Can ASA support multiple LDAP authenticate?
This document describes the use of LDAP authentication method:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008089149d.shtml
But we have multiple LDAP(windows 2003 AD), So can ASA support multiple LDAP authenticate?
Yes.
-Kureli
Similar Messages
-
Can ASA support multiple PPPoE?
Can ASA support multiple PPPoE configured on different interfaces?
If support, can it load-sharing the outgoing packet to different PPPoE connection?
Thanks!Actually the PIXASA firewall does not support PPPoE since version 7.2 I believe. That is the official statement, all though I believe the commands are still there and functional. You could do it with a router.
Hope that helps -
Can DRM support multiple currency ?
Can DRM support multiple currency ?
Hi,
DRM is a master data management tool - so if you have a currency dimension, then yes it would be easy to manage multiple currencies.
Can you expand on your question a bit? -
Can ACS support multiple Active Directory Domains for 802.1x EAP-TLS?
Hi
I'm looking to implement ACS 5.2 using 802.1X, we have two seperate AD domains.
Now.. this is the tricky part...
A single switch will need to support both ADs, so if a machine in AD1 is connected, it will be authenticated to the ACS using AD1 and applied to VLAN1, while a machine that is in AD2 will be authenticated to AD2 and applied to VLAN 2.
I'm looking at machine authentication, not user authentication, so I assume that I will need to import two certs from each AD.
Can any expert please let me know if they think that this will be possible please??
Many thanksYes ACS can support multiple AD domains but you will have to configure one as your AD domain and the other as an LDAP database and this will work since you are planning to use eap-tls.
The question I have is which version of ACS are you using? If you are using ACS 5.x then you can setup and identity store sequence so if the user is not found you can move to the next store and this will prevent you from installing two certificates on every machine.
You can then setup an authorization rule for the seperate containers on where the workstations are located (this is assuming machine authentication is being used) for the AD database or the LDAP database and then assign the vlan based off that.
Thanks and I hope this helps!
Tarik Admani -
Hi,
Is it possible for MDM to support 2 separate LDAP instances ?
Do you just add the extra instance in the mds.ini file ?
Regards,
Michael.Krav,
You should be able to do this. However, a curious question, are you planning to migrate off of Lotus notes or is this going to be a permanent solution? Are the mailboxes for both mail servers going to be the same (maybe clustered).
1. Yes, you can have multiple servers assigned to a domain, by specifying the ip address as an additional entry in SMTP routes.
2. This may prove to be the big issue. There is no filtering mechanism that can distinguish lotus notes bound mail from exchange bound mail. For example; if you set both the servers with the same priority in SMTP routes they will round robin, meaning some mail will goto Lotus notes and other mail will goto Exchange. So if this is just to test, you can possibly use the priority option in the SMTP routes. However, this may also be more of a question as to whether you could cluster an Exchange and lotus notes server, which is beyond my understanding.
3.In the SMTP Routes section click on the domain and add in the ip address of the other server. Be mindful that if you keep the priority the same, mail will round robin between the devices. However if you set the first device to 0 and the second device to 10, mail will primarily goto the device with the 0 priority. You will also need to specify the ip address of the second server in your HAT table, if you are using the Relaylist. -
Can X301 support multiple external monitors?
Hi,
I'm looking at buying a X301, but I'd like the ability to drive 2 external monitors at 1600x1200 (the native resolution of those devices). Does anyone know if the X301 can do that? If I need a specific external dock to do that, can someone point me towards that dock?
Any help would be appreciated!
Thanks,
-Jeffthe X301 have a display port and vga output supported natively on the actual machine, which can support one external monitor, you can then get Lenovo usb enhanced port replicator, which has another vga output, using that you can output two external monitor....
haven't tried it, since i don't have a X301, but theoretically it should work, maybe someone can confirm this for you, as the last thing you want is to purchase a machine and it turns out that it won't work in the way you hoped it can.
Regards,
Jin Li
May this year, be the year of 'DO'!
I am a volunteer, and not a paid staff of Lenovo or Microsoft -
Cisco ACS 5.2 authentication against multiple LDAP servers
Hi Folks,
I have a wireless network that uses ACS 5.2 to handle authentication. The ACS is integrated with an Active Directory LDAP server (my_ldap) and is working correctly at the moment. The authentication flow looks like this:
- User tries to associate to WLAN
- Authentication request is sent to ACS
- Service selection rule chooses an access-policy (wireless_access_policy)
- wireless_access_policy is configured to use my_ldap as identity source.
A sister company is about to move into our offices, and will need access to the same WLAN. Users in the sister company are members of a separate AD domain (sister_company_ldap). I would like to modify the wireless_access_policy so that when it receives an authentication request it will query both my_ldap and sister_company_ldap, and return a passed authentication if either attempt is successful. Is this possible?Assuming you're already authenticating using your AD binding and AD1 as your identity source, you can add a further LDAP server as another identity source and add this to your identity store sequence in your access policy to authenticate against both.
You can also add multiple LDAP servers and add them both to the identity store sequence (if you're not using AD1). -
Is it possible to have multiple LDAP Sync from OIM 11g?
I have a requirement to setup LDAP sync to a legacy iPlanet 5.2 LDAP server and that looks pretty straight forward. Now I'm planning to integration OAM with OIM. Our OAM is configured against OVD/AD (multiple domains), so that needs a LDAP sync to be cofigured against OVD/AD. I would like to know if multiple LDAP sync is possible and is a supported config? Experts please help.
Thanks,
Sunil.Thanks for the reply.
The below link lists the LDAP's supported:
http://docs.oracle.com/cd/E21764_01/install.1111/e12002/oidonly.htm#autoId23
My question specifically is, can I configure multiple LDAP sync's? I already have LDAP sync configured for iPlanet/ODSEE and now I wanted to set LDAP sync to AD to support OIM-OAM integration. Any thoughts? -
Multiples LDAPS - More than 5?
Hello all,
In several papers, I found that it can be implemented multiples LDAPS. Some threads says that the limit is only five, but I couldnt find any paper that confirm it.
Can we implement more than 5 ldaps? If, yes or no, can anybody give me the link of the paper?
Cheers,
Andres De Leon.Hi Andres,
This is what you are looking for:
http://help.sap.com/saphelp_nw04s/helpdata/en/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm
-Michael -
LDAP supporting multiple DNS domains
I have an environment with multiple DNS domains, and am configuring a Directory server (DS 6.3.1) to centralize various OS configuration maps including user authentication. None of the DNS domains have unique data, so I'd like to do something like storing all the real data in one suffix, then somehow have all clients look to that primary suffix. I am aware that the Solaris Native LDAP client wants to bind to a nisDomainObject that matches its DNS domain. I'm just having a hard time believing that I really need to manage all those individual suffixes when they don't have unique data requirements.
Take as an example the following domains to be supported: foo.example.com, bar.example.com, dev.example.com, qa.example.com, prd.example.com (no hosts are actually in "example.com", they are all in subdomains). Again, all share common configuration data, same user IDs, etc - no unique maps are required.
I created a suffix, "dc=example, dc=com", set it up with idsconfig. All is well there.
[A] My first thought is to bind all Solaris clients, regardless of their DNS domain, to the baseDN of "dc=example, dc=com" in order to avoid having a separate suffix for each DNS domain. I tried to do this using "-a defaultSearchPath=dc=example,dc=com" with ldapclient init, but it failed with an error indicating it wants to see the nisDomainObject of its real DNS domain.
The second though I had, which I don't believe is possible, is to find some sort of a LDAP equivalent of a symbolic link so that I could actually have an object for each DNS domain, but it would simply point back to "dc=example,dc=com". I can't find anything in the documentation which suggests this is possible, but I'd love to be wrong!
[C] Perhaps this could be somehow done with a rats nest of SSDs, but that really seems unwieldy, right? I plan on using a fair amount of the available objects, so it would be many SSDs per suffix. Yuck.
Can anyone comment on my above thoughts, or provide how they would go about supporting multiple DNS domains that have common configuration data?
Thank you,
ChrisOk, I answered my own question. Turns out it's pretty easy. Just use the "-a domainName=example.com" option with `ldapclient` then make sure that the FQDN of the LDAP server is available (or use its IP address). My problem was that the ldapclient overwriting nsswotch.conf was clobbering the SSL session because I used the FQDN which couldn't resolve.
This leaves an interesting condition of having the output of "domainname" not match the DNS domain. I'm testing now to see if this causes any unexpected issues with our environmnet, but I suspect it's not a problem. -
Can the AP1310 running on IOS 12.3 supporting on LDAP
hi,
My WLAN topology is like this: one WLSE for centralized management, LDAP server for authentication purpose, plus aironet AP1310.
I would like to ask either the AP1310 able to support the user authentication on LDAP server.
If yes, can please suggest what need to configure over the AP and the WLSE.
thanks in advance
noelNo. You can configure local authentication on the 1300's, which will allow an AP to act as its own RADIUS server, but it will only authenticate against local user accounts on the AP, not an external LDAP server.
If you were running lightweight mode, the controllers can do "Local EAP" and authenticate to an LDAP, but that's not an option for IOS/autonomous APs.
If you must authenticate against the LDAP with your current deployment, your best option will be to set up a RADIUS server- ACS, IAS, FreeRadius, etc.
Note that there are issues that may come into play when attempting to authenticate using PEAP/MSCHAPv2 against an LDAP directory, so be careful if you're using 802.1X that your inner authentication method is compatible with the directory you're using. -
How can I copy multiple slides with a HP Scanjet 4050 to photoes using Maverick? HP apparently no longer supports this product for OS Maverick.
VueScan
VueScan FAQ -
OSB (11.1.1.7): Can OSB/Weblogic (11.1.1.7) support multiple PKIs (Public Key Infra-structure)
Hi All,
Would you be able to help me in understanding if OSB/Weblogic (11.1.1.7) can support multiple private key's in the domain to enable 2-SSL W/S calls ?
Solution walk-through :
A 3rd Party Web Service is only accessible via 2-way SSL http channel. To achieve this, OSB is required to use the private key which is issued by 3rd party. This private key and 3rd party root certificate (CA) need to be installed into OSB’s keystore which is based on Java Keystore format.
The private key (issued by 3rd Party) will be used by OSB for identity signature. This private key is bound to IP address of the OSB machine calling the 3rd Party web service. Also, 3rd Party root certificate (CA) will be used by OSB to verify the identity of 3rd Party web service.
Given the private key is used as the identity of the system and should be guarded closely by the target system, we believe this approach needs to be reviewed and assessed accordingly.
Limitations and drawbacks with the current solution :
1. The private key of OSB system is issued and controlled by an external application vendor.
2. OSB is enforced to use this private key and its signature algorithm for other external parties’ interactions. The current client certificate issued by 3rd Party is X509v3 certificate which uses RSA, with a 2048-bit key size, signed with a SHA-512 hash.
3. The SSL is self-signed, not signed by a publicly trusted cert provider (i.e. VeriSign)
4. Extra dependency on external vendor systems as the key provider. Currently, the keys are bound to server IP address; any changes to the production environment, (i.e. adding new nodes) will require a new key to be generated by 3rd Party system. In case 3rd Party is no more used in the future, the keys can no longer be generated.
Conclusion : OSB does not support multiple PKIs (Public Key Infra-structure) which is a mapping mechanism that OSB uses to provide its certificate for SSL connecitons to the server. Multiple private keys, require multiple PKIs which OSB does not handle.
So, do you agree that OSB/Welblofic (11.1.1.7) could not support multiple private key issued by more than one 3rd party vendor ?
Thanks,
Kunal SinghHi Kunal,
Although it is recommended to have 1 key pair for 1 identity store as it represents unique identity of your domain but you can:
import multiple key-pairs in your identity store
Configure PKI credential mapper to use reference of identity store consisting of multiple keys
When in your OSB project, you create Service Key provider(SKP) then it loads all the private keys present in identity store referred by PKI mapper. It will browse both the keys.
Depending on your requirement, you can choose different key pair for for different SKPs for "Client Authentication key" section(For SSL) and "Signature key" for DigiSign.
Please let me know if i understood your query correctly and above helps.
Regards,
Ankit -
Can a single HID report descriptor support multiple touch screens with different sizes?
Hi Experts:
I have a question for specifying touch monitor sizes in the HID report descriptor:
Can ONE HID report descriptor support multiple touch monitors with different sizes ?
Thanks in advance
leoMy screen shot is from AA9, and I have seen that the UI for AAX is vastly different, but...
Choose Paper Source from Page Size should be the "one-touch" solution your looking for.
In my test, my Konica-Minolta Bizhub failed to detect the proper paper trays, but Acrobat correctly spooled the pages. -
Does the NI-CAN 2.5 Channel API support multiple periodic tasks?
I have different channels that need to be output at seven different periods. Can I create multiple periodic tasks with different periods or am I going to have to either use software timing or the Frame API?
Robert C. Mortensen
Certified LabVIEW Architect
Certified LabVIEW Embedded Systems Developer
EndigitHi,
yes you can initialize multiple task with different sample rates, but you have to initialize all sequentialy and then to start thee tasks sequentialy.
Attached you can find an example for LabVIEW which shows how to do it.
DirkW
Attachments:
CAN_Multi-Chans_Diff-Period.vi 26 KB
Maybe you are looking for
-
Fingerprint Reader access to KeePass (from a Thinkpad with Password Manager)
The goal: secure, convenient, automated login to password-protected sites KeyPass is a great open-source program for secure creation, storage and use of login passwords and other information. With a plugin called KeeForm, it allows very convenient au
-
Driver please! NVidia Quadro NVS 140M Windows 7 64-bit
Installed Windows 7 RTM (Professional, x64) on my T61. Surprise! There's no driver for my NVidia Quadro NVS 140M, and I can't install the one that I downloaded from NVidia. I'm stuck in 1024x768. Ouch! What's the plan, Stan? If there are any driv
-
Generating Dynamic Query for Ad-Hoc Reports
Hello, What is the best way to create a dynamic query to generate ad-hoc reports? I have a couple of ideas but not sure which would work best and be most flexible. I would like our users to be able to check checkboxes for what data they would like re
-
T420s-NVIDIA NVS 4200m shows up as Standard VGA
Hey all, So I've had this problem for a while now, I know that in my T420s there is a NVIDIA NVS 4200m GPU, but it refuses to recognize that it even exists. I'm running it in NVIDIA Optimus mode, but in Device Manager, all that shows up under the
-
I need to install Photoshop Elements 12 and Premiere Elements 12......how do i do from setup.exe?
trying to download and install Photoshop Elements 12 and Premiere Elements 12 from a downloable card ...with serial numbers....it says I have to load from setup.exe....how do I do this?