AAA Group Issue
I have below config on switch (C2960S-UNIVERSALK9-M), Version 15.0(2)SE7,
aaa group server tacacs+ testgroup
server name test1
server name test2
server name test3
tacacs server test1
address ipv4 192.1.1.1
key 7 testkey
timeout 3
single-connection
Similarly for test 2 and test3
Issue is, when the switch boots, it shows below message though all the authentication and autho is working properly.
Mar 25 01:19:10 UTC: %AAAA-4-NOSERVER: Warning: Server test1 is not defined.
Mar 25 01:19:10 UTC: %AAAA-4-NOSERVER: Warning: Server test2 is not defined.
Mar 25 01:19:10 UTC: %AAAA-4-NOSERVER: Warning: Server test3 is not defined.
Only reason I can think of is when the switch boots, it parses line by line and since the ip addresses of test1,test2,test3 are defined after the declaration, we are receiving this message? Can someone please advise?
Thanks
rakeshvelagala,
Try config with this command:
tacacs-server host x.x.x.x single-connection timeout 3 key 0 yyyyyyyyyy
Regards,
GUs Magno
Similar Messages
-
I have setup ACS 4.2 and when I run
router# test aaa group tacacs+ myuser mypasswd [ legacy | new-code]
Both options work fine
But when I try and login, over telnet, the request reaches the aaa server, but returns fail !
My commands are :-
tacacs-server host xx.xx.xx.xx single-connection port 49
tacacs-server key xxxxxxxxxxx
aaa authentication banner ^CUnauthorized access forbidden^C
aaa authentication username-prompt "Enter Username: "
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
I dont see the banner NOR the "Enter Username:" prompt.
Also a debug aaa authentication and debug aaa subsys show that the request reaches AAA, but it simply returns fail
I had the same issue in 5.1, but that was due to the tacacs+ single-connection not being set or something similar, and the error
there was "shared secret does not match", on the AAA server logs
I am still new to 4.2, so am still trying to determine where the log files are etc, but since it works with the test command, I cant
seem to understand why it fails with telnet
Any idea why this may be happning ?
ThanksI tried both the sugestion.. no luck
Below are th eoutput of debug, with some lines in BOLD to help you
find interesting lines in the log output.
Thanks
fixeddemo#sh run | inc tacacs
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
ip tacacs source-interface FastEthernet0/1
tacacs-server host 10.1.7.15
tacacs-server key xxxxxxxxxx
fixeddemo#sh debugging
General OS:
TACACS+ events debugging is on
TACACS+ authentication debugging is on
TACACS+ packets debugging is on
AAA Authentication debugging is on
AAA Subsystem debugs debugging is on
fixeddemo#
Jun 17 14:15:54.666: AAA/BIND(00000072): Bind i/f
Jun 17 14:15:54.666: AAA/AUTHEN/LOGIN (00000072): Pick method list 'default'
Jun 17 14:15:54.666: AAA SRV(00000072): process authen req
Jun 17 14:15:54.670: AAA SRV(00000072): Authen method=SERVER_GROUP tacacs+
Jun 17 14:15:54.670: TPLUS: Queuing AAA Authentication request 114 for processin
g
Jun 17 14:15:54.670: TPLUS: processing authentication start request id 114
Jun 17 14:15:54.670: TPLUS: Authentication start packet created for 114()
Jun 17 14:15:54.670: TPLUS: Using server 10.1.7.15
Jun 17 14:15:54.670: TPLUS(00000072)/0/NB_WAIT/45585278: Started 5 sec timeout
Jun 17 14:15:54.674: TPLUS(00000072)/0/NB_WAIT: socket event 2
Jun 17 14:15:54.674: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Jun 17 14:15:54.674: T+: session_id 3123693045 (0xBA2FC5F5), dlen 24 (0x18)
Jun 17 14:15:54.674: T+: type:AUTHEN/START, priv_lvl:1 action:LOGIN ascii
Jun 17 14:15:54.674: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:10 (0xA
) data_len:0
Jun 17 14:15:54.674: T+: user:
Jun 17 14:15:54.674: T+: port: tty515
Jun 17 14:15:54.674: T+: rem_addr: 10.1.1.216
Jun 17 14:15:54.674: T+: data:
Jun 17 14:15:54.674: T+: End Packet
Jun 17 14:15:54.674: TPLUS(00000072)/0/NB_WAIT: wrote entire 36 bytes request
Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: Would block while reading
Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: read entire 12 header bytes (expect
16 bytes data)
Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: read entire 28 bytes response
Jun 17 14:15:54.674: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Jun 17 14:15:54.674: T+: session_id 3123693045 (0xBA2FC5F5), dlen 16 (0x10)
Jun 17 14:15:54.674: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:10, data_len:0
fixeddemo#
Jun 17 14:15:54.674: T+: msg: Username:
Jun 17 14:15:54.674: T+: data:
Jun 17 14:15:54.678: T+: End Packet
Jun 17 14:15:54.678: TPLUS(00000072)/0/45585278: Processing the reply packet
Jun 17 14:15:54.678: TPLUS: Received authen response status GET_USER (7)
Jun 17 14:15:54.678: AAA SRV(00000072): protocol reply GET_USER for Authenticati
on
Jun 17 14:15:54.678: AAA SRV(00000072): Return Authentication status=GET_USER
fixeddemo#
Jun 17 14:15:58.794: AAA SRV(00000072): process authen req
Jun 17 14:15:58.794: AAA SRV(00000072): Authen method=SERVER_GROUP tacacs+
Jun 17 14:15:58.794: TPLUS: Queuing AAA Authentication request 114 for processin
g
Jun 17 14:15:58.794: TPLUS: processing authentication continue request id 114
Jun 17 14:15:58.794: TPLUS: Authentication continue packet generated for 114
Jun 17 14:15:58.794: TPLUS(00000072)/0/WRITE/47194394: Started 5 sec timeout
Jun 17 14:15:58.794: T+: Version 192 (0xC0), type 1, seq 3, encryption 1
Jun 17 14:15:58.794: T+: session_id 3123693045 (0xBA2FC5F5), dlen 10 (0xA)
Jun 17 14:15:58.794: T+: AUTHEN/CONT msg_len:5 (0x5), data_len:0 (0x0) flags:0x0
Jun 17 14:15:58.794: T+: User msg:
Jun 17 14:15:58.794: T+: User data:
Jun 17 14:15:58.794: T+: End Packet
Jun 17 14:15:58.794: TPLUS(00000072)/0/WRITE: wrote entire 22 bytes request
Jun 17 14:15:58.798: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:15:58.798: TPLUS(00000072)/0/READ: read entire 12 header bytes (expect
16 bytes data)
Jun 17 14:15:58.798: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:15:58.798: TPLUS(00000072)/0/READ: read entire 28 bytes response
Jun 17 14:15:58.798: T+: Version 192 (0xC0), type 1, seq 4, encryption 1
Jun 17 14:15:58.798: T+: session_id 3123693045 (0xBA2FC5F5), dlen 16 (0x10)
fixeddemo#
Jun 17 14:15:58.798: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
Jun 17 14:15:58.798: T+: msg: Password:
Jun 17 14:15:58.798: T+: data:
Jun 17 14:15:58.798: T+: End Packet
Jun 17 14:15:58.798: TPLUS(00000072)/0/47194394: Processing the reply packet
Jun 17 14:15:58.798: TPLUS: Received authen response status GET_PASSWORD (8)
Jun 17 14:15:58.798: AAA SRV(00000072): protocol reply GET_PASSWORD for Authenti
cation
Jun 17 14:15:58.798: AAA SRV(00000072): Return Authentication status=GET_PASSWOR
D
fixeddemo#
Jun 17 14:16:02.502: AAA SRV(00000072): process authen req
Jun 17 14:16:02.502: AAA SRV(00000072): Authen method=SERVER_GROUP tacacs+
Jun 17 14:16:02.502: TPLUS: Queuing AAA Authentication request 114 for processin
g
Jun 17 14:16:02.502: TPLUS: processing authentication continue request id 114
Jun 17 14:16:02.502: TPLUS: Authentication continue packet generated for 114
Jun 17 14:16:02.502: TPLUS(00000072)/0/WRITE/47194394: Started 5 sec timeout
Jun 17 14:16:02.502: T+: Version 192 (0xC0), type 1, seq 5, encryption 1
Jun 17 14:16:02.502: T+: session_id 3123693045 (0xBA2FC5F5), dlen 14 (0xE)
Jun 17 14:16:02.502: T+: AUTHEN/CONT msg_len:9 (0x9), data_len:0 (0x0) flags:0x0
Jun 17 14:16:02.502: T+: User msg:
Jun 17 14:16:02.502: T+: User data:
Jun 17 14:16:02.502: T+: End Packet
Jun 17 14:16:02.506: TPLUS(00000072)/0/WRITE: wrote entire 26 bytes request
Jun 17 14:16:02.550: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:16:02.550: TPLUS(00000072)/0/READ: read entire 12 header bytes (expect
6 bytes data)
Jun 17 14:16:02.550: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:16:02.550: TPLUS(00000072)/0/READ: read entire 18 bytes response
Jun 17 14:16:02.550: T+: Version 192 (0xC0), type 1, seq 6, encryption 1
Jun 17 14:16:02.554: T+: session_id 3123693045 (0xBA2FC5F5), dlen 6 (0x6)
fixeddemo#
Jun 17 14:16:02.554: T+: AUTHEN/REPLY status:2 flags:0x0 msg_len:0, data_len:0
Jun 17 14:16:02.554: T+: msg:
Jun 17 14:16:02.554: T+: data:
Jun 17 14:16:02.554: T+: End Packet
Jun 17 14:16:02.554: TPLUS(00000072)/0/47194394: Processing the reply packet
Jun 17 14:16:02.554: TPLUS: Received authen response status FAIL (3)
Jun 17 14:16:02.554: AAA SRV(00000072): protocol reply FAIL for Authentication
Jun 17 14:16:02.554: AAA SRV(00000072): Return Authentication status=FAIL
fixeddemo#
[ The output below is for the next Username: prompt I believe]Jun 17 14:16:04.554: AAA/AUTHEN/LOGIN (00000072): Pick method list 'default'
Jun 17 14:16:04.554: AAA SRV(00000072): process authen req
Jun 17 14:16:04.554: AAA SRV(00000072): Authen method=SERVER_GROUP tacacs+
Jun 17 14:16:04.554: TPLUS: Queuing AAA Authentication request 114 for processin
g
Jun 17 14:16:04.554: TPLUS: processing authentication start request id 114
Jun 17 14:16:04.554: TPLUS: Authentication start packet created for 114()
Jun 17 14:16:04.554: TPLUS: Using server 10.1.7.15
Jun 17 14:16:04.554: TPLUS(00000072)/0/NB_WAIT/47194394: Started 5 sec timeout
Jun 17 14:16:04.558: TPLUS(00000072)/0/NB_WAIT: socket event 2
Jun 17 14:16:04.558: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Jun 17 14:16:04.558: T+: session_id 2365877689 (0x8D046DB9), dlen 24 (0x18)
Jun 17 14:16:04.558: T+: type:AUTHEN/START, priv_lvl:1 action:LOGIN ascii
Jun 17 14:16:04.558: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:10 (0xA
) data_len:0
Jun 17 14:16:04.558: T+: user:
Jun 17 14:16:04.558: T+: port: tty515
Jun 17 14:16:04.558: T+: rem_addr: 10.1.1.216
Jun 17 14:16:04.558: T+: data:
Jun 17 14:16:04.558: T+: End Packet
Jun 17 14:16:04.558: TPLUS(00000072)/0/NB_WAIT: wrote entire 36 bytes request
Jun 17 14:16:04.558: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:16:04.558: TPLUS(00000072)/0/READ: Would block while reading
Jun 17 14:16:04.562: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:16:04.562: TPLUS(00000072)/0/READ: read entire 12 header bytes (expect
43 bytes data)
Jun 17 14:16:04.562: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:16:04.562: TPLUS(00000072)/0/READ: read entire 55 bytes response
Jun 17 14:16:04.562: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Jun 17 14:16:04.562: T+: session_id 2365877689 (0x8D046DB9), dlen 43 (0x2B)
Jun 17 14:16:04.562: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:37, data_len:0
Jun 17 14:16:04.562: T+: msg: 0x0A User Access Verification 0x0A 0x0A Usernam
e:
fixeddemo#
Jun 17 14:16:04.562: T+: data:
Jun 17 14:16:04.562: T+: End Packet
Jun 17 14:16:04.562: TPLUS(00000072)/0/47194394: Processing the reply packet
Jun 17 14:16:04.562: TPLUS: Received authen response status GET_USER (7)
Jun 17 14:16:04.562: AAA SRV(00000072): protocol reply GET_USER for Authenticati
on
Jun 17 14:16:04.562: AAA SRV(00000072): Return Authentication status=GET_USER
fixeddemo# -
Match different AAA Groups per source IP
Dear Colleagues,
The issue that Im facing right now is the following:
I have an external device that run auto-commissioning on my router and doesn't support "username" loggin, only "password" when attempt to loggin through telnet in order to access and run the script. In addition I have AAA TACACs running on the same router so this device is unable mow to access to the router as the first loggin request is the "username". I can not change the telnet command executed by the external device, its doing a single telnet to the destination IP of my router so I discard any option like adding a TCP port dedicated for this external device access. To be clear, what is expecting to receive after execute the telnet is:
c:/> telnet 1.1.1.1
Trying 1.1.1.1...
Connected to 1.1.1.1.
Escape character is '^]'.
User Access Verification
Password:
To fix this issue my idea is try to configure two different AAA groups, one AAA_GROUP that request normal authentication to TACACs for all telnet session and one EXCEPTION with authentication "none" and exec "local". The configuration should be something like this:
aaa new-model
aaa group server tacacs+ AAA_GROUP
server-private A.B.C.D key 7 ###################
ip tacacs source-interface Loopback0
aaa authentication login default group AAA_GROUP local
aaa authentication login EXCEPTION none
aaa authentication enable default group AAA_GROUP enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group AAA_GROUP local
aaa authorization exec EXCEPTION local
aaa authorization commands 15 default group AAA_GROUP none
aaa accounting exec default start-stop group AAA_GROUP
aaa accounting commands 15 default stop-only group AAA_GROUP
aaa accounting connection default stop-only group AAA_GROUP
aaa accounting system default start-stop group AAA_GROUP
aaa session-id common
Then match in some way all telnet session with source IP of the external device with the group EXCEPTION and the rest with AAA_GROUP. Finally, configure only a "password" in the VTY lines so when the device attempt to loggin in the group EXCEPTION with no authentication and loggin local will be just requested to set the "password".
The main issue is do this AAA groups discrimination between AAA_GROUP and EXCEPTION lists per source IP of the host originating the telnet session to my router. Is that possible?
Thanks in advance for your support.Hi,
problem is in you config, both class are pointing to same VIP and PORT, so first class will be only HIT.
try this confgiuration
policy-map type loadbalance first-match NON_AUTHENT_PM
class NON_AUTHENT_CM --------for desired client source IP's
serverfarm PROXY_HTTP_SF
nat dynamic 6 vlan 1601 serverfarm primary
class class-default ------for rest of client IP's
serverfarm PROXY_HTTP_SF
nat dynamic 5 vlan 1601 serverfarm primary
and remove NAT from multi-match policy. use single class, so rest of config will be
serverfarm host PROXY_HTTP_SF
description Proxied Internet Connections
probe PROXY_HTTP_PROBE
fail-on-all
rserver ELFCPRXY1
inservice
rserver ELFCPRXY2
inservice
rserver ELFCPRXY3
inservice
class-map match-any NONAUTHENT_HTTP_VIP
3 match virtual-address 10.10.240.5 tcp eq 80
class-map type http loadbalance match-any NON_AUTHENT_CM
description Subnets from which Internet Authentication is not Required
3 match source-address 10.10.16.0 255.255.240.0
4 match source-address 10.10.32.0 255.255.240.0
5 match source-address 10.10.48.0 255.255.240.0
policy-map type loadbalance first-match NON_AUTHENT_PM
class NON_AUTHENT_CM
serverfarm PROXY_HTTP_SF
nat dynamic 6 vlan 1601 serverfarm primary
class class-default
serverfarm PROXY_HTTP_SF
nat dynamic 5 vlan 1601 serverfarm primary
policy-map multi-match LOAD_BAL
class NONAUTHENT_HTTP_VIP
loadbalance vip inservice
loadbalance policy NON_AUTHENT_PM
loadbalance vip icmp-reply
Hope this help -
I have a report which have year(2008), Category(0-1,2-3, ALL), product(0,1,2,3,4..), % sales. I group by all the category elements and called it as All, I am not getting the right percentage sales for the Category ALL other wise for 0-1,2-3 i am getting it right. Please advise where i am doing it wrong. please find the blog for a screen shot of my issue.
http://ravibiblog.blogspot.com/2012/04/report-with-grouping-issue.html
Thanks,
RCPl post details of OS, database and EBS versions. Pl see if these MOS Docs can help
FARXPBSH Failing With "Program was terminated by signal 11" or "Program was terminated by signal 10" (Doc ID 742729.1)
Publishing RXAPPYAC: The FARXPBSH Ends With 'Signal 11' Error (Doc ID 432797.1)
RXi RX Reports Failing With Program Was Terminated By Signal 10 or 11 Errors After FA Rollup Patch 6 (Doc ID 737963.1)
Program was Terminated by Signal 11 when Running Rxi Reports (Doc ID 559425.1)
HTH
Srini -
Sorting /Grouping Issue: Single Artist Compilation Album Doesn't Group
iTunes 8 Sorting / Grouping Issue
EXAMPLE
• Album: Essential Willie Nelson
• There are 22 songs on this Disc
• 19 of them are labelled "Willie Nelson" in the artist field
• 3 of them are lebelled "Willie Nelson Feat. Waylon Jennings" in the artist field
PROBLEM
• Album will not stay grouped together when in the standard "Sort by Artist" in Grid View. A very legitimate expectation to be able to have Willie's name listed along with his pals in the artist field and have them grouped together in one album within Willie's albums section. 19 songs group within one album in the Willie Nelson section and the other 3 are placed separately either in the compilation section or as separate albums within the regular artists grid view.
I've read most if not all postings that suggest solutions but no matter what... they don't work. The only way that I know to work is to strip out all other names and leave only "Willie Nelson" in the Artist field. All other sorting and grouping options don't work for this issue... I've tied every combination. My opinion is that this is just a limitation at this time and there is no solution until future updates. I don't want a cheezy work-around either, that's very "unApple like". I assume it to be fixed in future updates.
Bueller... Bueller?
Anyone?There's a few other "goodies" I have found also but haven't had time to check out.
If you have songs not in iTunes that you want to add to iTunes in a different format than the song is in...
(This is carried over from at least 7.4)
Set the Importing prefs to what you want the new file to be.
Hold the Option key and go to menu Advanced and select *Convert selection to* AAC (or whatever is in the Import prefs}.
This will add it to iTunes in the new format.
Previously, you had to Import the file, change the prefs, go to Advanced - *Convert selection to*, convert the file, then delete the original from iTunes.
This is new...
In iTunes 8, go to to File - > *Show duplicates*. (moved from View menu).
Now hold Option and go to to File and it now displays *Show exact duplicates*.
Don't know what it means by *exact duplicate* though. -
HI Gurus,
My client is following this scenario.It has make to Order scenario and so many subcontracting process is done by the client.
The scenario is like,multiple work Orders are sent to Subcontract Vendor through single Group Issue.
For Example: 5 different work orders have the same processing work and has to be carried out by SC vendor X.
What they are doing, they donot issue the materials to the same SC vendor 5 times instead they make a group of the work Orders and issue the materials to SC at a time.
How can we map this into SAP????????
Thanks & Regards
PranayaHi
In MB1B , you can club all the PO's & issue the Goods to the SC vendor.
Goto MB1B, enter movemnt type 541, Click on To Purchase order & enter the PO & item details. Now adopt the details & issue the Goods to SC vendor.
Thanks & Regards
Kishore -
Hello all,
Our devices are configured to point to 3 ACS servers using the following commands:
aaa new-model
aaa group server tacacs+ ACS
server x.x.x.x
server x.x.x.x
server x.x.x.x
exit
On a recent IOS deployment all of the 'server x.x.x.x' commands were removed from the config following a reboot. This was on a wide range of devices using 122 40, also tried 122-44 with the same affect. Can anyone explain why?
Thanks in advance.HI Paul, [Pls Rate if HELPS]
Possible reasons are:
1. The Configuration was not saved before reload [write memeory (or) copy running-config start-up config]
2. The router could have got loaded with the start-up config [ie., the running-config & start-up config may not be same]
3. If there are any Config that are saved as Archives [in flash] means, may be that could have loaded by some means of command that are put in config before reload.
Hope I am Informative.
Pls RATE if HELPS
Best Regards,
Guru Prasad R -
Hello everybody.
I am having some trouble when lots of users try to connect via Anyconnect on my ASA (5545-X).
At the peak some users complaints they cannot authenticate and I see these messages flaping on logs:
%ASA-2-113022: AAA Marking RADIUS server 1.1.1.1 in aaa-server group SRV-RADIUS1 as FAILED
%ASA-2-113023: AAA Marking RADIUS server 1.1.1.1 in aaa-server group SRV-RADIUS1 as ACTIVE
After a while it get back working normaly and has no more message like that.
Changing the "timeout" parameter (default is 10) to a higher number is a good idea? Or the problem could be at Radius server?
aaa-server SRV-RADIUS1 protocol radius
aaa-server SRV-RADIUS1 (inside) host 1.1.1.1
time-out 20
thnksHi Vitor and sorry for the delayed reply! Your English is just fine! :)
I am glad that changing the "timeout" value have solved the problem.
On your second question: I never had to filter any attributes out of the ASA and I am not sure if it is possible. With that being said, I don't think that the issue was/is with the ASA sending too much logging/Radius info. If you only had around 10 concurrent users during your peak hours then there is no way that they overwhelmed the Radius server :) The fact that the issue went away after changing the "timeout" value leads me to believe that the problem is related to something else. For instance, RTT (round trip delay) between the aaa server and your ASA or link saturation that causes bandwidth starvation which cases the server to timeout in the ASA...just some ideas here :)
I hope this helps!
Thank you for rating helpful posts! -
Hi All,
I've got an issue when adding a device to ACS.When I try to login to the device after adding it to the ACS, it does'nt prompt me to enter my tacacs username and password, instead it prompts me to enter the tacacs username/password details when I try to get into the enable mode. Also, once I am in the enable mode, I cant execute any commands as shown below:
Router01#debug aaa authentication
Command authorization failed.
^
% Invalid input detected at '^' marker.
Router01#sh run
Command authorization failed.
% Incomplete command.
The aaa config is as listed below:
aaa authentication login default group TACACS-GROUP enable
aaa authentication enable default group TACACS-GROUP enable
aaa authentication ppp default local
aaa authorization commands 1 default group TACACS-GROUP if-authenticated
aaa authorization commands 15 default group TACACS-GROUP if-authenticated
aaa accounting commands 1 default start-stop group TACACS-GROUP
aaa accounting commands 15 default start-stop group TACACS-GROUP
Everything works fine once I remove the device from ACS. How do I get over this issue? Any advice would be much appreciated.
Regards,
PVPV,
The reason you are not able to issue any command is because, you have command authorization enabled on Router.
It seems that you don't want that. You need to remove these commands,
no aaa authorization commands 1 default group TACACS-GROUP if-authenticated
no aaa authorization commands 15 default group TACACS-GROUP if-authenticated
These commands are used to authorize what all command user can issue.
Please see this link, it explain about setting up command authorization using acs,
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml
Regards,
~JG
Do rate helpful posts -
Grouping issue vouchers items in an invoice
Hi all
I'm developing an inventory and sales system , I have a master detail form for issue vouchers issued to customers, the master block contains the columns voch_no (issue voucher no) and the customer_no from issheads table and the detail block contains voch_no, stock_code,quantity and price colums from isslines table.
Each customer may have more than one issue voucher, and each issue voucher may have more than one item.
I have another form, the invoice form (also a master detail just like the issue voucher).
What i hope to do is when the user creates a new invoice for a specific customer, he shouldn't create the invoice items himeself, but he should select some issue vouchers that belong to that customer (better to be multi select), then the invoice items will be created automatically to get the sum(quantity) grouping a line for each item by stock_code,price.
The issue voucher numbers related to each invoice should be saved in a table for later updating.
my question is :
1-Should i create a new table that contains all the nmbers of the issue vouchers related to the invoice no ?
2- how can i handle this in forms builder ?, should i create a new form, or can i achieve this in the invoice form itself and how?
Please helpThank you!
You're probably right, I might be talking about a feature of the sistem I'm using. Actually I'm not sure if I have access to database but probably not, I work at Xerox in Brasil and would like to know a little bit more about Oracle, with out have to ask my boss all the time. I work with record receipts of different species have lost much time trying to find repeating items on invoices. Sometimes we have interface issues, some items don't go to WIS (warehouse information system) after it registers on Oracle, so we have the physical part but it's not in the report storage
My boss once told me he would teach me a way to see items of an invoice (repeting or not) after it registers on Oracle, but he is too busy, so I'm trying to find out by myself. If it helps, the systems responsability is Oracle applications - OSPD and my security group is standart.
I'm sorry if my english is not that good I feel that my words seem a little confusing to you...
Did you understand what I mean? Hope you did, and hope you can help.
Thanks once again for your interest in helping me I really aprecciate it.
Regards,
Maria Carolina. -
AD security group issues in SharePoint 2013 Integrated Mode
Hello,
Sorry if this is the wrong forum, I'm not sure if this is a SharePoint issue or a Reporting Services configuration issue (or if it should be in a SharePoint forum regardless).
I have SSRS2012 on SharePoint 2013 in integrated mode. We are doing item level permissions, which means we have an AD security group Reports-All with
Read to the Reports document library, then each actual report has unique permissions. We have a report with the ProjectManagers AD
security group on it with Read (plus some other stuff to let them manage subscriptions), and another AD security group ProjectUsers with
just Read access so they can open the reports. The data source used by this report has the AD security group I mentioned before, Reports-All,
with Read.
At a SharePoint level, things appear to work. When a user in ProjectManagers or ProjectUsers browses
to the library, they see only the 3 reports that those two security groups have permission to see (out of a lot more in the library). That means SharePoint is reading those security group memberships correctly as far as I can tell.
The issue is when a user in ProjectManagers or ProjectUsers clicks
on a report, they get a reporting server based error message, and the ULS logs have an error specific to the user trying to run the report.
Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'MyDomain\MyUser' are insufficient for performing this operation. (Fault Detail is equal to Microsoft.ReportingServices.ServiceContract.RsExceptionInfo)
If I add that specific user with Read permissions to the report and the data source, they are then able to run the report without errors. It seems like some Report Server component is not liking the fact that I'm using security groups.
Has anyone seen this behavior with AD security groups? Any ideas on why my environment does not want to work properly with those even though AD security groups are working fine for other non-Reporting Services files?
Thanks,
AaronHi aaronzott,
According to your description, you configured SSRS 2012 of SharePoint integrated mode. You added read permission to reports and data source to AD security group Reports-All, then added just read permission to ProjectManagers and ProjectUsers groups. When
users in ProjectManagers or ProjectUsers groups click report, the error message occurred. After you added Read permissions to the report and the data source to the groups, they can preview the report without errors.
Report definition permissions are defined through List permissions on the library that contains the report, but we can set permissions on individual reports if we want to restrict access. Set properties on a report including data source connection information,
processing options, and parameter properties. Edit Items on the library that contains the report or on the individual report. We also need to have view permissions on a shared data source (.rsds) to select it for use with the report.
For more information about Set Permissions for Report Server Operations in a SharePoint Web Application, please refer to the following document:
http://msdn.microsoft.com/en-us/library/bb326286(v=sql.110).aspx
If you have any more questions, please feel free to ask.
Thanks,
Wendy Fu
If you have any feedback on our support, please click
here. -
Grouping Issue - Siebel related
Hi All,
Am facing an issue in one of the reports. Below is the scenario.
I need to group my Contact list report on "Country" field which is not a direct field in Contacts. It is coming from another Business Component in Siebel which is "Personal Address".
This is not working. But when I try to group the report based on a field which is a direct field from Contacts, it is working fine. (Ex: Contact Name)
Am unable to achieve this. Kindly help me with this.
Thanks in advance,
Imtiaz.Since your country details are under contacts, use the correct path for regrouping.
-
Outlook 2010 Contact Group Issue
We have a Public Folder Distribution List (Contact Group) that is accessible to several users. There are two significant issues:
When changes are made to the list, they are not always saved. For example if I enter a contact "Jon Smith" with email information, and then realize it should be "John Smith" and correct it, in many cases when I next open/use the
list the contact info has reverted back to "Jon Smith". This appears to occur at random.
Returning emails sometimes have sender addresses that are incorrect, i.e. an item sent to "John Smith" (a list member) will reach him, but his reply comes back as "Don Jones"
In addition, we get locked out of this list at random intervals. Our environment is Exchange Server (I believe it's 2010, not 100% sure) and Outlook 2010 clients.
Any insight is appreciated.
Thanks,
Steve MaceyHi,
So this is a Public Folder Distribution List, please first check if you have the right permission to update it.
Any other users having the same issue? Please share me the exact steps of how you modify the email information in the Contract Group.
For the second issue, do you mean it's only the name that displays incorrect, but the email address is actually right? Please check if you have the "Don Jones" contact (in your case) in your address book, which has the same address info filled as "John
Smith", the expected one.
Thanks,
Ethan Hua CHN
TechNet Community Support -
Material group Issue for Maintain specific EBP Purchasing org
Hi Grus
Can any one help me on this issue, is it possible to maintain some specific material group to one EBP purchasing org.
your answerer will be rewarded.
Thanks & Regards
SadaTeja Provided some usfull document.
Thanks Teja
Sada -
Hi,
I am trying to assign an output type for PO printing to a P.Grp using T.Code MN04.I already assigned it but the output is not getting determined in PO.Where as, if I do the same thing for any other P.Grp. its easily getting determined.
The issue is only with one P.Grp.
Can you please suggest what can be the problem?
AshishHi
Check, if you have created the Output determination using the Txn MN04, If you try to create the same combination again in MN04 it should not allow you. Check the condition Recodr details in MN05 in the second screen enter the Doc. tyep /Purchase orgn/vendor which you have already created and execute you should be able to view the detailsinside if not then the condition is not there.
mean whil how did you create an output type condition record based upon Purchasing Group ? The existing Key combination does not contain any Pur grp. reference but Only Purchase Organisation only
for two of the selections.
Regards
Maybe you are looking for
-
How can I change the page size of a pdf so i can view it on my iphone more clearly?
How can I change the page size of a pdf so i can view it on my iphone more clearly?
-
Jeff I've been running into a similar issue like this but with 6.0.5. I had to re-install Premiere for a different reason, then right after the install attempted the update. Failed at that point. Then i downloaded it manually and tried installing but
-
Some icons are not shown correctly in Gnome tray
The image should tell everything. In the tray there should be icons from Guake, Dropbox and Skype. However only Skype is visible. Does anyone know where could be the problem? I noticed that Synergy icon behaves also wrongly. thanks Jan
-
Uploading in Sharepoint Library
When I save my training, demo project and upload it to our SharePoint library it doesn't just upload the demo. The entire Captivate application appearswith a listing of all the projects created. what am I doing incorrectly?
-
Change log in HR (Table PCL4 Cluster LA)
Hi @ all, when infotype logging is activated changes made in infotypes are logged into table PCL4 cluster LA. We have the following problem: HR masterdata is stored into our system from an external system via ALE. But the problem is that no change lo