Cisco ACS questions for new deployment

Similar Messages

• RSA SecurID and Cisco ACS integration for user(s) with enable mode

  I thought I had this problem figured out but I guess not.
  I have a Cisco 2621 router with IOS 12.2(15)T17. Behind the
  router is a Gentoo linux, RSA SecurID 6.1 and Cisco ACS 3.2.
  I use tacacs+ authentication for logging into the Cisco router
  such as telnet and ssh. In the ACS I use "external user databases"
  for authentication which proxy the request from the ACS over
  to the RSA SecurID Server. I installed RSA Agents with
  sdconf.rec file on the Cisco ACS server. I renamed "user group 1"
  to be "RSA_SecurID" group. In the "External user databases" and
  "database configurations" I assign SecurID to this "RSA_SecurID"
  group.
  Everything is working fine. In the "User Setup" I can see dynamic
  user test1, test2,...testn listed in there as "dynamic users". In
  other words, I can telnet into the router with my two-factor
  SecurID.
  The problem is that if test1 wants to go into "enable" mode with
  SecurID login, I have to go into "test1" user setting and select
  "TACACS+Enable Password" and choose "Use external database password".
  After that, test1 can go into enable mode with his/her SecurID
  credential.
  Well, this works fine if I have a few users. The problem is that
  I have about 100 users that I need to do this. The solution is
  clearly not scalable. Is there a setting from group level that
  I can do this?
  Any ACS "experts" want to help me out here? Thanks.

  That is not what I want. I want user "test1" to be able to do this:
  C
  Username: test1
  Enter PASSCODE:
  C2960>en
  Enter PASSCODE:
  C2960#
  In other words, test1 user has to type in his/her RSA token password to get
  into exec mode. After that, he/she has to use the RSA token password to
  get into enable mode. Each user can get into "enable" mode with his/her
  RSA token mode.
  The way you descripbed, it seemed like anyone in this group can go directly
  into enable mode without password. This is not what I have in mind.
  Any other ideas? Thanks.

• Cisco ACS check for AD

  Hi,
       Is there any way to check that the Users were authenticated by AD through cisco ACS 4.2, I have deploy the Cisco ACS 4.2 with WLC 5500, now i have to check whether the user are authenticated by ACS or AD kindly guide me how i check it.
  all users were connected and authenticated having domain user.
  i am confuse whether ACS authenticate users from internal database or from AD.
  Kindly help me..... ill b very thankful to you.....
  M.Bilal Iqbal

  Ok if you have a user set up in ACS in a group and it is marked "windows" its getting sent to AD to get authenticated. Did you check your pass logs ? There is a field called database. This should show you if the user is ACS or AD. If its AD it will have the name of your domain (that was set up in ACS).

• Migration Question for New Leopard Mac Mini

  Oh my... I have a new Leopard Mac Mini still in the box!
  I want to connect it up and migrate my iTunes and iPhoto libraries, etc. to it from my old Mac Mini but here's the thing: my old Mac Mini is a G4, powerpc mac has been through a sort of mini **** lately and at this time will need it's hard disk repaired before I will be able to get it back up to 10.4.11 and Safari 3.0.4. that it had had only last week, before all manner of disasters happened after the last security update. Genius bar made it relatively functional by re-installing the OS but they used 10.4.7 and Safari 2.0.4. to do it! So here is my question: Do I need to get my PPC Mac back up to snuff completely before I can migrate stuff from it to the new Leopard Mac Mini or can I do the migration and get everything nice and lovely on the new machine even though there are still problems on the old Mac Mini?
  Here is the problem that the PPC G4 Mac Mini has at this time:
  Verifying volume "Macintosh HD"
  Checking HFS Plus volume.
  Checking Extents Overflow file.
  Checking Catalog file.
  Invalid index key
  The volume Macintosh HD needs to be repaired.
  Error: The underlying task reported failure on exit
  1 HFS volume checked
  Volume needs repair
  Would this pose a problem in the migration?
  Any help and advice would be greatly appreciated! Thanks so much! -Charlotte

  The best thing I can say about your post is that at least you realize that Installing Leopard on a broken Tiger and a G4 processor files is exactly how hundreds of the problems are being caused. Too many people have decided that "Apple Just Works" and figure that installing the newest most complex MacOS ever will just work. These people are getting "worked".
  Good Luck cleaning up your machine to tip-top shape to 10.4.11, with every update for every program you intend to transfer. Your drive must be squeeky clean, or you will have problems that nobody can explain. I'd recommend removing any applications you don't have to have or that you can reinstall easily with a program like App Zapper and get rid of the G4 system files as much as possible.

• Selling old iPhone 3g - erased, removed sim questions for new buyer

  I have an old 3g that we have service turned off on, i did the erase all content thing and removed the sim, phone restared and said I needed to hook it up to itunes and it needed the sim againput the sim back in, got the phone back to what looks like day one (then removed the sim after itunes set it up as a new phone vs using exsiting restore or backup).
  So now the phone has no sim and everything appears to be there in terms of the basic apps nothing i can see has any of my info or history on it.
  My question is if I sell this like this how does the new buyer install apps on it thru the app store, i can access wifi and watch youtube stuff but when I tried to install a free app but it just keeps asking for existing or new acct, if they setup a new acct and that 3g has no sim card will they be able to access and download content to it (also if they setup a new acct in itunes can they purchase apps with that too)? 
  I am pretty tech dumb when it comes to that sort of thing, noting sensitive on the phone realy even before the erase, but if i sell it like this I just didnt want the new buyer to somehow be able to buy apps on my acct (the itunes existing acct stuff is all blank I checked it), but i do want them to be able to get apps on the phone for their own use thru wifi so I am guessing they just have to create their own itunes acct and then even without the sim it would let them grab apps?
  Or do they need a sim, if so will att give them a blank or is the phone basically useless without it (I thought I heard never give out my sim even tho the phone is deactivated I wasnt sure on security).
  Thanks for anyone who can clear this up for me, don't wanna sell it and find out i didn't follow some rule of safety for my own acct etc.
  Bill

  Settings > Messages > iMessage > Off
  Settings > FaceTime > Off
  Settings > iCloud > (Scroll Down) Delete Account
  Settings > General > Reset > Reset All Content and Settings.
  In that order and you're good. I've never removed a SIM before selling and I haven't had any problems. Also they would need a new SIM to activate sevice so any potential for your information going to the device after sold is gone.
  Hope that helps

• Standard Business Questions for new FI/CO implementation

  Hello,
      Can anybody please provide a standard lists of questions to ask Business persons for FI/CO implementation or suggest where can it be found/available. kindly send to this email : [email protected]
  Please assist in this reagard as it is very urgent.
  Points will be given generously.
  Thanks

  Hi Ashwin,
  Please Find below the some of the general questions asked for a new implementation.
  1)     Describe in as much detail as possible of the business at your location and its processes regarding
  2)     Prepare a complete list on all legally required reports, forms and templates (e.g. Financial Statement Versions Balance, P&L, Cash Flow Report, Expense Report, Reconciliation Report about Diff. US GAAP / local Tax Law, etc).
  3)     Will you need an interface to other external software? (e.g. payroll, taxes, barcode, etc.).
  Please list and give a brief explanation.
  4)     Please list all your required payment terms.
  5)     For the creation of vendor tolerance groups (price, no quantity) please give appropriate details.
  6)     For the creation of automated journal entries, please give a complete overview on the assignment of cost elements to cost centers.
  7)     As a preparation on the mapping of the chart of accounts, please prepare a complete list of all required accounts that will have to be assigned to the new number ranges, in the Global Chart of Accounts.
  8)     Is there a legal requirement for an alternative chart of accounts for your entity?
  9)     Please prepare a complete list of all the common payment methods you have in use
  10)     Please deliver a complete list of national bank indicators and codes
  11)     Will you need different payment formats for different countries? Please give an overview. 
  12)     Provide An Organisation Chart (Bring a copy with you)
  13)     Provide your Current Chart of Accounts Listing (Bring a copy with you)
  14)     Provide a list of Cost Centres
  15)     Request from the bank complete bank directory listing relevant bank information for all banks in your country.
  16)     What types of transactions are typical for each account
  17)     Approximately how many transactions are processed daily on each bank account?
  18)     Do you currently receive bank Statements in manual or electronic format? 
  19)     How do customers typically pay
  20)     Please provide a list of all the currencies you currently deal with
  21)     Prepare a sample each of the month- end / year- end closing schedule
  Please assign points if found useful
  Regards
  Genie

• Old user, questions for new forums

  the last time that i needed to DL extensions was right after
  the macromedia/adobe merger. being a longtime dreamweaver user, i
  was very familiar with the exchange and had no problem with it
  except that i was a bit slow to browse through. and, also, being a
  longtime photoshop user, i was familiar with the adobe
  support/downloads/forums etc. as well.
  i have a new computer and am now using dw 8 and am looking
  for some dw extensions. the exchange no longer lists information
  about the software compatibility of the extensions. so i came to
  the forum to look for information. the dw general forum lists
  119814 topics, and yet i can only access 2 pages (40 topic).
  my next step was to seek out a _forum_ forum. the closest
  thing i found, linked from
  http://www.adobe.com/support/forums/index.html
  (which also links to this forum) was under general/forum
  comments. i discovered that it required a different log-in
  procedure, requiring a first/last name for user, instead of the
  email address that this forum requires. well, this turns out to be
  defined as a "user to user" forum and
  restricted to only that. for example, the faq had a question
  regarding downloads (i'm thinking maybe i'll find a link to a
  better-functioning dw exchange). but the answer to this
  "faq" was "there are no
  downloads in the user to user forum".
  i want to be able to get dw extensions and to locate a forum
  that addresses this activity. i also want to locate a forum that
  discusses the functionality of the support forums in general.
  and, possibly, most importantly, i want to be able to access
  more than just the 40 most recent postings in a forum that claims
  to have almost 12,000 topics.
  thanks,
  jf

  Did you logout from the old account and do the delete from the new administrator account? You may have to click the padlock at the lower-left if it is locked.

• Video card question for new iMac

  Howdy all,
  I'm about to order a new BTO iMac, and I'm wondering if somebody could give me feedback on the two different video cards available.
  Cost is not really a concern here (I would rather spend more on the video card and cut back on something like RAM for now because RAM can be upgraded later). My main concern is performance and the best image quality.
  I understand the NVidia would be faster for 3D gaming than the ATI - which I would use a little bit. So the NVidia would seem to be a no-brainer.
  However, I've heard a couple people (on various forums) state that although the NVidia is definitaly faster for gaming - it performs slower than the ATI at some tasks like iMovie and iDVD tasks and text scrolling and motion are not as good.
  For me, I would love to have the faster 3D gaming speed of the NVidia for the few times I do game...but the most important thing to me is image quality for things like photo and video editing, working with documents etc. Are any of these thoughts regarding the NVidia vs ATI true?
  Does anybody have any advice regarding the performance these two cards? Any help would be really appreciated. Thanks!
  Sully

  I had the 20" 2.16 (late 2006 model) with the x1600 128MB and now have the 24" 2.8 2600Pro 256MB and 2G stock RAM. It's night and day with Call of Duty 2. I am able to play COD2 in 16:9 mode, all graphic settings max'd out and the fps? Wow! One most maps it ranges between 190-270fps! That smokes the previous version of 40-90fps. One the most complex maps my 24" drops to 90-110 range. Seriosuly, anything above about 60fps is perfectly playable! I'm thrilled with the stock card. However, COD2 is older, I play it native in OS X and do not game in boot camp. That may change a few things.

• Cisco Visio Stencils for newer modules

  I have been trying to find stencils for 6500 modules released in the last couple of years, and have had very limited success.  I need stencils for WS-X6748 modules, WS-X6724 modules, WS-X6848 modules, WS-X6816-2T modules and SUP-2T modules, as well as the NAM3.
  If anyone can tell me where these can be found, it will be greatly appreciated.

  Hi,
  Most of what you listed are on the latest Switches-Catalyst 6500 located on the Visio download page:
  http://www.cisco.com/en/US/products/hw/prod_cat_visios.html
  The WS-X6748 and WS-X6724 modules are not in that file.  I will ask the product group if they will approve production of those items.
  Regards,
  Brett Newman
  Cisco Visio Production
  Visimation Inc.
  www.shapesource.com

• Audio question for new tv

  Hi all.
  We bought a new panasonic plasma and pick it up tomorrow and the ONLY audio out is the (DIGITAL AUDIO OUT) and my  receiver has only a (Digital sa-cd cd input) and Im hoping that that input on the receiver will work with the out of my tv. I think that because it's still a digital input on the receiver it's going to work.
  PLEASE tell me this will work.
  Thanks for any help offered. heres a pic of the input if that makes any difference
  Solved!
  Go to Solution.

  Does the connector on the TV's output look the same?
  There are two fairly widely used standards for digital audio:
  Coaxial S/PDIF (usually an orange RCA connector)
  Optical (often called TOSLINK) - the input on your receiver is a TOSLINK input.
  It looks like you just need a TOSLINK cable between the TV and the receiver.  You may need to tweak the TV's settings to output an audio format the receiver understands - TOSLINK allows for many different formats, but many receivers only support a subset of them.  (Raw digital stereo at 48 kHz and Dolby Digital are supported by nearly everything.  DTS is less well supported, as are higher sampling rate raw formats.)
  *disclaimer* I am not now, nor have I ever been, an employee of Best Buy, Geek Squad, nor of any of their affiliate, parent, or subsidiary companies.

• Demarc question for new construction & installs RG6, RG9, Cat5e, Cat6????

  I am having a new home built in a neibrohood that has GigaPower in Austin.. What I can't seem to find out is what kind of connection GigaPower uses from the outside of the house to the inside of the house?   I need to tell my builder what kind of cabling to make sure is connected between the demarc and my networking cabinet.  (for instance does GigaPower actually connect a fiber all the way to the modem? or does it connect to a transeiver on the side of the house and convert to some form of copper... and to that end what form of copper?)  Thanks all  

  The Optical Network Terminal (ONT) mounted on the outside of your house will be connect to the Residential Gateway on the inside of your home using Cat 5e/Cat 6 Ethernet cabling.
  My understanding is that the ONT is powered by an AT&T provided Power Supply Unit plugged into a wall outlet inside your home within 100' of the ONT.  This contains more inforrmation (though I'm not sure that the BBU information is current).
  http://www.att.com/support_media/images/pdf/uverse/b2c154417_battery_backup.pdf

• Streaming question for new upgrade - loading library

  It appears that with the new version, if I'm streaming, and if I go out of music to check or change settings, or do some other function, that when I go back to listening I have to load the library and wait for it. This is new, right? and a pain.

  It's true. I ended up switching to syncing just a small portion of my library. I've found when I do this, it doesn't try to load the library each time, but all the un-sync'd items are still available in atv for streaming.
  This is not a great upgrade, in my opinion. Lots of strange stuff - like if you do set up true streaming all your media ends up in the menu item "shared..". The way Apple locks down atv to the local network, wouldn't all shared media be "my" media? Why separate out the My stuff from the Shared stuff? Simplified User Experience is not a phrase I'd use to describe the 2.0 upgrade.

• Capitalization question for new iPod

  Okay - this will probably sound pretty dumb to most - but it's bugs the crap out of me...
  Just got the new iPod yesterday and in my list of groups the following happened...
  "Day of Fire"
  "Robert Randolph & the Family Band"
  the words "of" and "the" are not capitalized - they used to be on my other iPod.  There are other groups - "Cord Of 3" and "Sixpence None The Richer" whose names are just fine.  I went into the "info" and "sorting" tabs - and all are correctly capitalized in each spot the names come up...  Just wondering if anyone has any clue on how to get every single word capitalized...
  Markaaro

  Believe it or not, I don't know how to release the
  shuffle from the clear plastic pack. I am afraid of
  breaking something. I've removed the clear tape that
  holds the top in place, but nothing else is moving
  without force, and I don't want to use force. I am
  sure millions have succeeded in releasing their iPods
  from the original package. Advice anyone?Thanks in
  advance.
  Look carefully at the package and you'll see a seam whereby you can separate the halves with a thumbnail (or equivalen sharp object).

• Village idiot question for new iPod shuffle

  Believe it or not, I don't know how to release the shuffle from the clear plastic pack. I am afraid of breaking something. I've removed the clear tape that holds the top in place, but nothing else is moving without force, and I don't want to use force. I am sure millions have succeeded in releasing their iPods from the original package. Advice anyone?Thanks in advance.

  Believe it or not, I don't know how to release the
  shuffle from the clear plastic pack. I am afraid of
  breaking something. I've removed the clear tape that
  holds the top in place, but nothing else is moving
  without force, and I don't want to use force. I am
  sure millions have succeeded in releasing their iPods
  from the original package. Advice anyone?Thanks in
  advance.
  Look carefully at the package and you'll see a seam whereby you can separate the halves with a thumbnail (or equivalen sharp object).

• Cisco ACS 4.1 Windows License Key Question

  How do I obtain the license key for my Cisco ACS Server for Windows software v4.1?

  For acs windows, there is no license key. You need to purchase the acs software.
  During installation, it does not ask for any key.
  Regards,
  ~JG
  Do rate helpful posts