Cisco AAA/Identity/Nac :: Manipulating Username In ACS 5.3
Aug 26, 2012
Does ACS 5.3 has a feature to allow you to change or otherwise manipulate a user-name value within ACS as an authentication request comes into the system.
We want to use ACS to authenticate users to a particular device, but the device does not allow us to have username's in the format that we require, and the rest of our systems allow and require.
We want a way of manipulating the user ID of someone logging into the system, so that when the authentication request hits the ACS their username is massaged into the format we require, before being further processed against identity policies etc.
View 5 Replies
ADVERTISEMENT
Sep 19, 2011
So I've just discovered the Cisco ASA is not capable of performing policy-based routing.
I am in a position where I need to manipulate traffic flows from the inside network outwards for TCP80 & TCP443 traffic toward a transparent proxy server while default routing the remainder of the non-matching traffic.
Can anybody think of a way to do this with the ASA? Would a destination NAT work?
For example:
nat (inside,outside) source static any any destination obj_any proxy_object service tcp 80 80 nat (inside,outside) source static any any destination obj_any proxy_object service tcp 443 443
Why would the ASA not support PBR?
View 7 Replies
View Related
Apr 7, 2011
We're using AAA Sec4.1 and we need to bind the username with IP address for remote VPNs configured on Netscreen ISG2000 firewall. We want AAA should check two things against any user first IP address and second Username in order to authenticate the users.
View 1 Replies
View Related
Mar 22, 2011
how can we rename an existing username on ACS 4.2 Application.I don't want to rename the group just the username.
View 3 Replies
View Related
Mar 27, 2011
we have a new ACS 5.2 server, and are having a problem with the case sensitivity of ACS. Basically, what is happening is that some users are capitalizing the first letter of their AD username, and it's causing ACS to deny their access due to the case of their username. For example:
Username yyy0h22 grants admin access to a device. However, Username Yyy0h22 denies access to a device.
Is there a way to make it so that no matter uppercase or lowercase, we are giving this person access? Without having to make a different rule for each permutation?
View 1 Replies
View Related
May 16, 2011
I'd like to know if there is a way to exclude passed authentications for a specific username from reporting in the Authentications-TACACS and Authentications-RADIUS reports?
We have a few usernames that are used in scheduled jobs. We only need to know when they fail authentication, so we don't need to fill up the reports with every passed authentication from these accounts. Can this be done?
View 1 Replies
View Related
Aug 3, 2011
Why my asa5520 brings out:
sh curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
while i am logging in with my username which is XXXX. And in my ACS accounting logs I cannot see which user did what.
View 2 Replies
View Related
Mar 23, 2013
In my ACS 5.4 I want to have same useranme to use two shell profiles. Here is the requirement.One shell profile with privelege 15 for IOS device admin and other one with different privelege for WCS admin.As there can't have two shell profiles on the same authroization profile, I created two different profiles, and match with the ACS local group name. However whenever user tries to access it always hits the 1st profiles.
View 3 Replies
View Related
Mar 15, 2012
I need to change the username and password ACS uses to connect to AD. I do a "clear configuration" and reboot and am unable to join the ACS appliance back into my AD with a different username and password. I am able to rejoin the ACS machine to the domain using the original username and pass. how to clear all of the AD config off of the appliance and start fresh and use a new account to join AD?
View 3 Replies
View Related
Feb 28, 2012
I have a weird issue. I recently setup an ASA 5510 and had SSH working. To make it easier on my VPN users I then decided I wanted to setup a Windows 2008 Network Policy Server for RADIUS authentication. Ever since I added the RADIUS part to aaa authentication, when I use SSH to connect to the ASA it will not take the local user name and password I have setup. I can however get in using a Domain user name and password. Below is the SSH and AAA configuration. Am I missing something here? The username and password in the ASA is not on the domain and it's like the ASA is not even trying LOCAL when it tries to authenticate. I want it to use the local username and password if possible. I'm kind of new to ASA's..
On another note, I have never been able to SSH in on the internal interface. I always get a "The remote system refused the connection" error message. I can only use the outside interface.
Site-ASA# sh run | in ssh
aaa authentication ssh console SERVER_RADIUS LOCAL
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
[code]....
View 2 Replies
View Related
Mar 28, 2012
My question is on ASA and ACS5.2 users.Have my ASA SSL VPN and IPSEC VPN, the my ACS5.2 many users, for example, wireless user.I would now like to establish an independent user group, only the VPN user name and password, while both the ASA VPN can only allow users in this independent group of ACS5.2 VPN login, how to configure?
View 1 Replies
View Related
Dec 12, 2011
I am attempting to create a mass upgrade server for some of our more standardized equipment since our vender cannot upgrade them pre-shipping for us, we've got to do them on our own. This means using a terribly organized wizard written in what appears to be Java...
I have an aversion to Windows and felt that I could accomplish the same thing using expect scripts and a Gentoo Linux server; now all I need is to set my Cisco 3550 (c3550-ipservicesk9-mz.122-44.SE6.bin) to have each port on it's own VLAN, except for fa0/1 which will be a trunk port to communicate with all ports as well as the server.
View 4 Replies
View Related
Jan 15, 2012
Can I use AAA Radius on a ASA 5505 to block outgoing user access by user name in a group?
View 2 Replies
View Related
Jul 23, 2011
in what form is it typed? e.g. is it xxxxx@yyyy.com etc? or is it a specific title or series of numbers that I can find somewhere on my conputer?
View 1 Replies
View Related
Apr 18, 2012
Looking up your ISP, Username and Pw?
View 1 Replies
View Related
Aug 19, 2012
i set up my trendnet wirless router but my isp is not working...how can i find my isp username & password on my computer?
View 1 Replies
View Related
Dec 19, 2011
I am fairly new to this game of configuring Cisco routers.I've done a three now, the first two were great, they achieved PPP so I was well pleased!The third one is a matter of nightmares. The ISP say there is no need for a username and password?
View 1 Replies
View Related
Oct 14, 2012
I have installed LMS4.2.2 on Windows 2008 server and am unable to login via the 'admin' username. I get "Invalid Username or Password. Please try again" error message. I can successfully login using Windows AD username and password.
I have reset the password for 'admin' username with the following:
!
nmsroot�inperl.exe resetpasswd.pl admin
Server has been rebooted PRE and POST password reset.
View 2 Replies
View Related
Aug 10, 2011
i have several Cisco 4948 in my network infrastucture, the issue that i´m having with them is when i try to view the ssh log appears something like this.. Aug 11 15:43:13 GT: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 192.168.2.5 (tty = 1) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded
The ip address is correct but the username is in blank i checked on other equipments (2960 access switches and 7200 series router) and they show the username field correctly...
The IOS version im using is (cat4500-ENTSERVICESK9-M), Version 12.2(50)SG1, RELEASE SOFTWARE (fc2)
The ssh configuration is as follows..
ip ssh time-out 60
ip ssh source-interface Loopback1
ip ssh logging events
[Code]....
View 1 Replies
View Related
Oct 22, 2011
I have a cisco 800 series router which I configured months back with username and password. Now I wanted to use it recently but cannot remember my username or password.I decided to use rommon to reset the password and during bootup, i hit ctrl+break which took me to rommon mode. Then i used confreg 0x2142 to bypass the startup config. It then told me to reset or power off and on the router which i did. Then on booting up again, it started showing me stuffs like these: [code]
View 7 Replies
View Related
Aug 15, 2011
how to remove other person's username from my computer which was served ?
View 1 Replies
View Related
Aug 15, 2011
how to remove other's user name from my computer ?
View 2 Replies
View Related
Jan 4, 2013
I want to find out what machine a user is logged into on a local network. The syntax should be something like :lookup user@domain dns.just not sure what flags to pass?
View 1 Replies
View Related
Feb 25, 2013
What is my dsl router username & password
View 1 Replies
View Related
Nov 11, 2012
how can i get the username and password of my dsl router
View 1 Replies
View Related
Sep 11, 2012
i need to change my username and password
View 1 Replies
View Related
Jun 20, 2011
How can i edit on who will have the most percentage of internet?i cant access the username and password.
View 1 Replies
View Related
Apr 11, 2012
im having confused with those command "username (username) privilege (0-15) secret 5 (word)", what should i put into (word) part ?cause when i tried to put a "cisco" an error comes up. "privilege" command function and how that commands work?
View 4 Replies
View Related
May 19, 2013
Customers ASA 5510 and they are using the default "pix" login. I can log into the command line with pix just fine. I created a user account, call it:username jsmith password Passw0rd priv 15,I'm unable to log into the command line with jsmith. I can get into ASDM with it.
View 6 Replies
View Related
Dec 28, 2011
We have a WLC 4404 with version 7.0.220.0 of the firmware/software.We use it to control the wireless network on our campus, we basically have 2 WLANs defined, one authenticated (using Radius [AAA]) and one not authenticated which is only turned on when needed (when we host some event).At the moment both these WLANs use the same address space, we will hopefully split it soon since that is better from a security point of view.
I would like to create an 'externalacl' for our squid proxy (script/program) that when handed an IP address can go to the WLC and find out what username was used to authenticate.Does the WLC provide any interface to this information?We also have an NCS so if it provides the interface that is also fine....
The other option I see is getting the information from the Radius server that the WLC uses, the only problem with that is that the WLC does not send Logout messages to the radius server (or the radius server doesn't interpret them properly/something wasn't setup correctly).This would result in a user on the unauthenticated WLAN that got the same IP as an authenticated user got earlier being treated like the authenticated user by squid (since radius still has an entry saying Login on IP by user).
View 1 Replies
View Related
Mar 5, 2011
I am trying to add a username to the local database for remote VPN connection but always i get this error when I add,Encrypted password is of incorrect lengthUsername addition failed.
View 1 Replies
View Related
Jun 19, 2011
I have a SLM248G4S but do not have the IP, Username or password, Is there a way i can get on the unit or do a master reset without logging in to the gui?
View 1 Replies
View Related
Mar 23, 2011
I forgot my username and password how can i retrieve my username and password,, i forgot to put password for connection on my wifi.
View 1 Replies
View Related
