Multiple Groups in Radius

Similar Messages

• SSL Multiple Tunnel Groups with Multiple group policies

  Hello folks.
  Have a query and cant seem to find an answer on the web.
  I have configured SSL Clientless VPN on a lab ASA5510, using 2 tunnel groups, one for enginneers and one for staff, mapped to 2 different group policies, each with different customisation. I have mapped the AD groups to the tunnel groups using both ACS and now LDAP (currently in use), both working successfully, using group lock and LDAP map of IETF-Radius-Class to Group name ensures engineers get assigned to the engineers tunnel group and staff get mapped to the staff tunnel group only.
  The question i have is....is there a way to use a single tunnel group to map the user based on AD group which will then use the correct Group-policy (1 tunnel group to multiple group-polciies). I have seen examples of doing this with different URLs but want to know if they can all use the same URL and avoid using the drop down list using aliases.
  It may be a simple "No" but it would be nice to know how to do it without using the URLs or drop down list. Users are easily confused ......

  Easy. Disable the drop-down list, and use the authentication-server (LDAP or Radius) in the DefaultWEBVPNGroup. By default when you browse to the ASA, it will be using the DefaultWEBVPNGroup. Let LDAP or Radius take care of the rest.
  You will get the functionality you are looking for.
  HTH
  PS. If this post was helpful, please rate it.

• User in multiple groups gets multiple copies of one mail

  I have a user who is the manager in a department with multiple groups in it.  There is an email group in eudora set up for each administrative group (logical), and the manager's user is in each of those groups (also logical).  Frequently it will be logical to send an email to 2, 3 or 4 of those groups, and then (just as you would expect) she gets 2, 3, 4 copies of the email in her inbox.  Which falls into the "just what we asked for but not what we want" category...
  Does anyone know how to get mac mail or eudora to do "de-duplicating" ?  Or are we just stuck with this?

  Hi..
  Ok, so forget group mapping from AD. What you have here are two seperate network services that require individual provisioning... what I call "Service Differentiated Provisioning"
  This is where Shared RADIUS Authorisation Profiles come in (I know because I deisgned them :)
  Create a NAF for each device - simplest by using their IP addresses.
  Next create two shared RACs - one for each service (mobile & home). Inside use RADIUS attributes to assign the ip pool depending on your RADIUS vendor (Cisco?)
  eg cisco-av-pair = ip:addr-pool=poolA
  Next create the two NAPs - one for mobile access and the other for home access by selecting the appropriate NAF to activate on. Select the authentication types (MSCHAP) and databased (Windows)
  Next, edit the Authorisation part of each NAP. Uncheck the tick boxes "Include attributes from user & group records" - this will merge attributes from group, RAC and user... gets MESSY. Anyway you should see a default rule displayed "If a condition is not defined...." - in the Shared RAC dropdown select the RAC that is appropriate for the NAP (ie mobile or home). Then submit.
  At this point to avoid clashes... remove any ip allocation settings in the ACS groups A & B.
  You should now be able to authenticate users on each network service. They will still map to an ACS group (as before). However the ip pool allocation will now come from the relavent RAC instead of a group.
  It may look complicated (um, guess it is) and the NAP pages are not very friendly, but if you work through these steps it should work a treat.
  If you run CSRadius -z -p from the command line you'll see all the extra helpful debug I put in :)
  Now all you need to do is download the trial of extraxi aaa-reports! (www.extraxi.com) so that you can generate reports to audit the fruits of your labours!
  Good luck
  Darran

• ACS USER IN MULTIPLE GROUP

  Dear all
  I have an ACS running 4.2 ver.We have integrated this with AD as well.
  We had created some groups in acs for vpn and its is dynamically mapped with respective department.Its working fine know.
  We have designed wireless implementation here with dynamic vlan assignment.
  This is not working beacause user is already a member of one group in acs.I know that i can edit that group and do the wireless parameter settings.
  But i would like to know wheather the user can be a member of multiple group or user will be associated with first  group.
  If we have an option for the user to be in a multliple group how can we do this.
  If any one has faced this issue pls reply me at the earliest.
  regards
  -Danish

  Its a bit long winded, but by using multiple Network Access Policies (NAP) in ACS 4.2 you can create specific windows group mappings per NAP.
  The NAP is selected dynmically by NAS IP, or NDG or any content within the incoming RADIUS packet. So usually its possible to match on something. NAPs may also have chunks of re-usable RADIUS attributes (Shared Radius Authorisation Components) which can be used instead of setting RADIUS attributes at group level - can reduce the management overhead.
  Its not a perfect solution, but should get to where you need to be without having to upgrade.
  Facing an ACS audit? Find out how aaa-reports! can help at www.extraxi.com

• No data found message w/multiple group by

  I am doing a report that has multiple group by and not sure where the code needs to go so it will bring back No data found for the report. Can anyone help me out?
  group ROW by GRANDTOTAL
  group by EMP_NAME
  Employee Name: EMP_NAME
  group by CASE_MGMT_TEAM_CD
  Team: CASE_MGMT_TEAM_CD
  group by ACTIVITY_ID
  Activity: ACTIVITY_ID (Following is a Table)
  Process Date     Amount     Count
  F PROCESS_DT 9,990.00 9,990 E
  Total by Activity:     9,990.00 9,990
  end by ACTIVITY_ID
  end by CASE_MGMT_TEAM_CD (Following is a Table)
  Total for Employee <?EMP_NAME?>:     999,990.00 999,990
  end by EMP_NAME (Following is a Table)
  Grand Total:     9,999,990.00 9,999,990
  end ROW by GRANDTOTAL

  Take a look at this: http://winrichman.blogspot.com/2009/05/no-data-found.html
  Thanks!

• How to add multiple groups in a single user in ldap

  I have problem with ldap ,Please clarify the following problem.
  My request is --> send the multiple groups at a time with single user.
  My code contain single user and single group is working.
  Please see the source file ,please solve my problem. i tried , but i did not get.
  package com.ldap;
  import java.util.Hashtable;
  import javax.naming.AuthenticationException;
  import javax.naming.Context;
  import javax.naming.NameAlreadyBoundException;
  import javax.naming.NamingException;
  import javax.naming.directory.Attribute;
  import javax.naming.directory.Attributes;
  import javax.naming.directory.BasicAttribute;
  import javax.naming.directory.BasicAttributes;
  import javax.naming.directory.DirContext;
  import javax.naming.directory.InitialDirContext;
  * This class provides methods for the user management
  * @author sudhakar
  public class LdapUserMgr {
       public final static String USER_ID = "uid";
       public final static String COMMONNAME = "cn";
       public final static String SURNAME = "sn";
       public final static String MEMBEROF = "wlsMemberOf";
       public final static String MEMBEROF1 = "wlsMemberOf";
       public final static String PASSWORD = "userpassword";
       public final static String EMAIL = "mail";
       * This method creates new user in the embedded ldap registry
       * @return
       * @throws Exception
       public void createUser() throws Exception {
            DirContext ctx = getLDAPConnection();
            String userId="sudhakar";
            String userName="sudhakar";
            String userRole="Assessor";
            String password="sudhakar123";
            String email="[email protected]";
            try{
                      Attributes attrNew = new BasicAttributes(true);
                      Attribute objclass = new BasicAttribute("objectclass");
                      String group = "ou=groups,ou=myrealm,dc=sudhakar_domain";
                      String people = "ou=people,ou=myrealm,dc=sudhakar_domain";
                      // add all the object classes required for the user profile
                      objclass.add("top");
                      objclass.add("person");
                      objclass.add("organizationalPerson");
                      objclass.add("inetOrgPerson");
                      objclass.add("wlsUser");
                      // put all the attributes required as part of the user profile
                      // add object classes
                      attrNew.put(objclass);
                      // add user Id
                      attrNew.put(USER_ID, userId);
                      // add user common name
                      attrNew.put(COMMONNAME, userName);
                      // add user surname
                      attrNew.put(SURNAME, userName);
                      // prepare the group path for the user
                      String role = COMMONNAME + "=" + userRole + "," + group;
                      // add user to a group
                      attrNew.put(MEMBEROF,role);
                      System.out.println("user role is "+role);
  // i want to pass multiple user roles at a time
                      // add user password
                      attrNew.put(PASSWORD, password);
                      // add user mail Id
                      attrNew.put(EMAIL, email);
                      // Prepare the query string to add the user to the embedded ldap
                      String query = USER_ID + "=" + userId+ "," + people;
                      System.out.println("user query is "+query);
                      // add the user to the LDAP directory
                      ctx.createSubcontext( query, attrNew );
                      System.out.println("user" + userId+ "created");
            catch ( NameAlreadyBoundException nabe ){
                 System.out.println(nabe.getMessage());
                 throw new NameAlreadyBoundException("User by this name already exits");
            catch (NamingException namEx) {
                 System.out.println(namEx.getMessage());
            catch(Exception ex){
                 System.out.println(ex.getMessage());
            finally{
                 closeLDAPConnection(ctx);
       public DirContext getLDAPConnection() throws Exception{
            DirContext ctx = null;
            try{
                 Hashtable<String,String> env = new Hashtable<String,String>();
                 env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                 env.put(Context.PROVIDER_URL, "ldap://192.168.100.84:7030/");
                 env.put(Context.SECURITY_AUTHENTICATION, "simple");
                 env.put(Context.SECURITY_PRINCIPAL, "cn=Admin");
                 env.put(Context.SECURITY_CREDENTIALS,"admin");
                 // Create the initial directory context
                 ctx = new InitialDirContext(env);
       return ctx;
            catch (AuthenticationException authEx){
                 System.out.println(authEx.getMessage());
            throw new AuthenticationException("Authentication failed");
            catch (NamingException namEx) {
                 System.out.println(namEx.getMessage());
            throw new NamingException("Naming Exception");
            catch(Exception ex){
                 System.out.println(ex.getMessage());
            throw new Exception("Exception Occured");
       * This method closes the LDAP connection
       * @param ctx
       public void closeLDAPConnection(DirContext ctx){
            try{
                 ctx.close();
            catch(NamingException nex){
                 System.out.println(nex.getMessage());
            catch(Exception ex){
                 System.out.println(ex.getMessage());
       public static void main(String s[])throws Exception{
            LdapUserMgr ldapUserMgr = new LdapUserMgr();
            ldapUserMgr.createUser();
  Edited by: sudhakar_kavuru on Jun 16, 2009 1:58 AM

  Hi Sudhakar,
  try some thing like this.Here I have enclosed the code snippet.
       String query = USER_ID + "=" + user.getUserId()+ "," + people;
                      // add the user to the LDAP directory
  //                    ctx.createSubcontext( query, attrNew );
                      Attribute att1 = new BasicAttribute(MEMBEROF);
                      String roleName=user.getUserRoleList().get(0);
                      String role1 = COMMONNAME + "="+roleName+"," + group;
                      att1.add(role1);
                      attrNew.put(att1);
                      DirContext dirContext =ctx.createSubcontext( query, attrNew );
                      for (int i = 1; i < user.getUserRoleList().size(); i++) {
                           Attributes att2 = new BasicAttributes();
                           String roleNameStr=user.getUserRoleList().get(i);
                           log.debug("roleNameStr--->"+roleNameStr);
                           String role2 = COMMONNAME + "="+roleNameStr+"," + group;
                           log.debug("role2-->"+role2);
                           att2.put(MEMBEROF,role2);
                           dirContext.modifyAttributes("", DirContext.ADD_ATTRIBUTE, att2);
                      }

• How do I send mail to multiple groups simultaneously in Mavericks?

  Recently updated to Mavericks, and I used to be able to just add a contact group to the BCC field.  I can still add a contact group to the BCC field, as I have searched up till this point, but my issue is adding multiple groups into these fields.  I thought a solution might be to make one huge group, but I use different groups for different things constantly, and combine and alter them continuously.
  How on earth is it that I can no longer email multiple groups simultaneously?  There has to be something I'm missing!!

  I did this and the recipient gets an email From: Me and To: Me.
  If you are sending email to multiple recipients by bcc, the recipients should not be able to see the other recipients you are sending the mail to.  However, they will see who the email is from which is you!
  What is confusing me is how are your recipients getting your email if it's not addressed to them but to yourself?
  Have you tried rebuilding Mail?
  Which version of OS & Mail are you using?  Asking because your system profile is showing you are using Snow Leopard yet, you posted in the ML forum.

• Multiple groups in a Matrix

  Hi,
  I'm trying to create a Matrix with multiple grouping. I haven't used SSRS in a few years and I'm struggling.
  I'm trying to show count of staff and total salary as columns grouped by contract type, business area as the rows and then make it look like I have a table like this for each currency that staff are paid in. I.e. for each currency I want to repeat the column
  headers.
  I've created a matrix with the business area as the row group and contract type as the column group. The columns for head count and total pay has been done by inserting inside group on the column but I can't seem to figure out how to repeat the headers as
  I want them.
  Thanks,

  Hi AndyRL,
  If I understand correctly, you created a Matrix with currency, business area as rows, count of staff and total salary grouped by contract type as columns. You want to keep headers visible while scrolling. If so, there could be two scenarios:
   Set row headers visible while scrolling
  1. Right-click the Table Header row and select Tablix Properties.
  2. In the Row Headers section, select the “Keep headers visible while scrolling” checkbox, then click OK.
   Set column headers visible while scrolling
  1. Right-click the Table Header row and select Tablix Properties.
  2. In the Column Headers section, select the “Keep headers visible while scrolling” checkbox, then click OK.
  If there are any misunderstanding, please elaborate the issue for further investigation.
  Thanks,
  Wendy Fu

• How To Handle The Multiple Groups in OBIEE

  Hello,
  How To handle in OBIEE if the user is mapped to 2 groups. We are using External Table Authtication for authenticating

  What do you mean how to handle two groups? Are you assigning user to group relation through external table also? If yes, then you will need to set up row - wise initialization to capture multiple groups for one record.
  Hope your question is answered.
  Regards,
  -Amith.

• Handling Multiple Group ID - Multiple Departments of the same Enterprise

  http://www.b2bgurus.com/2008/07/handling-multiple-group-id-multiple.html
  In step 4 it is mentioned that we have to create just one agreement. Should i create one agreement for each department or will creating one agreement for any department will automatically process the documents for both the departments?

  Create only one Agreement. Make sure to disable the validation.
  Another way of enabling this feature is by using the following tip.property.
  oracle.tip.adapter.b2b.edi.ignoreValidation=<values>
  Provide those identifier which will be different from the configured one. Few of the sample identifiers are as follows:
  InterchangeReceiverID,InterchangeSenderID,GroupReceiverID,GroupSenderID,GroupSenderQual,GroupReceiverQual,InterchangeSenderQual,InterchangeReceiverQual

• Essbase cannot union filters from multiple groups

  Hi All,
  I got a problem to provisioning on Shared Service.
  In some case, I need to grant multiple filters to a Essbase users, say user01.
  However, each user can associated one Essbase filter only.
  For better management, I create multiple groups with different filters and assign the user, user01, into the groups.
  For first two groups are working normally. However, Essbase cannot "union" all filters from multiple groups after the users join the third groups.
  However, I try to combine the three filter into a filter with three rows. It is working!!!
  It is because there are large number of users in external LDAP. It is unmanageable when combining multiple filters into a filters. Is there any way to solve this problem? or is there any better approach to do the security ?
  Thanks in advance!!!
  Regards,
  TKC

  Thanks for your reply.
  I have following structure in Essbase. I try to make it simple to understand.
  Dept (dimension)
  |_C00
  |_CTTL
  |_C01
  |_C02
  Project (dimension)
  |_GEN
  |_P01
  |_P02
  |_P03
  |_PI
  |_A
  |_P01 (shared member)
  |_B
  |_P02 (shared member)
  |_P03 (shared member)
  Group A with Filter F01
  Read - CTTL, IDESCENDENT(A)
  Group B with Filter F02
  Read - C01, P01, P02
  User joins A and B group.
  The end result of user is that
  he can access CTTL of P01 only
  he can access C01 of P01 and P02 only
  he cannot access C02 of any Project dimension
  he cannot access CTTL of P03
  However, I found that when I change to metaread. The result is going wrong.
  he can access C01 of P01, P02 and P03 only.
  It is because I need to block user to view members which he cannot access.
  I need "metaread" function.
  So somebody tell me how to achieve this? Thanks in advance.
  Edited by: user070322 on Jan 4, 2009 8:37 PM
  Edited by: user070322 on Jan 5, 2009 6:04 PM

• IOS 8 creating multiple group messages with same recipients

  After updating to iOS 8.0, my iPhone 5s has started creating multiple group messages with the same recipients. For example, my phone has created three group threads with the exact same people in it. Different friends' messages go to different threads. It is terrible confusing and annoying. It has done this with several of my group messages. Deleting the duplicate threads have not worked. They keep recreating themselves when certain people text the group.
  Any suggestions? This has been a problem for many of my friends as well.

  Hi hkapn,
  Do you and your wife use the same Apple ID and are connected to the same wifi network?  Your phone ringing to multiple devices is called Continuity and is a feature of iOS8. https://www.apple.com/ios/whats-new/continuity/
  Essentially, it allows you to use your iPhone cellular connection on all of your iOS8 devices: iPhone, iPad, Mac computers with Yosemite.  On some devices the call will look like it is coming through FaceTime, but likely on your wife's iPhone it just looked like a regular call.
  Since your iPhone was "hosting" the phone call through it's own cellular connection, you were able to pick it up after your wife answered, which caused your wife's phone to disconnect.  This is called Handoff and is also a feature of iOS8.
  You can turn off Continuity if you'd like, but you could also look into getting your wife her own Apple ID.  I'm guessing you were sharing one so that you didn't have to make purchases twice.  Also in iOS8, there is a feature called Family Sharing which allows you to link multiple Apple IDs and share purchases (among other things).
  In regards to the group text message issue, as far as I can tell, splitting group messages is NOT a feature.   I agree that there should be an answer to this already!

• Crystal 8.5 to XI summing multiple groups

  In 8.5 when you inserted a "summary" you could insert a total for multiple groups and a grand total all in one screen. In XI, I no longer see that functionality. If I have three groups, Year, Month, Store, and I want to get total dollars by each group and a grand total, do I have to insert a total for each group separately?Thank you!

  There is a new option added in CRXIR2 "Add to all group levels" in insert summary page. This option is available in CRXIR2 onwards, but not in CRXI.
  Hope this helps!
  Raghavendra

• Multiple Groups in Cross Tab Workbook

  I have one worksheet like
  -------------------------XXXX----------YYYY-------------ZZZZ
  ------------------------NO %----------NO %------------NO %
  A1--------------------1 1-------------- 4 4----------------5 5
  A2--------------------1 1---------------4 4----------------6 6
  A3--------------------1 1---------------4 4----------------6 6
  Here XXXX, YYYY, ZZZZ values for one column
  No and % are data columns
  A1,A2 and A3 is another column's values.
  I have another column(gender) which I want to add like
  -------------------------XXXX----------YYYY-------------ZZZZ--------------MALE--------------FEMALE
  ------------------------NO %----------NO %------------NO %-------------NO %---------------NO %-----
  A1--------------------1 1-------------- 4 4----------------5 5------------------3 3--------------------2 2-------
  A2--------------------1 1---------------4 4----------------5 5------------------3 3--------------------2 2-------
  A3--------------------1 1---------------4 4----------------5 5------------------3 3--------------------2 2-------
  Is it posible to have multiple groups, (direct or indirect way to do that ?)
  Thanks
  Sachin
  Edited by: SachinK on Dec 18, 2008 8:00 PM
  Edited by: SachinK on Dec 18, 2008 8:07 PM

  Could you not just create a calculated column to cover both original columns and place the calculated column.
  Such as:
  calc1
  case when col1 IS NULL then gender_column
  else col1
  end
  assuming the gender column never has a value at the same time as the original column - which I assuming by your example - then just replace your col1 placement in the worksheet with calc1.
  Make sense?
  Russ

• Defining Multiple Groups in PDF template

  Hi,
  I am having trouble defining multiple groups in my pdf template. I would like to set up multiple groups for printing po data such as (G_LINES, G_SHIPMENTS, etc.) How is this done in Acrobat? I am using 7.0 Professional. I have created BODY START and BODY END text fields and inserted the <?rep_field="BODY_START"?> and <?rep_field="BODY_END"?> syntax into the Tooltip area as instructed in the user's guide. I have entered the <?rep_field="T1_G1"?> syntax for each element in my lines group. This works fine. But, how do I set up the group for the shipment information?
  Thanks!

  Put all the fields inside the innermost for-each loop.
  You can be better helped with such questions in the specialized BI Publisher forum:
  BI Publisher