Using ACS for change control

I'd like to set up ACS server (integrated with Windows Active Directory) for router and switch so that all network administrator could use their active directory account to access network devices… and all activities will be logged on to ACS server. Currently we are sharing local administrative(on router and switch) account and I don’t have the visibility of who is doing what. The idea is to have more tight change control.
I'd like to have security group set up in Active Directory and have all the network admins within, and have them to use their network account to log into routers and switches. Is this possible?

Thank you, in that case I have some more questions(if you don't mind) to ask about your instruction.
1. I only have RADIUS server(ACS 3.3). Do I need to purchase additional TACACS+ to accomplish this? or you just want me to add additional TACACS+/RADIUS attributes enabled per user?
2. Is it possible to map 'Security Group' object instead of individual user?
3. Please send me a sample CLI configuration for router(or switch).
Thank you very much for your help.

Similar Messages

  • Useful link for Process controlled workflow

    FYI Useful link for Process controlled workflow..
    http://help.sap.com/saphelp_srm70/helpdata/en/74/c0256bebb54f1c8dfb519d2908152b/frameset.htm
    Thanks!!
    Bharath

    Hi Peter Novoth,
    Can you please create this as a sticky thread, so that this will be us full for everyone..
    Thanks!!
    Bharath

  • Using ACS for command authorization

    I've setup my ASA for this and it works as it should, the restricted user can only run the commands I put into the command set in ACS.
    However this is fine on telnet/SSH but when using ASDM the restricted account has level 15 access and is able to change things.
    Can you use ACS to give a view only account on an ASA when using ASDM?

    thanks for the reply, I actually resolved it by watching the logs and seeing what ASDM needed, in the end had to add permit to the session command and also permit write net
    this worked and gives the restricted user view only access to the config etc and also view only in ASDM.

  • Using LabVIEW for temperature control with AMREL SPS200-50-A022 power supply

    Hi, I hope someone can help me out. I'm an ME undergrad with pretty much no knowledge of LabVIEW. I am working a project which requires a temperature controller. Previously, we were using an SPS120-10 power supply from AMREL and a grad student wrote a LabVIEW VI which performed feedback temperature control. The VI would acquire temperature from a Benchlink which acquire the temperature from a thermocouple. The VI also monitor the output voltage & current and determine the power output and heater resistance from those values. When a desired temperature is set, the VI compares the actual temperature to the set temperature and adjust the voltage/current setting to achieve the desired temperature. The VI was designed to keep temperature deviation to within +/-0.5 deg C. I'm not sure of the data refresh rate, but it's on the order of seconds since the system has a small thermal mass and we're operating in the 800+ deg C range. When we were using the SPS120-10, the device used GPIB for communication with the PC. Due to higher power output demand for the heater, we switched to an SPS200-50, which only has an RS-232 port. First of all, I was wondering if someone could help me modify the VI so that it could communicate with the SPS200-50 through the serial port? In addition, the drivers for the SPS120-10 and SPS200-50 might be different. If modifying the VI to communicate through the serial port isn't enough, I would need to figure out where to modify the VI with the SPS200-50 drivers, which is provided by AMREL. If anyone would like, I can send you the VI files so that you can take a look at the block diagram and tell me where to modify it. I'm still not 100% certain I understand how to read LabVIEW block diagrams.
    Please let me know if you need any additional information. Any help would be appreciated. Thanks in advance!

    I have looked over your vi. First of all you have to do some changes in the "ARSPS Initialize.vi" See picture.
    The best way to check instrument communication is to send the *IDN? Command. The instrument will indentify itself in response to this command. The vi I have included is a labview example. Use this Vi to test your communication. Do not progress before this is working. The VI is also an excellent example on how to set up and close down RS232 communication.
    The VI "Tfeedbackpowercontroller-nolvdt-Dinh.vi" looks OK so I guess it will work then your RS232 communication with the SPS200-50-A022 is working
    good luck
    PS as mentioned before you will find all the RS232 details in the instrument manual
    Besides which, my opinion is that Express VIs Carthage must be destroyed deleted
    (Sorry no Labview "brag list" so far)
    Attachments:
    sample.PNG ‏38 KB
    Basic Serial Write and Read.vi ‏29 KB

  • Why do people use SharePoint for Version Control?

    People have a few options for placing their FrameMaker documentation in version control. One option is to use the SharePoint CMS integration. What I don't understand is why someone would choose to use SharePoint for this. I have seen several points with complaints like "I have everything set up correctly but sharepoint still isn't working correctly for X reason...".    Now there are business reasons why you may have to use SharePoint. For example, the organization you work for is all based on Sharepoint and they demand the use of SharePoint as a business requirement.   However, if you have a choice, why not use subversion? I have been using it for years with my framemaker documentation. There are no configuration steps. Someone sets up the SVN repository and then you add the FrameMaker files. That's it; you are done. After that, SVN just works.  However, the bottom line is that Sharepoint CMS sounds like a nightmare. I can personally attest there are almost no problems with using a SVN repository.  From a technical standpoint, I have no idea what SharePoint could possibly provide that would make it worth the hassle it puts people through to do simple check ins and check outs.    Joe

    In my case, "business reasons" more or less nails it. Our company is implementing SharePoint and they're hoping I can use it for DITA.  They'll entertain other options only if there are good reasons why we can't make SharePoint work for this.  I've already started exploring the SharePoint API. Meanwhile, we have the SharePoint Connector working and we can check files in and out -- it's not that difficult.
    I've heard about Subversion, but I understand that it's mainly a source-control application. I have no shortage of those to choose from; our company already uses MKS and TFS. (In fact I'm using MKS to store one of my DITA projects.) SharePoint has an edge over them because it allows me to associate custom metadata with a library (say "topic type" or "audience"), complete with a list of fixed values like "concept" and "task" for our authors to choose from. I'm not sure if Subversion offers similar functionality.
    Where all of them fall down is in the area Nakshatra mentions -- dependency management. If I want to rename a file, or replace a Windows7 screenshot with a Windows8 screenshot that has a different file name, or I want to know everywhere a conref is used, or want an alert when someone changes the conref, I need an underlying database to make the file management system "DITA-aware." 
    I was all set to create such a database for our SharePoint implementation, along with a user interface -- very gradually, in small steps over a long time. FM's "FMDependency" field presents an unexpected complication for this plan, and I'm still absorbing that. 
    If Subversion is "DITA-aware" or has promising open-source plugins to make it so, I'm interested. Otherwise I still have to develop a database and UI, and in my case, I might as well try to do it with SharePoint. 

  • What is the path or TC for changing control of recon account in vendor

    Hi Gurus,
    Pl tell the TC or Path for changing the reconciliation account control for vendor as like in asset recon account.
    Pl itsUrgens
    Thanks in advance

    Hi:
             What i guess from your requirement that you need to control the field Reconciliation account, some users should be allowed to change the recon account and other should be restricted from doing so? If i am right then you can do that easily with the help of BASIS guy. F_LFA1_AEN     Customer: Change Authorization for Certain Fields will do the needful for you.
    Ask your Basis consultant to implement authorization's checks against F_LFA1_AEN for this Transaction code for the user profiles as desired by you. Before that do the necessary customization in SPRO as follows:
    Define your change groups in the task level menu of Financial Accounting >A/R & A/P -> Credit management -> Define Field group-> Assign Fields -> Groups.
    While assigning you can find the field LFB1-AKONT  . Your issue will be resolved.
    Regards

  • COPA Assessment Cycle using KEU5 for multiple controlling areas

    Hello All,
    There is an organization with operations in several countries. There is a separate controlling area for each country. There is one controlling area, for instance, for Germany and another for Netherlands.
    A problem is encountered while executing transaction KEU5 for multiple controlling areas in parallel. For instance, when one user from Germany executes KEU5 for an assessment cycle for Germany controlling area and at the same time another user from Netherlands tries to execute KEU5 for a cycle for NL controlling area, the user from Netherlands encounters an error message u201C'Cycle XXXX 01.02.2008 cannot be started because run group 0000 is locked'.
    Apparently SAP allows assessment cycles for exactly one controlling area to be executed together. This poses a problem since the organization plans to implement SAP in several other countries (There will be one separate controlling area for each country as per the organization structure adopted by the company).
    Any ideas, views or suggestions on the aforesaid issue would be highly appreciated.
    Regards,
    Soumya

    Hi Soumya,
    Did you find any text in SAP Documentation saying that "SAP does not allow cycles belonging to different controlling areas to be executed at the same time"...?
    Pls find the following text from SAP Help...
    Parallel Processing of Cycles of an Allocation Type
    Use
    Parallel processing of cycles results in considerable time savings. To process cycles of one allocation type in parallel, they must be assigned to different cycle run groups.
    You define the cycle run groups in the cycle header data. You also assign cycles to the cycle run groups in the header data.
    To process the cycles of a cycle run group in parallel, start the cycles one after the other, if required, in different sessions.
    You are carrying out a cross-company code cost accounting and want to perform the actual assessment in the individual company codes in parallel. Create a cycle run group for each company code and assign the appropriate cycles to these groups. You can then carry out the actual assessment in the individual company codes in parallel.
    When you execute a cycle, you can start a consistency check. The system checks whether you are allowed to execute the selected cycles in parallel.
    Though I didn't come across such requirement, I feel, my earlier suggestion will work out...
    Srikanth Munnaluri

  • Using Subversion for version control

    Hi,
    How can i use Subversion for version conrol in my project?
    Zia.

    Hi, Diya
    Subversion is actually quite popular with RoboHelp authors. Start with this excellent article:
    http://www.adobe.com/devnet/robohelp/articles/robohelp_subversion.html
    Then, search the Source Control sub-forum for more info.
    Thanks
    John Daigle
    Adobe Certified RoboHelp and Captivate Instructor
    Evergreen, Colorado
    www.showmethedemo.com

  • Using ACS for VLAN assignment

    Hi Guys, I have been looking at the use of Cisco ACS server for VLAN assignment. So far I have searched through a number of threads and no found what I am looking for specifically so here it goes.
    1) When the RADIUS attributes have been configured in ACS (64, 65 + 81), and in my case I have them in the group configuration. For the VLANs to be assigned to the various users at their ports will every VLAN name in the RADIUS settings have to in the switches which are used for access?
    2) Is there a limit to the number of VLANs that can be assigned by the RADIUS(IETF) portion of ACS or would it be better to use RADIUS(IOS/PIX)? I am thinking of about 15 VLANS.
    I am using a Catalyst 4500 (IOS supervisor) and 2950s and 2970s at the closets.
    Thanks for any help...
    Kelvin

    Access Control Lists..I am thinking it is better to apply the ACLs at the closet (access) switches where I can specify the servers that should be reached by the hosts my test VLAN and deny those which they should not.
    I used a named extended ACL for my tests however, it did not go well. With the ACL below applied I cannot reach anything including the server I actually want to reach. My intention was to allow the hosts in the test VLAN 172.16.12.0/24 to reach 2 particular servers and their gateway however with the list applied I cannot reach anything at all. The setup is one 2950 connected to a 4507 the 2 VLANs I am working with are trunked to the 2950 and dhcp is running. I have IP routing enable on the 4507 and it is the server for the VTP domain.
    ip access-list extended guest
    permit ip 172.16.12.0 255.255.255.0 host 172.16.12.1
    permit ip 172.16.12.0 255.255.255.0 host 172.16.2.254
    permit udp 172.16.12.0 255.255.255.0 host 172.16.2.245 eq 53
    deny ip any any
    Any advice on how I can restrict the hosts which will be on this VLAN from accessing the rest of the network?

  • Using simulations for online control?

    Hi
    When using Labview 8.2.1 what is the best way of implementing model based control, can the simulation environment, which has some nice transferfunction features be synchronized in a timed loop, to do online control in a real time system. I couldn't find an input in the simulation loop triggering the simulation with the timed loop rate. An example would be nice. Also is it at all possible to change integration algorithms, or should I make the desired adjustments myself.
    Best Regards
    soeren  

    Hi soeren
    1) If you double click the simulation loop and choose the 'Timing Parameters' tab, you have to check the 'Synchronize loop to timing source' box.
    Then if you expand the inputs on the left hand side loop you will see the 'Source Name' appearing. This is where you can wire in an external timing source.
    2) Create a timing source and wire it to the inputs of the timed and the simulated loop that you want to sync. The timing source can be the 1KHz clock Windows use
    or the 1MHz clock that can be found in the latest NI Real time controllers.
    3) Determine the rate at which the loops will run. The simulation rate has to be expressed in seconds and the timed loop rate will be in ticks ( for a 1KHz source the tick will be 1 msec). The photos attached depict two loops that are synchronized to run every 10msec. Please note that you need to choose a Fixed step solver from the simulation loop configuration box.
    With regard to the integration block, it's behavior will depend on the ODE ( Ordinary Differential Equation) solver you choose. Therefore, you can play around with the simulation loop parameters to find out which method gives you the most meaningful results.
    I hope that helped,
    Kostas
    Attachments:
    SimulationTiming.PNG ‏26 KB
    Sync_Timed_Sim.PNG ‏20 KB

  • Using BADI for changing the Profit Center in FI Document during MIRO

    Hi,
    We have an requirement of changing the profit center in FI/CO Document while doing MIRO which is different than the one which is posted at the time MIGO.The system is not allowing us to do this and the field profit center during MIRO is not changeble mode and the business requirement is to change this through any SAP enhancements or program.
    How can I do this ?
    Is there is any standard BADI or User Exit is available for this.
    Pleease help me in this and will give valuable points.

    Hey,
    Use the BADI INVOICE_UPDATE and try with this. Otherwise you try to create Enhancement point to implement your code.
    Note: Inside BADI we can't change the runtime value. So, try to use enhancement point.
    Rewert back for any clarification.
    Regards,
    Saravanan M

  • LSMW issue using BAPI for changing Purchase Order G/L Account

    Wonder if anyone can help as I'm tearing my hair out!!
    Have used LSMW lots of times using the transaction recorder, but tried using a BAPI as we have a mass update to do of G/L Accounts for Purchase Orders and it seems the tidiest and most efficient way to do it.
    Got my LSMW project working as a test by changing the Short Text on a purchase order, this works fine.  However, when I add the Account Assignment details in (Structure E1BPMEPOACCOUNT and E1BPMEACCOUNTX) everything seems to run fine, the IDOC posts and gives message 'Document xxx changed'.  Yet when I look into the order it hasn't actually changed the G/L.
    If I go into the purchase order in change mode in another session and run the LSMW again it recognises the purchase order is locked so it seems to be doing everything right, just not updating the G/L Account field.  Anyone got any ideas ? It updated the short text fine so I'm sure everything is set up OK but for some reason it ignores the G/L that I upload.  Anything relating to the Account Assignment (Unloading Point, GR, Cost Center) just gets ignored if I try and upload a change.
    I seem to be so close it seems a shame not to be able to get it sorted !!!
    Thanks,

    Helen Smith wrote:
    HI Praveen,
    >
    > Thank you very much for your response.  I tested the BAPI as per yor instructions and the return message comes back 'Eng & other PO xxxx changed' so it seems to indicate a success message again (like the LSMW does) but the actual data doesn't update.
    >
    > I thought I'd found it as I searched OSS and found note  0001382965 which seemed exactly my problem.  I imported it and applied it but yet I still get the same issue - LSMW runs, says app doc posted and purchase order has been saved but no Account Assignment field will update.
    >
    > So it seems as if it's the BAPI not doing what it should - so I'm considering logging with SAPNET just to see if they can help as getting desperate with this one now! Felt sure I had it sorted when I found that note!
    >
    > Thanks
    >
    > Helen
    >
    > ** I should add I also ran the test above altering something in the item detail (the short text) - and that worked and updated.  So it still seems to point to the Account Assignment part of the BAPI not updating.
    >
    > Edited by: Helen Smith on Nov 2, 2010 4:35 PM
    Hi Helen,
    Just wondering whether you have found solution to your issue.
    We also encounter the same issue and have implemented the note without any positive result.
    Please share if you found the solution.
    Thank you.
    Abraham

  • Interface using telnet for instrument control

    I'm trying to create a GUI front-end program for accessing instruments and equipment on routers. The first step would be to create a menu of telnet sessions that the user can select from. Maybe a pull-down menu that can select any site (router) in our district. I'm not sure how to either create a telnet session or pull-down menu using LabView. Any suggestions would be appreciated.

    There's various types of pull down menus. There's controls like the menu ring, dialog ring, text ring that you can programatically populate using a property node. You can also create your own run-time menu. There are shipping examples for all of these. Select Help>Find Examples.
    The easiest way to implement telnet sessions is to buy the LabVIEW Internet Toolkit. It comes with an example tlenet client. However, you may not need this. VISA supports TCP/IP instruments that you can add and share from MAX. Then, for any instrument that has an instrument driver written using VISA calls, communication is just like using a local GPIB or serial instrument. Utilizing a driver is much easier on the e
    nd-users since they don't have to know the command syntax in order to make measurments.

  • Using WF_EXTSRV for changing PDF Interactive form

    Hai,
    I'am trying to use transaction WF_EXTSRV to generate a task which can be used within the UWL from the portal. The main purpose of this task is to show an exsisting PDF form in change mode. I allready found some nice information from SDN, but not enough to make it all work. I still have still these questions:
    1) How must I setup the required fields within transaction WF_EXTSRV when I want to generate for example this url:
    http://abc.abc.nl:51800/webdynpro/dispatcher/sap.com/pcui_gp~isr/IsrForm?SCENARIO=SPEG&MODE=CHANGE&NOTIF_NO=000600000003
    2) How must a then setup transaction SWFVISU? Which apllication and package name.
    I hope some can help me.
    Greetings,
    Remco

    Hi Patrick,
    Let me see if I understand your query properly first. Your requirement is that you have a PDF file which is pretty much fixed.
    Now you want to use the Template present in the PDF file to be shown to the user, but this should be pre-filled with data that you receive from a Web Service & RFC.
    Now firstly I will mention the easy way, which would require you extract the PDF Template statically, I am not sure if the API has now been released to do that programatically.
    Now, lets say you store it is some location the template file, you would also need to tweak the DataBinding properties in the Template to match to that of the Context Node you will use in the application.
    Now in the ModifyView method you should get a reference to the Interactive form element, use the setTemplateSource method to refer to your template.
    Now based on the response from your RFC/WebService create the appropriate attributes into the node, and your form should work fine.
    Regards,
    Pavan

  • Using ACS for Cisco Prime authentication

    I'd like to use our Tacacs server running ACS to be the authentication method for user accounts in Prime, but don't even know where to start with this..
    Any pointers?

    The configuration on the Prime Infrastructure side is minimal:  define the authentication server Prime is to use and select a mode for Prime Infrastructure to use with it.
    Administration > AAA > TACACS+ Servers > add tacacs server.
    Administration > AAA > AAA Mode Settings > tacacs+ and enable fallback to local.
    The bulk of the configuration is on the authentication server side, particularly indefining groups, services and authorization tasks.  This is covered in the "Performing Administrative Tasks" chapter of the Prime Infrastructure Configuration Guide, starting with the topic "Configuring ACS 5.x"
    http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.3/configuration/guide/admin.html#wp1595935
    "Configuring ACS 4.x"
    http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.3/configuration/guide/admin.html#wp1625896
    https://supportforums.cisco.com/docs/DOC-17909
    In case it doesn't work, please get the logs from the ACS reports and monirtoring for tacacs authentication and error message while accessing cisco prime.
    Jatin Katyal
    - Do rate helpful posts -

Maybe you are looking for

  • BLACK INK IS NOT WORKING

    PRINTER IS OUT OF WARRENTY. I HAVE CHANGED TOATL 4 CARTRIDGES  EVENTHOUGH IT IS NOT PRINTING BLACK.  DID CLEAN PRINT HEAD 20 TIMES AND NOW I AM OUT OF MY NEW COLOR CARTRIDGES TOO.

  • Will Mountain Lion run on my mac mini running lion server?

    I like the new features of Mountain Lion and I am not utilizing the "server" functions of lion.  Will the new os effect the mini's operation?

  • Creating/editing Excel files(.xls)

    hi, does anyone knows java opensource library for produce/modify excel files? I need a very simple library because i'have not a lot of time for my activity. moreover i need to produce simple excel report from a ResultSet with simple basic formatting

  • Deploying Web Application

    Hi I downloaded the Free JSP Editor version of Workshop, I really like it. However, is there a way to deploy the webapplication to the server from Eclipse for a project created using this version of the Workshop. thanks Anand

  • How to store a RSA pair key in Java Key Store (jks) and VS

    Hi Everyone , I have generated a RSA pair key . now I need to store my public key in a Java Key Store (.jks file) . and then I need to read this .jks file in another application and get this public key to use for verification . I'll appreciate it if