I have been trying for the life of me to figure out why CSA will not allow a group, that I create in AD, to have write access to a wwwroot directory. I can make user accounts work, I can make the built-in accounts in AD (Domain Admins) work. However if I make a group called Domain Admins2, I get no lovin from the MC.
The rule is as follows:
Deny All apps, but not "www services", read/write/create dir.
The user state var is as follows : user <all>, <none>; groups <all>, "Domain Admins2"
I have also tried reversing the rule and doing a allow with the "Domain Admins2" in the first box of the user state.
Other then updating to 5.2 has anyone run into this issue?????
You should run the csa diagnostics from the csamc, this will tell you exactly what groups csa is seeing on your machine. Also remember that it is the cretedential used to execute a certain function that is used in user-states, not the logged-in user, so you might see some things not getting hit with a user-state if it is executed by ex. SYSTEM
The rule will be a priority deny, that allows the specified group.
I did get this to work, thanks to the host diagnostic link gave me the info I needed, granted I still can't get the name to work, however the SID for the group works just fine, and meets the needs of the web admin.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :