AAA/Identity/Nac :: Get ACS 5.2 To Synchronize With AD Microsoft?
May 2, 2011
I have a problem with my 802.1x Solution in ACS Version : 5.2.0.26. The hours between my ACS and the AD lost synchronize, for that reason the user in my network can't authenticate in the Solution. when i see the hours was different for the AD in 5 minutes, i have to force again the common ntp server 172.25.0.34 (which is ip ntp server). I don´t know why is the reason for lost synchronize, maybe could be a bug.. or samething that i have to configurate in the ACS or AD.
Today I have configured my ACS 5.2-0.26.4 to synchronize with NTP server which is implemented in Cisco 6500, but it don´t become to work. The switch Core is configuared in HSRP, for that reason in the ACS server I defined the IP virtual of the Core like ntp server, maybe the ACS don´t work with IP virtual of the switch Core. Finally I wanto to kown if is posible to synchronize this versión of the ACS withc cisco 6500. I had integrated this ACS versión with cisco 2800.. maybe the ACS could integrate with same special models.
We are using ACS 5.2 and we are trying to create a Microsoft Active Directory (AD) Identity Store. We have a user to be used in the Active Directory creation General page and we would like to know how the test communication / ACS to AD communication takes place.
Our user is a predefined user in AD and has admin rights, but the password expires every 60 days. Will this affect the communication between AD and ACS 5.2 at everytime the entered user's password expires?
We're using Cisco Secure ACS 5.2 as a Proxy AAA server, using Active Directory as an External Identity Store. They are already synced and connected and thus I can login into the VPN using my Domain credentials.
But that's not enough. My client needs to limit who can and can't establish VPN session, I mean, the way it is now, EVERY single employee can do that if his/her credentials are valid in the Active Directory domain controller. So I need to do two things:
1) Using the Microsoft NPS server, via dialin attribute, allow or deny VPN sessions using ACS/ASA;
2) Using the company user credential attribute to identify which Authorization Group the requesting user should be in, Downloadable ACLs will then be applied according to the access policies created for each company.
Just want to know how to synchronise two wireless interface cards so one will scan while the other will keep he connection with the remote host, the role will be interchanged by the two cards
What I meant is that I am trying to implement a system that uses two wireless cards to enable a user to move from one access point to another without droping the call because the handover should take a maximum of 50ms (miliseconds), that is why in this approach two cards were use so while one is scanning for new access point the second one will still communicate in oreder for the call not to be drop and this action will keep going anytime where there is a need ofhandover?
Don't know if this is right section of NetPro forum to bring up my problem. I have 871 router configured as NTP master. It works as a gateway for a small windows network with a domain controller. I want DC to pull the time from the router and configured the router as follows:
why my router will not synchronize with an NTP server located an off-site facility; the NTP server is located at the Naval Observatory. I have a Cisco 7200 VXR IOS 12.4 The clock and calendar both are set correctly.
we have cisco WS-C6509-V-E with IOS version 12.2(33)SXI4; s3223_rp_IPSERVICESK9_WAN_M) running on a switch. I am trying to configure the command "mac-address-table synchronize" under global config mode. But when I enter the command Cisco(config)#mac-address-table ?It doesn't show the synchronize option?
We want to configure the "mac-address-table synchronize" command on our 6500 series switches to ensure that the CAM tables on our DFCs are in synch with the PFC on the supervisor modules. url...it is recommended that we disable the routed MAC purging with the mac-address-table aging-time 0 routed-mac global configuration command. What is a routed mac entry? Are there any issues with running that mac aging-time command?
We also plan to run this command "mac-address-table aging-time 14400" to keep our ARP and CAM tables on the same aging time to reduce unicast flooding on our network. Can we run this command with the "routed-mac" command above?
I want to setup a lap environment for my studies using Microsoft Virtual pc. I have installed 3 virtual pc of which 2 are windows server 2008 named srv1 and srv2, the third virtual pc is running windows XP professional services pack 2 with the host operating system being windows 7.I have installed Microsoft loop-back adapter and i am trying to network the 3 virtual pc and the host.
srv1 ip address is 192.168.2.200 srv2 ip address is 192.168.2.201 wk1 ip address is 192.168.2.10
host pc's ip addresss for the loopback adaptor is 192.168.2.5 when i check the workgroup i see only srv1 and srv2 i am only able to ping srv1 and svr2, the rest are unreachable.
have a problem with downloading microsoft silver light with both browsers ie mozilla firefox and internet explorer as i click the download button firefox say silverlight server not loading or busy and explorer says page cannot be displayed and i need it really badly as i need to send photos to all my friends.
I cant access microsoft webpage. I have fresh copy of win XP pro SP3, IE 8, and connected through an updated Vodafone ADSL modem through ethernet. Strange thing is, I can access bank, tv over internet, etc. except MICROSOFT webpages.
We have two separate external connections, one behind a pix one behind an asa, clients behind either of these firewalls cannot get to skydrive.live.com - the page title loads but then thats it!im debugging behind the pix becuase there is less traffic and ive pulled this from syslog so far-have been googling but not sure if this syslog data is normal or not really
I can't seem to connect to any wifi. I opened my device manager and looked under network adapters ant there is a little triangle with a ! in it. What can I do to fix this???? I'm a college student who needs access to the internet badly
Running Windows 7 64bit, ISP is EATEL connected through a PACE 3801HGV to a new Linksys EA6500. Since the initial setup ( I was walked through the setup via Linksys support) I cannot access windows update, (the error screen tells me to restart my computer, "Windows update cannot currently check for updates because the service is not running. You may need to restart your computer", and I have done so 25 times) and I cannot update my Microsoft security essentials. Windows firewall tells me that the 'advanced settings snap-in' failed to load. Is it safe to uninstall and try to reinstall these or is there a way to start the services?
I have a LAN running Window server 2000 as domain controller and having 40 client PCs.i want to configure my server as a mail server which is for the time being only a file server. i dont want to use POPS, IMAP or Exchange server.instead i want to use Microsoft Mail to configure my client computers.i have only heard about "Microsoft Mail" mail so far.
I cannot access any microsoft websites except when in safe mode + networking. I can browse all other websites just fine, but can only access any microsoft sites in safe mode.
I'm running WCS 7.0.220.0.I would like to authenticate users that are able to logon the WCS, through MS Network Policy Service (RADIUS).I would like all my domain users to be member of the local group on the WCS "Lobby Ambassador", so all domain users has access to generate guest access accounts, for the web auth... I can see under the WCS Administration under AAA that it should be able to use RADIUS - but i'm not sure how to setup the NPS policy?
so i installed ms dynamics RMS 2.0 i think with sql server 2005 express and after setting all up i try to log in through store operation administrator ith the company namesqlexpress it says connectionopen load netlibs but when i change the server to (local) it logs in then i try to open the pos it says [title]store operation business rules :[body]: Can't connect to databasewhile try to open store operation manger it says [title]Database Failure :[body]: could not connect to database.?
I did not put a wep code/passphrase in my router when asked if i wanted it secure. I said yes and router was set up secure but I don't know the code. How do i find it?
How do I resync my wireless microsoft keyboard and mouse. I just switched out my power supply unit and now my keyboard and mouse is not working. It is a model 3000 and has a white usb receiver
I am transitioning from a Microsoft ISA server to a Cisco ASA 5510. So far so good, until it comes to getting AAA functioning properly. I have a Microsoft IAS server that is functioning properly, however when I try to test it through the ASA's ASDM it errors out. When I run a packet trace it shows it's being blocked by the dreaded implicit ACL. The funny thing is that I can ping and traceroute to the IAS server from the ASA. I found numerous config examples for AAA using IAS, but still not working.
Could it possibly be behaving this way because my ASA and my IAS server are on two different internal netowrks? (172.31.1.x-ASA, 10.1.1.x-IAS)
In my organization we are having 12, LMS 3.2 servers deployed across the globe. As per Audit policy we need to deploy Microsoft win2003 server security patches on all servers using WSUS. Every month our server team sends us query before applying the patches regarding it's compatibility with LMS.
In another thread here on HardOCP, webdev511 made the first mention I've seen of Microsoft's new malware cleaner. MS is making clear that Microsoft Security Essentials (MSE) is for prevention, while Microsoft Standalone System Sweeper (MSSS) is for removing existing infections of difficult-to-remove malware.The obvious competitors to MSSS are ComboFix and Malwarebytes' Anti-Malware. Having been lucky enough to not suffer an MBR-based malware, I'd like to hear what is best to do should I run into one.
We just set up the AnyConnect SSL vpn on our ASA. I am able to establish a connection fine using the Cisco AnyConnect client. I would like to use the native Windows VPN client though if possible. What configuration changes on either the firewall or the client I would need to make for this to happen?
how to use Microsoft server 2008R2 NPS with cisco wlc 4400.am i correct, each LWAPP AP have to be connected to NPS . (this AP is also called access server)?when client tries to connect to the wlan, (in this case lets say we want a user in AD, after providing its creds, can access the network, internet etc) the auth req is sent from AP to NPS/RADIUS? where does WLC come into play here, what does WLC do?
Are there any configuration documents that shows how to configure a Cisco ASA5540 for client VPN access using smartcards and Microsoft IAS. Microsoft IAS will stand between the ASA5540 and Active Directory.
i need a documentation or a procedure to how make integration LMS 3.2 with microsoft active directory to make usernames of devices appear in end hosts reports.
