1 and 2 NDG

  Now in the SiteA users need access to the associcated with NDG1 and NDG2 devices

  But in SiteB users should be able to access only the devices associated with NDG2 and ny ACS should not authenticate them when they try to log on to any device associated with NDG1

  With my current setup, the NGD2 user gets a prompt to user for NDG1 devices.

  Thanks in advance

  Narayan

  Hi Narayan,

  Pls have a look at the next post:

  http://Forum.Cisco.com/eForum/servlet/NetProf?page=NetProf&CommCmd=MB?cmd=pass_through&location=outline@^[email protected]/0#selected_message

  Rgds,

  AK

• Problem of GANYMEDE ACS 4.2 NDG and shell permission sets

  Hi all

  I am trying to solve this problem without success so far. I have fresh GBA 4.2.15 patch 5 ACS installation and I am tryng to deploy to our environment. So I configured a 2960 S to be my test client and everything works well. Problem is when I try to create strategies to fine grains using groups of network devices and shell permission sets.

  I created called ReadOnly and FullAccess authorization of shell games. I also created NDG called FloorSwitches and added my 2960. I have 2 groups of users called FloorSwitchesReadOnly and FloorSwithcesFullAccess. Now, if I have set up a FloorSwitchesFullAccess group and assign the set of permission controls Shell by NDG and then log in to the switch, all my orders are rejected as unauthorized.

  One thing I noticed, is that if I give the command shell permission set it to any device (in the settings of user group) works fine. Or if I create binding with DEFAULT NDG to the Group of users that works too. My conclusion is therefore that the ACS for some reason any does not associate my passage to correct group but is instead the DEFAULT group for some reason any.

  Someone at - it had the similar problem, or is there something I'm doing wrong? Is there another way to achieve such a thing without use of NDG?

  Thank you all...

  Please upgrade to patch 6, there is a bug in the patch 5 and you can see the release notes or the Readme for more information.

  Which is the user setting on while you test command authorization, do you have it set on the group setting?

  Thank you

  Tarik Admani