Windows Active Directory

Can I use Radius AAA on an ASA 5505 to block outbound access by user name of users in a group? Thank you

Hello

I think you might be interested on the verification of the new feature of 8,4 ASA: Firewall identity

Identity of firewall

Generally, a firewall is not aware of the identity of the user and, therefore, impossible to implement identity-based security policies.

The identity of the ASA firewall provides more granular control of access based on the identity of users. You can configure access rules and security policies based on the user and groups rather than name names by source IP addresses. The ASA applies security policies based on an association of IP addresses to the Windows Active Directory connection information and reports on the events based on the names of mapped instead of IP addresses of network users.

Identity firewall integrates with the Active Directory window in conjunction with an external Agent of Active Directory (AD) that provides the mapping of the real identity. The ASA uses Windows Active Directory as a source to retrieve the identity information of the current user for specific IP addresses.

In a company, some users log on the network using other authentication mechanisms, such as authentication with a web portal (passage of proxy) or by using a VPN. You can configure the firewall of identity to allow these types of identity-based authentication under access policies.

We introduced or modified the following commands: user-identity enable user-default-domain identity, user-identity domain, logout-probe user-identity, user-identity inactive-user-timer, user-identity poll-import-user-group-timer, user-identity netbios-response-fail action, user-identity user-not-found, user-identity ad-agent-down action, user-identity action mac-address-mismatch, user-identity domain-controller-down action, user-identity ad-agent active-user-database, user-identity ad-agent hello-timer, user-identity ad-aaa-server agent, user-identity update user import-, user-identity static user, ad-agent-mode, dns domain-lookup, dns poll-timer , dns expire-entry-timer, user of the object-group, show the identity of the user, see the dns, Configure clear - user identity, clear dns, debug the identity of the user agent test ad-aaa-Server.

Please find the Configuration Guide Chapter referring to the firewall attached identity.

Hope that does you in the right direction.

Kind regards.

Tags: Cisco Security

Similar Questions

  • Setting of Windows Active Directory LDAP in OBI

    Hello

    I wonder if someone has an experience of connection authentication active directory windows in BI of Oracle 11 g 11.1.1... Release. I have set up the LDAP with Microsoft AD (2003 Server) Protocol but I can connect with the main single user (who is a member of the ad group), but I can't connect through any other user in this group.

    I appreciate any advice/help in this regard.

    Hello
    Not this one.please check it you LDAP team and get the

    good user and details of group objects. If you have permission you are LDAp server you find the user and group

    and then just right click and select object tab here you could see * (look at the canonical name of the object) * this path of the particular user structure... also you can generate the file LDIF.txt and find you're object.

    Thank you

    Deva

  • MS-Windows Active Directory

    Version of forms: Forms [32 bit] Version 10.1.2.3.0 (Production)

    Is there a way to access Active Directory of MS Windows in my version of forms?


    Thank you

    Added the: my goal is to save a database table referenced on the Directory user active directory.

    Published by: DM 6 Sep, 2010 15:08

    Active Directory users are stored in a LDAP directory. a simple way would be to use the dbms_ldap package:

    http://download.Oracle.com/docs/CD/B10501_01/AppDev.920/a96612/d_ldap2.htm#1019412

    for example:
    http://www.Oracle-base.com/articles/9i/LDAPFromPLSQL9i.php

    see you soon

  • Version of Cisco ACS 5.1.0.44.3 integrate with active directory server from Microsoft windows 2012?

    Version of Cisco ACS 5.1.0.44.3 integrate with active directory Microsoft windows 2012 R2 server?

    Unfortunately, it does not support R2 2012

    5.1 ACS supports all editions of:

    Windows Active Directory (AD) 2000

    Windows AD 2003

    Windows AD 2003 R2

    Windows AD 2008

    Source

    Windows AD 2012 R2 is supported after ACS 5.5 patch 1 and following.

    Source

    Please find below the steps to go from 5.1 to 5.5 hotfix 1:

    STEP FILE COMMAND
    Apply the 5.1 patch 6 5-1-0-44 - 6.tar.gpg ACS patch install repository 5-1-0-44 - 6.tar.gpg ftp_repository_name
    Apply 5.3 ACS_5.3.0.40.tar.gz application upgrade ACS_5.3.0.40.tar.gz ftp_repository_name
    Apply the patch 5.3 8 5-3-0-40 - 8.tar.gpg ACS patch install repository 5-3-0-40 - 8.tar.gpg ftp_repository_name
    Apply the sharp Patch Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg ACS patch installs Pointed-PreUpgrade -CSCum04132- 5-3-0 - 40.tar.gpg repository ftp_repository_name
    Apply 5.5 ACS_5.5.0.46.tar.gz application upgrade ACS_5.5.0.46.tar.gz ftp_repository_name
    Apply the patch 5.5 1 5-5-0-46 - 1.tar.gpg ACS patch install repository 5-5-0-46 - 1.tar.gpg ftp_repository_name

    Best regards ~ jousset

  • MRI / sealing server / authentication / Active Directory

    Hello

    I want to use 11g "Sealing Server" to unsealing documents.

    Documentation:
    "The current version supports basic HTTP authentication.
    http://download.Oracle.com/docs/CD/E17904_01/user.1111/e12326/isvsealedcontent002.htm#sthref46

    Is it posible to use authentication Windows Active Directory with "sealing Server?


    Thank you.

    Hello

    The authentication scheme supported only for sealing services is basic authentication.

    Kind regards
    Frank.

  • Users Active directory in R12.1

    Hi guys,.

    can you please provide with the best strategy or notes metalink to integrate or to put my Windows Active Directory in EBS R12.1 users

    Thanks in advance.

    Hi user;

    Your welcome. If you think you have your answer please change the status of the thread to answer, he pretend to wasting time in other forums users while they are searching open question which remains unanswered.

    Respect of
    HELIOS

  • Open migration to Active Directory directory Windows vs Mac

    OK, so I help my old school to their IT needs, because they do not have a person hired for this role.

    Currently, they have a center where the staff use computers based on Windows 10 10 (systems of Core 2 Duo, especially assembled; all about 3 years) connected to a Windows 2008 Server (from Dell; about a year). As the institution wishes to expand the computers available to their staff (from 90), my suggestion was to move to Mac (probably 11 '' MBAs), with a MacBook Pro 15 "is the duty of the server.

    This migration can be done in one shot and would happen progressively (probably MBAs purchased each year for the next four years, 20-25).

    The current configuration is that there is a local + Admin user configured on each of the 10 Windows PC - based, with all personnel having access to the user not local administrator.

    In order to facilitate the management, I would like to move to the logons on the network, as we begin our migration to a Mac OS environment.

    Should we configure AD on Windows Server and bind it as MBAs, and when to buy us, with the final being the MBP 15 "for server-buying functions, or is it possible we can get the MBP 15" now and use Open Directory and binding the existing 10 10 Windows-PC with the macOS Server?

    NOTE: The school operates Google Apps, and all employees have a Google Apps account with a custom domain name.

    You can't link PCs to Open Directory without using 3rd - Party (page). In addition, depending on the operating system will not work reliable? You'd have to trial it first. Beyond bond and provide a home folder there will be nothing else. No management, no policies etc Open Directory to your PC.

    Support way to achieve this is to use Active Directory and complete with OD to manage your estate of mac only. Again, you can apply GPOS for Mac without 3rd - Party help which can be very expensive.

    Not that it's something that you would consider - although you could do? It may be preferable to go ' all the mac "If your intention is to switch to Mac OS. If your PC using the software that is available only for PCs consider using virtual machines on your Mac to keep this aspect of the school.

    My 2 p

  • Active directory Migration from Windows Server 2003 to Windows server 2012

    Hi all

    Currently, I use the windows Server 2003 R2 Enterprise SP2 with AD, DNS and DHCP server. I want migration of these services to new fresh Windows Server 2012 R2 Standard machine. I migrate to active directory after this statement: http://social.technet.microsoft.com/wiki/contents/articles/22249.migrate-active-directory-from-windows-server-2003-r2-to-windows-server-2012-r2.aspx, he gets with success, but the IP configuration on the source server not migrated to the destination server. So, all of you know that why the source server IP configuration cannot migrate to the destination server?

    Help please give me an advice.

    Thank you

    Hello

    Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.

    http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

    TechNet forums:

    https://social.technet.Microsoft.com/forums/en-us/home

    MSDN forums:

    https://social.msdn.Microsoft.com/forums/en-us/home

    See you soon.

  • Connection error Active Directory Windows Server R2 2012

    Hello

    That's my problem, I have two servers both running Windows Server R2 Datacenter 2012 I installed AD - DS on one of them and allow the installation to configure the DNS settings, this server is also a DHCP server. On the server I want to connect to AD, I address DNS pointing to my AD server which is 192.168.1.60 and it's also getting an IP address from the DHCP server. But it connects to Active Directory, when I try the ping command on the domain name which is yewman.email he's trying pings an external IP address (which is my public ip address because I also have the yewman.email of real estate) how to fix this? It's the mistake of connection AD:

    Note: This information is intended for a network administrator.  If you do not have your network administrator, notify the administrator that you have received this information, which has been recorded in the C:\Windows\debug\dcdiag.txt file.

    The following error occurred when DNS was questioned about the resource record (SRV) service location used to locate an Active Directory (AD DC) domain controller for the domain "yewman.email":

    The error was: "the DNS name does not exist."
    (0x0000232B RCODE_NAME_ERROR error code)

    The query was for the SRV record for _ldap._tcp.dc._msdcs.yewman.email

    Common causes of this error are:

    -The DNS SRV records to locate an AD DC for the domain are not registered in DNS. These records are automatically saved with a DNS server when an AD domain controller is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

    192.168.1.60

    -One or more of the following areas do not include delegation to its child zone:

    yewman.email
    E-mail
    . (the root zone)

    This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
    *

  • Windows server 2003 users automatically gets an email when I set up in Active Directory?

    Original title: Windows Server 2003

    It comes to the associated user account.  I need to add users that I know how to do, but they will automatically get an email when I set up in Active Directory? The e-mail server has been implemented.

    I suggest you post your question on the TechNet Forums, where we are the support technicians who are well equipped with knowledge about Windows Server and Active Directory. I've added the link below on the home on TechNet forums.

    http://social.technet.Microsoft.com/forums/en-us/home

    See you soon!

  • How to configure the LDAP connector in windows server 2012 R2 Active Directory?

    How to configure the LDAP connector in windows server 2012 R2 Active Directory?

    Hello

    Please post your question in Server TechNet Forums.

    http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

    See you soon.

  • How can I back up Active Directory on Windows Server 2003... ?

    Hello

    I installed the Services Active Directory on my windows Server 2003 and I need to take help if necessary backup...!

    These MS Answers forums are intended for the home rather than the it professional user. Please transfer your question in the relevant Microsoft Technet forum here:

    http://social.technet.microsoft.com/Forums/en-us/category/windowsserver .

    Thank you.      :)

    (I'm sorry, but I can't move this thread for you because the two forums are working on separate platforms)

  • When I try to open Active Directory users and computers in Windows Server 2008 Standard, I get an error message.

    MMC.exe APPCRASH

    When I try to open Active Directory users and computers in Windows Server 2008 Standard, I get the error message below. Kindly help

    Problem event name: APPCRASH

    Application name: mmc.exe

    Application version: 6.0.6001.18000

    Application timestamp: 47918d 09

    Fault Module name: KseAdm.dll

    Fault Module Version: 6.0.1262.1064

    Timestamp of Module error: 49426cbb

    Exception code: c0000005

    Exception offset: 0004 849 d

    OS version: 6.0.6001.2.1.0.272.7

    Locale ID: 1033

    Additional information 1: fd00

    More information 2: ea6f5fe8924aaa756324d57f87834160

    Additional information 3: fd00

    Additional information 4: ea6f5fe8924aaa756324d57f87834160

    Hello

    The question you posted would be better suited in the TechNet Forums. I would recommend posting your query in the TechNet Forums:

    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

  • Three companies using Windows Server 2008 Active Directory and physical locations?

    The research of three companies using Active Directory in Windows Server 2008 and also how many physical locations?

    Answers forum is addressing issues technical home user.

    If you don't have a technical question, you can try to use Bing to search for the information you are looking for.

    If you are having problems with Active Directory, you can create a new post on the TechNet forums for assistance.
    http://social.technet.Microsoft.com/forums/en/category/WindowsServer/

  • I try to install active directory in windows server 2003

    I tray to install active directory in windows 2003 server and I get the message the operation failed because: File Replication Service: the dependency service does not exist or has been marked for deletion. "The dependency service does not exist or has been marked for deletion.

    Hello

    You can find the Server forums on TechNet support, please create a new post at the following link:

    http://social.technet.Microsoft.com/forums/en/category/WindowsServer/

Maybe you are looking for

  • Why can't just drag photos on my desktop with Sierra 10.12 and Photos 2.0?

    I used to be able to simply drag a photo from Photos or iPhoto directly on the desktop of my iMac.  Then, I was able to drag the photos located on my desktop to eBay, Craigslist or other sites that I use to sell items.  Now, it seems I have to use a

  • Lenovo Windows 15ISK y700 10 grave down to the return of sleep

    I have 15ISK Lenovo Y700 with Intel Core i5-6300HQ/8GB/1.0TB/NVIDIA GeForce GTX 960 M. Windows Pro 10. v30BIOS. Sometimes after the awakening of the laptop to sleep freezes and the only way to reset is to press the button walk / stop for 4 sec. This

  • Install issues with C:\Users as a symbolic link to D:\Users

    I discovered this problem earlier this year, but has been recently bitten by it again, so I thought I should report it. I have 2013 LabView student which was delivered with a Sparkfun Arduino edition. My computer has an SSD as C: and a magnetic HDD a

  • Relocation of Smartphones blackBerry App World

    I deleted the App World on my Torch 9800 as it was always hanging hoping I'll be able to install it. When I try to reinstall, I get the following error message: Descriptor invalid manifest or app. The MIDlet name is missing. Help, please

  • Do not send to Photoshop CC

    I saw this question in the forums, but I do not see a resolution for it. I also went through all the steps that I found.I have an Ipad Pro and logged into the same account of creative cloud on my OSX machine.I click on send to Photoshop CC. Nothing h