Vasco Middleware server + ACS 4.0
Can i have some advise on whether Vasco Middleware Server 2.3.11 is operational with ACS 4.0. I am working on Radius authentication via ACS. Maybe someone who has work with vasco token can help me.
Yes, Vasco should work fine with ACS. You need to configure the Generic RADIUS token external authenticator.
You basically just give it the ip address & shared secret of the Vasco RADIUS server.
Darran
Similar Messages
-
2611xm Terminal Server + ACS + reauthentication when selecting menu options
Hi,
I've managed to setup ACS Authentication on my 2611xm router,
after you login to the router I have a autocommand setup to run a menu.
My problem is when you select the option on the menu,
You are then re prompted to reauthenicated against the router again before connecting to the line,
can any one tell me how to stop this from happening.
Thanks for your time and effort in advance, I have enclosed a config below.
DDRAS01#sh running-config
Building configuration...
Current configuration : 6854 bytes
! Last configuration change at 10:28:49 AEST Sun Feb 21 2010 by <removed>
! NVRAM config last updated at 19:25:53 AEST Sat Feb 20 2010 by <removed>
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service linenumber
service sequence-numbers
hostname DDRAS01
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 informational
logging rate-limit all 10000
logging console critical
enable password 7 <removed>
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login if_needed local
aaa authentication enable default enable
aaa authentication ppp default local
aaa authorization exec default group tacacs+ local if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
clock timezone AEST 10
clock summer-time AEST recurring last Sun Oct 2:00 last Sun Mar 3:00
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
ip domain list <removed>
ip domain list <removed>
ip domain name <removed>
ip host dd-cr-01e 2033 172.16.1.1
ip host ddsws01 2034 172.16.1.1
ip host ddsws04 2035 172.16.1.1
ip host ddce565 2040 172.16.1.1
ip name-server <removed>
ip name-server <removed>
username netops privilege 15 password 7 <removed>
ip ssh source-interface FastEthernet0/0
ip ssh logging events
ip ssh version 2
interface Loopback0
ip address 172.16.1.1 255.255.255.255
interface FastEthernet0/0
ip address <removed> 255.255.255.0
speed 100
full-duplex
interface Serial0/0
no ip address
shutdown
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 <removed>
ip http server
no ip http secure-server
ip tacacs source-interface FastEthernet0/0
ip radius source-interface FastEthernet0/0
logging facility local6
logging <removed>
snmp-server community <removed> RO
snmp-server community <removed> RW
snmp-server location <removed>
snmp-server contact NetOps
menu ddras01 title ^C
Cisco Terminal Server
Select the number from the list below
Use 'ctrl+shift+6' then 'x' to switch back to the menu
^C
menu ddras01 text 1 Connect to DD-CR-01
menu ddras01 command 1 resume dd-cr-01 /connect telnet dd-cr-01 2033
menu ddras01 text 2 Connect to DDSWS01
menu ddras01 command 2 resume ddsws01 /connect telnet ddsws01 2034
menu ddras01 text 3 Connect to DDSWS04
menu ddras01 command 3 resume ddsws04 /connect telnet ddsws04 2035
menu ddras01 text 8 Connect to DDCE565
menu ddras01 command 8 resume ddce565 /connect telnet ddce565 2040
menu ddras01 text 9 Exit
menu ddras01 command 9 menu-exit
menu ddras01 clear-screen
menu ddras01 status-line
menu ddras01 line-mode
tacacs-server host 10.2.0.50
tacacs-server directed-request
tacacs-server key 7 <removed>
control-plane
privilege exec level 15 write terminal
privilege exec level 15 write
privilege exec level 1 ping
privilege exec level 10 undebug ip icmp
privilege exec level 10 undebug ip
privilege exec level 10 undebug all
privilege exec level 10 undebug
privilege exec level 10 terminal monitor
privilege exec level 10 terminal
privilege exec level 15 show running-config
privilege exec level 5 show configuration
privilege exec level 5 show
privilege exec level 10 debug ip icmp
privilege exec level 10 debug ip
privilege exec level 10 debug all
privilege exec level 10 debug
privilege exec level 10 clear interface
privilege exec level 10 clear counters
privilege exec level 10 clear
line con 0
password 7 <removed>
logging synchronous
line 33 64
no exec-banner
exec-timeout 0 0
no activation-character
no exec
transport preferred telnet
transport input all
escape-character 27
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
password 7 <removed>
logging synchronous
autocommand menu ddras01
line vty 5 181
password 7 <removed>
logging synchronous
autocommand menu ddras01
ntp clock-period 17208487
ntp source FastEthernet0/0
ntp server <removed>
endHi Jesse
I have made the changes you recommended however i'm still getting prompted to reauthenticate each time I choose a menu entry,
I have included a updated copy of the config, any help you can provide if greatly appreaciated.
Thanks
DDRAS01(config)#do sh runnin
Building configuration...
Current configuration : 7371 bytes
! Last configuration change at 17:55:22 AEST Sun Feb 21 2010 by david
! NVRAM config last updated at 11:07:30 AEST Sun Feb 21 2010 by david
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service linenumber
service sequence-numbers
hostname DDRAS01
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 informational
logging rate-limit all 10000
logging console critical
enable password 7
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login if_needed local
aaa authentication login NOAUTH none
aaa authentication enable default enable
aaa authentication ppp default local
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization exec NOAUTH none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
clock timezone AEST 10
clock summer-time AEST recurring last Sun Oct 2:00 last Sun Mar 3:00
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
ip domain list
ip domain list
ip domain name
ip host dd-cr-01 2033 172.16.1.1
ip host ddsws01 2034 172.16.1.1
ip host ddsws04 2035 172.16.1.1
ip host ddce565 2040 172.16.1.1
ip name-server
ip name-server
username netops privilege 15 password 7
ip ssh source-interface FastEthernet0/0
ip ssh logging events
ip ssh version 2
interface Loopback0
ip address 172.16.1.1 255.255.255.255
interface FastEthernet0/0
ip address 255.255.255.0
speed 100
full-duplex
interface Serial0/0
no ip address
shutdown
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0
ip http server
no ip http secure-server
ip tacacs source-interface FastEthernet0/0
ip radius source-interface FastEthernet0/0
logging facility local6
logging
snmp-server community RO
snmp-server community RW
snmp-server location
snmp-server contact
menu ddras01 title ^C
Cisco Terminal Server
Select the number from the list below
Use 'ctrl+shift+6' then 'x' to switch back to the menu
^C
menu ddras01 text 1 Connect to DD-CR-01
menu ddras01 command 1 resume dd-cr-01 /connect telnet dd-cr-01 2033
menu ddras01 text 2 Connect to DDSWS01
menu ddras01 command 2 resume ddsws01 /connect telnet ddsws01 2034
menu ddras01 text 3 Connect to DDSWS04
menu ddras01 command 3 resume ddsws04 /connect telnet ddsws04 2035
menu ddras01 text 8 Connect to DDCE565
menu ddras01 command 8 resume ddce565 /connect telnet ddce565 2040
menu ddras01 text a Clear connection to DD-CR-01
menu ddras01 command a clear line 33
menu ddras01 text b Clear connection to DDSWS01
menu ddras01 command b clear line 34
menu ddras01 text c Clear connection to DDSWS04
menu ddras01 command c clear line 35
menu ddras01 text h Clear connection to DDCE565
menu ddras01 command h clear line 40
menu ddras01 text x Exit Menu
menu ddras01 command x menu-exit
menu ddras01 text l Logout
menu ddras01 command l logout
menu ddras01 clear-screen
menu ddras01 status-line
tacacs-server host
tacacs-server directed-request
tacacs-server key 7
control-plane
privilege exec level 15 write terminal
privilege exec level 15 write
privilege exec level 1 ping
privilege exec level 10 undebug ip icmp
privilege exec level 10 undebug ip
privilege exec level 10 undebug all
privilege exec level 10 undebug
privilege exec level 10 terminal monitor
privilege exec level 10 terminal
privilege exec level 15 show running-config
privilege exec level 5 show configuration
privilege exec level 5 show
privilege exec level 10 debug ip icmp
privilege exec level 10 debug ip
privilege exec level 10 debug all
privilege exec level 10 debug
privilege exec level 10 clear interface
privilege exec level 10 clear counters
privilege exec level 10 clear
line con 0
password 7
logging synchronous
line 33 64
no exec-banner
exec-timeout 0 0
no activation-character
no exec
transport preferred telnet
transport input all
escape-character 27
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
password 7
logging synchronous
autocommand menu ddras01
line vty 5 181
password 7
authorization exec NOAUTH
logging synchronous
login authentication NOAUTH
autocommand menu ddras01
ntp clock-period 17208478
ntp source FastEthernet0/0
ntp server
end -
2611xm Terminal Server + ACS + duplicate login when using menu options
Hi,
I'm trying to set up ACS on my 2611xm router, so far I have been able to do this, however when you login,
I have a autocommand setup to run a menu. My problem is when you select the option on the menu it
reauthenicated against the router again before connecting to the line, can any one tell me how to stop this from happening.
Thanks for your time and effort in advance, I have enclosed a config below.
DDRAS01#sh running-config
Building configuration...
Current configuration : 6854 bytes
! Last configuration change at 10:28:49 AEST Sun Feb 21 2010 by <removed>
! NVRAM config last updated at 19:25:53 AEST Sat Feb 20 2010 by <removed>
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service linenumber
service sequence-numbers
hostname DDRAS01
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 informational
logging rate-limit all 10000
logging console critical
enable password 7 <removed>
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login if_needed local
aaa authentication enable default enable
aaa authentication ppp default local
aaa authorization exec default group tacacs+ local if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
clock timezone AEST 10
clock summer-time AEST recurring last Sun Oct 2:00 last Sun Mar 3:00
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
ip domain list <removed>
ip domain list <removed>
ip domain name <removed>
ip host dd-cr-01e 2033 172.16.1.1
ip host ddsws01 2034 172.16.1.1
ip host ddsws04 2035 172.16.1.1
ip host ddce565 2040 172.16.1.1
ip name-server <removed>
ip name-server <removed>
username netops privilege 15 password 7 <removed>
ip ssh source-interface FastEthernet0/0
ip ssh logging events
ip ssh version 2
interface Loopback0
ip address 172.16.1.1 255.255.255.255
interface FastEthernet0/0
ip address <removed> 255.255.255.0
speed 100
full-duplex
interface Serial0/0
no ip address
shutdown
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 <removed>
ip http server
no ip http secure-server
ip tacacs source-interface FastEthernet0/0
ip radius source-interface FastEthernet0/0
logging facility local6
logging <removed>
snmp-server community <removed> RO
snmp-server community <removed> RW
snmp-server location <removed>
snmp-server contact NetOps
menu ddras01 title ^C
Cisco Terminal Server
Select the number from the list below
Use 'ctrl+shift+6' then 'x' to switch back to the menu
^C
menu ddras01 text 1 Connect to DD-CR-01
menu ddras01 command 1 resume dd-cr-01 /connect telnet dd-cr-01 2033
menu ddras01 text 2 Connect to DDSWS01
menu ddras01 command 2 resume ddsws01 /connect telnet ddsws01 2034
menu ddras01 text 3 Connect to DDSWS04
menu ddras01 command 3 resume ddsws04 /connect telnet ddsws04 2035
menu ddras01 text 8 Connect to DDCE565
menu ddras01 command 8 resume ddce565 /connect telnet ddce565 2040
menu ddras01 text 9 Exit
menu ddras01 command 9 menu-exit
menu ddras01 clear-screen
menu ddras01 status-line
menu ddras01 line-mode
tacacs-server host 10.2.0.50
tacacs-server directed-request
tacacs-server key 7 <removed>
control-plane
privilege exec level 15 write terminal
privilege exec level 15 write
privilege exec level 1 ping
privilege exec level 10 undebug ip icmp
privilege exec level 10 undebug ip
privilege exec level 10 undebug all
privilege exec level 10 undebug
privilege exec level 10 terminal monitor
privilege exec level 10 terminal
privilege exec level 15 show running-config
privilege exec level 5 show configuration
privilege exec level 5 show
privilege exec level 10 debug ip icmp
privilege exec level 10 debug ip
privilege exec level 10 debug all
privilege exec level 10 debug
privilege exec level 10 clear interface
privilege exec level 10 clear counters
privilege exec level 10 clear
line con 0
password 7 <removed>
logging synchronous
line 33 64
no exec-banner
exec-timeout 0 0
no activation-character
no exec
transport preferred telnet
transport input all
escape-character 27
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
password 7 <removed>
logging synchronous
autocommand menu ddras01
line vty 5 181
password 7 <removed>
logging synchronous
autocommand menu ddras01
ntp clock-period 17208487
ntp source FastEthernet0/0
ntp server <removed>
endHi,
I'm trying to set up ACS on my 2611xm router, so far I have been able to do this, however when you login,
I have a autocommand setup to run a menu. My problem is when you select the option on the menu it
reauthenicated against the router again before connecting to the line, can any one tell me how to stop this from happening.
Thanks for your time and effort in advance, I have enclosed a config below.
DDRAS01#sh running-config
Building configuration...
Current configuration : 6854 bytes
! Last configuration change at 10:28:49 AEST Sun Feb 21 2010 by <removed>
! NVRAM config last updated at 19:25:53 AEST Sat Feb 20 2010 by <removed>
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service linenumber
service sequence-numbers
hostname DDRAS01
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 informational
logging rate-limit all 10000
logging console critical
enable password 7 <removed>
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login if_needed local
aaa authentication enable default enable
aaa authentication ppp default local
aaa authorization exec default group tacacs+ local if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
clock timezone AEST 10
clock summer-time AEST recurring last Sun Oct 2:00 last Sun Mar 3:00
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
ip domain list <removed>
ip domain list <removed>
ip domain name <removed>
ip host dd-cr-01e 2033 172.16.1.1
ip host ddsws01 2034 172.16.1.1
ip host ddsws04 2035 172.16.1.1
ip host ddce565 2040 172.16.1.1
ip name-server <removed>
ip name-server <removed>
username netops privilege 15 password 7 <removed>
ip ssh source-interface FastEthernet0/0
ip ssh logging events
ip ssh version 2
interface Loopback0
ip address 172.16.1.1 255.255.255.255
interface FastEthernet0/0
ip address <removed> 255.255.255.0
speed 100
full-duplex
interface Serial0/0
no ip address
shutdown
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 <removed>
ip http server
no ip http secure-server
ip tacacs source-interface FastEthernet0/0
ip radius source-interface FastEthernet0/0
logging facility local6
logging <removed>
snmp-server community <removed> RO
snmp-server community <removed> RW
snmp-server location <removed>
snmp-server contact NetOps
menu ddras01 title ^C
Cisco Terminal Server
Select the number from the list below
Use 'ctrl+shift+6' then 'x' to switch back to the menu
^C
menu ddras01 text 1 Connect to DD-CR-01
menu ddras01 command 1 resume dd-cr-01 /connect telnet dd-cr-01 2033
menu ddras01 text 2 Connect to DDSWS01
menu ddras01 command 2 resume ddsws01 /connect telnet ddsws01 2034
menu ddras01 text 3 Connect to DDSWS04
menu ddras01 command 3 resume ddsws04 /connect telnet ddsws04 2035
menu ddras01 text 8 Connect to DDCE565
menu ddras01 command 8 resume ddce565 /connect telnet ddce565 2040
menu ddras01 text 9 Exit
menu ddras01 command 9 menu-exit
menu ddras01 clear-screen
menu ddras01 status-line
menu ddras01 line-mode
tacacs-server host 10.2.0.50
tacacs-server directed-request
tacacs-server key 7 <removed>
control-plane
privilege exec level 15 write terminal
privilege exec level 15 write
privilege exec level 1 ping
privilege exec level 10 undebug ip icmp
privilege exec level 10 undebug ip
privilege exec level 10 undebug all
privilege exec level 10 undebug
privilege exec level 10 terminal monitor
privilege exec level 10 terminal
privilege exec level 15 show running-config
privilege exec level 5 show configuration
privilege exec level 5 show
privilege exec level 10 debug ip icmp
privilege exec level 10 debug ip
privilege exec level 10 debug all
privilege exec level 10 debug
privilege exec level 10 clear interface
privilege exec level 10 clear counters
privilege exec level 10 clear
line con 0
password 7 <removed>
logging synchronous
line 33 64
no exec-banner
exec-timeout 0 0
no activation-character
no exec
transport preferred telnet
transport input all
escape-character 27
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
password 7 <removed>
logging synchronous
autocommand menu ddras01
line vty 5 181
password 7 <removed>
logging synchronous
autocommand menu ddras01
ntp clock-period 17208487
ntp source FastEthernet0/0
ntp server <removed>
end -
VPDN static IP address assign by TACACS server (ACS 2.3 for UNIX)
Is it possible assign static IP address for VPDN users by TACACS server ?
If yes, please give me some ideas how to do it?
thanks,
bmI think that is possible only while using CSACS for windows but not with CSACS for UNIX. Atleast I couldn't find anything in the documentation. (CiscoSecure ACS 2.3 for UNIX User Guide http://www.cisco.com/en/US/products/sw/secursw/ps4911/products_user_guide_book09186a00800eb438.html)
-
2008 stand-alone server acs software available?
I am using acs 4.2 on a windows 2003 server sp2 in my current network. The network is being replaced and I am being given a windows 2008 software/server and to build the app. I am a little confused as too the available software. The only 5.4 acs software I see is for the appliance and vmware. What software is there available for standalone servers that in not end-of-life ? Or do I use acs 4.2 on the standalone server and upgrade it all the way to 5.4. I would think they would have a base package at one of the 5.x levels..Any information would be appreciated
Hi ,
I would like to inform you about the following things:
1. ACS 5.x cannot be installed on the widnows server as ACS 4.x
2. ACS 5.x can only be installed on the vmware (Linux based) or comes as an applaince.
3. ACS 4.x is a windows based box and ACS 5.x is a linux based appliance/VMware
4. You can configure vmware or an appliance as a stand alone ACS5.x box.
5.ACS 4.2.1.15 is available till now and is not end of life yet.
6. You can upgrade the ACS 4.2.0.124 to 4.2.1.15, However its not compatible with windows 2008 r2 box.
7.You cannot upgrade the ACS 4.2 to ACS 5.4, You will have to purchase a seprate license for ACS 5.4 and then you can migrate the database from 4.2 to 5.4
Regards
Minakshi (Do rate helpful posts) -
Cisco Secure Access Control Server (ACS) for Windows
Looking for Part code for client of ACS 3.1, needs CD-ROM for re-installation prior to considering upgrade.
It should be
CSACS31WINK9
M.
Hope that helps rate if it does -
Windows Server ACS Software License
Hello everyone, I had a question about this ACS Software, do the ACS License expires ? Or can I use it indefinitely?
Kind regards.Yes you are right. You can use it indefinitely, they don't expire.
-
How to download a file from Middleware server
Hi,
I have a requirement to list file names in a table layout and when user clicks on file name, file must be downloaded to the client tier. Source files are located in 11i Apps middletier.
I did not find any examples on how to achieve this using OAF. All I see is downloading file from BLOB inside a database.
please help..OAMessageDownloadBean is the bean that lets you download a file from middletier.
Please see the File Upload and Download chapter in devguide for implementation details.
Thanks
Tapash -
How to close Middleware server of CRM
Dear All,
When I create a order in CRM, If I modify it immediately: system will give me a message: CRM_ORDER019
"Document is being distributed - changes are not possible"
But our CRM system is singleton, and not connecte with R/3.
So how can I close order distribution?Hi,
Use Transaction:MW_MODE
And set the radio button to :off
Save settings.
Best Regards,
Pratik Patel
<b>Reward with Points!</b> -
Ip not excluded in dhcp server with acs server in the network
Someone could explain me that problem could have, if I have the following situation:
A dhcp Server, ACS Server, and various switches 3750 interconnected. But a hosts in the network has assigned statically one of the directions that the dhcp Server can assign to the computers.
Rank of IP to assign for dhcp Server: 172.23.8.1 172.23.8.100
Ip static of the host of network: 172.23.8.17
The ip 172.23.8.17 not this excluded in the dhcp Server.Hola,
I am not totally clear on what you are asking: do you want to statically assign IP 172.23.8.17 to your server ? Can you clarify ?
Saludos,
GNT -
Problem with Reports Server on Fusion Middleware 11g
Hi,
We recently installed a new Weblogic Fusion Middleware Server 11g and I'm trying to get the reports server to start. When I issue the opmnctl command to start the standalone report server it says it is unable to do so but does not explain why. Our old 10g reports server was on Windows Server 2003 and the new 11g one is on Linux RHEL 4 so there are some differences, I'm hoping someone can give me a hand to find out what the problem is - at the moment I'm flying blind.
Thanks
AdamIn the documentation that Shail pointed to, take a look at the Migration Assistant part:
http://download.oracle.com/docs/cd/E12839_01/doc.1111/e10394/migtool.htm#i1004902
*"The Oracle Forms Migration Assistant updates obsolete usage in your PL/SQL code in order to upgrade your Forms 6i applications to Oracle Forms 11g."*
I think it is clear that you can upgrade from 6i to 11g in one step... you need to upgrade to 10g first if you are coming from pre 6i versions ...
http://download.oracle.com/docs/cd/E12839_01/doc.1111/e10394/plsqlconv.htm#i1007147
*"If you are upgrading from releases of Forms before Forms 6i to Oracle Forms 11g, you must first upgrade your applications to Forms 10g, and then upgrade* them to Oracle Forms 11g."+
You can also decide not to use the Migration assistant and open the 6i objects (.fmb, .mmb, etc) with the Forms Builder 11g and they would be upgraded to 11g by simply saving the object.
http://download.oracle.com/docs/cd/E12839_01/doc.1111/e10394/fmbfmt.htm#i1008219 -
AAA authenticate to ACS Server
I am trying to get my cisco switches to authenticate to our ACS server through TACAS but I am running into a problem when I try to put in the secret key.
Below is an output
aaa new-model
aaa group server tacacs+ VTY
server 10.1.10.99
server-private 10.1.10.99 key BrAqaq4h
ip tacacs source-interface Vlan99
aaa authentication login VTY group VTY local
aaa authorization exec VTY group tacacs+ if-authenticated
aaa accounting commands 1 default start-stop group VTY
aaa accounting commands 15 default start-stop group VTY
aaa session-id common
Whenever I try to make the server-private key 7 BrAqaq4h I get the error
server-private 10.1.10.99 key 7 BrAqaq4h
%Invalid encrypted key: BrAqaq4h
I don't know if this is the reason I cannot authenticate with AD but on the server ACS that is the key it has under every other device that is working.
aaa new-model
aaa group server tacacs+ VTY
server 10.1.10.99
server-private 10.1.10.99 key 7 0529142E304D5F5D11
ip tacacs source-interface Vlan99
aaa authentication login VTY group VTY local
aaa authorization exec VTY group tacacs+ if-authenticated
aaa accounting commands 1 default start-stop group VTY
aaa accounting commands 15 default start-stop group VTY
aaa session-id common
The last output is a device where I can authenticate correctly. Does anyone have any ideas as to why this doesn't work? The vty settings on both devices are the same.
line vty 0 4
privilege level 15
logging synchronous
login authentication VTY
transport input allHi Jeff,
If you use the command, "server-private key 7 " command, then the string that is entered is considered to be encrypted text. If no number or 0 is entered, the string that is entered is considered to be plain text.
So if you are planning to enter your shared secret in plain text, try using the command "server-private key 0 " or "server-private key ".
If after entering the shared secret in plain text (using the 0 or no number) and if you are facing issue in authentication, then check the failed attempts logs in the tacacs+ server which should give you the hint of the issue. -
Hello All,
I think I am going blind, I need to download the Windows Agent for Server 2008 for ACS authentication. I can only find the upgrade patches, can anyone point me in the right direction to where I can download the full agent install ?
Regards
ColinHere is the path from Cisco.com
Home>>> Download >>Products >>>>Security >>>Identity Management >>>>Cisco Secure Access Control Server Solution Engine >>>>Cisco Secure Access Control Server Solution Engine 4.2 >>>>>Secure Access Control Server (ACS) Solution Engine 4.2.1.15
Regards,
~JG
Do rate helpful posts -
Dear Guys
i want to give authentication authorization and accounting for ciscoworks from acs server how can i give .use the following commands in ACS server.
aaa-server ACS-RADIUS (inside) host X.X.X.X (key) timeout 5
aaa-server ACS-RADIUS (inside) host Y.Y.Y.Y (key) timeout 5
crypto map vpnmap client authentication ACS-RADIUS LOCAL
and enable AAA features in your cisco works. -
ACS Fixup Patch not found and Installation Process
Hi Experts,
In my association there is some issue going on with CSACS Device, they have suggested us to upgrade the patch as below..
1) ACS 4.2.0.124.9-Fix (Patch:4.2.0.124.9)
2) ACS-4.2.0.124-9-CSUpdate Fix (Patch:4.2.0.124.9)
3) ACS 4.2.0.124.10-Fix ( Patch : 4.2.0.124.10)
4) ACS-4.2.0.124.10-CSUpdate Fix ( Patch:4.2.0.124.10)
i tried to download it from cisco.com but i am not able to found anywhere in cisco.com
also please let me know the procedure for applying the patch in ACS..
the expert was saying that you also need to upgrade some remote agent in system where you configured..
please let me know patch installation procedure and from where i can download it. do i need to open a TAC with cisco for this ?
i have attachted my current version sc
Regards,
VivekHello Vivek,
You can download the requested files from Cisco.com > Support > All Downloads > Products > Security > Identity Management > Cisco Secure Access Control Server Solution Engine > Cisco Secure Access Control Server Solution Engine 4.2 > Secure Access Control Server (ACS) Solution Engine-4.2.0.124
ACS 4.2.0.124 latest patch right now is Patch 17. Also, there is version 4.2.1.15 available for both the ACS SE and Remote Agent (For Windows Authentication). If you are going to patch your ACS SE it would be recommended to either upgrade to the latest patch (17) or to 4.2.1.15.
Patches are cummulative as well so applying patch 10 will include Patch 9 fixes as well. You would be looking for:
1) applAcs_4.2.0.124.10.zip
2) applAcs_4.2.0.124.10-CSUpdate.zip
3) Acs-4.2.0.124.10-RA.zip
You need to apply applAcs_4.2.0.124.10-CSUpdate.zip first and then applAcs_4.2.0.124.10.zip on the ACS SE. On the Remote Agent you will install Acs-4.2.0.124.10-RA.zip.
Both the applAcs_4.2.0.124.10.zip and Acs-4.2.0.124.10-RA.zip have a link to the file release notes which include the patch installation instructions.
You can also review the following:
Appliance Upgrade and Patches Procedure
NOTE: A Cisco CCOiD is required to access software downloads.
Maybe you are looking for
-
Here is a solution to the Quicktime 7.1.5 Update conflicts - it works!
Any program that is having a problem since the Quicktime 7.1.5 Update should benefit from reverting back to QT version 7.1.3 . My TurboTax works again, because I downgraded to QT 7.1.3 . You can't manually remove all of the files necessary to uninsta
-
Forum for graphic design related questions?
Does anyone know of any good graphic design discussion forums? I'm looking for a place to ask questions about typography, color, layout, etc. Thanks in advance.
-
I didn't check the requirements and lost my older version of Firefox. All I have is an icon that is crossed out. Attempts to download an older version have so far failed. When trying to install, I am asked for an "application" to run the file.
-
Delete SAP Delivered Services in t-code SOLUTION_MANAGER
Hello, How can I delete the list of SAP Delivered Services in t-code solution_manager? Operations -> Service Plan -> SAP Delivered Services. I have a list of services 'Ordered by customer' with workbench status 'Initial'. These are not valid anymore
-
Is it possible to make a new entry in PSA.
I found in Mange option, that the fields can be only updated or deleted. But, is there any possibility of making a new entry into it. Hitesh