AAA Authorization Using Local Database

Similar Messages

• For Working offline - Which one to use -  local database caching or reliable messaging?

  Hi,
  I am working on a mobile application with lcds where there is a feature to be implemented. The user can use the application in airplane mode and be able to automatically send requests to server when he comes online. After some research,  I found that I have to use a feature in the documentation called ocasionally conencted clients, which uses local database with dataservice.savecache() and offline adapter. I also found another feature called reliable messaging which takes care of sending the pending requests when the user comes online, but not sure if this feature supports offline mode for longer periods. The documentation mentioned that reliable messaging is only good for transient network disconnects, meaning disconenction for shorter time.
  Can anybody please confirm which is the right feature that best suits this requirement?
  Thanks,
  Swathi.

  Hi Ashish,
  Thank you so much for the resource. One more question, The code in the resource link,  has calls to Dataservice.disconnect() and Dataservice.connect() on the buttons. If my user need not bother to click on those buttons for connections and just set his phone to airplane mode and start working, I am using SocketMonitor class to monitor for network connection and then perform the Dataservice.connect(). In that case, I have problems when network is connected, the data service seems connected automatically some times and not connected other times resulting in errors. I am using autoConenct = true. How can I handle this? Do I have to call disconnect when socket is not available and then call conenct when it is available, things like that? Or Is there any other way to implement this without using SocketMonitor class?
  Thanks,
  Swathi.

• Can i use local database in webdynpro

  Hai,
  I want to store a string in the local database. is it possible to store in local dictionary-->structures.
  using this how cani store , retrieve, update and delete the data in the local dictionary.
  regards,

  Hi Naga,
  It was discussed already:
  store data in database and access
  making database connection
  REG: DATABASE Connection
  Best regards, Maksim Rashchynski.

• How to use local database for Education Portal

  Hi All,
  We are implementing a Education Portal (learning Solution) and here are our requirements
  1. Course details are stored in R/3 portal
  2. When users login to the education portal, course catalog should be displayed with all the details and here the course catalog should not be displayed directly from R/3.
  3. course catalog should be read from some local database or XML ( how to update the local database/ XML from R/3 data periodically)
  4. Once when user sees the course details, if he wants to buy the course, he will register and do the payment.
  5. User details should be stored in the local database and only if he do the payment and his registration details will be stored in the R/3.
  Is any one have any idea how to go ahead with the above function and give some inputs.
  Regards
  Ponnusamy

  Hi,
  Basically, you would have to use plain JDBC / Open SQL or some persistence framework on top of it (e.g. JPA if you're on Java EE 5 / NW CE 7.1, or EJB CMP, JDO, Hibernate with previous NW releases) to store and load data in the local DB. For updating the backend ("R/3") you would use SAP JRA which is based on SAP JCo.
  Search for these terms on help.sap.com and you will find plenty of information about it.
  HTH!
  \-- Vladimir
  PS: Once again, I'd like to remind you to read the [Rules|https://wiki.sdn.sap.com/wiki/display/HOME/RulesofEngagement], in particular regarding cross-posting. Violating the rules may result in banning your user.

• AAA authorization commands

  Hi All
  Probably i am going to ask a stupid question but i am really confused regarding the purpose of "aaa authorization commands x default local" command. I understand that if this command is configured, it authorizes each and every command of that level but in my experience, this command is not doing anything. The outcome is same whether it is configured or not.
  Following is my aaa part config
  username cisco privilege 15 secret cisco 
  aaa new-model
  aaa authentication login default local enable
  aaa authorization exec default local if-authenticated
  aaa authorization commands 15 default local if-authenticated
  Now whether i keep the last command or remove it, username "cisco" is able to use every level 15 command so my question is, why i bother configuring this command?
  Would really appreciate your quick reply
  Regards

  Thanx a lot for your quick response. Really appreciate that.
  So does this mean, can i safely assume that if i am using local database then i don't require "aaa authorization command level" command??
  that is following should be the config
  username cisco privilege 15 secret cisco 
  aaa new-model
  aaa authentication login default local enable
  aaa authorization exec default local if-authenticated
  privilege exec level 15 show   (just an example)
  privilege exec level 15 debug
  I have tested this and it worked fine without using "aaa authorization command level"
  Moreover, regarding the use of AAA server, my eventual plan is to use TACACS+ but before that,  i wanted to get a good grip of AAA functionality and therefore started off with local user database.  
  So u mean to say, if i am using TACACS+ for authentication and authorization purposes and in ACS Server, user "cisco" has been assigned level 15 but with authorization set of "show" and "debug" only then by using "aaa authorization commands level" in a router, i can successfully restrict user "cisco" to "debug" and "show" only? In my point of view, i can achieve this anyway (restricting "cisco" user to only use "show and debug) without using "aaa authorization command level" (like i tested with local database)??
  will really appreciate your kind response

• Remote and local databases

  let say that i access a oracle form through the web and that form access data from two distributed databases, then will there be a remote database and local database for the user or all the databases will be remote databases to the user

  In my opinion.
  using local databases -- access tables without DB_link
  using Remote databases -- access tables through DB_link

• Cannot configure SAN parameters in MDS 9000 after AAA authorization

  After logging into a cisco MDS 9509 (Version 5.2(1)) using ACS authentication. I cannot configure changes in the SAN but am able to make changes to the non SAN related parameters of the MDS i.e. hostnames usernames etc.
  Disabling AAA and using local authentication I can perform SAN changes.
  Any ideas?

  hi,
  Check the role assigned to the user used for AAA authentication, because it may not have enough credentials.
  rgds

• VCS Local database Authentication

  Hi Everyone,
  As my subject above,
  I want to set my VCS Expressway's Authentication to use Local Database,
  So all user (either H323 and SIP) must have valid username and password to do registration with my VCS Expressway,
  In Cisco's guide Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-0 said that I must go to VCS configuration > Authentication > Devices > Configuration and change Database Type to Local Database,
  But the problem is I can not find this menu in my VCS Expressway,
  Attached screen capture from my VCS Expressway.
  How can I set the Database Type if I can not find this important menu?
  My VCS Expressway software is x7.2.2. 
  Please advise :(
  regards,
  Thanks,
  Ovindo

  Hello Ovindo -
  Because you're running a VCS with X7.2.2 software, and using an guide that's meant for X7.0, what you're looking for has changed since that guide.
  Please take a look at the X7.2.2 release notes on page 10, "Device Authentication".
  You should be using this device authentication guide for your version of VCS software.

• Aaa authorization commands for pix 535

  Hi ,
  Can you provide aaa authorization commands for pix 535
  Sanjay Nalawade.

  Hi,
  Please find the AAA config for PIX.
  aaa-server TACACS+ protocol tacacs+
  max-failed-attempts 5
  aaa-server TACACS+ (ExranetFW-In) host
  timeout 5
  key ********
  aaa authentication enable console TACACS+ LOCAL
  aaa authentication serial console TACACS+ LOCAL
  aaa authentication http console TACACS+ LOCAL
  aaa authentication ssh console TACACS+ LOCAL
  aaa authorization command LOCAL
  aaa accounting command privilege 15 TACACS+
  aaa authorization exec authentication-server
  Karuppuchamy

• Configuring AAA Authorization on ACS 4.1

  Hi,
  Can anybody provide me links to any good documentation on how to configure AAA Authorization using Command Shell on the ACS 4.1 ? I would be really grateful if someone one can point me few links.
  Thanks,
  Meet

  Hi
  I would try looking at this link:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a0080088893.shtml
  This describes how to plan, design and build shell cmd auth config in ACS.
  Darran

• ACS Authentications via RSA or local database

  Hi Expert,
  Currently, I have a group of devices authenticate through RSA. Now, we are implementing Nagios monitoring system that require backup device configuration through ACS local database. Is that possible to create a login credential using local database while maintain two form factor authentication?
  Cheers,
  Jeffrey

  Hi,
  We had a same sceraria as well, which is required login credential by using ACS local database only as our NMS do not support two form factor login. Currently, we are using ACS 5.2. Appreciate if you could provide us some idea on this. Thanks!

• FWSM: AAA authentication using TACACS and local authorization

  Hi All,
  In our setup, we are are having FWSMs running version 3.2.22 and users are authenticating using TACACS (running cisco ACS). We would like to give restricted access ( some show commands ) to couple of users to all devices. We do not want to use TACACS for command authorization.
  We have created users on TACACS and  not allowed "enable" access to them. I have also given those show commands locally on the firewall with privilege level 1. and enabled aaa authorization LOCAL
  Now , those users can successfully login to devices and execute those show commands from priv level 1 except "sh access-list".  I have specifically mentioned this
  "privilege show level 1 mode exec command access-list"  in the config.
  Is there anything i am missing or is there any other way of doing it?
  Thanks.

  You cannot do what you are trying to do. For (default login you need to use the first policy matched.
  you can diversify telnet/ssh with http by  creating different aaa groups.
  But still you will be loging in for telnet users (all of them) using one method.
  I hope it is clear.
  PK

• Local Webauth WLC using radius database

  Hi all,
  I was implement local Webauth WLC not using local auth . I use radius database.
  at least I try to add on my  WLAN:
  layer 3 web auth  authentication
  layer 2 security is WPA/WPA2 PSK
  adding aaa radius server
  aaa radius "network user" check list  enabled
  web auth priority order
  radius
  LDAP
  after I Test WLAN ,I cant login using radius database.
  but, if I implement security method wpa/wpa2 dot1x  I can login using radius database.
  is there any miss in my config for implement webauth  method?
  Thanks
  ridho

  Are you trying to use LDAP or Radius to authenticate the webauth users? Since you have 802.1x working, I don't see why you would use LDAP. What radius server are you using also? Typically if your using Microsoft IAS or NPS, you have to
  Change the device type to Login to get webauth with radius to work. Here is an example of 3 ways to authenticate webauth users. You should be able to find others out there also.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml
  Sent from Cisco Technical Support iPhone App

• SQL ENTERPRISE: The edition of Reporting Services that you are using requires that you use local SQL Server relational databases for report data sources and the report server database

  The error below makes absolutely no sense! I'm using Enterprise Core...yet I'm being told I can't use remote data sources:
  w3wp!library!8!03/05/2015-19:08:48:: i INFO: Catalog SQL Server Edition = EnterpriseCore
  w3wp!library!8!03/05/2015-19:08:48:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.OperationNotSupportedException: , Microsoft.ReportingServices.Diagnostics.Utilities.OperationNotSupportedException: The feature: "The edition of Reporting
  Services that you are using requires that you use local SQL Server relational databases for report data sources and the report server database." is not supported in this edition of Reporting Services.;
  Really? This totally contradicts the documentation found here:
  https://msdn.microsoft.com/en-us/library/ms157285(v=sql.110).aspx
  That article says remote connections are completely supported.
  ARGH! Why does this have to be so difficult to setup?!?

  Hi jeffoliver1000,
  According to your description, you are using Enterprise Core edition and you are prompted that you can’t use remote data sources.
  In your scenario, we neither ignore your point nor be doubt with what you say. But actually we have met the case before that even though the SQL Server engine is Enterprise but the reporting services is still standard. So I would recommend you to find the
  actual edition of reporting services you are using. You can find Reporting Services starting SKU in the Reporting Service logs ( default location: C:\Program Files\Microsoft SQL Server\<instance name>\Reporting Services\LogFiles). For more information,
  please refer to the similar thread below:
  https://social.technet.microsoft.com/Forums/en-US/f98c2f3e-1a30-4993-ab41-acbc5014f92e/data-driven-subscription-button-not-displayed?forum=sqlreportingservices
  By the way, have you installed the other SQL Server edition before?
  Best regards,
  Qiuyun Yu
  Qiuyun Yu
  TechNet Community Support

• Can I use Microsoft SQL Server Management Studio version 11.0 to write SQL queries for "SQL Server Compact 4.0 Local Database"

  Hi, Can I use Microsoft SQL Server Management Studio version 11.0 to write SQL queries for "SQL Server Compact 4.0 Local Database" ?
  When I use Connect Object Explorer, the "Connect to Server" dialog box which pops up has only 4 selections in the Server Type Drop Down List. They are Database Engine, Analysis Services, Reporting Services & Integration Services. I have read
  somewhere that there should be a compact database option. but I do not see it.
  What I would like to do is use free form SQL Queries against the tables in "SQL Server Compact 4.0 Local Database" .
  Once I have validated these queries, then I will use them in my Visual Studio 2012 C#, ASP.NET application. I created the Local Database using Visual Studio 2012 for use by my application.
  Thank you for your help..
  diana4

  Hello,
  With SSMS 2005 we have had the Option to work with SQL CE database files, but not with higher Version of SSMS.
  You can use the free SQL CE Toolbax instead; see
  http://sqlcetoolbox.codeplex.com/
  Olaf Helper
  [ Blog] [ Xing] [ MVP]