Legacy Profile on ACS Unix migrate to ACS 4.2 windows using TACACS+ av-pair

Similar Messages

• What's the migration path from ACS v3.3 to ACS v5.1?

  It's a standalone appliance 1112 running on ACS v3.3, how to migrate to another standalone appliance 1120 with ACS v5.1?
  Does CISCO have any documents about this?
  I remember I used to read an article about how to build a temp ACS v4.2 windows to help this kind of migration, could anyone help to send the doc link to me?

  Your basic assumption is correct. There needs to be a two stage process where first migrate to ACS 4.2 on Windows and then from there perform migration to ACS 5.0/5.1.
  When ordering ACS 5.0/ACS 5.1 the disk set includes all the software required to perform this upgrade.
  Going from from 4.2 to ACS 5.0/5.1 is migration; not upgrade; since need this reads a subset of the data items from ACS 4.2 and creates them on ACS 5.0/ACS5.1. This includes the bulk objects such as devices and internal users. However, the policy configuration on ACS 5.1 needs to be performed manually since follows a very different concept.
  The migration guide can be found at: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/migration/guide/Migration_Book.html

• Cisco ACS 4.2 migration to ACS 5.4 advice

  Hello all, we are planning migrating off our ACS 4.2.0.124 ( non appliance ) to ACS 5.4. I'm looking for any advice or tips from anyone that has done the migration.
  Is the migration tool intrusive or can it be run at anytime?
  I thought about not using the migration tool and do a new install however we have a few hundred MAC address entered for a Mac authenticated SSID as well as about a 100 switches and routers for TACACS.
  We have about a half dozen WIreless Controllers that use AAA with a mix of SSID's that are doing WPA2 with Mac authentication, LEAP, and, PEAP. We also use TACACS for routers and switches and AAA for anyconnect users.
  Any advice on the migration process would be appreciated.
  Thanks,
  Dan

  Actually I managed to copy/paste from the ACS4.2 to the CSV file. The passwords will not be imported though so you have to reset the password for all users and let them change it.
  If I were you I would have use the import utility to migrate users to keep the password then I will update the information of users (including group membership) via update template CSV file.
  The migration I used before included few users that I could create on the spot and ask them to reset the password.  Most of the data were MAC addresses for MAC auth and IP addresses for TACACS+ AAA clients (switches, routers...etc).
  If you have too many users then the migration tool is your friend to get them imported without having to reset the password.
  It is also important that you read the migration guide before you use the utility. You'll find valuable information about what will be imported and how. What data will be maintained and what will not.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• ACS 4.2 to ACS 5.4 database replication

  Hello All,
  I would like to know if its possible setup database replication from Cisco ACS 4.2 server to ACS 5.4 server ?
  Thanks in advance
  Mohsin Saleem

  Unfortunately, database replication (trigger update) cannot be performed as it requires both the ACS boxes to run same code.
  If you meant migration then yes that can be done.
  Migrating from ACS 4.x to ACS 5.4
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/migrate.html
  Jatin Katyal
  - Do rate helpful posts -

• Using TACACS+ auth from ACS 5.1.0.44 to ACE. Having Issues with Shell (Exec)

  Using TACACS+ auth from ACS 5.1.0.44 to ACE. Having Issues with Shell (Exec)
  So I am trying to get TACACS+ auth to work for my ACE.
  The command string that I have on the ACE is as follows:
  tacacs-server host 172.16.101.4 key 7 XXXYYYZZZ timeout 15
  aaa group server tacacs+ tacacs+
    server 172.16.101.4
  aaa authentication login default group tacacs+ local
  aaa authentication login console local
  aaa accounting default group tacacs+ local
  But to finish getting this enabled I need to create some sort of shell (exec) string in the ACS that tells the ACE what permission level to allocate.
  I do not know how to do this on the ACS 5.1.0.44.
  Anyone know?
  TAC made a good suggestion but the command path doesn't seem to line up with my version of ACS.
  Thanks for your reply. About this question:
  shell:<Context>*<Role> <Domain>
  What I meant is that you need to check the following couple of things on
  your ACS server in order to have AAA Tacacs users to login into the
  ACE over the context with superuser ritghts.
  Group setup ‑> users ‑> TACACS + Settings ‑> enable Shell(exec)
  ‑> enable Custom attributes ‑> right below this part you need to
  use the following sintax to link the ACE context that this user
  has access to.
  For example:
  shell:<Context>*<Role> <Domain>
  shell:Admin*Admin default‑domain
  Where this user will have access to the Admin context with the role
  admin using the 'default‑domain'

  Wilfred,
  What you will have to do on your version of ACS is modify the shell profile that your admins are hitting for other IOS devices or you can create another shell profile under Policy Elements -> Device Administration ->
  Once you get into this shell profile select the Custom Attributes tab and put in the following fields close to the bottom of the screen, from the example you provided type shell:Admin for the attribute field and then default-domain for the value field, and make sure you select this requirement as optional, if you select mandatory and other IOS devices use this same shell profile you will force this av pair to these devices also which will impact the priv levels that then need for authentication.
  After you add this attribute, save your changes and then test, also make sure that your Aceess Policy is calling this shell profile under the authorization profile for default device admin.
  Thanks,
  Tarik Admani

• ACS 5.3, ASA using TACACS+ forces to PAP?

  As the title says I'm trying to have an ASA (8.2.3) auth against an ACS 5.3 using TACACS+.  It only works if I have PAP enabled on the ACS.  Obviously this concerns me.  I've found the following reference in the configuration guides:
  TACACS+ Server Support
  The ASA supports TACACS+ authentication with ASCII, PAP, CHAP, and MS-CHAPv1.
  I can't figure out how to make the ASA use MS-CHAPv1 though.  Seems like it should be pretty simple.
  Incidentally I was having the same problem with VPN auth's using RADIUS but I was able to fix that by enabling the password management option which is only available in CHAPv2.  Seems that option isn't available under TACACS+.
  Any suggestions?

  As far as I am aware the asa will only use PAP to authenticate console exec logins. I wish it used chap-v2.
  Sent from Cisco Technical Support iPhone App

• Billing Legacy master & transactional data conversion/migration in SAP ISU

  Hi Experts,
  Please let me know, in ISU implementation project, what is Billing related Legacy master & transactional data conversion/migration is done in SAP ISU system.
  Thanks in advance

  Pankaj,
  There is no straight forward transaction to download the Configuration data and export it to a file.
  However, you can use the BC set functionality to extract the IMG node with its contents.
  Check the following  SAP help portal link for more info on BC sets
  Business Configuration Sets (BC-CUS) - SAP Library
  The archive data that you are talking about; Is it master data or transaction data?
  Also, what this data is related to-Financial Documents, Billing related info?
  There is one standard transaction SARA through which based on the migration object you can archive the data and export it into a file in a particular location..
  Hope it helps..
  Thanks,
  AB

• Told my profile needs to be "migrated"

  BT Sport is unavailable to me on channel 507 with youview box. I have been told that my profile needs to be migrated and that will take at least 3 days. By the way, as Mumbai have confirmed, I shouldn't complain as I am getting BT Sport for free! Oh, and when I try to access online it doesn't work either as my activation hasn't worked. Customer services tried to tell me it was a browser problem but they didn't take me up on the offer to bet on that. I had to get the Head of Customer Services in Glasgow to sort out my original set up and was eventually compensated for the number of wasted BT engineer visits. Looks as though it may be going the same way again....BT Technical side has not caught up with their marketing and their customer service is useless.
  Has anyone else been told their profile needs to be migrated? 

  Hi Fiscalist,
  Thanks for posting. I can take a look into this for you. Drop me an email with the details. You'll get the 'contact us' form in the about me section of my profile.
  Cheers
  David
  BTCare Community Mod
  If we have asked you to email us with your details, please make sure you are logged in to the forum, otherwise you will not be able to see our ‘Contact Us’ link within our profiles.
  We are sorry but we are unable to deal with service/account queries via the private message(PM) function so please don't PM your account info, we need to deal with this via our email account :-)

• User Profile Services:How get to know how many user are using my site.

  Hi,
  User Profile Services:How get to know how many user are using my site.
  Recently i have done migration sharepoint 2010 to sharepoint 2013,I did not migrate USer profile services because less user are using user profile here,but i need to know how many few uer are using my site for data store.
  Is any why we can get to know  user name who are using my site document library and other things.
  Hasan Jamal Siddiqui(MCTS,MCPD,ITIL@V3),Sharepoint and EPM Consultant,TCS
  |
  | Twitter

  Fallowing command shows only count of my site user ,I need to know how many upload data on my site
  Hasan Jamal Siddiqui(MCTS,MCPD,ITIL@V3),Sharepoint and EPM Consultant,TCS
  |
  | Twitter

• Migrating from SBS 2011 to Windows Server 2012R2 Standard with 365

  Im looking to move SBS 2011 to Server 2012R2 standard and with a 365 migration as well.
  Im thinking
  BPA for AD (health check)
  Add the Server2012R2 as a DC
  Ensure replication
  Move DHCP
  Change DNS
  Now this is where I get lost, now Im lost to use either dirsync or add essentials service, I have gone for standard and 30 cals with the option  as I have 28 users and the essentials service would make everything quite nice for remote access and backups
  etc....  however I don't know whether to just use dirsync with password replication instead ?
  Currently Im aiming towards getting the dc up and running then enabling essentials on the dc but I dont know how it will effect SBS and having essentials on the same network and sync'ing people to the cloud ? So Should I use DirSync on a different server
  instead to sync up to azure ?
  Finally with 365 I have only ever done a migration involving an export of pst's from an exchange box and then on a new domain with new pc's and reimport the pst's on the user accounts in outlook.
  However I have read when migrating to 365 was using exchange 2010 there was a application
  to move everything across however you needed an ssl cert iirc ? so I dont know how it works now since the nice new dashboard upgrade (assuming the tool has been updated like dirsync)
  along with the above how does AD now know where exahcnge if you use the migration app with an ssl cert and is it a case of still running the 365 config tool to configure each user to look at their mail in the
  cloud ? Also is it a good idea to enable essentials from the start of the 2012r2 dc for replication top 365 or to use dirsync ?
  then finally when replications is all good start transferring the FSMO roles over to the new DC and demote and remove the SBS server
  I have seen (below) but i dont think it covers this scenario and I cant be the only person in this situation =\ ?
  http://blogs.technet.com/b/infratalks/archive/2012/09/07/transition-from-small-business-server-to-standard-windows-server.aspx
  http://social.technet.microsoft.com/Forums/en-US/f552ef12-07a9-4f7a-bf5e-24500c3e1dc3/migrate-sbs-2011-to-server-2012-standard?forum=smallbusinessserver
  http://social.technet.microsoft.com/Forums/en-US/e1d4b09f-8857-4ef6-9a80-6a906e76b688/how-to-migrate-sbs-2011-to-standard-2012-server?forum=smallbusinessserver

  Hi,
  Would you please let us know current situation of this issue? If any update, please feel free to let us know.
  à
  Currently Im aiming towards getting the dc up and running then enabling essentials on the dc but I dont know how it will effect SBS and having essentials on the same network
  and sync'ing people to the cloud?
  I’m a little confused with the description. Did you mean that set up DC (Windows Server 2012 Standard) and
  then install the Windows Server Essentials Experience role? If so, when you migrate, please refer to the article:
  Migrate from Previous Versions to Windows Server 2012 R2 Essentials or Windows Server Essentials Experience
  Regarding to migrate Exchange to Office 365, please refer to following articles.
  Migrate
  All Mailboxes to the Cloud with a Cutover Exchange Migration
  Step-By-Step:
  Migrating from Exchange 2007 to Office 365
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
  does not guarantee the accuracy of this information.
  Meanwhile, there is an additional article that you can refer to:
  Manage Office 365 in Windows Server Essentials. It may help us to understand Office 365 in Server Essentials clearly.
  If anything I misunderstand, please don’t hesitate to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• How to access a file in Unix server from windows using java

  I want to access a file in unix server from windows using java program.
  I have the following code. I am able to open the url in a web browser.
  String urlStr="ftp:user:passwd@unix-server:ftp-port//javatest/test.csv;type=i";
  URL url = new URL(urlStr);
  BufferedReader in = new BufferedReader(new InputStreamReader(url.openStream)));
  String inputLine;
  while((inputLine=in.readLine()))!=null){
  System.out.println(inputLine);
  in.close();
  I get the following error
  java.io.FileNotFoundException: /javatest/test.csv
  at sun.net.www.protocol.ftp.FtpURLConnection.getInputStream(FtpURLConnection.java:333)
  at java.net.URL.openStream(URL.java:960)
  at com.test.samples.Test.main(Test.java:45)

  urlStr="ftp:user:passwd@unix-server:ftp-port//javatest/test.csv;type=i";
  I have given the format of the urlStr that I am using in the code. The actiual values are used in my code. I have tried pasting this url in the browser and it opens the file.

• Migrating iTunes library from a Windows PC to a Mac

  Hi.
  If I previously have iTunes on a Windows PC and want to migrate the enitre library to a Mac, how do I do it? I've got all the files transfered over the traditional way - via an external hard drive - but I can't bring the playlists over. I'd hate to have to start creating playlists again.
  Cheers...

  Migrate Your iTunes Library from Windows to Mac (and keep your ratings, play counts and date added)
  http://www.tunequest.org/migrating-your-itunes-library-from-windows-to-mac/20061 105/
  A Guide to Switching iTunes from Mac to Windows (or Vice Versa)
  http://ipod.about.com/b/2007/03/11/a-guide-to-switching-itunes-from-mac-to-windo ws-or-vice-versa.htm
  Cheers,
  Patrick

• Migrate a database from a Windows to Linux

  Hi,
  Please advise me how to migrate a database from a Windows to Linux or vice versa by using concept called Transportable tablesapce. Thanks in Advance.

  Crossplatform Transportable Tablespace only availalable to 10g and up.
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14215/dp_export.htm#sthref73
  Any version below, only supported option is export/import

• UNIX: problem running an DEV & QA environment using form/report servlets

  UNIX: problem running an DEV & QA environment using form/report servlets
  I am trying to setup on one server an DEV and QA environment using the Forms Servlet, Forms Listener Servlet and Report Servlet.
  I think I have the Forms Servlet and Forms Listener Servlet running properly. The problem is setting up the DEV and QA environment for running reports.
  For example, when in DEV environment I would like to run a report from a directory specified in the REPORTS60_PATH. This doesn't seem possible.
  It might be easier if I describe my configuration first:
  DEV: run all forms and reports from the directory /data/release/dev
  QA: run all forms and reports from the directory /data/release/qa
  ---DEV & QA Settings Forms Listener Servlet:
  zone.properties:
  # DEV
  servlet.fl60dev.code=oracle.forms.servlet.ListenerServlet
  servlet.fl60dev.initArgs=EnvFile=/u01/app/oracle/product/ias/6iserver/forms60/server/dev.env
  # QA
  servlet.fl60qa.code=oracle.forms.servlet.ListenerServlet
  servlet.fl60qa.initArgs=EnvFile=/u01/app/oracle/product/ias/6iserver/forms60/server/qa.env
  ---DEV & QA Settings Forms Servlet:
  servlet.f60servlet.code=oracle.forms.servlet.FormsServlet
  --- Settings for Reports Servlet:
  servlet.RWServlet.code=oracle.reports.rwcgi.RWServlet
  Custom Env files since we are using Developer 6i Patch 7
  dev.env and qa.env
  Here I specify FORMS60_PATH and REPORTS60_PATH,
  eg: DEV -> FORMS60_PATH=/data/release/dev
  REPORTS60_PATH=/data/release/dev
  likewise for QA ../qa
  In the formsweb.cfg file i have something like:
  [dev]
  serverURL=/servlet/fl60dev
  form=test.fmx
  [qa]
  serverURL=/servlet/fl60dev
  form=test2.fmx
  I have tested the following and they work without problems:
  1. forms listener test page, eg: http://webserver:7777/servlet/fl60dev
  2. running forms from the 2 environments
  eg: http://webserver:7777/servlet/f60servlet?config=dev
  this runs the form in the FORMS60_PATH (/data/release/dev)
  Now my problems start with Reports.
  When I run a report from forms (using run_report_object) it will not run any reports
  as specified in the REPORTS60_PATH
  Even using this url:
  http://webserver:7777/servlet/RWServlet?server=rep60&report=test.rdf&destype=cache&desformat=html&
  userid=scott/tiger@test9i
  It NEVER seems to pickup and use the REPORTS60_PATH. I have tried nearly everything.
  I have gone throught the instructions in "Integrating Oracle9iAS Reports in Oracle9iAS Forms -
  White Paper"
  (http://otn.oracle.com/products/forms/pdf/277282.pdf)
  and Forms6i Patch 7: Oracle Forms Listner Servlet for Deployment of FOrms on the Internet
  (http://otn.oracle.com/products/forms/pdf/p7listenerservlet.pdf)
  plus any other documents in metalink relating to forms, or report servlets. I am
  totally confused, please help.
  I have tried setting the REPORTS60_PATH in the following files without success:
  custom.env (as specified by initArgs=EnvFile in zone.properties)
  jserv.properties
  in the zone.properties I have tried to set a custom env file for the report servlet:
  servlet.RWServlet.code=oracle.reports.rwcgi.RWServlet
  servlet.RWServlet.initArgs=EnvFile=/u01/app/oracle/product/ias/6iserver/forms60/server/dev_rep.env
  NO LUCK.
  The only place that I can set the REPORTS60_PATH
  is in "[6iserver home]/reports60_server" file when I start the reports server (did I even
  get this right - I do have to have a reports server running don't I?)
  Does this meaan I have to run multiple report servers for each of my environments?
  Based on all the documentation I thought that REPORTS60_PATH as specified in the files relating
  to the forms servlet would be the place to specify the path.
  As you will understand I am getting really fustrated with this and it seems to
  me that the reports servlet configuration in 6i is really half baked and since 9i
  is coming out it will never be fixed.

  I am even not able to run forms servlets from two different forms60_path, Is there any configuration do you make other than what you have mentioned in this post.
  I already open a TAR in this regard, I am still waiting reply from ORACLE.
  Thanks,
  Shaik Ather Ahmed

• I had migrated Oracle 10g database from Windows to Oracle 11g Linux

  I had migrated Oracle 10g database from Windows to Oracle 11g Linux.  The database is performing very slow.
  Please guide me where I have to begin (starting point) looking into it.
  Some document stated gather system statistics.  How to check system statistics is up to date
  What are the crucial initialization parameter ?

  Hi,
  Let me just point you out to the documentation, which may concern you:
  I had migrated Oracle 10g database from Windows to Oracle 11g Linux.  The database is performing very slow.
  Managing Optimizer Statistics
  How to check system statistics is up to date
  Managing Optimizer Statistics
  What are the crucial initialization parameter ?
  Configuring a Database for Performance
  Thanks &
  Best Regards,