How to cluster ISE 1.2.1.98

Similar Messages

• How to use ISE for VPN auth

  Hello
  looking for documenation how to setup ISE to authenticate VPN users. Right now we are usign ACS 4.2 to provide dACL and authetnication but would like to migrate this feature to ISE. Wea re using microsoft AD.
  Any good docs, white papers, field notes, how-to that can address this issue will be appreciated.
  Thanks

  We use the ISE for VPN (connection with openldap). On the authentication policy you have multiple options. We used the network access - device ip address option. On the Authorization  tab we used again the ip address option in combination with an ldap attribute where there was a definition of the status of the person (student, teacher, admin,...). On the policy elements tab we made some authorization profiles in results - authorization - authorization profiles. When you make a new profile you can select under Common tasks the asa vpn attribute. There you can  for example insert admin.
  So if you have an admin user that wants to login:
  authentication: user found in ldap (or ad)
  authorization:
  -user is coming from asa ip address
  -user attribute is admin
  = user is authorized for the admin class on your asa vpn device.

• How to cluster LDAP?

  I've been searching for a couple of days on how to cluster LDAP. I've found several places that say you can do it but nothing showing how. Does anyone have a link to some documentation on this? I have a couple of OES2SP3 servers in a cluster and I have an LDAP_VS set up and it seems to work for other OES servers but not for SLES10.x servers.
  Thanks,
  Toney.

  >
  > Cluster for what purpose? High availability? Load balancing? Is this eDir's LDAP interface or are you after OpenLDAP clustering?
  >
  Availability of eDir LDAP.
  >
  > There's 2 basic methods I can think of:
  >
  > 1) You have two servers with your replicas on them and simply run two instances of LDAP (which is default with OES2) on them, and use a load balancer/L4 switch or something in front of them to JUST load balance the 389/636 stuff. That's what we do.
  >
  > 2) You can simply create an IP resource and use THAT to "float" between the two nodes (again, assuming that the servers hold edir replicas).
  >
  > However, you say it works for OES but not for SLES. This is the OES2 Linux forums. Are you using JUST SLES and NOT OES2 Linux?
  >
  > If so, you might want to ask in either the eDir-Linux forum or the SLES forum.
  We chose option 2. The LDAP_VS resource that I mentioned is that floating IP resource. Sorry I wasn't clear on that.
  We are using a mixed environment of OES Linux and SLES servers. We are currently using a Netware 6.5 server for eDir LDAP but when it crashes, nscd has to be restarted on all the other linux servers or it starts consuming sockets and in a couple of days the server become useless because nscd ate all the sockets. So we thought we would just put a clustered IP resource on one of our existing OES Linux clusters and that would solve the problem. When I configure other OES Linux servers to use LDAP_VS for the "LDAP for OES" settings, they work just fine, I can ssh to them and login with my lum enabled user ID. When I configure SLES servers to use LDAP_VS for LDAP lookups, I cannot ssh into them, I just get prompted repeatedly for my password. I'm really not clear on how this all works so I may be asking in the wrong forum area. I just thought that since I was trying to configure this on an OES Linux cluster that the OES Linux forum would be a logical place to start. Should I go to one of the other forum areas you mentioned?
  Thanks,
  Toney.

• How to cluster Apache?

  Okay I know this isn't really a cluster apache thing (as the apache code is on the local servers volme) but I guess what I want/need to know is how do I cluster an alias on an NSS volume?
  So each cluster server has the Apache engine on it.
  I have an NSS volume with say, an index.html and stuff on it that I want served up
  Do I:
  1) Create a separate virtual server for apache to load when I float the cluster resource around?
  or
  2) Configure each of the server's document/alias stuff to point to that volume and then as the node floats around it magically works?

  More of the latter - once the volume is in place and the IP address
  added, the apache2 restart will complete the bind.
  HTH
  T
  On Mon, 18 Oct 2010 21:36:02 GMT, kjhurni
  <[email protected]> wrote:
  >
  >Okay I know this isn't really a cluster apache thing (as the apache code
  >is on the local servers volme) but I guess what I want/need to know is
  >how do I cluster an alias on an NSS volume?
  >
  >So each cluster server has the Apache engine on it.
  >
  >I have an NSS volume with say, an index.html and stuff on it that I
  >want served up
  >
  >Do I:
  >
  >1) Create a separate virtual server for apache to load when I float
  >the cluster resource around?
  >
  >or
  >
  >2) Configure each of the server's document/alias stuff to point to
  >that volume and then as the node floats around it magically works?

• HOW-TO CLUSTER BOBJ XI 3.1 on HP-UX with MySQL

  Hello,
  I need to understand how to perform an installation of BOBJ XI 3.1 on HP-UX in a cluster.
  The official documentation it's a bit weird.
  Someone  can give more hints on the steps to follow? what should be installed on the first node , what in the second and what is clustered?
  I think MySQL should be clustered before that.
  any suggestion?

  So, you have 2 HP-UX boxes and you want to install BOE on both using default mysql DB and cluster those nodes together - correct ?
  1. you don't need to cluster mysql, you should probably not even use mysql and use another DB located on a separate box.
  2. You install BOE on server 1, make sure all is working.
  3. You install BOE on server 2 and select expanded install scenario in the wizard, when asked for CMS server - give name of the server 1 install. follow the prompts.
  #2 and 3 assume you have setup a DB to host CMS DB for BOE on a third server.
  If you want to use mysql on server 1 as the CMS DB for the cluster (which is a bad idea) , then you have to connect to mysql DB and enable remote access to it.
  you can google the steps fro that.

• How to disable ISE CLI password expiration

  ISE version 1.1.1 patch5 running on VMware.
  I got locked out yesterday due to password expiration and had to recover the CLI "admin" password using the recovery DVD.
  How can I disable this "stupid" feature from ISE?

  There is no password expiration on the CLI. There is a default password aging set to 45 days for the GUI, you can disable this by going to Administration > Admin Access > Authentication > Password Policy > Password Lifetime.
  If you are experiencing issues with the cli account then you need to raise this issue with TAC.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• How to Cluster AS

  dear all,
  i have Oracle9iAS R2 installed(busniss intelgence) with infratstarur on UNIX cluster Node1 and i want to install the Application server so it can be clustered so what can i do, what r the steps, what i did was that i installed Appication server(busniss intelgence) on the other node and when it asked me about an existing SSO i pointed to node 1. i thought it was right anyway thank u all

  I'm also puzzled by this problem.
  Some OTN documents say that I have to create a cluster instance in OEM, so i do. I try to add a 9iAS BI instance in to the cluster, it raises a error which says only instance with clusterable components can be added into cluster. In other documents it is said portal and wireless are unclusterable components, so I uninstall them, than 9iAS can't startup.
  So, I reinstall 9iAS, and try to not install portal and wireless, but find there is no manual intallation type can be choosen. If choose BI installation type, all components will be installed.
  How can I cluster oracle 9iAS, especially form service and report service? And how to manually install 9iAS?

• How to cluster OC4J?

  I want to cluster muti-OC4J.
  Is anyone known how to do this?
  Thanks!
  You can reply this topic or send mail to me .
  Email: [email protected] or [email protected]!
  Thanks again!

  Our preferred model for clustering is that we support it as part of the OracleAS model. This gives you a reliable load balancing mechanism (mod_oc4), a management console with EM (which is MUCH FASTER in 904) and with the recent 904 version support for a managed file based cluster model, which means you don't need to install a database** to manage configuration.
  You can get all this from the J2EE + Webcache installation type from the OracleAS installation.
  ** -- we supported a manual cluster setup model in earlier OracleAS versions which didn't require a DB. Now we support a managed (ie EM and dcm controlled) cluster model without a DB too.
  Can I ask why you are looking to use OC4J clustering instead of OracleAS?
  OC4J clustering is still possible -- it can be configured quite easily by directly modifying the the configuration files. If you look at the documentation for earlier releases, it's documented there. I will try and dig up a link. You will see us spit out a message when you run the loadbalancer.jar that it's going to be de-supported in a future version.
  cheers
  -steve-

• How to cluster the war file conatining the jsp and servlet by using wl6.0sp1?

  There three wlsever6.0 sp1.
            One is admin server and doesn't join the cluster.
            Two servers are cluster server.
            I use the admin console to deploy the war file and the war file conatains
            the jsp and servlet.
            How to config the one of the clustered servers as the primary one, so that
            the client can request the jsp?
            If the one of the clustered servers is closed, can the client be redirected
            to another clustered server?
            Does the proxy server need to be exist?
            

  There three wlsever6.0 sp1.
            One is admin server and doesn't join the cluster.
            Two servers are cluster server.
            I use the admin console to deploy the war file and the war file conatains
            the jsp and servlet.
            How to config the one of the clustered servers as the primary one, so that
            the client can request the jsp?
            If the one of the clustered servers is closed, can the client be redirected
            to another clustered server?
            Does the proxy server need to be exist?
            

• How to use ISE Guest Portal for AD users

  Hi there,
  As  subject explains all, I want to use ISE Guest Portal for my domain  users. I have tried many different ways to authenticate users and  finally I came to the conclusion that ISE CWA works pretty well and is  very stable. WLC Webauth sucks alot, does not redirect to the login page  always.
  Can  you please share what other ways are stable ways to authenticate AD  users? I know about WPA 802.1x authentication but that requires a CA in  the network which is not available at the moment. So can you please  Suggect?
  Otherwise,  I want to use ISE Guest Portal for my AD users as well. AD is already  integrated to ISE, the issue happens when I attempt to athenticate using  AD user account, the user gets authenticated but the Guest Portal  redirects me to Device Provissioning page and there it shows an error  saying "there is not policy to register the device, contact system  admin"
  Am I missing something??
  I am running WLC 5760 with ISE 1.2
  Thanks in advance..

  Hi,
  Can you post a screenshot of your current policies? Also for 802.1x authentication although it is best practices you do not have to have an internal CA to make this solution work. You can disable the option to "validate server certificate" or you can use a trusted CA to sign the certificate for the eap interface.
  In most cases 802.1x is the method to go because it provides dynamic authentication without forcing users to redirected to a web page multiple times throughout the day, scenarios such as computers that sleep or users that are mobile will not have connectivity until they redirect to the portal if one of the scenarios exist. You also gain WPA encryption on your WLAN, if you are using strictly layer 3 web auth you run into issues where encryption is not used and rely on encryption from the application as your method of data integrity and security.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• How to Implementing ise 1.2 authentication user name against mac address

  Hi all,
  My organization wants to authenticate medical devices with certificate.
  What I'm trying to do is on the certificate the name of the user will be his mac address,
  And the ise policy will be if the user name equal to mac address than he authenticate.
  Until now I didn’t succeed.
  Is it possible?
  Lee.

  It sounds like you are trying to do two different things.
  The certificate can be done through 802.1x using peap   I dont know if your devices can handle dot1x so if not they can use MAB.  Far less secure but if its a low level device like a printer that has limited input capability then you are stuck with MAB.  
  What you could do with MAB is use the OUI and some other identifying information (if available) like device host names (This can be derived from DHCP i believe) and possibly av pairs (RADIUS) to help profile the devices.  These can be put into a custom endpoint profile that is given a specific authorization rule.
  The whole point is to try to isolate certain types of equipment so that only they get the custom authz rule 
  Does this make sense?  Im shooting a little blind here without more info.

• How to Cluster OBI server?

  We need to configure the clustering of BI Server. We would like to set up as explained below.
  Server 1 & Server2: Clustered OBI Server
  Server 3: Presentation Server.
  Server 1 and 2 should be a one BI Server clustered to take requests from Server 3 (Presentation server).
  Can anybody let us know how to go about this?

  1. http://rnm1978.wordpress.com/2009/08/25/multiple-rpds-on-one-server-part-1-the-bi-server/
  2. http://rnm1978.wordpress.com/2009/08/25/multiple-rpds-on-one-server-part-2-presentation-services/
  Thanks for the links, but they're a different answer to the one being answered!
  Details on how to implement clustering are in the product documentation here: http://docs.google.com/viewer?url=http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/b40058.pdf (see Chapter 3)
  There's also lots of blog and forum postings about it, just do a search.

• How the cluster works when shared storage disk is offline to the primary ??

  Hi All
  I have configured Cluster as below
  Number of nodes: 2
  Quorum devices: one Quorum server, shared disks
  Resource Group with HA-storage, Logical host name, Apache
  My cluster works fine when either the nodes looses connectivity or crashes but when I deny access for primary node ( on which HA storage is mounted ) to the shared disks.
  The Cluster didn’t failover the whole RG to other node.
  I tried to add the HAstorage disks to the quorum devices but it didn’t help
  Anyways i can't able to do any i/o on the HAstorage on the respective node
  NOTE:This is the same case even on Zone cluster
  Please guide me, below is the O/P of # cluster status command === Cluster Nodes ===
  --- Node Status ---
  Node Name Status
  sol10-1 Online
  sol10-2 Online
  === Cluster Transport Paths ===
  Endpoint1 Endpoint2 Status
  sol10-1:vfe0 sol10-2:vfe0 Path online
  --- Quorum Votes by Node (current status) ---
  Node Name Present Possible Status
  sol10-1 1 1 Online
  sol10-2 1 1 Online
  --- Quorum Votes by Device (current status) ---
  Device Name Present Possible Status
  d6 0 1 Offline
  server1 1 1 Online
  d7 1 1 Offline
  === Cluster Resource Groups ===
  Group Name Node Name Suspended State
  global sol10-1 No Online
  sol10-2 No Offline
  === Cluster Resources ===
  Resource Name Node Name State Status Message
  global-data sol10-1 Online Online
  sol10-2 Offline Offline
  global-apache sol10-1 Online Online - LogicalHostname online.
  sol10-2 Offline Offline
  === Cluster DID Devices ===
  Device Instance Node Status
  /dev/did/rdsk/d6 sol10-1 Fail
  sol10-2      Ok
  /dev/did/rdsk/d7 sol10-1 Fail
  sol10-2 Ok
  Thanks in advance
  Sid

  not sure what you mean with "deny access" but could be reboot of path failures is disabled. This should
  enable that:
  # clnode set -p reboot_on_path_failure=enabled +
  HTH,
  jono

• How to cluster Petstore on WebLogic 8.1

  I created a cluster with both managed servers running on the same machine as the admin server. But I could only deploy petstoreadmin.ear. With the other opc.ear, petstore.ear files, the delpoyment takes forever. I got some warnings like,
  <XA resource [weblogic.jdbc.wrapper.JTSXAResourceImpl] has not responded in the last 120 seconds.>
  I also got error like
  <Error encountered while attempting to create default DBMS Table: 'lineitemEJB'. Error Text: 'Lock time out; try later.'.'>
  First, is Petstore 1.3.1_02 cluster-able?
  Second, what is the procedure to set it up?
  I'd really appreciate any help on this.

  "B" <[email protected]> wrote in message
  news:4022cf75$[email protected]..
  Tried using https://hostname:port/certificate but without success. Any
  advice from anybody?
  What error did you get? Did you deploy the certificate servlet? You may have
  to deploy from
  C:\bea810sp2\weblogic81\server\lib\certificate.war

• How is cluster of 5 elements converted to spreadsheet?

  I have a bundle output as a Cluster of 5 elements.  The cluster is displayed on the front panel.  I desire to convert that to write that information to a spreadsheet that can be opened with Excel.
  Please email me at:  [email protected]

  Hi DocNord,
  easiest would be to create a tab seperated textfile of your values: Unbundle the elements, convert them to text with tabs between the single elements and write it to a txt-file.
  More hints:
  - When all elements are of the same type you can/should use an array instead of a cluster.
  - There are functions to write spreadsheet files directly from 1D/2D arrays.
  - There's a function to convert a cluster (of elements of same type) to an array (and also vice versa).
  Best regards,
  GerdW
  CLAD, using 2009SP1 + LV2011SP1 + LV2014SP1 on WinXP+Win7+cRIO
  Kudos are welcome