Cisco AAA/Identity/Nac :: ACS 5.2 Sync With Windows 2008 AD But Cannot See Groups

Jan 2, 2011

Recently I've been working with the ACS 5.2 (Installed on VMWare). At the beginning I was using a Win Server 2003 Enterprise edition AD, and there was no problem with the AD and the CA Authority. Because some of my customers use Win Server 2008 I change the AD platform to Win Server 2008 Enterprise edition  (x64).I don't really have a great experience with Win Server Platforms and, for what I've seen, the Win Server 2003 Services deployment is easier than the Win Server 2008 is.
 
So, when I used the Win server 2003 I could not only synchronize the ACS with the AD but also use some groups created on the AD to perform the Network Access Authentication. When I try to do the same with the Win Server 2008 AD the ACS and the Server get Synchronized but when I want to add the groups for the Authentication purposes there is no one, absolutely nothing... so I cannot do any test.Also I looked for information about the compatibility between the ACS 5.2 and the Win Server 2008 platforms and at the end the platforms are compatibles.

View 13 Replies


ADVERTISEMENT

Cisco AAA/Identity/Nac :: ACS 5.1 Directory Groups 2008 R1

Jun 13, 2011

I have an ACS 5.1 and am trying to integrate with windows 2008 R1. The ACS has a valid AD account and indicates that its connected but when I try to list any directory groups my windows IE browser hangs?

View 2 Replies View Related

Windows Server 2008 - Online / Offline File Sync

Jan 24, 2012

Domain support with these operating systems seems to be hit and miss.I have 11 computers connected to a domain and I was wondering what the best way to back up the files on the workstations to the server would be. The server has a mirrored raid array and online backup as well. Just checking to see what the best way to do this would be. I am having trouble with the offline files sync / online files sync with these operating systems.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 And Windows 2008 R2 CA?

Apr 30, 2012

getting a cert off of a 2008 R2 CA and imported correct in to ACS 4.2?  I've had and have seen other have the problem with creating a web server certificate from R2 (1024 bit) and putting it in ACS 4.2 only to have HTTPS/SSL no longer work correctly.  I haven't even tested the intended purpose of the cert (EAP-TLS) yet, so who knows if that works.  I've also seen through searching where some one was able to take a 2003 CA web server template and put it into R2 and it work, but I know longer have 2003 available?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 New Windows Domain 2008

Mar 1, 2011

I have installed the Cisco ACS 4.2 in a server running Windows 2003 Server, and this server is member server of the domain. The ACS is working whit a Wireless Platform 4400, and authenticating to the Wireless Users using PEAP and Digital Certificate. But now, the windows platform will be upgraded to Windows 2008. My doubt are the following:

1. The ACS running in a windows 2003 server, will authentificate users in the new windows 2008 domain? 

2. At the beginning, the ACS and the Windows domain was 2003. Now whit the change of the version of windows domain, What happens whit the configuration of the acs server as member server? I need reconfigure the member server configuration in the ACS Server?

View 4 Replies View Related

Cisco Wireless :: 5508 - Mobility Groups / Sync Controller Configuration

Jul 7, 2011

I have 2 5508 controllers in a mobility group. Any good way to keep the configuration between the 2 controllers synched up?
 
I thought about copying the config from my primary controller to the secondary controller, but I would think there is a more elegant way to make this happen.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.1 For Windows With Active Directory 2008

Sep 26, 2010

We are still running ACS 4.1 on Window 2003 server.  We recently upgraded AD to 2008 although the domain and forest functional level are still 2003.  After AD upgrade we now unable to authenticate via ACS Windows Database.

View 13 Replies View Related

Cisco AAA/Identity/Nac :: Remote Agent For ACS For Windows 2008 R2 64-bit?

Jul 17, 2012

We having difficulties with installing remote agent on windows 2008 R2 64-bit server and got the attached error.
 
Our ACS is 4.2.0.124 and remote agents we tried are :Remote-Agent-ACSse-win-v4.2.1.15-K9.zip and Acs-4.2.1.15.9-RA.zip.
 
[code]...

View 3 Replies View Related

Cisco AAA/Identity/Nac :: 1113 - Multiple Network Device Groups Using One Windows Remote Agent?

May 4, 2011

I'm working with a 1113 ACS device running the 4.2.0.124 software.  I'm trying to get multiple network device groups to use an existing Remote Agent set up for authentication against our Windows domain.   For instance, we want our infrastructure switches to authenticate agains the local Active Directory and our WLC to authenticate users agains the same Active Directory.  When I try and set both network device groups to use the same remote agent, it fails and reports either the host name is already in use or the IP address overlaps with an existing remote agent.
 
The question is:
 
Can I have multiple network device groups use the same remote agent?   Or do I have to install the remote agent software on separate Windows servers in order to have different types of devices authenticate against the Windows AD? 

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 On Windows 2008 Standard Server - Web Login

Nov 21, 2011

I just setup ACS 4.2 on windows 2008 standard server. I noticed that after a while, i could not launch the ACS from desktop. All services are up, i have restarted server a couple of times....The Program appears to launch and the disappears..

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.1.4 Any Version With Domain Controller On Windows Server 2008 R2

Feb 28, 2010

Is there currently any ACS version working with Windows Server 2008 R2 domain controllers?Our server stuff has recently upgraded the Domain Controllers to 2008r2 and turned off the 2003 servers. This didn't make our ACS 4.1.4 really happy.I've read now serveral posts regarding issues with ACS and Server 2008r2 and hope to find a solution (besides switching to LDAP, yukk).

View 5 Replies View Related

Cisco :: Is LMS 4.0.1 Supported On Windows 2008 R2 64 Bits With 2008 R2

Oct 24, 2011

I planned to install a LMS 4.0.1 on a VMWare server with Windows 2008 R2 64bits.
 
Is it supported with the "Windows 2008 R2" patch or do I need to order LMS 4.1 version ?

View 5 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Identity Groups - Restrict Device Access

Apr 14, 2011

I have ACS 5.2 running as a VM.  I'm AD, then local authentication successfully for device access, but I want to define ACS user groups to restrict login. I don;t see any way to do this.  If I use AD groups, they don;t show up as selection options on the policy screens, just the ACS locallyy defined groups. 

View 1 Replies View Related

Cisco AAA/Identity/Nac :: How To Setup Sync Between Two New ACS Server V5.3

Dec 4, 2011

I setup one acs v5.3 in one server in NYC and another acs v5.3 in SJC.I want to make the acs.nyc as primary and acs.sjc as the secondary, how do i setup it up?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Sync / Copy AAA Clients Between Two ACS5.2

May 17, 2011

we are moving network devices (200+) authentication/authorization/accounting to new ACS5.2, is there any easy way to copy/sync all those AAA clients configuration to another ACS5.2 server? I don't need other configuration to be synced/copied to another ACS5.2 server

View 8 Replies View Related

Cisco AAA/Identity/Nac :: Can't Add AD Groups In ACS 5.2

Jul 21, 2011

I've run into an annoying issue with my ACS 5.2 install. I can no longer add directory groups in the AD settings, the ACS comes back with "The item you  are trying to delete is referenced by other items.You must remove all references to this item before it can be deleted." but I am not deleting any group, just adding.
 
Could probably be cleared with removing the AD setup completely, which for obvious reasons is not something I want to do.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Add A User Into Several Groups?

Apr 5, 2011

We are running two ACS appliances but we cannot figure out how we can add a user into 2 differents groups.Here's the context :We have a company A which is having devices, this company uses Group A.then we have a company B which is having devices, this company uses Group B.But the admin has to manage the devices for both companies A & B.We don't want to mix devices from company A with company B.Is there a way to add the user into both groups A & B.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Will Not Enumerate 2003 AD Groups?

Aug 4, 2011

I have seen similar references to this issue, but no concrete solutions.  My new ACS appears to join my domain with little or no issues, however, when I go to list the groups nothing is ever listed.Running ACS as a vm.I have set the ntp server on the ACS server to match my domain.I can ping all domain controllers/DNS servers.nslookup resolves hostnames of my domain controllers
 
***Update***
 
I verified that a computer account for my ACS is in fact being created, however, I am receiving some Kerberos errors on my DC with the FSMO roles:
 
Event Type:          Error
Event Source:          KDC
Event Category:          None
Event ID:          26
Date:                    8/5/2011
Time:                    3:07:46 PM
User:                    N/A
Computer: <MY DC>

Description:While processing an AS request for target service krbtgt, the account <ACS SERVER> did not  have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes were 17.  The accounts available etypes were 23  -133  -128  3  1.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 - How To Only Allow Specific AD Groups To Login

Nov 4, 2012

I've configured three specific AD groups, Admin, Storage, and HelpDesk, with their own commands sets.
 
This seems to be working fine, but everyone can log into everything, but they can't do anything except exit.
 
My goal is to not allow anyone to login that is not part of the three AD groups I have specified with the respective command sets.
 
All the logins hit the Admin account, even though the id in AD is not in the that AD group.  I have something screwed up.

View 6 Replies View Related

Sync Windows 7 Laptop To XP PC?

Mar 16, 2011

I'd like to sync my laptop to my pc. My pc is connected to the inet via modem, and my laptop through the wifi device connected to the top of the modem. Is it possible to sync the two? I'd like to be able to access both my pc (& my external hard drive connected to my pc) from my laptop. From what I've read, it's not possible unless both computers are on a wireless connection. I'm using Windows XP on my pc, and Windows 7 on my laptop.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 - Custom Attributes And Wireless Groups?

May 13, 2012

I have been tasked with migrating from ACS 4 to ACS 5.3. I havent had any training and so i am finding it a bit different. Currently i have this issue -
 
I have a group in  the ACS 4 for users accessing via wireless on the ACS - Code...

View 4 Replies View Related

Cisco AAA/Identity/Nac :: New Version Of ACS 5.2 Allow User To Belong To Several Groups Of AD?

Jul 7, 2011

We have ACS Engine 4.1 and want to upgrade it to 5.x.
 
Is the new version of ACS 5.2 allows a user to belong to several groups of AD ?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Setup ACS 5.2 With An ASA V8.3.2 To Lock Users Into VPN Groups?

Jan 18, 2011

I'm trying to setup ACS 5.2 with an ASA v8.3.2 to lock users into VPN groups based on a users AD group.  I've tried various combinations but the group lock isn't working.  I've done steps 1 & 2 ...
 
1) Network Devices and AAA Clients -> Define VPN

2) Users and Identity Stores -> Setup AD and Directory Groups, test connection
  
Policy Elements:
 
Q1) Policy Elements - Do I need an authorization profile for each group:

Q2) What RADIUS attributes should I use to match my ASA tunnel-groups?
 
RADIUS-IETF attribute 25?RADIUS-Cisco VPN 3000/ASA/PIX 7.x 85 (Tunnel-Group-Lock)?Other?
 
Access Policies:
 
Q1) Do I need to enable and use group mapping?

Q2) Do I need a Network Access Authorization Policy for each group?

View 8 Replies View Related

Cisco AAA/Identity/Nac :: Setup RA VPN On ASA 8.4 With 2 Groups - VPNGp1 And VPNGp2?

Aug 21, 2011

I am trying to set up RA VPN on ASA 8.4 with 2 groups - VPNGp1 and  VPNGp2. VPNGp1 users will access 1.2.3.0/24 and VPNGp2 users will access  5.6.7.0/24. User authentication will happen using ACS 5.3 Radius.
 
On ASA, I have configured the IP pools, VPN ACLs, VPN groups, group policies for each group, and tunnel groups.
 
On ACS, I have created vpn-user1 and vpn-user2 for each of 2 groups.
 
I am not sure if some more configuration needs to be done on ASA and  ACS... Do I need to add new users - vpn-user1 and vpn-user2 - on ASA,  under each corresponding group policy, using vpn-group-policy command?  Or I need to do something else on ACS?
 
Lastly, how can I configure authorization and accounting for the VPN users? Do I need to do this on ACS or on ASA?

View 8 Replies View Related

AAA/Identity/Nac :: ACS 5.3 Single Device On Multiple NDG Groups?

Jan 14, 2013

I have multiple campuses and a Central Admin...I've created Groups for all, except I need a few devices within Central to be available to the Campus Admins... (ie..a Cisco WCS System) How do I allow a device to be put into multiple NDG groups?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Can Latest Version Of ACS 4.0 Support Nested AD Groups

Dec 20, 2012

We are running ACS 4.0 so understandably so we are looking to upgrading to a Cisco supportable version of ACS.  The limitation of our current version of ACS does not support nested AD groups.  The latest version of ACS (I think it is 5.4) will?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 / Authenticating Device Admin Users Against AD Specific Groups

Jan 28, 2013

I am using ACS 5.3 What I am about is setting user authentication against existence of the user in specific AD group, not just being a member in any AD. What is happening now, users get authenticated as long as they exists in the AD, luckily they fail on authorization, as it is bound to specific AD group.
 
how can I bind the authentication aginst specific group in AD, not just using AD1 as the identity source.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Integration With AD 2008 R1?

Jul 13, 2011

I have configured my WLC 4402 for Radius authentication using Cisco ACS server version 4.2 Patch 4. When using Local Database of ACS my Wireless Users are able to authenticate but users are not able to authenticate from External Database of Windows AD 2008 R1.
 
In ACS logs I am getting the this error- Authentication session timed out. Challenge not provided by client.

View 3 Replies View Related

Cisco :: LMS 4.1 No User Defined Groups Shown In Fault Notification Groups?

Dec 12, 2011

I created some User Defined Groups in LMS 4.1, now I want to apply certain fault notification groups to Event Sets.
   
Unfortunately the Groups I configured are not in the Group Selector of the Fault Notification Group: Admin > Network > Notification and Action Settings > Fault Notification Group

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.0 Not Getting Authenticated With 2008 AD Server

Nov 8, 2011

I have a cisco ACS 4.0 build 27  on windows 2003 server . My site was working fine when i was having a AD on 2003 server . Recently i have migrated my AD servers is 2008 .
 
After the migration the ACS is not authenticating the users . Now i have made a server with 2003 and made the site working . I need a solution to make it work using 2008 server is there any compatiblity issue  between ACS 4.0 and  2008 server .

View 1 Replies View Related

Can't See Multiple Work-groups In Windows 7

Oct 24, 2011

As we all know, MS has changed the default workgroup names in different versions of windows. Additionally, you can rename your workgroup anything you like. I have XP, Vista, and Win7 computers, a television, BluRay player, a Wii, two printers, and a NAS with two USB drives attached. All of these -except the Win7- are wired to one of two switches. I have wireless: iPad, the Win7 notebook, Nintendo DSs. I have friend, and non-friend machines (computers, tablets, and phones) that come and go that are wired or wireless. The 3 windows computers all have the same workgroup name. All of my other units do not use workgroup names. I have a router, and two unmanaged switches, and have, on occasion, a second router. The main router, which has wired, and dual band wireless (each with two named wireless networks) nets, sees everything, by name and/or MAC address. Win7 is blind, deaf, and dumb.: it shows its own workgroup name, but no other workgroup name(s) , and, consequently, no unit on these other workgroups. It will show some wired units not in a workgroups - the television, and the printers (not the Wii or NAS). It will not show the wired XP computer! No wireless units either in workgroups or not in workgroups appear. Additionally, Win7 only shows units on its wireless network, not on the other three. The wired units it does show are not on any of the wireless networks, though it lists them on its wireless network.I have left the Homegroup, and terminated the Homegroup services. I have allowed discovery, and unlimited sharing of everything on every computer on the router, and yet the Win7 unit does not share or see well at all.Why?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Remote Agent Compatibility (2008 R2 DC)?

May 7, 2012

I have been doing a bit of reading on the ACS 4.2 remote agent compatibility with Windows 2008 R2, and it seems like the only way out is to upgrade the ACS to 5.2. We have Cisco ACS 4.2 SE and if I install the Remote agent on a Windows 2003 member server instead of the 2008 R2 DC.

View 3 Replies View Related

Cisco VPN :: 3845 - Multiple RADIUS Authentication Groups On Single Windows Server

Feb 15, 2011

We have multiple RA VPN groups on a 3845 router.RADIUS authentication is currently happening between the 3845 and a single Windows 2008 server.  We have a specific windows group that AD users are members of, and they are allowed to connect via VPN.
 
I'm creating a new RA VPN Group, which should only allow different AD users.  Is it possible to create another RADIUS association to the same server, or do I need to authenticate against a different Windows server?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved