Cisco AAA/Identity/Nac :: Where Is Shared Secret Field For ACS 5.3 Server Itself
May 9, 2013
We currently have a distributed PR and DR ACS 5.3 setup, set up with tacacs devices and one radius device.The radius device is used Opnet's AppResponse Xpert Admin. We are trying to intergrate AppResponse Xpert Admin with ACS.
The GUI for AppResponse Xpert Admin is asking for the radius server ip address - i.e our ACS , radius port - i.e 1812 and "secret" - I'm guessing this means the shared secret of the actual ACS itself (not the shared secret used by network devices) .
On our ACS 4.2 systems we have a field for a shared secret regarding the ACS server itself (to authorise replication?).
Using the search function for "Shared Secret" in pdf "User Guide for Cisco Secure Access Conrol System 5.3" has only found references to setting one for network devices and not a field for the ACS itself.Is a ACS server shared secret still relevant for the ACS 5.x system?
View 2 Replies
ADVERTISEMENT
Feb 23, 2011
Getting the following error when trying to Authenticate.Check whether the Shared Secrets on the AAA Client and ACS Server, match. Ensure that the AAA Client and the network device, have no hardware problems or problems with RADIUS compatibility. Also ensure that the network that connects the device to the ACS, has no hardware problems
Where in the settings on the Cisco ACS 5.2 Appliance can you verify/change the shared secret?
View 1 Replies
View Related
Sep 19, 2011
how the Cisco VPN works, as i already have a post on here about not being able to connect an android device to my firewall, i am now struggling to get an Iphone 3gs iOS v4.3 (8F190) connected to the VPN Either.I have checked the Network (client) Access settings on the firewall, and confirmed the group names im after including the protocols it supports L2TP is Disabled so it looks like i can only connect via IPsec.so i fill out the required details in the IPhone but keep getting a message back from the phone
"The VPN Shared Secret is incorrect"
Now im sure i have this right as i use the same details on my laptop which connects to the VPN perfectly fine. but i am starting to bang my head against the wall, no matter what i try and do i cannot seem to get either device to connect to the firewall.i have a pair of ASA 5520 boxes running cisco software 8.2
View 4 Replies
View Related
Jun 23, 2011
Recently I came across a router (Cisco 3845, IOS 12.4) configured for TACACS, one local username and an enable password. Going through the configuration I noticed the router didn't have an enable secret password which I thought was strange. The TACACS config is below, comments regarding the TACACS config and the consequences of not having an enable secret or if there is a need for one.
aaa authentication login default group tacacs+ aaa authentication login no_tacacs enable aaa authorization exec default group tacacs+ aaa authorization commands 1 default group tacacs+ aaa authorization commands 15 default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa accounting commands 1 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting network default start-stop group tacacs+
View 7 Replies
View Related
Aug 7, 2012
users whose status is manually disabled don not have difficulty in authenticating and access managing nework devices. that makes me wonder what is the difference between status enabled and disabled?
View 44 Replies
View Related
Apr 7, 2013
between fields in import template file (add or update) for internal users is no column for expiration date ([URL]). This field is not defined also for export file.
My question is: (How) is it possible import new users (or update existing) into internal db with expiration date field?
View 3 Replies
View Related
Apr 4, 2013
Environment :AP 2602, WLC 5508 V7.4, ISE 1.1.2, Prime Infras 1.2
For a specific SSID, we use MAC address as 1 of the conditions to authorize access only for the company-owned mobiles (smartphones and tablets), the other condition being, for the mobile, to present a valid AD user/password;this way, the so-called BYODs are rejected since this is the rule within this company ;The difficulty with this approach is the fact that there is no way in ISE Identities Endpoints nor Groups to associate a user-friendly name to the MAC address of the mobiles, which makes very tedious some actions such as a search in the ISE authentication Log based on the MAC address value itself;the question is just to know if it is planned to add a new field in Identities Endpoints definition that would allow to associate a user-friendly name to a MAC address, for future ISE versions,
View 1 Replies
View Related
Feb 18, 2013
Region : Germany
Model : TL-WDR4300
Hardware Version : V1
Firmware Version : V1
ISP : Kabel Deutschland
the firmware offers 3 different dyndns services. But opendns is not included, also there is no free field to choose protocol, server, password and network. Will this be updated in further firmwares?
View 3 Replies
View Related
Mar 7, 2012
Is there a simple way to migrate shared dACL to group/user mappings from ACS 4 to ACS 5? After migration using the Migration tool provided by Cisco I get shared dACLs and also I get all my users/groups transfered but these shared dACLs are not mapped to groups or users as previously. I understand that in new ACS we do not apply authorization directly to users/groups, but then if I had in ACS 4.x a hundreds of groups and each of these groups had a dedicated dACL (shared) applied as authorization attribute now after migration to ACS 5 I have to create separate authorization profile for each of these groups which is a lot of manual work. So I'm asking for an easy automated way to migrate authorozation rules to new ACS version.
View 1 Replies
View Related
Sep 20, 2011
At our work, we have a shared documents server and also an email server to connect to. For some reason, on one computer only, I cannot connect to either my e-mail or the shared docs. It simply will not accept the credentials (ie my password for my username). It won't accept anyone else credentials either. I have set up fine on another computer, and on my home computer which is on a different network. I can categorically say that it's a computer problem as the usernames/passwords work fine on every other computer, but this one cannot seem to connect. I connect to the servers through a shortcut on the desktop, so i think it's the exchange or something I can't connect to.
View 14 Replies
View Related
May 16, 2012
I can see all the shared folders including mine on my workstation but can not access mine.what what is wrong or how do a reset set it so that it can ask for my password in order to access my folder?
View 1 Replies
View Related
May 24, 2012
I hav a Network area storage server where all my files are stored. The Folders are shared on the network the shared folders were working fine but suddenly i was unable to access these folders .I tried to Map the network drives by IP address that is ""\ipaddressshare""of the NAS server but was unable to do so. It Gave me an error message ""No Logon Servers are currently available"" . But when i put my server Name that is ""\servernameshare "" i am able to map the folders. Why am i unable to access my shared folders on the NAS server by IP address . I have checked the IP adress connectivity and everything but it is all fine .I can even ping by ip address of the NAS serve
View 5 Replies
View Related
Feb 11, 2012
I got a $7 per month plan on a server and I have a problems with FTP connection. I am trying to upload a 20MB file with multiple folders and files in it and the connection is very choppy and I literally was not able to do that since yesterday.
View 1 Replies
View Related
Apr 15, 2011
Have a server linked to four computers and a laptop for a business and can't seem to access shared files on server from other computers as it keeps asking for username and password to access it. Have tried to change from workgroup to domain that the server is on so to create username and password but error message keeps coming up 'a domain controller for the domain ata.local could not be contacted or if just use ata as domain it does not accept any username or password. Also have tried suggestions in other forums such as simple sharing and creating an account on other pc's with same username and password as server. All of the systems are windows xp and the server is windows standard.
View 3 Replies
View Related
Sep 18, 2012
How to protect shared folders to denie access from server???i am really in need of a software where i can share files on network but i don't want the system administrator to access those files.
View 1 Replies
View Related
Aug 20, 2011
We've recently installed Windows Server 2003 at our small office for data storage, and have set up shared folders in the Win Server 2K3 for access from about a dozen Win XP Pro machines.Upon the first access of these shared folders from a Win XP Pro machine, we're required to enter a User Name & Password for the Win Server 2K3 machine:Is there a work-around for this? Perhaps some method in WinXP Pro to save the username/password? As it stands now, any time one of the WinXP Pro machines gets rebooted, or if the server gets rebooted, users of the Win XP Pro machines have to re-enter the username/password, and I'd like to find if there's away around having to re-enter that info.
View 5 Replies
View Related
Mar 2, 2011
how to open shared drives on server 2008 while connecting with vpn connection
View 1 Replies
View Related
Dec 7, 2010
I have created a username and password with command username Cisco privilege 15 pass Cisco. when i telnet to switch it ask me for enable secret password?????? though i have specified a privilege level 15 to a user.Switch is authenticating with ACS and i have specified a privilege 15 to a specific user on ACS.The IOS is c2960-lanbasek9-mz.122-55.SE.
View 14 Replies
View Related
Oct 25, 2011
we have two servers in our network, one functions as a file server (windows server 2008) and the other as a domain controller with active directory and some database applications running on it (windows SBS 2003). the file server has folders for the different units in our company, these are shared folders. these folders can be accessed by anyone with a domain login by running \servername from their computers, without any further authentication required.
i have tried to set up sharing restrictions with no success, for example the Accounts folder, i right click on it and select properties, and the sharing or security. under both tabs i added three names of those that i want to have access to the folder. these names appear in the sharing list together with:administrator(servernameadministrator) administrators (servernameadministrators) administrator systemeveryone has not been added as is the case with all other folders. what is this system on the list? how i can restrict access, perhaps there is a setting that i have missed or settings in the network that prevent these restrictions?
View 1 Replies
View Related
Aug 19, 2012
I have a small network running in my language academy which is causing me some issues. We have a server running Win XP with two folders, one for the teachers which is password protected and the other for the students which doesn't require a password. Up until two days it has been working well. However now the server keeps disconnecting from the internet quite randomly which stops us from connecting to the shared folders.
I've noticed that a caution icon appears next to the ethernet icon in the task bar when this problems occurs on the server. I have tried to right click and choose the repair option but it tell me that it cannot resolve the ip address. In some cases rebooting the server resolves the issues but in many case it doesn't.
View 1 Replies
View Related
Apr 11, 2012
im having confused with those command "username (username) privilege (0-15) secret 5 (word)", what should i put into (word) part ?cause when i tried to put a "cisco" an error comes up. "privilege" command function and how that commands work?
View 4 Replies
View Related
Sep 20, 2011
Network error code 0x80070035 The network path was not found.
I read the previous posts on this error code but my sceanrio was not addressed. Dell Optiplex 980 i5-750 2.66GHz w/4GB RAM running 64bit Win7Pro SP1 and 64bit Symantec Enterprise Protection v.11.0.630
File server is Dell PowerEdge 1900 running 64bit Win 2008 standard server w/o hyper-v, SP2 and 64bit Symantec Enterprise Protection v.11.0.630
I support an OU in a large university domain. Myself and one other user are the only people experiencing this issue in an OU comprised of over 20 machines.
View 3 Replies
View Related
Oct 18, 2012
I was trying to make an Ethernet cable about 100 feet long and what I found; it was not working in non-standard color scheme. However it works fine when re-arrange its color combination into standard, (Same cable, only color difference).So, why this Color scheme is important? And what is the secret behind its color combination?This is Standard Color Scheme for Ethernet.
View 3 Replies
View Related
Jan 26, 2013
Region : Singapore
Model : TL-WDR4300
Hardware Version : V1
I need to set up remote access to my HDD connected to my WDR4300, so I can always go online when I am out to retrieve the saved files in the HDD. However I have zero knowledge of network setting of the FTP servers, I can gain access when I am home and connected to the Wireless network, but how to gain access remotely.
View 6 Replies
View Related
May 1, 2013
I know that very few people have their wireless controllers on version 7.4.100. But has any one noticed that the NAT IP address field in the management interface configuration menu is missing?, although it is mentioned as being present in the WLC 7.4 configuration guide. This would definitely affect Office-Extend.
View 4 Replies
View Related
Jun 21, 2012
I'm running VPN SSL on an asa 5520 (V8.2.5) with LDAP authentication and everything works fine but now the AD people changed name in the groups and they added a " " "blank" in one of the fields so when I configured the group I get an error.
for example:
map-value memberOf CN=VPN_SSL_ABC,OU=External,OU=XXX,DC=ext,DC=local ABCPolicy
but this does not:
map-value memberOf CN=VPN_SSL_ABC,OU=External Group,OU=XXX,DC=ext,DC=local ABCPolicy
Is there any way to insert a space in the OU field?
View 2 Replies
View Related
Jun 13, 2011
The URL field in the web access log has a length of 70 characters. Is there any way to increase is[INFO] Mon Jun 13 21:30:30 2011 Website1234567890012345678900123456789001234567890012345678900123456789001234567890 accessed from 192.168.xx.xx
View 2 Replies
View Related
Jul 9, 2012
I have upgraded my new WLC to version 7.0.98.218. I noticed the N/A for the Field recovery version. On my old 4402 it is called the Emergency Image Version, and it is 5.2.157.0
How do i get a recovery version on the WLC?
View 2 Replies
View Related
Sep 29, 2011
I have added all of the devices to DCR and they show up with their hostname value in all of the device trees except for the fault manager views. In all of the fault manager views the hostname is not being used for the Devie Name field, rather the IP address is being used.
View 6 Replies
View Related
Oct 7, 2012
i need to add a lot of mac addresses in mac addr filter table. many routers do not allow me to add a note for each mac address. that makes management a bit difficult.
eg.
field 1, field 2, enable
xx:xx:xx:xx:xx:xx , peter pc, y
xx:xx:xx:xx:xx:xx, mary pc, n
View 2 Replies
View Related
Apr 28, 2011
Geting this message, having low performance and overrun errors Apr 29 13:45:59 pix-servidores %PIX-4-500004: Invalid transport field for protocol=TCP, from 188.120.243.238/80 to 174.56.110.0/0
View 3 Replies
View Related
Dec 4, 2012
I would like to know if there is a way I can use an XML file to pre-fill the connect field of the Anyconnect client version 3.0. In the past, I have been able to use an XML file to pre-fill information in the NAC agent so I could push it out to clients who didn't have administrator rights to their box. I was wondering if there is a similar method to do this with the Anyconnect client.
View 1 Replies
View Related
Jan 10, 2013
Is the 5512 able to be field upgraded to a 5515 and so on through 5555? I.E. Can I add ram and other hardware to make the boxes more powerful as my requirements increase? I was hoping this would have been a new feature with the ngen firewalls.
View 3 Replies
View Related
