The ACS user groups

Similar Questions

• Several downloadable ACLs by ACS user group

  It is possible to map several downloadable ACLs to a single user or group of users use ASA and ACS?

  For example, you have an ACL controlling access to servers (ACL A) and another ACL (ACL B) internet access. Is it possible to assign several ACL to a group of users, such as user group can only access the servers, while the user group B can access servers and internet (ACL A + B ACL)?

  Thank you and best regards.

  George,

  The user and group settings only would allow you to select only a single instance of DACL list at once.

  http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a0080a9eddc.shtml#configuringtheserverwitfddhias

  Kind regards

  Jousset

  The rate of useful messages-

• AAA RADIUS authentication for the only user group

  Hello

  I use ACS3.1 and tries to use authentication radius for all network switches in my company.

  Meet the im problem now is how to restrict only a user group to access the connection/exec switches? It seems that all user IDS in my acs able to telnet (user access) to the switch (using their login credentials).

  I would like to limit still from telnet by using their ID except administrator group.

  Counsel on how this is possible.

  TKS!

  The GBA, you need admin users in their own ACS group separated, leaving other users in their own group also.

  Change the group that contains the users you don't want to give access to and under the heading of restricted access network (OAN), in "Group defined Network Access Restrictions", check the "Define based on IP access restrictions", choose "Rejected the call point" and enter switches in the table below (put a * in the port and address).

  This prevents standard users authentication to switches. You can add all your switches in a group of network devices (NDG) to this, then you have to add that, in the section NAR rather than adding each switch individually.

• Access to the ACS SPECIFIC group router

  I want allows you to control access to all of our routers and switches Cisco GANYMEDE. I have a Cisco ACS device that can be used for centralized management accounts of the engineer. The ACS server, however, also used to store our business users VPN accounts.

  Can I restrict access to routers and switches only to users in the Group of engineers on the ACS server?

  Hello

  If you use ACS 4.x, limiting access through Restrictions on access network (NARS) could help you:

  http://www.Cisco.com/en/us/products/sw/secursw/ps2086/products_tech_note09186a0080858d3c.shtml

  I would like to know if this helps, or alternatively if you use DCC 5 (in which case the scenario is a little different).

  Kind regards

  Fede

  --

  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

• Logged in as admin. Cannot change the domain users group to the domain administrator

  My domain administrator is defined as a domain user and I want to change it to domain administrator. The groups gathered outside the account > users > Admin > groups section.

  Hello Tripline,

  Please provide number and firmware version of your ReadyNAS model.

  What's your ReadyNAS built-in AD? The ReadyNAS will simply copy the accounts of the ADS in your ad. Existing domain user, 'Administrator' should be adjusted to have administrator rights. I guess you should change everything first, and then integrate the NAS again to the AD.

  Kind regards

• What is the name of the table that stores the APEX User Group

  Hello
  
  -J' created 2 users (user1, user2) APEX [Developer = NO & admin = NO]
  -also created 2 user group, say Admin & General
  
  and then have assigned User1 to the Admin group
  and user2 in the general group.
  
  I am able to find the list of the users of APEX_WORKSPACE_APEX_USERS, but the groups aren't there.
  How to check for groups of users whose individual end-user belongs to... I mean the name of the TABLE...
  
  Thank you
  Deepak

  Hello

  I missed the post read first
  Point of view is WWV_FLOW_GROUP_USERS

  BR, jari

  Published by: jarola on January 14, 2010 12:47 AM

  Published by: jarola on January 14, 2010 12:48 AM

• ACS 4.1 engine lists NT but not the NT users groups

  Hello

  I have the following problem. I can access using remote agent Win NT ad groups but the GBA engine does not list users in groups after ACS group mapping. What could be the problem?

  AD runs on Win 2 K sp4.

  Hello

  ACS does not list the user in the groups until you do 1st authentication with this user.

  Then ACS will list the user as a user "mapped Dynamics" in this group.

  Concerning

  Rohit Chopra

• Domain users do not have local administrator rights, although I already added them in the local Administrators group

  I gave my domain users with local administrator rights. But they do not get the Control Panel, rights to open the network and sharing Center, and they could not change the registry... etc what is the solution for this? domain administrator I could be able to make any changes in this PC. We are facing this problem in all of our VMWare PC 7 on windows. I tried to add everyone in the local system Local Administrator and add the domain users group to the local administrator groups, but no luck...

  This issue is beyond the scope of this site and must be placed on Technet or MSDN

  http://social.technet.Microsoft.com/forums/en-us/home

  http://social.msdn.Microsoft.com/forums/en-us/home

• Printers under the original user have the printer properties grayed out for new users, even if they are members of the Administrators group

  Windows 7 Pro 64 bit (and 32-bit) Setup on the domain.
  The domain users group is added to the local Administrators group.
  Printers are installed under the first domain user.  These aren't the printers shared, but local usb printers or printers attached to the tcpip port and driver installed.
  All right.
  Users in the second domain is connected to the computer.  They are part of the local Administrators group, because they are part of the domain users group.
  They're going to look at the properties of the printer and almost everything is grayed out.
  Why?  Because they are part of the local Administrators group, they should not have full access?
  I look at security for printers and I don't see the first person in the list because it was created with their profile, but I also see local administrators that this new user belongs to a group.  Now I can take everyone and increase the rights and then log in as a new person and they can then change the properties, but why can't new users "who are admins the" does not alter the properties?
  Thanks in advance for your help.

  Hi Gsaunders,

  If the computer is connected to the domain network then the question you posted would be better suited in the TechNet Forums. I would recommend posting your query in the TechNet Forums.

  http://social.technet.Microsoft.com/forums/Windows/en-us/home?category=w7itpro&filter=AllTypes&sort=lastpostdesc

  It will be useful.

• Why the ACS is blocking my connection to the Console?

  I have aaa to my SWs one routers, but wen my server goes down that I can't have access to the console port.

  My config is attached and debug aaa authorization.

  These are debugs it for each access: Telnet user, consoling Ganymede user Ganymede and testing of Pentecost the local user.

  Telnet access

  Oct 15 01:03:09: AAA: analyze name = tty2 BID type =-1 ATS = - 1

  Oct 15 01:03:09: AAA: name = tty2 flags = 0 x 11 type = 5 shelf = 0 = 0 = 0 = channel 2 = 0 port adapter slot

  Oct 15 01:03:09: AAA/MEMORY: create_user (0x2778E84) user = ruser 'NULL' = 'NULL' ds0 = 0 port = 'tty2' rem_addr'10.10.10.23 = 'authen_type = ASCII service = CONNECTION priv = 1 initial_task_id = ' 0', vrf = (id = 0)

  Oct 15 01:03:10: CDP-4-NATIVE_VLAN_MISMATCH %: incompatibility of VLAN native on GigabitEthernet0/37 (102), was discovered with tst1-s2 GigabitEthernet0/1 (1).

  Oct 15 01:03:11: AAA/MEMORY: free_user (0x28E1BFC) user = ruser 'ACS-USER' = 'NULL' port = 'tty2' rem_addr = '10.10.10.23' authen_type = ENABLE priv = 15 = ASCII service

  Oct 15 01:03:13: AAA/MEMORY: free_user (0x2778E84) user = ruser 'ACS-USER' = 'NULL' port = 'tty2' rem_addr = '10.10.10.23' authen_type = ASCII = priv = 1 CONNECTION service

  Access to consoles (work of Pentecost the ACS user)

  Oct 15 01:08:57: AAA: analyze name = tty0 BID type =-1 ATS = - 1

  Oct 15 01:08:57: AAA: name = tty0 flags = 0 x 11 type = 4 shelf = 0 = 0 = 0 = 0 = 0 channel port adapter slot

  Oct 15 01:08:57: AAA/MEMORY: create_user (0x28AA8E4) user = ruser 'NULL' = 'NULL' ds0 = 0 port = "tty0" rem_addr = "async" authen_type = service ASCII = CONNECTION priv = 1 initial_task_id = '0', vrf = (id = 0)

  Oct 15 01:09:11: AAA/MEMORY: free_user (0x27C0DC4) = user tweak "ACS-USER" = "NULL" port = "tty0" rem_addr = "async" authen_type = ASCII service = ENABLE priv = 15

  Oct 15 01:09:18: AAA/MEMORY: free_user (0x28AA8E4) = user tweak "ACS-USER" = "NULL" port = "tty0" rem_addr = "async" authen_type = ASCII = priv = 1 CONNECTION service

  Access console (not working whit the local user)

  Oct 15 01:05:24: AAA: analyze name = tty0 BID type =-1 ATS = - 1

  Oct 15 01:05:24: AAA: name = tty0 flags = 0 x 11 type = 4 shelf = 0 = 0 = 0 = 0 = 0 channel port adapter slot

  Oct 15 01:05:24: AAA/MEMORY: create_user (0x27C1310) user = ruser 'NULL' = 'NULL' ds0 = 0 port = "tty0" rem_addr = "async" authen_type = service ASCII = CONNECTION priv = 1 initial_task_id = '0', vrf = (id = 0)

  Oct 15 01:05:36: AAA/MEMORY: free_user_quiet (0x27C1310) = user tweak "LOCAL_USER" = "NULL" port = "tty0" rem_addr = "async" authen_type = 1 = 1 = 1 private service

  Oct 15 01:05:36: AAA: analyze name = tty0 BID type =-1 ATS = - 1

  Oct 15 01:05:36: AAA: name = tty0 flags = 0 x 11 type = 4 shelf = 0 = 0 = 0 = 0 = 0 channel port adapter slot

  Oct 15 01:05:36: AAA/MEMORY: create_user (0x28D201C) user = ruser 'NULL' = 'NULL' ds0 = 0 port = "tty0" rem_addr = "async" authen_type = service ASCII = CONNECTION priv = 1 initial_task_id = '0', vrf = (id = 0)

  Oct 15 01:06:09: AAA/MEMORY: free_user_quiet (0x28D201C) = user tweak "NULL" = "NULL" port = "tty0" rem_addr = "async" authen_type = 1 = 1 = 1 private service

  Oct 15 01:06:09: AAA: analyze name = tty0 BID type =-1 ATS = - 1

  Oct 15 01:06:09: AAA: name = tty0 flags = 0 x 11 type = 4 shelf = 0 = 0 = 0 = 0 = 0 channel port adapter slot

  Oct 15 01:06:09: AAA/MEMORY: create_user (0 x 2773004) = user tweak 'NULL' = 'NULL' ds0 = 0 port = "tty0" rem_addr = "async" authen_type = service ASCII = CONNECTION priv = 1 initial_task_id = '0', vrf = (id = 0)

  Oct 15 01:06:41: AAA/MEMORY: free_user (0 x 2773004) = user tweak "NULL" = "NULL" port = "tty0" rem_addr = "async" authen_type = ASCII = priv = 1 CONNECTION service

  Thanks for your help.

  Change your orders

  AAA of default login authentication group Ganymede + activate

  the AAA authentication enable default group Ganymede +.

  TO

  AAA authentication login default group Ganymede + local

  the AAA authentication enable default group Ganymede + activate

  Kind regards

  Prem

  Please if it helps!

• TOSHIBA Power Saver does not work with the limited user account

  Hello
  This same question has been posted in 2006 - not by me - with no successful response. I try again.
  If you create a user with the account of restrictions (member of the local USERS group) under XP, it cannot manage or power options Windows embedded and the Toshiba Power Saving tool.
  I managed, working on the file and registry permissions, to have power options Windows works. But I can not yet launch the Toshiba Power Saving tool, it always skip - rises the box 'you have no rights. "

  Is there really anything I can do to work around this problem?

  Thank you

  Yes:

  Log in as administrator
  Run the Toshiba Power Saver
  Go to "configuration Options".
  Check "Allow Limited user to change settings"

• I can't start PC error "user group be found."

  Original title: problem with user profile

  I can't boot the PC, user group is not found. The data is there, but I can't. Most likely a virus.  I ran virus apps but nothing helped.  Any help appreciated.

  Hello, Mike,.

  See if this helps:

  Unable to view or add trusted domain security principals are "members of" Properties tab

  http://support.Microsoft.com/kb/237905

  If you think that malicious software, restart your computer and start typing the F8 key

  Select Mode safe mode with networking

  Download the following tool and run a full scan

  http://www.Microsoft.com/en-US/Download/details.aspx?ID=16

  When you're done, restart and Windows loading

  You can also try to create a new user profile.  A test to see if the same problem arises when you use the new profile.  If this is not the case, your may be damaged.

  Difficulty of a corrupted user profile

  http://Windows.Microsoft.com/en-us/Windows-Vista/fix-a-corrupted-user-profile

• ASA LDAP is not find memberOf Active Directory domain users group

  It seems that any group I have add an account for the ldap memberOf thinks it is except for the domain users group. Is there a specific exclusion of this group somewhere? It does not seem to be a problem with space in name, because if I test it with other default groups like domain administrators, it works. I get the same result of the ldap attribute card as long as you try to use the domain users group in a DAP policy. Debugging ldap 255 returns every other group membership for an account with the exception of users in the domain.

  When I run the command "sh filter LDAP ad 'Domain' group ' is the domain users group in the list of results, so he is able to see it and it exists."

  Please see the attached link under primaryGroupID, which states that the Domain Users group is not part of the memberOf attribute. http://msdn.microsoft.com/en-us/library/ms677943.aspx That explains why the mapping fails for any Domain Users as seen in the debugs

• Remove access from unwanted users/groups

  Hi all
  
  We have a planning Application test for the arrest trial, we have created several groups, users and implemented (access to members and forms) for them. The same application now wants migate in the Production;
  
  now the question is, here the Test users, groups and their commissioning (access to members and forms) also migrates or not in migration planning applciation?.
  
  
  IF yes how to remove specific user and available (access to members and forms) to the group in the Planning?
  
  We use the Hyperion 9.3.1
  
  Thanks in advance,
  
  Published by: user12865804 on June 20, 2010 06:35

  How to export all the access permissions, update the export file to delete users/groups is more, you need, then use safety of importation with the [SL_CLEARALL] parameter so that it clears all the security and care of your new security file. (Make sure that you have a recent backup of the application before you destroy security)

  See you soon

  John
  http://John-Goodwin.blogspot.com/

• Report by user group links

  Hi, is it possible to define the 'report links' by user group
  
  for example, the report links are download, user group discount sales.
  
  report links are download, update and change to the admin user group sales.
  
  I just want to know if this is possible.
  
  Thank you!

  If "Sales" do not have the privilege of answers, then the "Modfiy" link will not be returned even if specified for the query. So you can just keep him and he will see all users who have access to the answers. Read only users (i.e. no responses) will not.

  See you soon,.
  C.