NAC Implementation with LanDesk
Hi.
first of all excuse me for not putting this question in correct category. because none of other category working for me... page is not loading.
so here is my prob.
We have currently Cisco NAC implemented in our Enterprise. we want to deploy LanDesk aswell..
the problem is when the PC boots the first time NAC assigns Authentication IP and the same time LandDesk Agent tries to connect to LanDesk Server which offcorse he cannot as this authentication IP the client cannot communicate with anything other than NAC Server.
So how to ? can any one please???
thanks in advance
You can set a delay on the services by running a script found here and then you can execute the service or make the call that will fire up the landesk services. Here is an example of the script that I am talking about....
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cas/s_adsso.html#wp1173302
Also here is one of the articles I found on how to use scripting to start services,
http://www.computerperformance.co.uk/vbscript/wmi_services.htm
I had a customer use this method to map their network drives and were able to get this to work successfully.
Also one more method is you can create a check that you can always set to fail and then set a launch services requirement that will always attempt to start the services for the landesk service. here is the config guide that will guide you through this:
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_agntd.html#wp1354681
Thanks,
Tarik
Similar Messages
-
Integrate NAC Appliance with Active Directory
We try to implement on our customer, NAC appliance integrating with Active Directory Single sign on.
The NAC configured with L2 OOB. User first connect to switch and got the authentice Vlan, then the user will be authenticate using their domain account login, if success the user will be mapping to the Vlan assign to them.
The agent SSO installed on Active Directory is running well, and at the CAS also the service SSO started.
Let say i've this situation:
1. User A has been assign to Vlan 15 Employee
2. User A plug to switch and got dummy vlan and will authenticate using Domain account on AD, If succeded than, the port will be bounce, the user running an cisco agent on background
3. Now user A has their on Vlan ID 15
I've created the Authentication server on CAM for the Active Directory, but i've find it's so difficult to config mapping rules between user roles to Active directory. The guidance pdf how to implement NAC i've downloaded from cisco, not mention it how to mapping user roles to Active Directory...
Has any one has been configured mapping rules user roles to Active directory?So you would create a mapping rule against your lookup server like so.
Say the AD group membership is "Finance"
for ADSSO you would apply the mapping rule to your LOOKUP Server
where the expression is
memberOf contains CN=Finance and apply it to role employee if VLAN 15 is your employee vlan then you would designate vlan 15 in your Employee role under user role configuration
Now you cant test this with ADSSO with the test auth function so what I like to do is create an AD authentication server and test against that as long as you have some form of mapping configured the auth results will return all memberships for the userename you login with so you can get the syntax exactly right. -
How to know if implementation with a filter value exist for a BAdI in code?
Hi all,
Scenario:
I created a BAdI. There will be a button on the UI to call its implementation(s); while if there is no implementation with specified filter value, this button needs to be hidden. Thus I need to know if the implementation exist before calling it.
Question:
In the ABAP code, how to get whether implementation with specified filter value exists for a BAdI?
If it's possible, please help provide code.
Thanks and regards,
SaidProblem solved:
data: r_badi type ref to YOUR_BADI,
badi_impl_num type i.
get badi r_badi
filters
flt_name = fit_val.
badi_impl_num = cl_badi_query=>number_of_implementations( badi = r_badi ).
if badi_impl_num > 0.
"there are badi implementation(s)
endif. -
Can access enforcer be implemented with going through the SOD check.
Hi All,
I have couple of questions regarding Access enforcer:
1. Can Access enforcer be implemented with going through the SOD check?
2. Can we provision roles for the project team using Access Enforcer (without having a million SOD conflicts which need to be cleared)?
I would really appreciate any insight on these questions.
Thankshttps://websmp103.sap-ag.de/~form/sapnet?_FRAME=OBJECT&_HIER_KEY=501100035870000015092&_HIER_KEY=601100035870000206624&_HIER_KEY=601100035870000212731&_HIER_KEY=601100035870000210510&_HIER_KEY=701100035871000519581&_SCENARIO=01100035870000000202&#HOME
-
SAP Security Planning and implementation with SOX/SOD compliance
hello
Hi guys, i am a security guy
could you tell me ,"SAP Security Planning and implementation with SOX/SOD compliance"
what does it mean.
<removed_by_moderator>
thanks
Ramesh
Edited by: Julius Bussche on Feb 2, 2008 1:26 PMRamesh Sammiti wrote:>
> hello
>
> Hi guys, i am a security guy
>
> could you tell me ,"SAP Security Planning and implementation with SOX/SOD compliance"
>
> what does it mean.
>
>
> <removed_by_moderator>
>
>
> thanks
> Ramesh
Forgive me for saying, but it means:
Implementing security which complies with Sarbanes Oxley requirements and takes into account Segregation of Duties.
SOX and SOD are different things, from a security perspective SOX is generally technical security based and SOD is business process based (although bus proc has big SOX component).
There is a plethora of information via yahoo/google etc.
Edited by: Julius Bussche on Feb 2, 2008 1:28 PM -
Can be implemented with Java 2D?
Could anyone tell me what kind of effect in this flash animation? it can be implemented with Java 2D?
http://www.echt-wahnsinn.de/liebesgesichtflash.htmThanks for your answer.
so it's not only just for fun but the part of our semester project. :-)
Could you explian it more in detail, I mean "manipulate the color/brightness values"
please tell me if the step is right:
1. load a new image as background pic and another new pic as the small image (using BufferedImage)
because I will scale(maybe scale = 0.5) the both pics in my UI window.
. img_org . img_min . img_result .
2. create the background pic in third ImagePanel automatically and finish the image manipulations.
at the same time to get the size of img_org, img_min, and color/brightness values, pixels.
here I am not sure how to implement it effectively. image clipping?
any suggestion and help are welcome!!
laue -
Integrate Microsoft Orchestrator with LANDesk
Hi,
Is there any integration pack to integrate Orchestrator 2012 with LANDesk or can we do something via Web Services..?
Regards,
Soundarajan.Hi Eric,
additional check this links:
[SQL Serveru2019s Business Intelligence (BI) capabilities|http://download.microsoft.com/download/E/D/F/EDF235B0-3FFD-468D-BD29-2F33ADB4BC0C/SQL_SAPBW_Datasheet.pdf]
[SAP BI for SharePoint Portals|https://portal.erp-link.com/sites/erpl_solutions/Solutions/Solutions%20library/iNetBIViewer.aspx]
WebPart: iNet.BI Viewer, an add-on component for ERP-Linku2019s iNet.BI, presents SAP information and actionable business intelligence to knowledge workers within interactive, graphical views in SharePoint portals.
Search for "[WSRP|http://www.cmswire.com/cms/portal/microsoft-releases-sharepoint-web-parts-for-sap-and-web-services-integration-000403.php] Web Part Toolkit for Sharepoint Products and Technologies for SAP iViews" to integarte Netweaver-iViews.
[Microsoft Business Intelligence on SAP NetWeaver data|http://download.microsoft.com/download/3/3/9/339550a1-c0f7-4299-adbf-67ca0e8a413e/SAP%20MS%20BI.pdf]
Regards
Andreas -
Scenario related to NAC server with hight availabily
Hello
am looking for good scenario related to NAC server with hight availabily, mentioned the how it works,how the phisical coonection could be to each Core?what is the P-service..
Thanks for ur timeHi,
Here's the documentation regarding the HA setup:
http://www.cisco.com/en/US/customer/docs/security/nac/appliance/installation_guide/hardware/47/hi_ha.html
http://www.cisco.com/en/US/customer/products/ps6128/products_configuration_example09186a00808fbc0f.shtml
HTH,
Faisal -
Cisco ISE or NAC Guest with web security (IronPort) integration
All,
We have a scenario where guests will be authenticated against the ISE or NAC Guest server, and customer will place an IronPort to provide web security, however, we can not find referentes whether IronPort can or cannot integrate with Guest Server, so that guests are not requested to be authenticated twice, one by the Guest Server, a one by the proxy. The idea is to keep it transparent for the guests with a single authentication.
Has anyone there implemented such scenario?
Thank you!I see. So, lets say we disable proxy authentication for the guest segment, can I still provide content filter for the segment, even though there is no proxy authentication? I assume customer will lose the reportinga and tracking granularity, but the scenario will work withou proxy authentication. This may be some sort of "man in the middle" only, but with content filter. Does it make sense?
Thank you! -
I'm setting up this scenario today and have never done that and was wondering if there are any 'gotchas' i need to watch out for, or anything any of you have done/learned while implementing this.
I do have one specific question, the preshared key under vpn auth / vpn concentrators, where the wlc is to be added, where is the preshared key configured at the on wlc?
NAC is running 4.1.3.1, not sure about WLC.
I do have ADSSO working on the wired network, so at least that part is done.
TIAI am currently testing NAC for wired guests and AD SSO for staff. We are planning to offer wireless guest services using Cisco infrastructure once wired is working. I was wondering about NAC and wireless guest services. We are deploying in-band as it requires for wireless so is there anything I am missing or will need to integrate wireless with NAC.
-
NAC ADSSO with NAC Module isn't working for all modules
Hello,
We have a NAC OOB-L2-VG Deployment at the Central Site with VLAN Mapping and ADSSO which works just fine.
As part of the project we have implemented NAC Modules on ISR routers for the branch offices; same topology but as the documentation states no VLAN mapping was configured. The problem is that for some users in one branch office the ADSSO isn't working and in another branch office the ADSSO isn't working at all, all the users are getting authenticated with a local user we defined on the servers.
The configuration in both modules is exactly the same; they are using the same user to access the AD (the one used on the ktpass) the data links to the central site are both 1 Mbps and everything is pretty much the same thing.
I have checked the logs on the CAS-Module and it states that Windows SSO is running:
Nov 27, 2009 10:08:23 AM com.perfigo.wlan.jmx.admin.GSSRetrier$RetrierTask run
INFO: GSSR - Windows SSO is running
The interesting thing is that when the user goes thru the NAC process I see these logs:
Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.SWissServer run
FINE: Sent Response to /172.19.5.11!
Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSServer$GSSThread run
INFO: accepted ADSSO socket ...Socket[addr=/172.19.5.11,port=1431,localport=8910]
Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSServer$GSSThread run
INFO: accepting ADSSO socket ...
Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSHandler run
INFO: processing socket ...Socket[addr=/172.19.5.11,port=1431,localport=8910]
Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSHandler run
INFO: TIMEOUT_SET FOR ADSSO SOCKET ... Socket[addr=/172.19.5.11,port=1431,localport=8910]
Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSHandler run
INFO: reading peer's token_length Socket[addr=/172.19.5.11,port=1431,localport=8910]
Nov 27, 2009 8:55:28 AM com.perfigo.wlan.jmx.admin.GSSHandler run
SEVERE: IO Error: Socket[addr=/172.19.5.11,port=1431,localport=8910]:Read timed out
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissHandler processPacket
FINE: SWissServer: get request from : 1043@/172.19.5.11
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissHandler processPacket
FINE: SWissServer: Client OS is WINDOWS_PRO_XP
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil parseClientAddrList
FINE: IP=/172.19.5.11, MAC=00:1E:4F:53:97:7D
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.Shell writeToClick
FINE: /proc/click/intern_arpq/add_interest-->172.19.5.11
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.Shell writeToClick
FINE: /proc/click/intern_arpq/remove_interest-->172.19.5.11
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
FINE: IP=172.19.5.11, VLAN=19, OS=WINDOWS_PRO_XP
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
FINE: Default Provider=Local DB
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
FINE: Providers=Local DB;
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
FINE: Number of providers=1
The IP address 172.19.5.11 is the IP of the PC during the unauthenticated role; what the user is finally seeing is the CCA Agent asking for user and password instead of using the ADSSO.
The version of the Agent is 4.1.10, the NAS and NAM are running 4.1.8 and the only ackword thing is that the Active Directory Servers are running Windows 2000 SP4.
Any assistance would be much appreciated.
Thanks,
DL.Hi,
I too have the same error , Any one knows how to resolve this
Socket[addr=/10.80.0.220,port=1583,localport=8910]
2010-09-28 10:57:38.028 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSServer - accepting ADSSO socket ...
2010-09-28 10:57:38.041 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSHandler - processing socket ... Socket[addr=/10.80.0.220,port=1583,localport=8910]
2010-09-28 10:57:38.041 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSHandler - TIMEOUT_SET FOR ADSSO SOCKET ... Socket[addr=/10.80.0.220,port=1583,localport=8910]
2010-09-28 10:57:38.041 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSHandler - reading peer's token_length from Socket[addr=/10.80.0.220,port=1583,localport=8910]
2010-09-28 10:57:38.670 +0530 ERROR com.perfigo.wlan.jmx.adsso.GSSHandler - IO Error: Socket[addr=/10.80.0.220,port=1583,localport=8910] null
2010-09-28 10:58:40.215 +0530 INFO com.perfigo.wlan.jmx.adsso.GSSRetrier - GSSR - Windows SSO is running
2010-09-28 10:59:26.308 +0530 WARN org.apache.commons.httpclient.HttpMethodBase - Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.
2010-09-28 10:59:38.478 +0530 INFO com.perfigo.wlan.jmx.admin.OOBDelayTask - OOBDelayTask: remove temp user [00:01:80:53:67:75]/[10.80.0.220]
Thanks in advacne -
Any doc on implementing inband wireless with NAC?
Lets say 2 SSIDs. 1 staff that has 30 networks based on 30 locations and 1 guest network for all locations. The Controller is trunked to the switch. How do u force the traffic to go to CAS?
Thanks in advance!In-Band Virtual Gateway is the recommended configuration. What you have in the link is In-Band Real IP. You can use either one... with real ip you will need static routes. In IN-Band virtual gateway, the NAC will bridge the traffic from the untrusted to the trusted.
Basically the ssid is mapped to a vlan like 50 and that is passed onto a dot1q trunk to the switch. Vlan 50 is not routed and the only other port on vlan 50 is the untrusted port on the CAS. The CAS then bridges that to... lets say vlan 51 which is routed on the network.
Every time I have to deploy one of these, it still confuses me somewhat... So hope this doesn't confuse you. -
How to switch to a different JSP / EL implementation with WebLogic 10g?
Hi everyone,
we have a web application (JSP + servlets), that runs fine on Tomcat 5.5. We are porting it to WebLogic 10g3 - we've solved all of the issues except one. Some of the EL expressions are processes correctly in Tomcat, but it fails in WebLogic.
For example we have a custom tag (component inherited from a SimpleTag), that renders a combobox. The component has "textExpression" attribute, that it evaluated like
String text = (String) pageContext.getExpressionEvaluator().evaluate(textExpr, String.class, pageContext.getVariableResolver(), null);
but if the expression has two parts - i.e. something like "{...} {...}" - the parse fails, for example with the following exception:
javax.servlet.jsp.el.ELParseException: Error occured while trying to parse '${(option.partner.jmeno eq null && option.partner.prijmeni eq null && option.partner.nazevSpolecnostiFoPo ne null) ? option.partner.nazevSpolecnostiFoPo : option.partner.jmeno } ${(option.partner.jmeno eq null && option.partner.prijmeni eq null && option.partner.nazevSpolecnostiFoPo ne null) ? '' : option.partner.prijmeni}'
weblogic.jsp.internal.jsp.el.ExpressionEvaluatorImpl.parseEL(ExpressionEvaluatorImpl.java:171)
weblogic.jsp.internal.jsp.el.ExpressionEvaluatorImpl.parseExpression(ExpressionEvaluatorImpl.java:134)
weblogic.jsp.internal.jsp.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:125)
Is it possible to switch the JSP / EL engine to Jasper? I'd expect some property pointing to ExpressionEvaluator implementation / parameter in the deployment descriptor but I haven't found anything like that yet.
thanks
TomasAnyway I've achieved some progress with the Jasper - I've found that when precompiled using the JspC compiler from Jasper package, the resulting servlets are inherited from org.apache.jasper.runtime.HttpJspBase and thus should probably use the "proper" JSP EL implementation. But I still can't use these servlets from Weblogic, as I receive java.lang.NoClassDefFoundError: Could not initialize class org.apache.jasper.runtime.PageContextImpl.
java.lang.NoClassDefFoundError: Could not initialize class org.apache.jasper.runtime.PageContextImpl
at org.apache.jsp.WEB_002dINF.jsp.servletExceptionFragment_jsp._jspService(servletExceptionFragment_jsp.java:64)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:502)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:251)
at org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:145)
at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251)
at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1144)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:880)
The servlet is compiled properly, the jasper-runtime.jar is in the WEB-INF/lib directory, yet the weblogic is not able to load the PageContextImpl class :-(
Edited by: user6510516 on 25.2.2009 4:14 -
NAC problem with Samsung Galaxy Grand (Android)...!!!
I tried accessing wifi though my Android mobile in my college, which is NAC installed. The mac address of my device was successfully added to the portal, but I'm not able to connect my device to the respective wifi network.
Can anyone suggest what's the problem.It is probably issue with your NAC config.
If issue with all android devicea then look into this:
https://supportforums.cisco.com/message/3889346#3889346
HTH
Amjad
Rating useful replies is more useful than saying "Thank you" -
Ibatis implements with MS Access
Hi all,
Anyone knows is it possible to implement ibatis to communicate with MS Access?
If possible, please kindly provide some example how to implement.
Thanks a lot.If you search for ODBC and ACCESS, you get a lot of links, one of them is this Re: Connecting Oracle forms 6i to MS Access
Maybe you are looking for
-
Imported iTunes will not let me play or authorize my purchased music!
Hi, I upgraded the hard drive in my trusty MacBook Pro, and then put my old HD in a usb enclosure and used Migration Assistant to transfer over my old stuff. The music I had from my CDs transferred over without issue. The problem is, the music I had
-
i broke my old iphone.. The screen will not turn no to unlock it ..i have photos and ringtones i want to recover.. how do i get the back and sinc on me new iphone??
-
How to clear the down payment against the vendor invoice in the payment program?
A down payment is made $25 Later an invoice is posted for $100 Now i want to Pay $75 to Vendor But the Automatic payment program is not clearing the down payment against the vendor invoice. Could you please help how to clear the down payment against
-
<p>Hi,</p><p> </p><p>I get this exception when try to switch report's paper size to "Custom":</p><p>Could not Modify Paper Size.<br /> Caused by: <br /> Caused by: <br /> Caused by: <br /> Plug-in Vendor: Business Objects<br /> Plug-in Name: Cry
-
Requisitioner field in Purchase Requisition
Dear All When Purchase Requisitions are created from MRP directly, the requsitioner field is filled in with MRP controller Name But when Planned orders created from MRP are converted to Purchase Requisition by MD15 or through MD04 then requisitioner