Using AAA for WAAS
We are trying to integrate WAAS with Cisco ACS server for having AAA functionality. Authentication works fine provided we create the user and map respective roles locally in the WAAS CM. Otherwise user is not allowed to login to the home page itself.
We need to know whether it is possible to use the authorization from ACS without creating the user & roles locally in WAAS.
Because it is added work to create all the users in WAAS also.
Please clarify.
Regards,
Guru
Let me see what I can do, it's a process. Basically, you can create the group on the WAE like you typically would, then assign the permissions to the group.
Now, once complete, go to your TACACS server, under TACACS services there should a tab for advanced configuration options. Then, once you show that, show customized TACACS attributes, check that off.
Then, define a group in TACACS and in put the custom WAAS Group attributes: Check off Shell (exec)
Check off custom attributes - put the following string in -- waas_rbac_groups=<>
Submit/Restart
Then either define a new user or assign a user to the new group created.
Test, should work fine.
Similar Messages
-
I used to use TACACS and ACS to enable active directory accounts to be used for enable mode. After using their AD account to ssh or telnet you would then type enable and then use your AD password. Now I don't have TACACS and need to use Radius, IAS, on a windows server. I have telnet and ssh setup to use the AD accounts, but how/can I set up the enable mode to use AD accounts?
thank you,
BillBill,
Enable authentication was meant to function with TACACS, and when used with RADIUS it does not perform the same. As a result, the only way for you to get enable authentication to work with RADIUS would be to input the username $enab15$ into your RADIUS server and every user would need to use that password to login to enable mode.
Regards,
~JG
Do rate helpful post -
Wccp redirection for waas on same platform as wccp for websense?
just wondering if anyone knows if a Cisco router or switch can handle wccp redirection enabled for both waas and some other web content filtering appliance using a different service group?
seems like the priority value would come into play determining which service group gets handled first?
we currently do WCCP for WaaS on our 3945s.
I am going to advocate to my customer that we separate this out for CPU load issues, config complexity issues, IOS issues, etc... but the question is going to come up - "can we do WCCP for different applications on our Catalyst 3750 core switch, or our 3945 WAN routers?"
Thanks,
PaulHi Paul,
Yes, it's technically possible to have WCCP redirection for several services even in those devices that don't support setting the priority. However, in this case, both WAAS and Websense need to redirect HTTP traffic, and that's what makes things complicated.
Assuming you first want to send the traffic to Websense and then to WAAS, I would recommend doing the WAAS redirection only on the WAN link (with one service inbound and the other outbound). You can then configure Web-cache redirection inbound on the client vlan and, a service for the return traffic (I'm not sure if this is required for websense), inbound on the interface where the WAE is connected (with a redirect-list to match only the return direction)
Even if it's possible to have both redirections in the same device, if possible, I would strongly suggest you to either use different devices for the redirection or to make them mutually exclusive (for example, not sending HTTP to WAAS), otherwise, if you make a small mistake with the configuration, you can end up with a redirection loop.
Regards
Daniel -
How to use REGEXP_REPLACE for this scenario?
Oracle 10G Enterprise edition
Hi all,
Is it possible to use REGEXP_REPLACE for multiple replaces for the give text?
For eg.
select replace(replace('My oracle','o','O'),'M','m') from dual
my Oracle
Can we do this in a single regular expresion replace or suggest me any ideas?
Thanks all
RThis could be a solution
Processing ...
select s as string
from (
with reps as (
select 'aaa' as src, 'AAA' as dst from dual
union all
select 'bbb' as src, 'BBB' as dst from dual
), strings as (
select ' bbb a sample string aaa' as string from dual
select *
from reps
cross join strings
model
partition by ( string )
dimension by (row_number() over(partition by string order by src ) idx)
measures (string as s,src,dst)
rules (
s[any] order by idx desc = replace(presentv(s[cv()+1],s[cv()+1],s[cv()]),src[cv()],dst[cv()])
where idx = 1
Query finished, retrieving results...
STRING
BBB a sample string AAA Bye Alessandro -
Do I have to pay just to use iCloud for email?
I've used Gmail for about almost 4 years now. I cleaned out my inbox and plan on doing away with Gmail and waant to use Apple's email service, making it my new primary email (for Facebook, new Apple ID, etc.). But do I have to pay to use the email service? I don't need the storage for my purchased items on iTunes.
Also what are the benefits of iCloud email?You get 5GB of free storage and a free email account with an iCloud account.
iCloud email is an IMAP account, which means it syncs between all your devices and keeps your mail organised in the same way on each. -
Use Tacacs+ for Admin auth & Radius for user Auth?
Can I setup my Aironet 1200 to use TACACS+ for authentication back to the cisco ACS server and RADIUS back to same server for user authentication?
If I setup a server in Server Manager under Radius, then add that same server as a TACACS+ server, it deletes the RADIUS server, so I assume no.dont know about 1200s but you can do this on 1130AGs. Create a aaa group for authentication via radius, and one for tacacs+ then use aaa groups to point console/vty to the tacacs+ aaa group, and EAP authentication to the radius group.
eg:
aaa group server radius rad-group
server x.x.x.x auth-port xxxx acct-port xxxx
aaa group server tacacs+ admin-access
server x.x.x.x
aaa authentication login eap-method group rad-group
aaa authentication login auth-admin-access group admin-access local
aaa authorization exec default group admin-access local
now under the ssid part of the config have:
dot11 ssid yyyyyy
authentication open (or whatever method you use) eap eap-method
under console/vty etc:
login authentication auth-admin-access
you need some more stuff like radius and tacacs server keys, but the above should get you started. On 1130AGs dont use aaa auth for http(s), looks like it overloads the aaa server at the moment - see field notices - probably doesnt apply to 1200s. -
We have purchased 5 apple minis and would like them all on one account, that way we can monitor the use of these units. They will be used strickly for a business application. Can I use one account in itunes or must i have multiple.
Not going to happen the way you want it to.
When you add a gift card balance to the Apple ID, it's available for the Apple ID.
Probably best to create unique Apple ID's for each... this will also make things easier in the future as purchases are eternally tied to the Apple ID they were purchased with. -
I want to use wifi for Apple TV, but it doesn't prompt for a password, so never connects. What am I missing? Can I only use it via a non-password-protected wifi connection?
Hi - you might want to post this question on the Apple TV area - you would probably get a quicker response - if you have a specific question relating to Apple routers then post back here
-
Error while generating DDL commands using startSQLRepository for a new Repository
Hi,
I am trying to generate DDL Commands using startSQLRepository for my new repository SubashRepository so that I can use them to create new table structure.
All the repository related changes looks good. i can see my repository in ACC
When I run the command:
startSQLRepository -m SupremeATG –repository /com/supreme/SubashRepository /com/supreme/subashRepository.xml -outputSQLFile C:/ATG/ATG9.3/SupremeATG/config/com/supreme/subashRepositoryDDL.txt
I get following error:
Table 'SUBASH_MEMBER' in item-descriptor: 'member' does not exist in a table space accessible by the data source. DatabaseMetaData.getColumns returns no columns
Note:
* errors related to definition file were cleared as the same command threw relevant exception while trying to store a array property with out creating a multi table.
* Now this is the only exception i see
* Some DDL are getting generated in the output file, but those are related to inventory repository (I am not sure why this is happening as I have specifically gave the path to my definition file).
Any help in resolving this is highly appreciated.Pl post in the ATG forum
-
I can not send email from my iPad . Have been using it for over a year, all of a sudden I can only receive email. I have a wifi connection in my home and have a A T &T cellular data plan?
I have a 1st gen iPhone that I just updated the software to 2.0.2
Now whenever I press the mail icon it goes to the mail app for about 4 seconds, does nothing, no loading of folders, old messages, nothing.
Then it reverts back to the home screen. Tried restarting, haven't tried restoring, thought I'd look here first.
Anyone??? -
What the ****.
OK, I try to change a template using Word for Mac version 14.3.4 2011 edition.
I make a change to the template but am unable to save the darned thing to the template folder; it asks for a file name like it's a new document. I want to change the blasted template but if I can't save it as a modified template, I've accomplished nothing.
Does anyone have a solution?
ThanksSupport for Microsoft Office for Mac
-
I am running 10.6.8 and using iweb for my web site. After several SEO analysis they all indicate I need H1-6 header tags. After looking at the source code I see there are none in iweb. Are they necessary to add? Why would one add these tags and how do I add H Tags to iweb? And are there examples to look at? I am slowly learning about simple web design and assumed that iweb was stand alone without having to write code. Is this one of the reasons iweb is no longer supported? Thanks for looking at this!
A simple text page like this:
Heading
sub heading
text paragraph ....
Is traditionally represented by html tags like:
<h1>Heading</h1>
<h2>sub heading</h2>
<p>text paragraph ... </p>
I would guess that the use of h1-h6 tags helps search engines to understand the structure of a page as the tags imply a certain structure.
This can be compared to more generic tags like <div> that could represent any kind of content - and may be what iWeb uses (you'll have to check yourself).
I would generally recommend that you use some kind of up to date blog/site building tool, perhaps Wordpress or Squarespace (I haven't used either one myself) that support current web technologies - this should reduce your SEO issues and make it easier to properly support mobile/tablet users. -
How do i use ibooks for saving my lecture notes / power point slides please?
Hi, how do I use ibooks for savng / storing my lecture notes on please? (on either a iphone or ipad). Also, can I save powerpoint slides to it too? thanks.
iBooks can only read two formats -- .epub and pdf. So you have to convert your lecture notes or powerpoints to one of those. To do that, check the Save, Export, or Share functions of whatever app you are using to create your notes.
-
A useful story for you, will hope
Today I upgraded to CS6, both Design/Web Premium and Audition.
After really being attracted, and thinking a lot about it, I didn't do so via Creative Cloud. I think you might like to consider why, and things that can be good to do about it.
I'm a long-time customer and adept with the tools, but it's important to know that what I do with them is to the side rather than in the center of my endeavors. In that, I suspect I'm like very many of your customers besides those directly in design shops.
Probably many of us have also been the every-other-release updaters, which rather than 'avoiding paying up' put our income stream for you in a balance with value received. I might add that I've been an consultant executive starting new media business within a big name, and fully understand the draw that subscription business models can have, if you can subtly choose and thus successfully manage them.
Here are the deepest problems Creative Cloud showed to me at present:
Apart from the first year offer, Creative Cloud would be more expensive to me. Yes, you added the extra apps, but not in proportion to their use value for me. Maybe the 'new apps' really will help me keep up with things like eBook and Html5 developments successfully, but that's an open question, isn't it, given history?
Once on this gravy train of subscription to you, I would be committed_forever_ to keep paying, if you look at your offer practically, and with the idea of needing to use the tools. That is not something my gut would let me do. Paths can change, and particularly will on the mature side of the ledger and with the kinds of creative things those of our weight can very usefully offer, which often need to be done on a stringent budget until they can flower.
Tools. The very point in having tools is that they are there when you need them to be, both in moments where learning takes place, and in intervals of creating deliverables. That's an emotional matter, surely, and you should know strongly at the heart of any purchase of the kinds of things you make, especially by individuals or individual decision-makers, who in principle I am going to presume are in fact a significant proportion of your buyers.
What can you do about this? And maximize your profits?
Primarily, I think you should modify the Creative Cloud exit terms. Instead of reverting to whatever products we had going in, which would then be obsolete, we should revert to the recent version of those products. Thus if I had come in at CS5.5 Design Premium, I might exit when CS8 was current, and in my CC use: that CS8, now stand-alone, is what I should go forward licensed to use. Now my investment is covered, and you get all the subscription business you can receive from me, while keeping the incentives to keep me going forward, whether CC or standard licensed. I now would be free to be in or out as suited my own situation -- an immense and proper comfort.
I also feel it would do very much for Adobe customers in daily use and in their perceptions that you use the relaxation a more committed revenue stream gives you to fully share any application fixes and upgrades as soon as they are ready. It should be a privilege of all who support you, not just those who can reasonably choose to do it in the subscription way. What's begun in a much better sharing by certain courageous managers on the forums would blossom, with the turnaround on fixes and improvements available most fairly.
Can you improve the way the rates work? An elephant in the room is surely that you can always raise the rate charged. But also, there can be times surely for many where the rates just go over what the current use of the subscription will bear. I would think there's a place for the 29.95 rate to be always available, below a certain time-percentage use level per month of the tools. Now you have something a customer can stick with -- through life changes, illness, investment in new venue, and so forth. You also have an entry available for all those who need to learn them, your future customers, and I don't have to mention what alternative method enough of them use when you don't have this. So, a flat rate, for maintenance and for the new?
Let me return to the thought of tools. A person's paintbrushes ought to be always there; we don't rent them, even if in some production of art we may pay for materials including brushes at a stream. Inspiration asks that those brushes be there every time needed, to express what may become value (which will be shared with you), even or especially when we are not in such a stream. Especially in a picture like this, a satisfied and secure customer is a much better customer, don't you think?
The short of it is, subscriptions give Adobe a kind of security. Any but the most corporate of your customers need their own security in return. By improving the terms of the Creative Cloud, you will improve our ability to support you in it. Removing the threat of what happens when circumstances indicate we leave,and during periods it doesn't make individual sense to participate, would create the real virtuous circle here.
Thanks for considering this, as well as you've considered some other things and made appropriate changes, which we notice in recent times. Appreciated.Better exit strategy? Agreed. I get the impression that Adobe's still mulling that one over and we may see more mutually beneficial terms emerge in future.
Don't know that anyone other than Adobe is happy with the current all-or-nothing terms.
Mid-cycle feature updates for perpetual customers? Won't happen other than the 0.5 releases (wonder how much longer they'll be around?). That's one of the UPSes (Unique Selling Propositions) of the Cloud.
Clearly, Adobe eventually wants to deliver all its software via subscription. They are going in the same direction as mobile (cell) phone carriers and utilities (gas/water/electricity) providers.
2010/2011's subscription model offered little value to most and got a muted response. The 2012/2013 Cloud model is much closer to the mark and the adoption rate is much higher but still being tweaked (e.g. Lightroom just arrived).
The Cloud's value obviously tempts you (so you're obviously on the fringe of the target market)- but not quite enough yet to sign up. I'm sure the balance will tip soon and tempt you again.
I'm sure the Cloud offerings will improve over time. -
Using Applescript for uploading pictures on the Internet
Hello!
I was wondering if there was a way to use Applescript with Firefox (or another browser)...?
We have many many villas on our website, each one with lots of pictures. We are constantly adding new villas to our site and amending old ones.
To add pictures we go to a page in our cms for each villa, located there is a drop down menu - image 1, image 2, 3 etc etc etc
For each one we have to manually browse for and attach the photo. As you can guess this is a time consuming process, we have asked the web designer before for this but he is so busy and we have other more important stuff for him to be working on.
As Applescript is so nifty I was wondering if anybody had an idea on how to use it for this process - i.e. have a folder full of pictures on the desktop and Applescript can add them?
I have no idea if this is possible, any ideas?
Many thanks and regards.
SimonYeah I completely understand, I just wanted to see if anybody knew if it could be done.
Obviously for security reasons I can't let anybody into our CMS, so looks like it's a bit of an impossible task.
Although it would be awesome to simply change the script slightly for each villa and let it do it all, this would be stupidly complicated as there are many menus to navigate to get to the uploading picture area.
It would be great if I could do all that manually then once on that page (or given the page url to Applescript) set Applescript running to upload all the images for me.
This is what that page looks like, if this helps?!:
http://img535.imageshack.us/img535/241/screenshot20100415at141.png
The drop down menu contains:
Villa Plan
Small Location Map
Image Gallery 1
Image Gallery 2
etc
etc
I could arrange a folder with the pictures in order (i.e. Villa Plan first, then Small location Map, then the picture for 1 etc) so no worries about the Villa Plan and location map.
I've got a feeling I'm just going to have to do it manually (I shall forever be uploading pictures), but I thought I would give it to some of you geniuses to mull over!
For whoever creates a script I'll give you a discounted stay in Paradise... there's an incentive!!
Many thanks and regards,
Simon
Maybe you are looking for
-
Software update on iPad 2 not showing
In Settings, under General, the line for Software Update does not show in the widow of options on my iPad 2. Cannot figure out why since my OS is old and needs to be updated so I can use apps that require the new OS. Any idea why this is not showing?
-
Each time I attempt to download the new itunes 10.5 I keep getting the following error message: Product: Apple Software Update -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as
-
Problem with my ipod. Any ideas?
ive had my ipod nano for just over a year and up and untill recently it was working satisfactory and serving its purpose well. However two days ago for no reason what so ever the screen has stopped working properly. Its as if its had a stroke or some
-
I am using the version 10.0.9 which might have been an automatic upgrade from my original version. The majority of my connections between library items has been lost. The items show up as missing files both in the library and when I run my project. H
-
Lightroom 2 & Wacom Intuos 3 Tablet
Hi all My Wacom Tablet worked fine with LR1.4. Having installed LR2 the pen only works when over the image. As soon as I go to any of the side or top panels it changes to a double ended arrow and freezes. My wacom or MS mouse can then get me back to