Cisco AAA/Identity/Nac :: ACS 5.3 - Create Dashboard For All Users?
Apr 28, 2013
I'm at the point of setting up admin access for engineers needing to have insight into the operations and status of our ACS 5.3 systems. any way to create a Dashboard that can be applied to all admin user accounts? (perhaps a custom role?)I've been able to customize the dashboard for my own account to show what is most relevant, but am unable to figure out how to apply this layout and setup to all other users.
Basically, I have a number of folks that need to see this data, but that I can't exactly count on to setup their own dashboards to show the important details. If there were some way to build a tab/dashboard/portlet, etc (whatver it may be) and have it apply to all users, that would save me TONS of work so that I don't have to login to each person's account and set things up for them.For example, I want to have all users see a tab/dashboard that shows the applet "Live Authentications", but with the protocol already configured to display TACACS vs the default which is RADIUS.
View 3 Replies
ADVERTISEMENT
Sep 25, 2011
A 'com.liferay.portal.NoSuchUserException.no such user with primary key 10002491'' error was encounterd when I tried to access ACS 5.2 dashboard using my account (10002491). Using ACSAdmin account I can view the dashboard. My account and ACSAdmin has the same profile and privilege in ACS.
View 1 Replies
View Related
Apr 24, 2011
After upgrading to 5.2.0.26 I no longer seem to have a dashoard on the ACS View/Monitoring section.
View 5 Replies
View Related
Jul 11, 2011
We are using ACS 5.2 and we are trying to create a Microsoft Active Directory (AD) Identity Store. We have a user to be used in the Active Directory creation General page and we would like to know how the test communication / ACS to AD communication takes place.
Our user is a predefined user in AD and has admin rights, but the password expires every 60 days. Will this affect the communication between AD and ACS 5.2 at everytime the entered user's password expires?
View 2 Replies
View Related
Feb 22, 2013
I have installed ACS 5.4 and we are looking to authenticate our Anyconnect users with ACS via Active Directory. I think I have the correct commands in our ASA ( we had ACS 4 and authenticated our anyconnect users ).
I also have configured ACS to use Active Directory and installed the server side cert in ACS. I'm just uncertain how to program ACS to use the security group that I have setup in Active Directory.
View 6 Replies
View Related
May 12, 2013
Ive changed the IP address of a laptop to connect to the router with IP 192.168.15.1 but now want to change the router IP address from the defaul to another subnet, so that it is accessable with other workstations on the LAN, but I could not readily find the option to set the Ip address on the router.
I'm signed in with user admin.
I also wanted to add addiontal users. The help indicates there is a User List Add Entry option but from the Administration bar, the left hand menu option shows User Management & User Privileges options. On User Management, it is possible to change the 2 default user names, but I wanted to leve them and create new ones.
View 2 Replies
View Related
May 14, 2012
I would like to create a website to allow users to legally watch videos in streaming but I am struggling in understanding what the related cost would be from a storage and transfer stand point.
View 2 Replies
View Related
Feb 6, 2012
We have Cisco Cat4503 series L3 Switch and Cisco L2 2560 Series Switches, some of the users want to have a dynamic VLAN membership, and connecting with the network as mobile users,
can it possible and create dynamic VLAN for specific group of users.
View 6 Replies
View Related
Jun 24, 2012
Is it possible to export internal ACS users from an ACS 4.x Windows (On ESXi), solution to an ACS 5.x solution. All I want to be able to do is export usernames and passwords out of the 4.x solution and then import them into the 5.x solution. I thought maybe the CSUtil program be used ?
View 3 Replies
View Related
Feb 9, 2012
We have remote users that dial-in over ISDN to a Cisco 2911. We have configured AAA to pass the authentication off to a RADIUS server. Once successfully authenticated, the router permits the users to access a single web server. However, we need to do some testing in our test environment, but unfortunately we don't have an ISDN line to test with. We have created a little environment in our LAB using a 2911, a switch, a RADIUS server & web server. I was hoping that we could simply create a "user" VLAN off the back of the 2911 to simulate our remote users, and access the web site from the test usr PC's over the LAN. I was hoping that the 2911 would be able to intercept the connection and pass the authentication off to the RADIUS server (as it does with the PPP ISDN traffic). But I cannot find anyway to do this, because I can only configure AAA to offload either PPP traffic or telnet/ssh connections to the router itself.
In summary what I want is for a user to access an internal web site over a LAN interface of a 2911 - but have the 2911 authenticate the user via a remote RADIUS server first. Is there a way to configure a 2911 (or any router!) to do this?Is the answer to configure port-based authentication (802.1X) on the switch?
View 3 Replies
View Related
Mar 19, 2012
How to configure the ACS5.0 radius for remote access VPN authentication.
And how could I implement the IP Pools for the VPN users.
View 4 Replies
View Related
Sep 5, 2011
After some time no using Cisco ACS5.1, I still don't know how I can see all logged in users. I can see logging and check why an log in goes wrong, but in ACS 3.2 I just clicked on Reports and Activity and I could choose to see logged in users, or failed attempts, etc.
View 2 Replies
View Related
Jun 9, 2011
I have an issue with an implementation, I had a ACS R5.1 that I'm using to authenticate the wireless users with 802.1x, that's OK and working fine. Now I want to use the same ACS to authenticate wired users using MAB (for IP phones, printers, servers, and other devices) and 802.1x (for corporate users). I already configured the authentication services (MAB and 802.1x) on ACS, but when I'm doing tests I can see that for example the phones are trying to authenticate using the 802.1x rules of wireless connection, not using the MAB rules. [code]
You could also see an screen from the ACS in the attached file. On the picture remark you could see a IP Phone trying to authenticate using the wireless Access Services insted of using MAB.
View 1 Replies
View Related
Mar 21, 2012
on ACSv5.2...are there any limitations on the number of users that can be imported via CSV file...i.e. will the ACS handle 250,000 internal users for example?
View 1 Replies
View Related
Sep 25, 2011
Having an issue with Cisco ACS v5.1.0.44 and the Cisco WLC 5508. Cannot get users to authenticate and keep getting error messages referring to EAP session timeouts from WLC filling our logs. Seems to be with this model WLC because we have Cisco 4400 WLCs pointing to the same ACS with no issues. Is there a bug or special configuration that is necessary to marry the 5508 with ACS v5.1.0.44?
View 9 Replies
View Related
Jul 22, 2012
Is it possible for ACS 5.1 to only allow specific AD users to authenticate the switches and routers? Currently What I have configured is only for all AD users. I can't seem to find a way to be selective.
View 9 Replies
View Related
Apr 23, 2012
Do you know if it's possible to use ACS 5.x in such manner that the admin users (so not the end users, but the administrator users of ACS) are authenticated against and external database, like Active Directory?
View 2 Replies
View Related
Jun 13, 2011
I have cisco ACS 5.2 and external identity source as RSA secure ID.Currently when the RSA user login to AAA Network devices, User id & passcode prompt coming after giving the credential its going to user exec mode.Then after "enable" command again asking for Passcode giving passcode then user able to logged in successfully.
I need RSA users to get direct privlege level15 (privlege mode) ? no need to ask enable password ?
I checked this for local ACS users it is working and loca users getting directly privelege mode access...
View 2 Replies
View Related
Mar 14, 2013
I'm working with a cisco wlc and acs 5.3 . I have two profile or ssid's and one of them is working with web authentication and the accounts exists in the local database of cisco acs.
I'll would like to know how can i should configure mac authentication on the cisco acs 5.3?
My purpose is authenticate users first by mac, and second by the account of local users in the cisco acs.
View 10 Replies
View Related
Dec 22, 2012
Using Cisco ASA I want the ssl clientless vpn users to be authenticated through a local Radius-Server. but it does not work, and on asa while i want to see (Debug Radius) output, there is no debuging msgs displayed. When i try to test the user which i have created on the ACS-Server 4.2, the test gets successful. where i have made a mistake in my configuration ?
View 2 Replies
View Related
Jan 24, 2013
We want to deploy NAC for 500-600 users across WAN. We are planning for L3-OOB-Real Gateway central deployment Solution.We are having two NAC Server (3355) two NAC manger (3355) at HQ and 6 NAC Server(3315) at branch. We deployed NAC under VRF.How we can deploy NAC over WAN without NAC Server, need step by step configuration under VRF.
View 1 Replies
View Related
Nov 16, 2006
I Need to create more options on Cisco ACS 5.2 under internal identity store in users. How to do add, default not showing all.
View 6 Replies
View Related
May 13, 2013
its been a while since I configured a Cisco firewall (PIX 6.0, SDM) - I've now been thrown in the deep end with a pair of 5525-X's (Latest Software) and I need to achieve the belowWebsense integration (Got this working)AAA Authentication for various outbound traffic routes.I'm using ASDM as I'm more comfortable with the GUI than CLI (I'm the other way round with switches!!!), I have AD Agent configured but the ASA isn't doing anything based on User Name but I have a few other things to try. What I'm trying to achieve now is ignoring certain user names from being matched to IP Addresses as I believe that this may have something to do with it.We use Sophos AV and each PC requires a Service Account to run Sophos under. Each update that Sophos attempts is seen as a login and that is the user attached to the IP Address of the machine. Within Websense, it can be told to ignore certain users for purposes of filtering and reporting etc.. but I dont seem to be able to do this with the AD Agent.
View 3 Replies
View Related
Jul 1, 2012
we have TACACS+ based AAA on our network equipment, authenticating against internal user database on a network of ACS 5.3s.What I want is to limit certain AAA users (namely automated tools) to be only permitted to authenticate from a list of known IPs.I can do this for authorization, easily, that isn't a problem. The problem is to only accept authentication attempts coming from certain IPs and ignore the rest. My problem is, as it is currently, the automated tools are prone to a sort of a DoS attack - if I attempt logging in to any device using the tool's user account and a wrong password, I can get the account disabled in five tries.
I want to ignore all authentication attempts, unless they are coming from well known source IPs.Ex: netmon user is the user for a tool running on server 10.20.30.40. If I try to log in from my own laptop with user netmon, it should fail, and the attempt ignored. Currently after five (or whatever is configured) failed attempts, the user will be disabled. Oly attempts from 10.20.30.40 should be considered for user netmon.I can't use ACLs on the devices, as I want other users to be able to log in from other IPs.
View 4 Replies
View Related
Mar 16, 2011
I have a Cisco ACS 5.2 and have set it up as a RADIUS server. I was wondering if there is a way to add and update users automatically? We have a large number of users > 1000 that need to be added into the system and I don't want to do this manually. These users also update their passwords on a regular basis so I would need a script that would update the users automatically without any user intervention.
View 4 Replies
View Related
Jun 9, 2013
I've successfully integrated ACS 5.3 with Active Directory for 802.1x implementation. Now i want to cache Active Directory users in ACS so that the user request from ACS does not go to AD every time.
After a certain time period the ACS database gets sync with AD.
View 3 Replies
View Related
Apr 8, 2009
The ACS can authenticate people using local database , it can also authenticate a single user (using windows database) if you are fast after the service is restarted , however after a few secounds, it fails to authenticate any users , the error we are seeing on the logs appear as authentication failure type : internal error. Also on the log files, the authentication request from the user does not appear in the correct group, it is thrown into the default group.
View 7 Replies
View Related
Mar 6, 2011
I have configured 1841 router as VPN server. All VPN users are getting authenticated using radius in ACS 4.1 I need to apply per-user downloadable ACL.
I have configured ACS for the Downlodabale ACL. Even ACS report acivity shows that ACL is applied to the authenticated user, but the traffic is not blocked or passed accordingly.
View 2 Replies
View Related
Apr 11, 2013
I am trying to get users in the external identity store (AD) to be dropped directly into enable mode after being authenticated, since I don't know of a way to set an enable password for users in an external identity store. I think it has something to do with shell attributes but I'm not realy sure.
So here's what I tried.Linking identity group to external group and provide full command priviliges - enable still didn't work Creating duplicate users in the internal identity store and setting the password type field to AD1 - That gives me the ability to get to the enable password prompt hit enter on the blank promt then prompts for Old and new passwords but fails everytime with an Error in Authentication.
View 8 Replies
View Related
Apr 16, 2013
I have ACS 4 integrated with RSA 6.1, where users of ACS can authenticate their passwords with the rsa server.I am migrating users to ACS 5, and I want to integrate with rsa.
I am configuring rsa as “rsa secureID token servers”.But how should I configure the users on acs to authenticate the password with rsa?
Previously on acs 4, on the user page, in password field, I select authenticate with external DB, Also, any guide for the config on rsa 6.1 side (with acs 5)
View 1 Replies
View Related
Jan 18, 2011
I'm trying to setup ACS 5.2 with an ASA v8.3.2 to lock users into VPN groups based on a users AD group. I've tried various combinations but the group lock isn't working. I've done steps 1 & 2 ...
1) Network Devices and AAA Clients -> Define VPN
2) Users and Identity Stores -> Setup AD and Directory Groups, test connection
Policy Elements:
Q1) Policy Elements - Do I need an authorization profile for each group:
Q2) What RADIUS attributes should I use to match my ASA tunnel-groups?
RADIUS-IETF attribute 25?RADIUS-Cisco VPN 3000/ASA/PIX 7.x 85 (Tunnel-Group-Lock)?Other?
Access Policies:
Q1) Do I need to enable and use group mapping?
Q2) Do I need a Network Access Authorization Policy for each group?
View 8 Replies
View Related
Aug 24, 2011
I have ACS 5.1 configured to authenticate users based on Active Directory. I have configured wired 802.1x too, with machine authentication enabled on ACS.When I login with credentials that exist in AD, it works fine. Then I configured Windows Authentication to ask for credentials (popup window). But I experience network disconnection when I login with a local account even though I entered correct AD credentials.I want to do the following: for an account that exist on the machine being authenticated (non-AD account), ACS should check its local database and reply with authentication success if it finds it, so the user is granted network connectivity.I heard about Identity Sequence in ACS. But I still don't see the right configuration,
View 2 Replies
View Related
Sep 1, 2011
I have 2 ASA 5520 (v. 8.21) in a active/standby fail over configuration.
VPN users are autenticated against the MS-AD through LDAP. For the most part this works well. Occasionally I'm having problems with new users in the AD. If I run a test I keep getting "User was not found". This can happen days after the account was created still. In some cases it never seems to work. The accounts I create exists on the same OU level as all the other accounts that are working.
View 2 Replies
View Related
