ACS User Setup

Similar Messages

• What is the use of a separate strong CHAP/MS-CHAP password in the ACS user

  what is the use of a separate strong CHAP/MS-CHAP password in the ACS user setup ? Document said it need to be supported by the AAA client. Do I need to configure anything in the AP ( AAA client ) to match this password?

  It used mailly for MAC authentication. Be sure the two passwords are NOT the same: the first is the MAC, and the second is something else.

• How to bind ACS users to only one SSID?

  Hello!
  I have ACS 4.2 and AP 1240. I`m use two SSID - guest and user. Guest ssid must use PEAP authentication, user ssid must use EAT-TLS authentication (acs user local database). All work correctly. But when i create user for EAP-TLS, i`m create with username of DN certificate and some password. And somebody can use DN as username and password for PEAP authentication for ssid Guest and ssid Users.
  How can i make for ssid guest that work only PEAP authentication and for ssid work only EAP-TLS authentication?

  Are you using autonomous or lightweight AP's? If you have a controller you could setup the Radius attributes to specify which WLAN the user can authenticate to.
  Another option would be to setup dynamic VLAN assignment. This would work for either type of AP. The user might still be able to authenticate to either WLAN but after passing authentication they would be dumped into the VLAN you define.
  http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42sol.html#wp1086421

• Open Users Setup form in Find mode

  Hello,
  When I open the users form
  Administration
  ---Setup
  General
  Users
  this form is in Add mode. Is there a way to have it in find mode directly ?
  Thank you
  Sébastien

  Hi,
  It is not possible to have the User - setup in the Find mode default.
  The form opens in the Add Mode and you have to go to the Memo and click on Find or do a Ctrl + F.
  Regards,
  Jitin
  SAP Business One Forum Team

• "Copy Form Settings" in Users-Setup

  Hi
  Could somebody shed some light on the Copy From Settings function in Users-Setup?
  How to select source and how to select target user?
  The one currently logged on as well as the one selected are greyed out ... I'm not getting it how to use this.
  Thanks
  Franz

  Hi Franz,
  Please check out SAP Note No. 1369613 which explains the steps regarding the 'Copy Form Settings'.
  Hope it helps.
  Kind Regards,
  Jitin
  SAP Business One Forum Team

• Best Practise for managing SRM user setup

  Hi ... I am looking for some best methods that you are following in your projects, in order to manage the SRM user setup.
  My users are concerned about the time taken from user submitting a request for user creation or org plan setup or changes to user profile ..... to the actual work done in SRM. Lot of time and effort are spent in manage this task.
  Other concern is, each user request has to be dealt individually. They are looking for some automation of the process which would process bulk requests belongs to differnet users from different departments. From my experience, one thing we can think of is generating a upload program. But I think that would also be complicated for chaning the existing profile.
  Just thought of checking with you .... whether you have any process which results in less time and effort spent in managing these activities? Please share your thoughts.
  Thanks,
  Arun

  Hi,
  Different people will tell you different versions of what they believe is best practice, but in my opinion you are already doing reasonably well.
  What I prefer is
  1. Lock ID & set validity date.
  2. Assign user to user group LEAVER or EXPIRED or something similar (helps with reporting) out of SUIM/S_BCE* reports.
  3. Delete role assignment (should you need it, the role assignment will be in the change history docs anyway).
  4. Check background jobs & act accordingly.
  For ease of getting info I prefer not to delete the ID though plenty of people do.

• Adding a position to a user in the Users Setup

  Dear all,
  I want to add a position to a users in users setup but unfortunately there is no provision for this in Users-Setup window. However, the OUSR table has 'position' field which is blank for all the users. How can I add users' positions without doing this from the back end, database, using even an SQL command or doing it manually?
  Please help.
  Regards,
  Davis M Onsakia

  Hi Sura,
  Thanks for this. But why use a UDF when this is provisioned by the database? I sort of expected to use something a kin to form settings to turn on the 'position' field.
  The employee Master Ways is rather a laborious method and a bit cumbersome and I see the 'position' field there is from the OHEM table rather than the OUSR table.
  Thanks though.
  Regards,
  Davsi Onsakia

• ACS user unknown though username in Server

              All, Im facing very strange issue with my TACACS authentication. Normaly i connect my DC via SSL Anyconnect VPN then access all the Network devices, but since last week when i try to connect ASA i couldnt log in. I have user name in ACS server and the password authentication would redirect to RSA server. I can access other devices using my TACACS username and RSA passcode, but not only the ASA box. As rest of my team member can still access the ASA with their userid and passcode i dont think any issue in ASA box.
  The error log message in ACS server is ACS user unknown.       

  To me it seems the shared secret being used on ASA to communicate with tacacs is mis-matched and that's a reason you  are getting "ACS user unknown". This should be a problem all users who are trying to do ssh on ASA and authenticating against tacacs server. Why share-secret could be an issue because the shared secret being used to encrypt the packet is not same while decryption and that's why we are seeing unknown username.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• ACS User database Backup

  Is it possible to have the ACS user database in an excel sheet

  Hi,
  You can open .dmp file in notepad but that will not provide any info as its not user readable.
  You need to export the lsit of users in .txt extension
  here is the command that you need to run from the command prompt where ACS is installed
  start > run> cmd > go to this dir
  C:\Program Files\CiscoSecure ACS v4.2\bin>net stop csauth
  CSUtil.exe -u user.txt
  C:\Program Files\CiscoSecure ACS v4.2\bin>net start csauth
  Then you can easily access user.txt file in notepad.
  HTH
  JK

• ACS User 'Create Date' Attribute?

  Is there a 'create date' attribute for an ACS user? A typical question auditors will ask us for is a list of ACS/Remote access users created since 1st Jan 2010?
  Thanks,
  Brian

  Jrabinow, thanks for your response. Was there supposed to be an screenshot of the ACS 5.1 user account? I'm testing out aaa-reports on trial basis currently. We're using ACS 4.1, obviously if there is no such attribute on our version, then we can't extract this information or report on it using a 3rd party tool.

• New User Setups - My Face...

  Oh yeah!  Plus New User setup forms from HR with wrong spelling as well, and you get ahead of the game and go and setup every account they need, login as them to their new machine, an email goes out to all users asking them to welcome the new start, the GAL goes out to all remote Outlook users and everything - then they turn up for work on their first day and call you to say their name is spelt wrong.  Oh the pain, the anger, the postal feeling, then...   ah, the coffee - that's better.....
  And it all begins again.

  when I have to work on a new user setup for a unique snow flake...
  Instead of a common/sane/literate spelled name such as Matthew, I have to create Matthieui
  Or the latest one... Synthia instead of Cynthia.
  Nychole and Ashyliey and Jaemms
  http://www.stupidkidnames.com/all-the-stupid-names/
  ^-- Just ran across this. Ahahahahaha.
  Do parents not understand the psychological ramifications that comes with this???
  This topic first appeared in the Spiceworks Community

• Customisation of New User setup pages.

  Is it possible to customise the New User setup screens/forms? If not, is it possible to add few more screens to capture more details?
  null

  It believe it is not possible to adjust these screens in the current version of Portal. The database packages that build these screens are wrapped.
  But we managed to create our own screens using the Portal API package (see PDK) that edits the user (wwsec_api.modify_portal_user). You can create an application component (form ) that is based on a procedure. It seems to work.
  I don't know if this also works for the creation of users (wwsec_api.add_portal_user).
  null

• User setup: automatic bcc?

  my manager wants some users setup to be automatically blind carbon copied (bcc) to him for auditing purposes. The manuals say this can be done on the server, but I can't figure out HOW. anyone have ideas? I see that it can be done for ALL users, but he only wants a few, and naturally done on the server. We're transitioning from Eudora IMS, but this is a big stumbling block.

  Hi and Welcome to the Community!
  Automatic BCC was never a device-level function...rather, it was a server-side function, provided as part of BIS, with merely an on-device interface to that server-side setting. But the device itself did not perform that function.
  With BB10, BIS no longer exists, so a different solution must be found. Typically, this involves having your email outbound server do this, if they indeed offer such.
  However, what you say concerning "sent e-mails go directly out from the mobile and not through the provider" is not accurate...with BB10, sent items use your email service outbound SMTP server, and with compatible services, can place Sent Items into the server-based Sent Items folder.
  The 3 "weak points" you mention are indeed accurate...we all are hopeful that future releases of the OS will enable more functionality.
  Please consider that BB10 was not an evolution from legacy BBOS...rather, it is a completely new platform, built from the ground up. I have found that the best way to approach it is with absolutely no expectations of finding anything that existed before -- and then to be happy when finding those things that indeed remain in place, along with hopefulness that more of those will return as the OS continues to be improved and enhanced as it matures.
  Good luck!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• ACS SE setup for windows authentication

  Dear All,
  I'm trying to install an ACS Solution Engine in My network for access control (AAA). I succeed in setting up authentication using the internal database and that works fine. Now My boss want users to be authenticated through an external database (windows AD). I tried achieving this but kept getting different errors.(like EAP-TLS or PEAP authentication failed during SSL handshake) or (Authen session timed out: Challenge not provided by client).
  Please I need someone who has done this setup successfully before to give Me a step by step procedure on how I can setup ACS SE for windows authentication using My domain windows authentication.
  Thanks

  Dear All,I'm
  trying to install an ACS Solution Engine in My network for access
  control (AAA). I succeed in setting up authentication using the
  internal database and that works fine. Now My boss want users to be
  authenticated through an external database (windows AD). I tried
  achieving this but kept getting different errors.(like EAP-TLS or PEAP
  authentication failed during SSL handshake) or (Authen session timed
  out: Challenge not provided by client).Please
  I need someone who has done this setup successfully before to give Me a
  step by step procedure on how I can setup ACS SE for windows
  authentication using My domain windows authentication.Thanks
  Hi,
  Check out the belwo link on your query,Hope that help !!
  https://supportforums.cisco.com/docs/DOC-5542
  If helpful do rate
  Ganesh.H

• Need Help With ACS LDAP setup to Query AD

  I have 2 Win 2003 ADs, one of them is configured and working under Windows Database (using remote agent) configuration. I am trying to setup the second AD with Generic LDAP setup. I want to know what exactly I should use in the fields UserObjectType and Class, and GroupObjectType and Class for Windows 2003 AD. All Cisco documents give example of Netscape LDAP syntax. I was told by our server admin. what to put under Admin DN, CN=myid,OU=mygroup,OU=myorg,DC=mydomain,DC=com
  I have both user & group directory subtree fields filled with DC=mydomain,DC=com.
  I am using the ip address for Primary LDAP server, and port is 389, LDAP version 3 is checked.
  Is any of these DC, OU, etc. case sensitive?
  With all entries that I have tried, when I go to map a group, I am getting error "LDAP server NOT reachable. Please check the configuration". My ACS can ping the domain controller's IP address fine.
  Please help. Thank you in advance,
  Murali

  Murali,
  These references may help...
  http://download.microsoft.com/download/3/d/3/3d32b0cd-581c-4574-8a27-67e89c206a54/uldap.doc
  http://www.microsoft.com/technet/archive/winntas/plan/dda/ddach02.mspx?mfr=true
  http://technet.microsoft.com/en-us/library/aa996205.aspx
  Regards,
  Richard