Cisco AAA/Identity/Nac :: ACS 5.3 Patch And AD Alternate UPN Suffix
May 31, 2012
i'm using ACS 5.3.0.40.2 and its setup with an AD External Identity store for wireless PEAP MSCHAPv2. AD is configured with Alternate UPN suffixes so that for example: 22056 Subject not found in the applicable identity store(s). ##
I've checked the release notes for 5.3.0.40.5 and there are some changes/fixes for AD but nothing I can see to explain the behaviour above. I'm looking to upgrade to 5.3.0.40.5 soon but I really need the Alternate UPN suffixes to work.mydomain.com is the AD domain namean Alternate UPN suffix of another.com has been added to AD
A valid AD user can add either the @mydomain.com or the @another.com suffixes to their username and login successfully. This works fine with 5.3.0.40.2 but changes when I upgrade to 5.3.0.40.5 - users who use the @mydomain.com login ok but users using the Alternate UPN @another.com fail with the error: [code]
View 2 Replies
ADVERTISEMENT
May 9, 2011
I need to patch our ACS server to 4.2.0.124.17 from 4.2.0.124.6. My question is, do I need to apply the same patch to our remote agents? Cisco's documentation only states that both the ACS and the Remote Agents need to be 4.2.0.
View 1 Replies
View Related
Mar 2, 2011
properly patching and/or cleaning the ACS version listed in the title.
First off - what does the Cleaning utility do?
Second - I have obtained the two following files:
ACS-4.2.0.124.17-SW
ACS-4.2.0.124.16-Clean
Can these both be used to correct a problem we have with our current installation?
View 2 Replies
View Related
Mar 22, 2012
what's the best way to apply a patch in ACS 5.2 distributed configuration ?
View 1 Replies
View Related
Aug 2, 2012
I installed ise-1.1.1.268.i386.iso on a scratch to the new NAC 3315. As i check cisco download mentioned it need to patch following files :ise-patchbundle-1.1.1.268-1-60802.i386.tar.gz,But once try to patch it show like attachment message, is it mean that i no need to do the patching?Or is there any instruction need to remove and reinstall for this files.
View 4 Replies
View Related
May 4, 2011
procedure to apply the 5-2-0-26-4.tar.gpg patch. I don't know how to get the patch file into the ACS server.The procedure in the "Read me" for the patch does not indicate anything about how to this:
1. open CLI console2. define new repository in which the 5-2-0-26-4.tar.gpg resides3. issue: 'acs patch install 5-2-0-26-4.tar.gpg repository YOUR_REPOSITORY'4. verify installation by getting the following version information via CLI by issuing:#show application version acs I don't know how to put the patch file from my local machine to the repository created in the GUI (if there is where the actual place to creat the repository).
View 3 Replies
View Related
Jun 12, 2012
I am trying to apply pach 5 to my ACS version 5.3 using FTP but i receive the following errors after issuing the show backup history command. When i use TFTP, i get a message saying that the file is too big, which i understand 164 MB.
after issuing the show repository "repository name", i get the following error.% Error reading directory on remote server.the patch is on one of my hard drives D, how do i specify on the ACS file path which drive to use?I can only place a url but without specifying which drive.
View 3 Replies
View Related
Jun 3, 2012
I have an issue with applying a patch to an ACS 1121 appliance running version 5.2.0.26. I have 5 units that needed updating and the first one is the unit with the problem. The subsequent ones updated with no issues.
When I do a show version the 5.2.0.26.10 does not show. When I try to do a reinstall I get back patch all ready exists. When I try to do an uninstall I get back patch does not exist.
Is there a command can wipe out patch 10, so I can start over? The CLI factory-reset only wipes the web configuration not the running-config or IOS.
View 7 Replies
View Related
Jul 21, 2011
I'm trying to upload the 5-2-0-26-4.tar.gpg patch to our ACS and so far have been unsucessfull. I keep getting the "please verify the patch bundle is valid".
When I download the 5-2-0-26-4.tar.gpg file, for some reason the download always comes down from Cisco as 5-2-0-26-4.tar.tar. I've renambed the file to 5-2-0-26-4.tar.gpg and verified the MD5.
View 1 Replies
View Related
Jan 7, 2010
I've got 2 freshly installed ACS 4.2 for Windows servers and I need to apply the latest patch rollup before I build the configurations. I stopped the ACS services and ran Acs-4.2.0.124.15-SW.exe to install the patches. The application begins running fine but fails on upgrading the database and then none of the ACS services would start. I was able to restore the files from the backup that runs with the patch utility and get ACS functioning again. What am I missing - does the patch rollup require any specific Microsoft Patches to be installed or something like that?
View 7 Replies
View Related
May 4, 2011
Need URL for patch 4.2.1.15.3 with comptaible for cisco acs appliance 1120 . Though its for appliance patch should be along with webserver . I have downloaded patch of SE its not comptaible to this hardware .
View 4 Replies
View Related
Jun 5, 2013
Configuration: VM with ACS 5.4 with patch 3. (upgraded from 5.2.0.26 patch 10)When I go on "System Administration" - "Administrators" - "Administrative Access Control" - "Authorization", I got this error:
What I tried:
"acs backup" on this server and shutdown
Install an ACS 5.4 with patch 3 on new VM --> I don't have the problem on GUI
"acs restore" to restore my configuration on new server --> I got this problem again...
I want to use this feature...After this error, others pages generate this error: I have to reload server or restart management service to get him back...How could I solve this? (I don't want to reconfigure manually the server )
View 3 Replies
View Related
Nov 11, 2012
About to apply a patch for the first time on the ACS 5.3 tonight. Ihave tftp'd it onto a directory i have created on the server. However my support hints i may havre to rename the file ? copy the latest patch file you got from Cisco – you may need to rename as gpg) Current filename is 5-3-0-40-7.tar.tar
So would i need to rename this as 5-3-0-40-7.tar.gpz . If so i will rename it on my pc and redownload it on tftp
View 3 Replies
View Related
Jul 21, 2011
After we have installed patch 5 on several ACS 5.2 server they aren't able anymore to write their backups to the sftp servers. I tried to search on the bug tool kit, but it seems to be broken when searching for the keyword "sftp". It's the same when I try to do a "copy logs" with sftp as destination.running a debug I can see,
acs/admin# copy logs sftp://10.1.115.11/,Collecting logs...,Username: backupuser,Password: ,6 [16376]: transfer: cars_xfer.c[301] [admin]: sftp copy out of /var/tmp/ADElogs.tar.gz requested,6 [16376]: transfer: cars_xfer_util.c[412] [admin]: resolved server to 10.1.115.11,7 [16383]: transfer: sftp_copy.c[75] [daemon]: Executing SFTP command: /usr/bin/scp -o StrictHostKeyChecking=no /var/tmp/ADElogs.tabackupuser@10.1.115.11://ADElogs.tar.gz,% Error: Transfer failed3 [16376]: transfer: sftp_copy.c[230] [admin]: sftp_copy ERROR: command execution failed,3 [16376]: copy: cm_copy.c[1226] [admin]: Logs archive transfer to url sftp://10.1.115.11/ failed retcode=-306,acs/admin#
View 21 Replies
View Related
Nov 29, 2012
I have 2 internet connections, one as primary and one as backup Internet connectionIs there any device which I can use to auto switch to backup in case of any problem in the primary internet connection ?
View 1 Replies
View Related
Mar 14, 2013
I have an alcatel 6850 switch connected to a 3750. Two connections (cables) are used between the switches. The two connections from the alcatel are in different vlans 10 and 60 , but the cisco ones are in the same vlan ie 1 (I know not best practice but keep with it ). The cisco cables are connected into port 1 and 4. Port 1 is forwarding and 4 is blocking. The 3750 is configured with basic default pvst configuration.The alcatel is the root bridge. As can be realised traffic from alcatel on vlan 10 cannot pass traffic to the 3750, This was established by the spt seeing the same mac from the root bridge therefore blocking port 4.To stop this from blocking in this scenario I was going to use bpdufilter.
View 1 Replies
View Related
Dec 25, 2011
i have flushed dns cache and i do not know how to renew dns suffix.
View 1 Replies
View Related
Mar 2, 2013
Recently implemented a branch office LAN with dual core switches (core a and core b) all access switches connect to core a and core b.core a is root bridge with priority 0, b is as secondary root bridge with priority 4096 and rest of the switches with defaulf priority.
when a access switch is connected to core a and core b. RSTP converged but core b elected as Alternate role instead as designated on access switch side to core a as root port and core b as designated.How can I influence access switch port Gi2/0/1 to be elect as Alternate port and Core B port G1/1/1 as Designated port..?
View 6 Replies
View Related
Aug 9, 2012
Is it possible to strip suffix on wireless client running PEAP (MS-CHAPv2). ACS version 5.3 (patch 5) - 5-3-0-40-5
Look like ACS 5.1 does not support this - see below link [URL]
View 12 Replies
View Related
Jan 21, 2012
For awhile every now and then my computer decides it needs to 'acquire network address' on booting up. It never does succeed unless prompted by my going into Wireless Connections and pressing 'repair'. Yet my connection to the Internet is not impeded even while the little yellow ball hovers round mini monitor in the taskbar. It is hovering now as this thread is written. ipconfig reveals Connection Specific DNS suffix is missing, but the IP Address is there. My ZyXel 7087 router shows a fixed W/LAN/WPS and DSL light, but the Internet light is continually flickering, regardless of whether the computer is on. The TCP/IP is set to,'Obtain an IP address automatically' and 'Obtain DNS server address automatically'. Advanced TCP/IP Settings shows DHCP Enabled. DNS tab - DNS server addresses box is blank 'Append primary and connection specific DNS suffixes' is dotted and 'Append parent suffixes of the primary suffix' is ticked. 'Append these DNS suffixes (in order)' is unchecked. WINS addresses box is blank. 'Enable LMHOSTS lookup' is ticked. NetBIOS setting - Default (checked) - Use NetBIOS setting from the DHCP server. If static IP address is used or the DHCP server does not provide NetBIOS setting enable NetBIOS over TCP/IP. Enable & Disable NetBIOS over TCP/IP unchecked. While reading the WNC status the computer has found the Network address, but all above remains true.
View 5 Replies
View Related
Apr 11, 2011
I was trying to learn a bit more about routers and therefore tried to acces one of our routers using an external ADSL line at work.The router is a ZYxel Prestige 324. Since I did not have the password I performed a hard reset.Now when I try to acces any website I receive error 105 ERR_ NAME_ NOT_RESOLVEDThe only difference that I can see now is that there is no longer a connection specific DNS suffix assigned.Could this be the issue? If yes how can I configure this?
View 3 Replies
View Related
Feb 21, 2012
Suddenly after more than a year of running fine, my wap seems to be giving all clients a bad DNS suffix which of course breaks DNS resolution internally (no problem with internet resolution). I assume it's a wap problem since all of my wired clients receive the correct suffix. I'm using a RVS4000 router if that makes any difference.
View 2 Replies
View Related
Oct 2, 2011
Is it possible on the CSS11503 to create a layer 5 content rule that matches a url "/*/_edit".
View 3 Replies
View Related
Jan 22, 2012
I have a nas device called mybooklive connected to my linksys e2500 router.Every device that is connected to the router does not append nyc.rr.com except the mybooklive one.I change and mad dhcp reservation for this device with the client name but it still appends. [code]
View 1 Replies
View Related
Aug 18, 2011
With the Cisco ASA-5505, is there a more secure port that can be configured for VNC other than 5901? I am new to Firewalls We have a User who has requested that 5901 be opened but I was advised not to do so for security concerns.
View 5 Replies
View Related
Feb 27, 2011
Whether ACS Se and Remote Agent 4.2.1.15.4 supports Windows 2008 R2.
View 6 Replies
View Related
Sep 18, 2012
I need to use 14Dbi patch antennas (like AIR-ANT5114P-N I use to have on AP1522) on AP 1552E. Is it possible?
View 2 Replies
View Related
Apr 15, 2013
I am migrating WCS to PI 1.3. I read from the guide that we need to migrate to NCS 1.1.1 first and we can get the demo license from Cisco.but the demo license is only 100 unit, but my WCS has 300 license units.How can I import the wcs data to NCS? Besides, I also read from the guide that I need to install patch in NCS before migrating the data to PI 1.3.can I install the patch before i import the data from WCS?
View 2 Replies
View Related
May 2, 2013
Cisco view(patch 6.1.9) in lms 3.2.1 is not supporting router 1905.
View 11 Replies
View Related
Oct 11, 2011
i want to understand how patch panels work, so far the google searches that ive done only adds more confusion.i bought a patch panel and iam in the process of buying a switch, here is what i am doing, i cut a 2 feet long ethernet cable and i punched down the cables to the back of the patch panel ( straight through)then the other end i put a RJ45 that goes connected to the switch. and i leave the front of the patch panel for PCs etc. is that right? but some info out there point out to punch down the cables to the back of the patch panel that come from the PCs,
View 6 Replies
View Related
Nov 3, 2011
I'm currently volunteering at a children's group near me. They've just moved offices and are wanting a computer network in place. I have quite a bit of experience with hardware and software troubleshooting, but anything past the server is beyond me.They have a telecommunications box, as many places do, and the box has a set of patch boxes that are, according to the telecommunications people, plugged in and good to go. Each office has tunnelling on the wall with network sockets, again the norm.
View 4 Replies
View Related
Dec 29, 2011
I connect to the internet with a usb wireless modem on one computer.I have creat a home network and I need to share the internet to rest of the computers on my network.
View 1 Replies
View Related
Mar 21, 2012
I currently have the following set up in my basement: Modem to 8 port router which has cables going into a patch panel which in turn provides internet access at 8 wall outlets throughout the house. My data/video streaming needs are expanding and I have had additional wiring pulled to the new locations. I would like to know if I can bypass the patch panel and go from the Modem to a 24 port switch to individual wall plates throughout the house.
View 1 Replies
View Related
