 Feedback
|
Table Of Contents
Release Notes for Cisco Context Directory Agent, Release 1.0
Context Directory Agent Requirements
Context Directory Agent License Information
Installing the Context Directory Agent Software
Open Caveats in Cisco Context Directory Agent Release 1.0
Resolved Caveats in Cisco Context Directory Agent Release 1.0 Patch 1
Release-Specific Documentation
Obtaining Documentation and Submitting a Service Request
Release Notes for Cisco Context Directory Agent, Release 1.0
Revised: February 13, 2013, OL-26298-01Contents
These release notes describe the role of the Cisco Context Directory Agent in an identity-based solution, its limitations and restrictions (caveats), and related information. These release notes supplement the Cisco Context Directory Agent documentation that is included with the software, and cover the following topics:
•
Context Directory Agent Requirements
•
•
•
•
Introduction
The Cisco Context Directory Agent (CDA) is a application that runs on a Cisco Linux machine; monitors in real time a collection of Active Directory domain controller (DC) machines for authentication-related events that generally indicate user logins; learns, analyzes, and caches mappings of IP addresses and user identities in its database; and makes the latest mappings available to its client devices.
Client devices, such as the Cisco Adaptive Security Appliance (ASA) and the Cisco IronPort Web Security Appliance (WSA), interact with the Cisco CDA using the RADIUS protocol in order to obtain the latest set of IP-to-user-identity mappings, in any one of the following ways:
•
•
The AD Agent interacts with the following components in a network:
•
•
•
Cisco CDA can support up to 80 domain controller machines, and can internally cache up to 64,000 IP-to-user-identity mappings. It supports up to 100 Identity consumer devices. Cisco CDA processes 1000 IP-to-user-identity mappings per second (input and output).
Context Directory Agent Requirements
See the Installation and Configuration Guide for Context Directory Agent, Release 1.0 for information on the Context Directory Agent Requirements.
Context Directory Agent License Information
See the Open Source Used in Cisco Active Directory Agent 1.0 document for the Context Directory Agent licence information,
Important Notes
For the Cisco Context Directory Agent to function properly in an identity-based solution, you must ensure that:
•
•
•
Installing the Context Directory Agent Software
See the Installation and Configuration Guide for Context Directory Agent, Release 1.0 for information on how to install and configure the Active Directory Agent.
Open Caveats in Cisco Context Directory Agent Release 1.0
Table 1 Open Caveats in Cisco Context zDirectory Agent Release 1.0
CSCty64187
Symptom Attempting to create a log backup file results in the following error message:
% ERROR: Bad hashed password.Conditions
backup-logs logs repository local password hash 1q2w3e4rWorkaround
CSCtx13593
Symptom Cannot install Cisco CDA application via network interfaces 2 or 3.
Conditions
Workaround
CSCtx13800
Symptom In Cisco CDA CLI, you cannot use % within a password.
Conditions
Workaround
CSCtz47312
Symptom The Cisco CDA GUI may not reflect changes made to the administrator list in the other concurrent GUI sessions when clicking the Refresh icon.
Conditions
Workaround
CSCtw78043
Symptom DC status in the Cisco CDA Dashboard might show as down during the first few minutes after Cisco CDA is connected.
Conditions
Workaround
It is possible to avoid this issue by setting the following registry keys on the domain controller:
•
Change the default value "Apartment" to "Free".
On 64 bit Domain Controllers, the following key should also be similarly changed:
•
Restart the WMI service on the DC for the changes to take effect.
CSCtx67710
Symptom Cisco CDA does not receive identity mappings from an Active Directory 2008R2 DC, even though the DC shows as connected, and the user login events show up in the DC security audit log.
Conditions
Workaround
A Hotfix is available from Microsoft to address the root cause of this defect. The WMI process stops sending events to WMI clients from a Windows 7-based or Windows Server 2008 R2-based server, http://support.microsoft.com/kb/2705357
Resolved Caveats in Cisco Context Directory Agent Release 1.0 Patch 1
The Cisco Context Directory Agent 1.0, Patch 1 now supports Windows Active Directory, version 2012.
Table 2 lists the caveats that are resolved as part of this patch.
Table 2 Resolved Caveats in Cisco Context Directory Agent Release 1.0 Patch 1
CSCud69408
CDA needs to support user with non-admin privileges when connecting to Windows Domain Controller. Refer to the Installation and Configuration Guide for Context Directory Agent, Release 1.0 for more information.
CSCud69418
CDA to support NTLMv2 for the connection with Windows Domain Controller.
CSCud69438
Log records are not displayed in the log table after CDA is installed on VMware.
CSCtz47312
Refresh in Administrators screen does not work.
CSCtz21543
Tool tips on mouse over for Green/Red status icons.
Documentation Updates
Table 3 Updates to Release Notes for Cisco Context Directory Agent, Release 1.0
Feb 2013
Added "Resolved Caveats in Cisco Context Directory Agent Release 1.0 Patch 1" section
June 2012
Updated CSCtx67710
June 2012
Cisco Context Directory Agent, Release 1.0
Related Documentation
Release-Specific Documentation
Table 4 lists the product documentation available for the AD Agent, Release 1.0, patch 1.
Table 4 Product Documentation for Cisco Context Directory Agent, 1.0, patch 1
Installation and Configuration Guide for Cisco Context Directory Agent, Release 1.0
http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda10.html
Release Notes for Context Directory Agent, Release 1.0
http://www.cisco.com/en/US/docs/security/ibf/cda_10/release_notes/cda10_rn.html
Open Source Licenses used in Context Directory Agent, Release 1.0
http://www.cisco.com/en/US/docs/security/ibf/cda_10/open_source_doc/open_source.pdf
Other Related Documentation
Links to Adaptive Security Appliance (ASA) 5500 Series Release 8.4.2 documentation and Ironport Web Security Appliance (WSA) documentation are available on Cisco.com at the following locations:
•
http://www.cisco.com/en/US/products/ps6120/tsd_products_support_series_home.html
•
http://www.cisco.com/en/US/products/ps10155/tsd_products_support_series_home.html
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2013 Cisco Systems, Inc. All rights reserved.