VPN concentrator to transmit user group information to the IAS server?

All,

the feeling that the answer will be no, but we have replaced our MS RAS server using a VPN 3030 using an IAS server for authentication on a Win2k3 domain. The question we have is that some people share files FCP with people from other groups. HIA just validates the user password and verifies that they are in a private network allowed virtual group, which is then allowing them access more than they should, is it all the same for the hub the information on an IAS to control server as well? If not, does anyone know how to check popular ID using the remote VPN access are in the right group to which they are connected?

Sorry I think I did the above clear as mud!

Do not know your question, but you can cause the IAS server to assign a group to a user by adding the attribute class to a specific IAS security policy. Add class = OU = groupname; (do not omit the semicolon) for the attributes RADIUS IAS policy against which a user will be auth, and this will have an impact to the 3030, which will assign them to the appropriate group.

I hope this helps.

Tags: Cisco Security

Similar Questions

  • Updating the group information in the OID

    Hello
    I want to update the group information in the OID. There are tasks on behalf of dn and group of the container to date i.e. ContainerDN updated to put day and GroupName.
    What should I do to update my other attributes.

    Thank you

    There is an existing adapter to update the attributes of OID group.
    You can reach "OID change group, or role ' with your task of process and your task will be made.

    Hope this helps,
    Sagar

  • howmany oracle user to connect with the oracle server.

    Hi all

    howmany oracle user to connect with the oracle server.
    I want to search for above sentence.

    Select the user name, count (*) from v$ session group by user name;

  • Agent using which the user will connect to the file server?

    Hello

    We have installed odi stanalone agent on the file server. This autonomous agent using which the user will connect to the file server?

    Thank you

    Kondo.

    The user who started the agent in this server.

    Thank you

    Chantal

  • How is it, I don't have a users/groups tab on my ESX Server to create users with permissions web admin?

    I have a server ESX 3 and I am connected using root for the virtual server Centert account.  I want to add a user to access the admin web pages, but there is no users/groups tab when I select the host in the left frame.   No idea why and how can I allowed?

    Thank you

    Your vCenter server is a member of this domain?  If so, you can add users directly.  If this isn't the case, then you must go to your Vcenter windows machine.  Create local windows inside of vCenter machine users.  Then, use these user accounts to apply permissions on virtual machine objects in the vi client.

    -KjB

    VMware vExpert

  • Creation of user groups to access the files on cloud

    I am looking to buy Adobe Document cloud and got answers to some questions already.  Once I have create a file and transferred to the cloud, I want to create users so that they can log the cloud with their username and password so that they connect once to the cloud announcement see the documents, can I have a receipt that will tell me who accessed the file , what day and time.  I can do within the program, or I do connect to the cloud as an administrator and create new users to the breast from there?

    Hey, Rohan,.

    Yes, you are right, but with the function Send & track you will only be able to see the number of number of downloads (how can time this file has been downloaded) not the number of views.

    Kind regards

    Nicos

  • Hi I updated to Lightroom CC on my MBP (El Capitan) and I met permission issues... I tried to access the various Library folders to change the permissions of user group (according to the instructions from Adobe) but on the last set of permissions.

    (Sorry I seem to have accidentally pressed on enter...) My Library Caches file does not contain an adobe folder. What is the cause of my problems open Lightroom? and if so, how to fix?

    Thank you very much

    (Sorry for the disjointed text character).

    Dan

    See answer #7 here: Re: update on CC (for PS, LR and bridge) online and met a permissions problem with LR on three dossiers?

  • Windows 7 Pro PPTP VPN 807 error and does not connect to the remote server, XP machine connect without problems

    I'm just set up my new windows 7 laptop (Dell Precision M4400) running windows 7 Professional and VPN are not working, they're always bombing with error 807.  "The connection between your computer and the VPN server was interrupted."

    I created a PPTP connection in order to connect to my workplace and connecting I continually receive an 807 error.

    To check my internet etc is work that I have connected to the same place through my existing XP laptop computer (DELL precision M4300) which has the same VPN settings.  Everything connects aok.

    I'm also running ESET as my anti-virus and firewall and that you have disabled it to test (normally I have no problem running this and is also running on my XP laptop).  I also confirmed that windows firewall is turned off.

    I connect wireless at home, internet works fine, firewall has not changed at each end (I manage both ends) and such noted works for my machine also running more XP wireless.

    Hello

    Welcome to Microsoft Windows 7 answers Forum!

    Note to resolve this problem, we have a support professionals who are well equipped with the knowledge on Windows 7 issues, do please visit the link provided below.

    http://social.technet.Microsoft.com/forums/en/w7itprovirt/threads

    Hope this information is useful.

    Thank you, and in what concerns:

    Suresh Kumar-Microsoft Support.

    Visit our http://social.answers.microsoft.com/Forums/en-US/answersfeedback/threads/ Microsoft answers feedback Forum and let us know what you think

  • Need a powershell script to create a local user on esx given the esx server list box

    Hello

    I need a powershell script to create a local user on esx in a given list entry of esx servers through a csv spreadsheet. The script should ask me the user name and the password for the user name to be created on the given list of esx servers.

    Thanks in advance!

    Just noticed that there is a lack of vacuum after the - password parameter.

    It should be

    $userName = Read-Host "Username"
$password = Read-Host "Password" -AsSecureString:$true
Import-Csv "C:\vmhosts.csv" | %{
     Connect-VIServer -Server $_.Hostname -Credential (Get-Credential)
     New-VMHostAccount  -Id $userName -Password $password -UserAccount:$true -GrantShellAccess:$true -Confirm:$false
     Disconnect-VIServer -Confirm:$false
}

    ____________

    Blog: LucD notes

    Twitter: lucd22

  • Grouping/HA for the content server

    Hello.


    Is it possible to operate the ACS in clustered environment (including all nodes a database storage and shared)? I would prepare a HA for ACS solution and would like to know if I can get two tomcats on two nodes running simultaneously or in stand by hot cluster?

    TIA,


    R.

    The only service which is (should be) directly facing the end user is the runtime.  Packaging is used to add books to your content server, Admin is used for the management - these two must be behind your firewall.

  • Why Dreamweaver CS6 invite me to enter information on the subversion server?

    I can't access the files on my server because I set the version control settings. I don't have that and I don't need to my other computer.

    When DW starts acting weird, the first thing to try is delete the Cache of corrupt in DW

    http://forums.Adobe.com/thread/494811

    If this does not help, try to restore preferences

    http://helpx.Adobe.com/Dreamweaver/KB/restore-preferences-Dreamweaver-CS4-CS5.html

    If all else fails, use the tools in cleaning of CC below followed by a re - install software.

    http://helpx.Adobe.com/Creative-Suite/KB/CS5-cleaner-tool-installation-problems.html

    Nancy O.

  • How to get information from the database server log?

    Oracle 9.2 UNIX
    We got an error block in the database of production last midnight for 40 minutes and nothing has been treated during this time which delayed our process by lots of night production. Then he disappeared after 40 min. I would like to know what was going on during this time in the database. My question is where can I find an error in the database server? In bdump? Appreciate any ideas.

    Thank you
    S.

    If you have jobs regularly collect statspack report, then it will be easier to troubleshoot. You can just pull the report of the time period.

    A couple of things you can check if there is a problem of storage during the time, as a backup or other work running took all storage OS, so Oracle hung because no space for archiving of newspapers. Usually it will record errors in the alert.log, but if bdump as complete destination, the error will not be recorded.
    Check the activity of the BONE during the time, which is CPU and IO activity. See if you have installed and configured sar
    Check the message of OS file.

  • How to set a user/group in BIEE11G by information stored in DB

    Hello world

    I use OBIEE11.1.1.6,

    I would like to ask is there nothing to achieve this requirment:

    I stored user/group information in DB, format as follows:

    USER GROUP ID
    1. A G1
    2B G2

    so can we get information from the DB, then we put this information BIEE safe?

    That is to say, we can access BIEE user stored in DB. and the GROUP can be used BIEE safe.

    Thank you in advance!

    Hello

    In your condition is called authentication of external table.

    http://www.rittmanmead.com/2012/03/OBIEE-11g-security-week-connecting-to-Active-Directory-and-obtaining-group-membership-from-database-tables/

    Yes, we can do the same way in 11g

    Reference: http://varanasisaichand.blogspot.in/2011/09/external-table-authenticationorder-of.html

    Steps: 1. create the session initialization block below.

    ex: -.
    Select USER_NAME from obi_security_users
    where UPPER (USER_NAME) = UPPER(':USER')
    and USER_PASSWORD = ": PASSWORD"

    Allocation of points, it is useful.

    Thank you
    Satya

  • How to value information about AD SOA payload user groups

    Hello

    We strive to implement a composite SOA that retrieves the value of the 'user group details of the announcement' in the query dataset for AD user in a coating of Java inside the composite SOA. Here's the code we are trying

    If (attrName! = null & &! attrName.isEmpty () & & attrName.equals ("AD User Group Details")) {}
    entityName = attr.getValue (m:System.NET.SocketAddress.ToString ());
    }

    We get the null pointer exception in the line of getValue. We entered the value of this attribute while increasing demand. The getValue function works for other attributes are of type simple String a single value. However, for this attribute, which is a form of the child in the dataset query gives with the exception of null pointer.

    Please provide pointers.

    Thank you
    Séverine Swaroop

    Yep thanks to open a new thread and close it with responded. I already have a few details on your use case. :-)

    -BB

  • problem of traffic flow with tunnel created the network with a tunnel to a VPN concentrator

    Hi, I worked with Cisco and the seller for 2 weeks on this.II am hoping that what we are witnessing will ring a Bell with someone.

    Some basic information:

    I work at a seller who needs from one site to the other tunnel.  There are currently 1 site to another with the seller using a Juniper SSG, which works without incident in my system.  I'm transitioning to routers Cisco 2811 and put in place a new tunnel with the seller for the 2800 uses a different public ip address in my address range.  So my network has 2 tunnels with the provider that uses a Cisco VPN concentrator.  The hosts behind the tunnel use 20x.x.x.x public IP addresses.

    My Cisco router will create a tunnel, but I can't not to hosts on the network of the provider through the Cisco 2811, but I can't get through the tunnel of Juniper.  The seller sees my packages and provider host meets them and sends them to the tunnel.  They never reach the external interface on my Cisco router.

    I'm from the external interface so that my endpoint and the peers are the same IP address.  (note, I tried to do a static NAT and have an address of tunnel and my different host to the same result.)  Cisco has confirmed that I do have 2 addresses different and this configuration was a success with the creation of another successful tunnels toa different network.)

    I tested this configuration on a network of transit area before moving the router to the production network and my Cisco 2811 has managed to create the tunnel and ping the inside host.  Once we moved the router at camp, we can no longer ping on the host behind the seller tunnel.   The seller assured me that the tunnel setting is exactly the same, and he sees his host to send traffic to the tunnel.  The seller seems well versed with the VPN concentrator and manages connections for many customers successfully.

    The seller has a second VPN concentrator on a separate network and I can connect to this VPN concentrator with success of the Cisco 2811 who is having problems with the hub, which has also a tunnel with Gin.

    Here is what we have done so far:

    (1) confirm the config with the help of Cisco 2811.  The tunnel is up.  SH cyrpto ipa wristwatch tunnel upward.
    (2) turn on Nat - T side of the tunnel VPN landscapers
    (3) confirm that the traffic flows properly a tunnel on another network (which would indicate that the Cisco config is ok)
    (4) successfully, tunnel and reach a different configuration hosting
    (5) to confirm all the settings of tunnel with the seller
    (6) the seller confirmed that his side host has no way and that it points to the default gateway
    (7) to rebuild the tunnel from scratch
    8) confirm with our ISP that no way divert traffic elsewhere.  My gateway lSP sees my directly connected external address.
    (9) confirm that the ACL matches with the seller
    (10) I can't get the Juniper because he is in production and in constant use

    Is there a known issue with the help of a VPN concentrator to connect to 2 tunnels on the same 28 network range?

    Options or ideas are welcome.  I had countless sessions with Cisco webex, but do not have access to the hub of the seller.  I can forward suggestions.

    Here's a code

    crypto ISAKMP policy 1
    BA 3des
    md5 hash
    preshared authentication
    Group 2
    !
    crypto ISAKMP policy 2
    BA 3des
    preshared authentication
    Group 2

    Crypto ipsec transform-set mytrans aes - esp esp-sha-hmac

    Crypto-map dynamic dynmap 30
    Set transform-set RIGHT

    ISAKMP crypto key address No.-xauth

    interface FastEthernet0/0
    Description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE $ 0/0
    IP 255.255.255.240
    IP access-group 107 to
    IP access-group out 106
    NAT outside IP
    IP virtual-reassembly
    route IP cache flow
    automatic duplex
    automatic speed
    crypto mymap map

    logging of access lists (applied outside to get an idea of what will happen.  No esp traffic happens, he has never hits)

    allowed access list 106 esp host host newspaper
    106 ip access list allow a whole
    allowed access list 107 esp host host Journal
    access-list 107 permit ip host host Journal

    access-list 107 permit ip host host Journal
    107 ip access list allow a whole

    Crypto isa HS her
    IPv4 Crypto ISAKMP Security Association
    status of DST CBC State conn-id slot
      QM_IDLE ASSETS 0 1010

    "Mymap" ipsec-isakmp crypto map 1
    Peer =.
    Extend the 116 IP access list
    access - list 116 permit ip host host (which is a public IP address))
    Current counterpart:
    Life safety association: 4608000 kilobytes / 2800 seconds
    PFS (Y/N): N
    Transform sets = {}
    myTrans,
    }

    OK - so I have messed around the lab for 20 minutes and came up with the below (ip are IP test:-)

    (4) ip nat pool crypto-nat 10.1.1.1 10.1.1.1 prefix length 30 <> it comes to the new address of NAT

    !
    (1) ip nat inside source list 102 interface FastEthernet0/0 overload <> it comes to the interface by default NAT

    !
    IP nat inside source map route overload of crypto-nat of crypto-nat pool <> it is the policy of the NAT function

    !

    (6) access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 <> defines the IP source and destination traffic

    !

    (2) access-list 102 deny ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 <> does not NAT the normal communication

    (3) access-list 102 deny ip 10.1.1.1 host 172.16.2.0 0.0.0.255 <> does not re - NAT NAT

    (1) access-list 102 permit ip 172.16.1.0 0.0.0.255 any <> allows everyone else to use the IP Address of the interface for NAT

    !

    (5) crypto-nat route-map permit 5 <> condition for the specific required NAT
    corresponds to the IP 101 <> game of traffic source and destination IP must be NAT'td

    (7) access list 103 permit ip 10.1.1.1 host 172.16.2.0 0.0.0.255 <> crypto acl

    Then, how the works above, when a package with the what IP 172.16.1.0/24 source wants to leave the router to connect to google, say the source will change to IP interface (1).  When 172.16.1.0/24 wants to talk to172.16.2.0/24, it does not get translated (2).  When the remote end traffic equaled the following clause of NAT - the already NAT'td IP will not be affected again (3) when a host 172.16.1.0/24 wants to communicate with 172.16.2.20/24 we need a NAT NAT specific pool is required (4).  We must define a method of specific traffic to apply the NAT with a roadmap (5) which applies only when the specific traffic (6), then simply define the interesting traffic to the VPN to initiate and enable comms (7) corresponding

Maybe you are looking for