ACS as proxy radius and class 25 attribute

Hello !
Could you please help ?
we have cisco3640 as nas, cs acs 2.6 as radius-server.
Now we would need to
forward authentication request to another radius-server ( username is unknown to the acs)
Username is provided with a certain prefix and according to that prefix, request is forwarded to another radius-server.
That another server should give back accept/deny and class attribute 25.
Here comes the question
Can acs 2.6 take the class attribute and use it as username's group-information ?.
for example class attribute 25 named test is forwarded to acs and acs has a group named test. According to group test ACS gives ip/dns information back to to cisco3640 and ras-client.
Or could you please tell me how we could forward username authentication and then bind username that is not known to acs to a certain acs group ?
The ip/dns information must be provided by acs.
Any help will be appreciated !
TIA
Best Regards,
Susanna

As far as I know, ACS 2.6 cannot take the class attribute and use it as username's group-information....

Similar Messages

  • ACS 5.1 RADIUS Proxy - Adding RADIUS attributes

    Is there anyway under ACS 5.1 to add RADIUS attributes to outgoing RADIUS proxy auth requests or failing this to RADIUS proxy accounting updates?
    As soon as I configure a RADIUS proxy services, there is little config I can do other than to say whether or not the prefix and suffix is to be stripped.
    I can add these attributes if using an external RADIUS box as an identity store, but I cannot do this for this particular service and instead I need to use RADIUS proxying.
    Thanks
    Paul

    Hi Steve,
    The shared secret is 100% correct.
    Finally I find out that there may be some white lists for attributes.
    If I keep NAS-Identifier , it will work.
    But it can't pass all VSA (3GPP sub-attributes) , it only shows one or three in BOTH ACS and RADIUS Server.
    The other is the RADIUS VSA User Define Options (which is in SA > C > D > P > RADIUS > RADIUS VSA > Edit ) .
    When 'Vendor Length Field Size' changes to 0 , All sub-attributes pass thought ACS .
    The RADIUS Server gets the message from NSA.
    Of course, there is the Proxy-State attribute.
    In this condition, the ACS has incorrect output in the sub-attribute.
    Now I try 5.2 to see the problem exist or not.

  • ACS 5.5 RADIUS OUTBOUND Attributes Injection feature

    Hello
    I'm having a look at the RADIUS OUTBOUND Attributes Injection feature for the External Proxy service in ACS version 5.5.0.46.
    The use case is:
    ACS uses the External Proxy service to authenticate wireless users with certain domain suffixes
    Sometimes the username Access-Accept comes back with the domain suffix stripped.
    The result of this is:
    ACS logs a successful authentication with the sent username (with suffix)
    ACS sends the Access-Accept to the WLC and the user is listed on the WLC (without suffix)
    Subsequent accounting packets for the user appear in ACS (without suffix)
    In the past I've used a freeradius proxy server between ACS and the external proxy to 'rewrite' the username in the Access-Accept so that it matches the username origianlly sent in the Access-Request. The code for this looked something like the following.
    Post-proxy {
    update outer.reply {
    User-Name := "%{request:User-Name}"
    I'm looking to do the above solely with ACS but I can't see the Radius-ietf username attribute listed under the RADIUS OUTBOUND Attributes Injection feature. Is it possible to rewrite the username attribute in ACS 5.5?
    Thanks
    Andy

    Don't think this can be done in ACS 5.5 when using an External Proxy Service Type.
    Interestingly, it appears to be possible with a Network Access Service Type. Under Allowed Protocols there is a tick box for Send as User-Name in RADIUS Access-Accept - one of the options is RADIUS Access-Request User-Name. Hopefully this will be implemented in a future release for External Proxy.
    Cheers
    Andy

  • ACS 5.1 - RADIUS Proxy Accounting Logs

    Recently I'm using ACS 5.1 to support external RADIUS Servers, and read the manauls to process with the following workflow.
    Install Linux RADIUS Service (this part was tested)
    Install FreeRADIUS Service
    Add new linux user account
    Cisco ACS 5.1
    Add External RADIUS servers
    Network Resources -> External RADIUS Servers
    Add informations.
    Add RADIUS Proxy Serivce
    Access Policies -> Access Services
    Create with User Selected Service Type , RADIUS Proxy
    Advanced Options -> Accounting
    Remote Accounting and Local Accounting enabledAccess Policies -> Access Services -> Service Selection Rules
    Create #1 rule , Conditions : match Radius , Results : RADIUS Service
    Add Network Resources for accepting network
    Network Device Groups -> Network Devices and AAA Clients
    Enable RADIUS Debug Messages
    System Administration > Configuration > Log Configuration  > Logging Categories > Global > Edit: "RADIUS Diagnostics"
    Configure Log Category Log Severity : DEBUG
    Add 3GPP VSA
    Send out Radius Accounting Packet to ACS
    ACS got the Packet, but didn't redirect to External Radius Server
    I got this message from ACS 5.1
    Others is 'Failed to forward request to current remote RADIUS server; an invalid response was received.' in the iv.csv file.
    There are two problem.
    RADIUS Accounting Packets didn't redirect to external server, but it works without proxy. (Auth is ok.)
    Other Attributes didn't collect all informations, and even the debug is enabled.

    Hi Steve,
    The shared secret is 100% correct.
    Finally I find out that there may be some white lists for attributes.
    If I keep NAS-Identifier , it will work.
    But it can't pass all VSA (3GPP sub-attributes) , it only shows one or three in BOTH ACS and RADIUS Server.
    The other is the RADIUS VSA User Define Options (which is in SA > C > D > P > RADIUS > RADIUS VSA > Edit ) .
    When 'Vendor Length Field Size' changes to 0 , All sub-attributes pass thought ACS .
    The RADIUS Server gets the message from NSA.
    Of course, there is the Proxy-State attribute.
    In this condition, the ACS has incorrect output in the sub-attribute.
    Now I try 5.2 to see the problem exist or not.

  • Page Attributes and Application Class Attributes

    Hi, everyone,
    I am quite new to BSP.
    I have a question here:
    what is the difference between page attributes and application class attributes of a bsp application? As they are both global attributes, there seems to be no big difference when we use them.
    thanks a lot.
    Fan

    Hi Fan,
    a BSP application can be made up of many pages.
    A page attribute is visible only in the page it is associated with.
    Attributes of the application class are visible from every page in that application.
    Cheers
    Graham Robbo

  • Jar files and Main-Class attribute

    Sorry, I know there are other topics regarding this argument but none of them helped me solving my problem.
    I've tried a thousand time in every possible way, but I still can't run my application from a jar file. I've got a package called client, whose main class is called Client. The package contains a sub-package called Icons. I've put everything into a jar file and added this manifest:
    Manifest version: 1.0
    Name: client/
    Sealed: True
    Main-Class: client.Client
    But it won't work. I've tried to erase the Sealed part, I've tried "Main-Class: Client" and also "client/Client", I've tried putting into the jar the client directory and I've tried omitting it, but the answer is always the same:
    Failed to load main-class header etc.
    Can anyone help me? Please, I'm almost desperate!
    Thanks

    Here's the verbose-mode description of what I did.
    jar -cfv client.jar clientaggiunto manifesto
    aggiunta in corso di: client/(in = 0) (out= 0)(archiviato 0%)
    aggiunta in corso di: client/.nbattrs(in = 767) (out= 310)(compresso 59%)
    aggiunta in corso di: client/Client.class(in = 533) (out= 340)(compresso 36%)
    aggiunta in corso di: client/Client.java(in = 288) (out= 140)(compresso 51%)
    aggiunta in corso di: client/ClientForm$1.class(in = 691) (out= 383)(compresso 44%)
    aggiunta in corso di: client/ClientForm$10.class(in = 678) (out= 380)(compresso 43%)
    aggiunta in corso di: client/ClientForm$11.class(in = 689) (out= 385)(compresso 44%)
    aggiunta in corso di: client/ClientForm$2.class(in = 686) (out= 379)(compresso 44%)
    aggiunta in corso di: client/ClientForm$3.class(in = 686) (out= 381)(compresso 44%)
    aggiunta in corso di: client/ClientForm$4.class(in = 686) (out= 380)(compresso 44%)
    aggiunta in corso di: client/ClientForm$5.class(in = 686) (out= 383)(compresso 44%)
    aggiunta in corso di: client/ClientForm$6.class(in = 718) (out= 399)(compresso 44%)
    aggiunta in corso di: client/ClientForm$7.class(in = 718) (out= 400)(compresso 44%)
    aggiunta in corso di: client/ClientForm$8.class(in = 718) (out= 399)(compresso 44%)
    aggiunta in corso di: client/ClientForm$9.class(in = 718) (out= 398)(compresso 44%)
    aggiunta in corso di: client/ClientForm.class(in = 33070) (out= 13510)(compresso 59%)
    aggiunta in corso di: client/ClientForm.form(in = 131398) (out= 4521)(compresso96%)
    aggiunta in corso di: client/ClientForm.java(in = 73435) (out= 6863)(compresso 90%)
    aggiunta in corso di: client/Icons/(in = 0) (out= 0)(archiviato 0%)
    aggiunta in corso di: client/Icons/brick.gif(in = 1044) (out= 1049)(compresso 0%)
    aggiunta in corso di: client/Icons/corpo.gif(in = 4011) (out= 3400)(compresso 15%)
    aggiunta in corso di: client/Icons/door.gif(in = 1092) (out= 1097)(compresso 0%)
    aggiunta in corso di: client/Icons/floor.gif(in = 1102) (out= 1107)(compresso 0%)
    aggiunta in corso di: client/Icons/mappa.gif(in = 20901) (out= 20575)(compresso 1%)
    aggiunta in corso di: client/Icons/paesaggio.gif(in = 18962) (out= 18603)(compresso 1%)
    aggiunta in corso di: client/Icons/sole.gif(in = 7063) (out= 6546)(compresso 7%)
    aggiunta in corso di: client/Icons/trap.gif(in = 1062) (out= 1067)(compresso 0%)
    aggiunta in corso di: client/Icons/void.gif(in = 842) (out= 847)(compresso 0%)
    aggiunta in corso di: client/Listener.class(in = 1869) (out= 1136)(compresso 39%)
    aggiunta in corso di: client/Listener.java(in = 2296) (out= 708)(compresso 69%)
    aggiunta in corso di: client/manifesto.txt(in = 62) (out= 58)(compresso 6%)
    aggiunta in corso di: client/ScorciatoieDialog$1.class(in = 740) (out= 391)(compresso 47%)
    aggiunta in corso di: client/ScorciatoieDialog$PopupListener.class(in = 1579) (out= 773)(compresso 51%)
    aggiunta in corso di: client/ScorciatoieDialog.class(in = 3524) (out= 1638)(compresso 53%)
    aggiunta in corso di: client/ScorciatoieDialog.form(in = 8500) (out= 910)(compresso 89%)
    aggiunta in corso di: client/ScorciatoieDialog.java(in = 5676) (out= 1222)(compresso 78%)
    jar umf mainclass.txt client.jar[NOTE: mainclass.txt only contains the line "Main-Class: client.Client"]
    java -jar client.jarFailed to load Main-Class manifest attribute from
    client.jar
    I've also tried to manually create a MANIFEST.MF file that only contained the following lines:
    Manifest Version: 1.0
    Main-Class: client.Client
    guess what was the result?
    java -jar client.jarException in thread "main" java.io.IOException: invalid manifest format
    at java.util.jar.Manifest.read(Manifest.java:193)
    at java.util.jar.Manifest.<init>(Manifest.java:52)
    at java.util.jar.JarFile.getManifest(JarFile.java:158)
    >
    the same procedure with the addition of "Name: client/" before the main-class attribute generated the usual "Failed to load Main-Class manifest attribute" result. So now what?!? I'm getting crazy....

  • 'ResourceDictionary' root element is a generic type and requires a x:Class attribute to support the x:TypeArguments attribute sp

    Error : 'ResourceDictionary' root element is a generic type and requires a x:Class attribute to support the x:TypeArguments attribute specified on the root element tag.
    Hi,
    I get this error when i include some namespaces in my ResourceDictionary to specify a Style for a custom control.
    Can anyone help me?
    Thx
    Stardusty

    Hi,
    That's the whole point. I don't want to use x:TypeArguments on a ResourceDictionary but the compiler says it needs it.
    And i don't know why.
    This code give no error:
    <ResourceDictionary
    xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
    xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
    xmlns:sys="clr-namespaceystem;assembly=mscorlib">  
    </ResourceDictionary>
    And by adding 3 namespaces it gives that weard error:
    <ResourceDictionary
    xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
    xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
    xmlns:controls="clr-namespace:MyTime.View.Controls"
    xmlns:converters="clr-namespace:MyTime.View.Converters"
    xmlns:validationrules="clr-namespace:MyTime.View.ValidationRules"
    xmlns:sys="clr-namespaceystem;assembly=mscorlib">  
    </ResourceDictionary>

  • Model Binding and Calculated Field Syntax for "class" Attribute

    Hi,
    I tried to use the calculated field syntax from SAP UI5 to change the CSS class attribute of an element based on some model property, i.e., I wanted to change the class in the corresponding formatter function based on the currently bound value. However, my formatter function is not called. When I use the same syntax on a text attribute, it works.
    I also tried to use normal property binding, but it did not work on the class attribute either (it just put class="{property}" in the rendered HTML).
    Is there anything I missed or is it just not possible to use property binding and calculated field syntax for class attributes? Did anybody try something like this before?
    I think it is a standard use case to change the CSS class based on some model property. So, if anybody knows how to do that, could you give a short example?
    Best regards
    Svenja

    They have a class property. At least, I can do the following in an XML view:
    <Button
                  icon="sap-icon://add"
                  press="onButtonPress"
                  class="my-button-class" />
    I would expect the following to work as well, but for me it did not:
    <Button
                  icon="sap-icon://add"
                  press="onButtonPress"
                  class="{/customClass}" />
    This renders the following HTML (cropped to the important parts):
    <button type="button" class="sapMBtn {/customClass}">
    </button>
    It seems like the class attribute is something special although I don't see a reason why. Other HTML templating engines, for example, support things like that.

  • Why there is a difference in a "class" attribute value of html tag when viewed in "Page Source" and using "Inspector", I am refering to new Microsoft site?

    While inspecting the new Microsoft site source, I observed that the "class" attribute value of the "html" tag when seen in Page Source the value given by Tools/Web Developer/Inspect tool. Value with the tool indicates class="en-in js no-flexbox canvas no-touch backgroundsize cssanimations csstransforms csstransforms3d csstransitions fontface video audio svg inlinesvg" while that is given in Page Source is class="en-us no-js"
    The question is why different values are shown?

    Inspector is showing you the source after it's been modified by Javascript and such.
    To see the same thing in the source viewer, press '''Ctrl+A''' to select everything on the page, then right-click the selection and choose '''View Selection Source'''.

  • Cisco WSA : What is RADIUS CLASS attribute ?

    Hello !
    I am trying to use a radius server Cisco ISE as an external authentication server for WSA. I would like to assign roles for groups of users but i don't understand the meaning of RADIUS CLASS attribute. What am I supposed to write in this field ?
    Thank you,
    Stéphane Walker

    The CLASS attribute is generic, in that you can put anything in it.   So you get to decide what you use.
    On your RADIUS box, for the users or group that it applies to, set it to something like "WSAAdmin" for admins, "WSARO" for read only users... 
    Then when you config the WSA, you set them appropriately there...  
    But you can really use any string you want to, they just need to match appropriately.
    HTH, 
    Ken

  • Differences between Property Classes and Visual Attributes

    Hi folks
    Can anybody know the exact difference between a property class and a visual attribute?
    I'm substantially good at Forms but doesn't know the exact difference.
    Any reply will be deeply appreciated.
    Cheers,
    PCZ

    Visual Attributes are only for the visual representation of your items, buttons, blocks, canvas, ...
    Property Classes are for inheriting all objects including visual attributes.
    If you create a style guide for your company, then first define the visual attributes for the look and feel. After that create property classes for all of the other objects in your application. On top of that create object groups, where you centralize your property classes and visual attributes.
    If you have created such a form, then call this form reference-template. Now you inherit the object-groups to a second form and call this form "template".
    If you create new forms, copy the template and rename it. Then you have in all your forms inherited visual attributes, property classes, etc. and all this stuff is in one "reference-template"
    try it
    Gerd

  • Download Global Class attributes

    Hi...
          I want to download the global class attributes into an excel. when i checked the menu there is no such option.. Is that possible to do.. Can anyone guide me...
    Thanks in advance.
    Kalpanashri Rajendran.

    Hi,
    Assuming you are asking specifically about the global class "Attributes" and not all information about the global class itself.  To get the "Attributes" in a spreadsheet you can try this work-around:
    1. Run transaction SE84 Repository Info System.
    2. Expand the "Class Library" branch.
    3. Double-click the "Attributes" node.
    4. Enter your global class name and run the search.
    5. Once the list of attributes is displayed, choose menu path System -> List -> Save -> Local File.
    6. Choose "Spreadsheet" format in the popup.
    7. Give a file path and name for your spreadsheet.
    8. You should now have a spreadsheet with all the "Attributes" of your global class.
    Best Regards,
    Jamie

  • Field-symbols as class attribute

    Hi Fellas,
    Is there a way we can define a field-symbols as a class attribute ? My requirement is that i am dynamically constructing a structure at runtime in my model class and binding the component of this structure to my view fields. I am able to create the structure which is basically ref to cl_abap_structdescr and the problem is when i am binding to the model attribute, i need this to be a structure so that i can address the components as "//model/structure.component".
    Please let me know how we can define a field-symbol as a class attribute.
    Cheers,
    Ram.

    Hi Ram,
    Field-Symbol as class attribute is not possible. Your way to do this by REF TO DATA is the correct way for that.
    By default data binding is only possible like this:
    Simple field attribute
    value=”//<model>/<field name>”
    Structure attribute
    value=”//<model>/<structure name>.<field name>”
    Table attribute
    value=”//<model>/<table name>[<line index].<field name>”
    If you want to bind to your data reference you have to implement your own getter and setter methods. Read this <a href="http://help.sap.com/saphelp_nw70/helpdata/en/fb/fbb84c20df274aa52a0b0833769057/frameset.htm">http://help.sap.com/saphelp_nw70/helpdata/en/fb/fbb84c20df274aa52a0b0833769057/frameset.htm</a> for further information. In addition to that, you have to implement your own GET_M_S_xxx to return metadata of your structure. By doing all this it is possible to implement a completely dynamic data binding. In the view it looks like the regular Structure attribute: value=”//<model>/<data-ref name>.<field name>”
    Regards,
    Thilo

  • Trouble changing a class attribute in a STATEFULL bsp app - PLEASE HELP!!!!

    hello, i have some trouble changing the value of a class attribute, in certain point of the execution of a statefull bsp app. The scenario is: the bsp app is on a url iview in a portal; i have some link in the portal, that do a window.open (pop up) of that app. the question is: how can i change the class attribute of the bsp app when i close that pop up?, if when i first click the link that show me the pop up, its doesn't create another instance of the class...i mean it continuing working with the same instance of the url iview in the portal. ANY help it will well received. Thanx in advance

    hello Durairaj...yes indeed in the other thread thats the issue with the portal_version attribute, the person who create the iview dont want to change it...so i try to solve it with something else....thats bring me to another problem (posted in this thread). Now i have a question...in the url iview it calls a template that start the bsp app...i mean is not the url iview who calls the bsp app is a middle template...with this scenario can i pass the parameter sap-sessioncmd=open to the url iview or i have to pass it to the bsp app directly when in the middle template i call it??? another question when i pass that parameter via url, it create another instances (apart) of the class or restart the same instance that the app work with until that moment....tell me more about that parameter coz' i am new in bsp and i need help....i will give a lots of rewards point who help me!!! i promise....i am kind of desperade for sure....  thanx in advance

  • Errors/warnings occurred when generating the local proxy dll and VI wrappers for web service

    Hello,
    I'm new to web services - trying to import a WSDL that was created by an outside vendor and placed on a company server.  I imported a previous version successfully.  The error I'm getting doesn't make a lot of sense to me, here it is:
    The following errors/warnings occurred when generating the local proxy dll and VI wrappers for this web service.
    Can't generate files.
    Possible reasons are:
    1. The output file(s) might be read-only.
    Remove the read-only attribute and import the Web service again.
    2. A proxy DLL that LabVIEW created under the same file path exists in memory.
    Restart LabVIEW and import the Web service again.
    I don't see any read-only attributes on the output files and I've tried restarting LabVIEW - no luck.  Any help is greatly appreciated.
    Thanks,
    Al Rauch
    Merck & Co., Inc.

    Aaron,
    I was able to successfully import and run the web services from the WSDL file in question in LV2009 on a different computer than the one on which I had the original problem.  Unfortunately I am still having the original problem on the project computer and will need to get it working there . . . still looking for a solution to that.  Apparently LV2009 is perfectly capable of importing and running this WSDL file, but there is something still in the way on the project PC.
    Thanks,
    Al

Maybe you are looking for

  • Switch is not responding with tacacs ACS 5.0

    Hi Experts I am running cisco 3845 router with 12.4-24 T6 ios and cisco ACS server with 5.0 version . When i give the username and password wrong the device is getting hung and i was able to see that the TPLUS process is taking 100% cpu . Please find

  • When I try to make smaller PDF's I get an ''unknown error''message,(Win7 on Acer laptop, but not on my HP Desktop with Win Xp (two separate Acrobats)?

    When I try to make smaller PDF's I get an ''unknown error''message,(Win7 on Acer laptop, but not on my HP Desktop with Win Xp (two separate Acrobats Happens isnce a week or four...

  • Want to make iSync password protected...

    I'm at work...I thought it would be great to access my idisk from here...yes it's wonderful...only trouble is somone else has too...The iDisk icon is on my desktop when i startmy Mac...I want to password protect it when someone tries to open it, and

  • Switching modelsupport2.dll

    We are using sequences running with batchmodel with a modified modelsupport.dll i teststand user directory, because we usually need an additional entry  an additional partnumber for  each UUT and overriding pre UUT callback doesn't work well in batch

  • SCOT Configuration--for external mail

    Hi All, I am trying to configure SCOT on my solution manager server. and able to send mail inside comapny  mail domain but not able to send mail on any external mail domain like yahoo,hotmail.gmail. we are using MS exchange server for mailing. please