NAC Implementation with LanDesk

Hi.
first of all excuse me for not putting this question in correct category. because none of other category working for me... page is not loading.
so here is my prob.
We have currently Cisco NAC implemented in our Enterprise. we want to deploy LanDesk aswell..
the problem is when the PC boots the first time NAC assigns Authentication IP and the same time LandDesk Agent tries to connect to LanDesk Server which offcorse he cannot as this authentication IP the client cannot communicate with anything other than NAC Server.
So how to ? can any one please???
thanks in advance

You can set a delay on the services by running a script found here and then you can execute the service or make the call that will fire up the landesk services. Here is an example of the script that I am talking about....
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cas/s_adsso.html#wp1173302
Also here is one of the articles I found on how to use scripting to start services,
http://www.computerperformance.co.uk/vbscript/wmi_services.htm
I had a customer use this method to map their network drives and were able to get this to work successfully.
Also one more method is you can create a check that you can always set to fail and then set a launch services requirement that will always attempt to start the services for the landesk service. here is the config guide that will guide you through this:
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_agntd.html#wp1354681
Thanks,
Tarik

Similar Messages

  • Integrate NAC Appliance with Active Directory

    We try to implement on our customer, NAC appliance integrating with Active Directory Single sign on.
    The NAC configured with L2 OOB. User first connect to switch and got the authentice Vlan, then the user will be authenticate using their domain account login, if success the user will be mapping to the Vlan assign to them.
    The agent SSO installed on Active Directory is running well, and at the CAS also the service SSO started.
    Let say i've this situation:
    1. User A has been assign to Vlan 15 Employee
    2. User A plug to switch and got dummy vlan and will authenticate using Domain account on AD, If succeded than, the port will be bounce, the user running an cisco agent on background
    3. Now user A has their on Vlan ID 15
    I've created the Authentication server on CAM for the Active Directory, but i've find it's so difficult to config mapping rules between user roles to Active directory. The guidance pdf how to implement NAC i've downloaded from cisco, not mention it how to mapping user roles to Active Directory...
    Has any one has been configured mapping rules user roles to Active directory?

    So you would create a mapping rule against your lookup server like so.
    Say the AD group membership is "Finance"
    for ADSSO you would apply the mapping rule to your LOOKUP Server
    where the expression is
    memberOf contains CN=Finance and apply it to role employee if VLAN 15 is your employee vlan then you would designate vlan 15 in your Employee role under user role configuration
    Now you cant test this with ADSSO with the test auth function so what I like to do is create an AD authentication server and test against that as long as you have some form of mapping configured the auth results will return all memberships for the userename you login with so you can get the syntax exactly right.

  • How to know if implementation with a filter value exist for a BAdI in code?

    Hi all,
    Scenario:
    I created a BAdI. There will be a button on the UI to call its implementation(s); while if there is no implementation with specified filter value, this button needs to be hidden. Thus I need to know if the implementation exist before calling it.
    Question:
    In the ABAP code, how to get whether implementation with specified filter value exists for a BAdI?
    If it's possible, please help provide code.
    Thanks and regards,
    Said

    Problem solved:
    data: r_badi type ref to YOUR_BADI,
              badi_impl_num type i.
      get badi r_badi
        filters
          flt_name = fit_val.
      badi_impl_num = cl_badi_query=>number_of_implementations( badi = r_badi ).
      if badi_impl_num > 0.
        "there are badi implementation(s)
      endif.

  • Can access enforcer be implemented with going through the SOD check.

    Hi All,
    I have couple of questions regarding Access enforcer:
    1. Can Access enforcer be implemented with going through the SOD check?
    2. Can we provision roles for the project team using Access Enforcer (without having a million SOD conflicts which need to be cleared)?
    I would really appreciate any insight on these questions.
    Thanks

    https://websmp103.sap-ag.de/~form/sapnet?_FRAME=OBJECT&_HIER_KEY=501100035870000015092&_HIER_KEY=601100035870000206624&_HIER_KEY=601100035870000212731&_HIER_KEY=601100035870000210510&_HIER_KEY=701100035871000519581&_SCENARIO=01100035870000000202&#HOME

  • SAP Security Planning and implementation with SOX/SOD compliance

    hello
    Hi guys, i am a security guy
    could you tell me ,"SAP Security Planning and implementation with SOX/SOD compliance" 
    what does it mean.
    <removed_by_moderator>
    thanks
    Ramesh
    Edited by: Julius Bussche on Feb 2, 2008 1:26 PM

    Ramesh Sammiti wrote:>
    > hello
    >
    > Hi guys, i am a security guy
    >
    > could you tell me ,"SAP Security Planning and implementation with SOX/SOD compliance" 

    > what does it mean.
    >
    >
    > <removed_by_moderator>
    >
    >
    > thanks
    > Ramesh
    Forgive me for saying, but it means:
    Implementing security which complies with Sarbanes Oxley requirements and takes into account Segregation of Duties.
    SOX and SOD are different things, from a security perspective SOX is generally technical security based and SOD is business process based (although bus proc has big SOX component).
    There is a plethora of information via yahoo/google etc.
    Edited by: Julius Bussche on Feb 2, 2008 1:28 PM

  • Can be implemented with Java 2D?

    Could anyone tell me what kind of effect in this flash animation? it can be implemented with Java 2D?
    http://www.echt-wahnsinn.de/liebesgesichtflash.htm

    Thanks for your answer.
    so it's not only just for fun but the part of our semester project. :-)
    Could you explian it more in detail, I mean "manipulate the color/brightness values"
    please tell me if the step is right:
    1. load a new image as background pic and another new pic as the small image (using BufferedImage)
    because I will scale(maybe scale = 0.5) the both pics in my UI window.
    . img_org . img_min . img_result .
    2. create the background pic in third ImagePanel automatically and finish the image manipulations.
    at the same time to get the size of img_org, img_min, and color/brightness values, pixels.
    here I am not sure how to implement it effectively. image clipping?
    any suggestion and help are welcome!!
    laue

  • Integrate Microsoft Orchestrator with LANDesk

    Hi,
    Is there any integration pack to integrate Orchestrator 2012 with LANDesk or can we do something via Web Services..?
    Regards,
    Soundarajan.

    Hi Eric,
    additional check this links:
    [SQL Serveru2019s Business Intelligence (BI) capabilities|http://download.microsoft.com/download/E/D/F/EDF235B0-3FFD-468D-BD29-2F33ADB4BC0C/SQL_SAPBW_Datasheet.pdf]
    [SAP BI for SharePoint Portals|https://portal.erp-link.com/sites/erpl_solutions/Solutions/Solutions%20library/iNetBIViewer.aspx]
    WebPart: iNet.BI Viewer, an add-on component for ERP-Linku2019s iNet.BI, presents SAP information and actionable business intelligence to knowledge workers within interactive, graphical views in SharePoint portals.
    Search for "[WSRP|http://www.cmswire.com/cms/portal/microsoft-releases-sharepoint-web-parts-for-sap-and-web-services-integration-000403.php] Web Part Toolkit for Sharepoint Products and Technologies for SAP iViews" to integarte Netweaver-iViews.
    [Microsoft Business Intelligence on SAP NetWeaver data|http://download.microsoft.com/download/3/3/9/339550a1-c0f7-4299-adbf-67ca0e8a413e/SAP%20MS%20BI.pdf]
    Regards
    Andreas

  • Scenario related to NAC server with hight availabily

    Hello
    am looking for good scenario related to NAC server with hight availabily, mentioned the how it works,how the phisical coonection could be to each Core?what is the P-service..
    Thanks for ur time

    Hi,
    Here's the documentation regarding the HA setup:
    http://www.cisco.com/en/US/customer/docs/security/nac/appliance/installation_guide/hardware/47/hi_ha.html
    http://www.cisco.com/en/US/customer/products/ps6128/products_configuration_example09186a00808fbc0f.shtml
    HTH,
    Faisal

  • Cisco ISE or NAC Guest with web security (IronPort) integration

    All,
    We have a scenario where guests will be authenticated against the ISE or NAC Guest server, and customer will place an IronPort to provide web security, however, we can not find referentes whether IronPort can or cannot integrate with Guest Server, so that guests are not requested to be authenticated twice, one by the Guest Server, a one by the proxy. The idea is to keep it transparent for the guests with a single authentication.
    Has anyone there implemented such scenario?
    Thank you!

    I see. So, lets say we disable proxy authentication for the guest segment, can I still provide content filter for the segment, even though there is no proxy authentication? I assume customer will lose the reportinga and tracking granularity, but the scenario will work withou proxy authentication. This may be some sort of "man in the middle" only, but with content filter. Does it make sense?
    Thank you!

  • NAC ADSSO with WLC 4400

    I'm setting up this scenario today and have never done that and was wondering if there are any 'gotchas' i need to watch out for, or anything any of you have done/learned while implementing this.
    I do have one specific question, the preshared key under vpn auth / vpn concentrators, where the wlc is to be added, where is the preshared key configured at the on wlc?
    NAC is running 4.1.3.1, not sure about WLC.
    I do have ADSSO working on the wired network, so at least that part is done.
    TIA

    I am currently testing NAC for wired guests and AD SSO for staff. We are planning to offer wireless guest services using Cisco infrastructure once wired is working. I was wondering about NAC and wireless guest services. We are deploying in-band as it requires for wireless so is there anything I am missing or will need to integrate wireless with NAC.

  • NAC ADSSO with NAC Module isn't working for all modules

    Hello,
    We have a NAC OOB-L2-VG Deployment at the Central Site with VLAN Mapping and ADSSO which works just fine.
    As part of the project we have implemented NAC Modules on ISR routers for the branch offices; same topology but as the documentation states no VLAN mapping was configured. The problem is that for some users in one branch office the ADSSO isn't working and in another branch office the ADSSO isn't working at all, all the users are getting authenticated with a local user we defined on the servers.
    The configuration in both modules is exactly the same; they are using the same user to access the AD (the one used on the ktpass) the data links to the central site are both 1 Mbps and everything is pretty much the same thing.
    I have checked the logs on the CAS-Module and it states that Windows SSO is running:
    Nov 27, 2009 10:08:23 AM com.perfigo.wlan.jmx.admin.GSSRetrier$RetrierTask run
    INFO: GSSR - Windows SSO is running
    The interesting thing is that when the user goes thru the NAC process I see these logs:
    Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.SWissServer run
    FINE: Sent Response to /172.19.5.11!
    Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSServer$GSSThread run
    INFO: accepted ADSSO socket ...Socket[addr=/172.19.5.11,port=1431,localport=8910]
    Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSServer$GSSThread run
    INFO: accepting ADSSO socket ...
    Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSHandler run
    INFO: processing socket ...Socket[addr=/172.19.5.11,port=1431,localport=8910]
    Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSHandler run
    INFO: TIMEOUT_SET FOR ADSSO SOCKET ... Socket[addr=/172.19.5.11,port=1431,localport=8910]
    Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSHandler run
    INFO: reading peer's token_length Socket[addr=/172.19.5.11,port=1431,localport=8910]
    Nov 27, 2009 8:55:28 AM com.perfigo.wlan.jmx.admin.GSSHandler run
    SEVERE: IO Error: Socket[addr=/172.19.5.11,port=1431,localport=8910]:Read timed out
    Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissHandler processPacket
    FINE: SWissServer: get request from : 1043@/172.19.5.11
    Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissHandler processPacket
    FINE: SWissServer: Client OS is WINDOWS_PRO_XP
    Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil parseClientAddrList
    FINE: IP=/172.19.5.11, MAC=00:1E:4F:53:97:7D
    Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.Shell writeToClick
    FINE: /proc/click/intern_arpq/add_interest-->172.19.5.11
    Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.Shell writeToClick
    FINE: /proc/click/intern_arpq/remove_interest-->172.19.5.11
    Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
    FINE: IP=172.19.5.11, VLAN=19, OS=WINDOWS_PRO_XP
    Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
    FINE: Default Provider=Local DB
    Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
    FINE: Providers=Local DB;
    Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
    FINE: Number of providers=1
    The IP address 172.19.5.11 is the IP of the PC during the unauthenticated role; what the user is finally seeing is the CCA Agent asking for user and password instead of using the ADSSO.
    The version of the Agent is 4.1.10, the NAS and NAM are running 4.1.8 and the only ackword thing is that the Active Directory Servers are running Windows 2000 SP4.
    Any assistance would be much appreciated.
    Thanks,
    DL.

    Hi,
    I too have the same error , Any one knows how to resolve this
    Socket[addr=/10.80.0.220,port=1583,localport=8910]
    2010-09-28 10:57:38.028 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSServer               - accepting ADSSO socket ...
    2010-09-28 10:57:38.041 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSHandler              - processing socket ... Socket[addr=/10.80.0.220,port=1583,localport=8910]
    2010-09-28 10:57:38.041 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSHandler              - TIMEOUT_SET FOR ADSSO SOCKET ... Socket[addr=/10.80.0.220,port=1583,localport=8910]
    2010-09-28 10:57:38.041 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSHandler              - reading peer's token_length from Socket[addr=/10.80.0.220,port=1583,localport=8910]
    2010-09-28 10:57:38.670 +0530 ERROR com.perfigo.wlan.jmx.adsso.GSSHandler              - IO Error: Socket[addr=/10.80.0.220,port=1583,localport=8910] null
    2010-09-28 10:58:40.215 +0530 INFO  com.perfigo.wlan.jmx.adsso.GSSRetrier              - GSSR - Windows SSO is running
    2010-09-28 10:59:26.308 +0530 WARN  org.apache.commons.httpclient.HttpMethodBase       - Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.
    2010-09-28 10:59:38.478 +0530 INFO  com.perfigo.wlan.jmx.admin.OOBDelayTask            - OOBDelayTask: remove temp user [00:01:80:53:67:75]/[10.80.0.220]
    Thanks in advacne

  • NAC integration with WLC

    Any doc on implementing inband wireless with NAC?
    Lets say 2 SSIDs. 1 staff that has 30 networks based on 30 locations and 1 guest network for all locations. The Controller is trunked to the switch. How do u force the traffic to go to CAS?
    Thanks in advance!

    In-Band Virtual Gateway is the recommended configuration. What you have in the link is In-Band Real IP. You can use either one... with real ip you will need static routes. In IN-Band virtual gateway, the NAC will bridge the traffic from the untrusted to the trusted.
    Basically the ssid is mapped to a vlan like 50 and that is passed onto a dot1q trunk to the switch. Vlan 50 is not routed and the only other port on vlan 50 is the untrusted port on the CAS. The CAS then bridges that to... lets say vlan 51 which is routed on the network.
    Every time I have to deploy one of these, it still confuses me somewhat... So hope this doesn't confuse you.

  • How to switch to a different JSP / EL implementation with WebLogic 10g?

    Hi everyone,
    we have a web application (JSP + servlets), that runs fine on Tomcat 5.5. We are porting it to WebLogic 10g3 - we've solved all of the issues except one. Some of the EL expressions are processes correctly in Tomcat, but it fails in WebLogic.
    For example we have a custom tag (component inherited from a SimpleTag), that renders a combobox. The component has "textExpression" attribute, that it evaluated like
    String text = (String) pageContext.getExpressionEvaluator().evaluate(textExpr, String.class, pageContext.getVariableResolver(), null);
    but if the expression has two parts - i.e. something like "{...} {...}" - the parse fails, for example with the following exception:
    javax.servlet.jsp.el.ELParseException: Error occured while trying to parse '${(option.partner.jmeno eq null && option.partner.prijmeni eq null && option.partner.nazevSpolecnostiFoPo ne null) ? option.partner.nazevSpolecnostiFoPo : option.partner.jmeno } ${(option.partner.jmeno eq null && option.partner.prijmeni eq null && option.partner.nazevSpolecnostiFoPo ne null) ? '' : option.partner.prijmeni}'
    weblogic.jsp.internal.jsp.el.ExpressionEvaluatorImpl.parseEL(ExpressionEvaluatorImpl.java:171)
    weblogic.jsp.internal.jsp.el.ExpressionEvaluatorImpl.parseExpression(ExpressionEvaluatorImpl.java:134)
    weblogic.jsp.internal.jsp.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:125)
    Is it possible to switch the JSP / EL engine to Jasper? I'd expect some property pointing to ExpressionEvaluator implementation / parameter in the deployment descriptor but I haven't found anything like that yet.
    thanks
    Tomas

    Anyway I've achieved some progress with the Jasper - I've found that when precompiled using the JspC compiler from Jasper package, the resulting servlets are inherited from org.apache.jasper.runtime.HttpJspBase and thus should probably use the "proper" JSP EL implementation. But I still can't use these servlets from Weblogic, as I receive java.lang.NoClassDefFoundError: Could not initialize class org.apache.jasper.runtime.PageContextImpl.
    java.lang.NoClassDefFoundError: Could not initialize class org.apache.jasper.runtime.PageContextImpl
         at org.apache.jsp.WEB_002dINF.jsp.servletExceptionFragment_jsp._jspService(servletExceptionFragment_jsp.java:64)
         at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:502)
         at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:251)
         at org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:145)
         at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251)
         at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1144)
         at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:880)
    The servlet is compiled properly, the jasper-runtime.jar is in the WEB-INF/lib directory, yet the weblogic is not able to load the PageContextImpl class :-(
    Edited by: user6510516 on 25.2.2009 4:14

  • NAC problem with Samsung Galaxy Grand (Android)...!!!

    I tried accessing wifi though my Android mobile in my college, which is NAC installed. The mac address of my device was successfully added to the portal, but I'm not able to connect my device to the respective wifi network.
    Can anyone suggest what's the problem.

    It is probably issue with your NAC config.
    If issue with all android devicea then look into this:
    https://supportforums.cisco.com/message/3889346#3889346
    HTH
    Amjad
    Rating useful replies is more useful than saying "Thank you"

  • Ibatis implements with MS Access

    Hi all,
    Anyone knows is it possible to implement ibatis to communicate with MS Access?
    If possible, please kindly provide some example how to implement.
    Thanks a lot.

    If you search for ODBC and ACCESS, you get a lot of links, one of them is this Re: Connecting Oracle forms 6i to MS Access

Maybe you are looking for