ACS 4.2 Problem: Change of user TACACS attribute

Hi everybody,
I'm trying to change the user TACACS+ attribute and the following error happens:
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://acs-lab:10765/setup.exe?
The following error was encountered:
Zero Sized Reply
Squid did not receive any data for this request.
Your cache administrator is webmaster.
Generated Mon, 27 Jul 2009 20:18:00 GMT by ubuntu-server-606.localdomain (squid/2.6.STABLE16)
The attribute that I changed in TACACS+ Settings is:
- select: Shell (exec)
- select: No callback verify - Enable
After, I click Submit and the previous error happens.
Does anybody knows why this happens?
Thanks,
J A Stuchi

Your local network might be using squid caching server. You get zero sized reply when there is no response from the website, squid is trying to cache.
Squid has the policy of connection timeout. May be squid was waiting for reply from your site, and after the timeout, its throwing this error.
So, the problem might be with your local networkâ¦ and partly your webhost because your site is slow

Similar Messages

ACS v5.2 - Unable to update User integer attributes through File Operations

Hi,
I have created some internal users on ACS v5.2 and added some Unsigned Integer attributes for each user. I am trying to do a bulk update of these integer attributes using the File Operation facility. However no matter what number I put on the import template it doesn't get updated and displays a "0" in the user config.
The import template is validated successfully with no errors and also the string attributes are updated correctly.
There is a sort of work around of deleting the users and adding them back in with the updated values. But this is not feasible as it would reset their passwords. I have also tried saving the csv file in Open Ofifce instead of Excel
Has any one else come across this problem?
(I am unable to see this issue in the Release notes or Bug tool kit although there is a similar issue when updating devices in CSCth68051)

Hi,
Thanks for the reply. I have managed to recreate the problem to show you but it is a bit more complicated than I first thought. The problem only occurs when the integer attributes are added after the user is created.
I created a dummy user. The MTL and TLS attributes were present before the user was added. I then added the XXX and ZZZ attributes afterwards and assigned them default values. The default values show up in the GUI config.
However when I export the database to a csv file only the values of the MTL and TLS attributes show up in the export file:
I then downloaded an import template and updated the integer values for TLS,MTL, XXX and ZZZ for the dummy user:
The file imports successfully with no errors. However, when I display the user config only the MTL and TLS attributes have changed. The XXX and ZZZ attributes have stayed the same.
I thought it might be because I was assigning a default value of 0 to the new attributes but I assigned ZZZ a default value of 1 and the same thing occurred.

Problem in RFC as JCO changed from user/password to SSO

Hi all
Initially i was using CO with user/password properties but now it has been changed to SO.
In my webdynpro project there are 3 RFC Models being used.
Out of which 2 are working fine and giving the desired results but 1 RFC works fine on the R/3 side but from the webdynpro side it does not work just displays bapireturn - "Not successful".
As the properties of the JCO changes to USer/password , the RFC works fine giving the desired results
Plz let me know wht cld be the problem
Thanks and Regards

Vindhya,
With SSO, the details of the user who's logged in goto R/3 and thus determines if the user has authorizations to run this RFC. This user could be different from the user you were using previously without SSO.
Meaning, this time, with SSO, the user is you whereas the user for user/pwd is someone else and you dont have authorizations to run the RFC??
And another thing, even if you can successfully run that RFC logging into R/3, your userid may not have RFC authorizations (which is required to do a RFC call). IF thats the case, you need to talk to your security/basis guys.
Lemme know if that could be the case in your situation.
Rajit
Message was edited by:
Rajit Srinivas

Problems with device manager tacacs authentication

We've recently upgraded our Device Manager to 4.1(3a) and have a mix of switches running this version as well as older versions (3.3(3)). We use AAA tacacs+ on the switches to a Cisco ACS server for user authentication. The ACS server backends out to our Windows Domain authentication service. Typically usernames are formatted as follows: domain\username
This has worked fine for a long time, however now DM 4.1(3a) can't authenticate a user on a 3.3(3) switch. Various debugs and logs on the ACS point to problems handling the \ character in the username. A single \ gets "eaten" by either DM or the switch(don't know which) and the ACS sees a login attempt from domainusername, which of course fails. A \\ doesn't work either, in this case both \ characters are passed through to the ACS which now see a login attempt from domain\\username which also fails.
Looked at all the release notes, CCO bug searches, google and previous forum articles and found nothing on this.
Any help would be appreciated.
thanks,
Peter

Hi Dexios and welcome to the forums!
Here is the knowledgebase article on desktop/Bluettoth connection:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB04132&sliceId=SAL_Pub...
Thanks,
Please remember to resolve your thread. Put the check mark in the green box that contained your answer! Thanks
Click Accept as Solution for posts that have solved your issue(s)!
Be sure to click Like! for those who have helped you.
Install BlackBerry Protect it's a free application designed to help find your lost BlackBerry smartphone, and keep the information on it secure.

How to change SSO user's password: Get LDAP URL

Hi,
I would like to add a 'change user SSO password' form to my BC4J application. The form's submit button fires an action that calls a PL/SQL package. This package receives 7 parameters, and uses de dbms_ldap package to change the user's password.
Parameters:
- LDAP Host
- LDAP Port
- User DN
- SSO Username
- Old Password
- New Password
- Retyped New Password (for confirmation)
I'm trying with a DataForwardAction event whose purpose is to get the user's account information and the LDAP location, but I can't get the LDAP Location (ClassCastException) and the SSOUsername (NullPointerException).
I'm using JDeveloper 10.1.2.0.0 (Build 1811)
My question is: ¿What am I doing wrong? ¿Is there any easier way to do this?
The code is below:
import javax.servlet.http.HttpServletRequest;
import oracle.adf.controller.struts.actions.DataActionContext;
import oracle.adf.controller.struts.actions.DataForwardAction;
import oracle.security.jazn.JAZNConfig;
import oracle.security.jazn.spi.ldap.LDAPJAZNProvider;
public class ChgPwdAction extends DataForwardAction
public void onChange(DataActionContext ctx) throws Exception
    HttpServletRequest request = ctx.getHttpServletRequest();
    String host                = null;
    String port                = null;
    String userDN              = null;
    String SSOUsername         = null;
    String oldPwd              = null;
    String newPwd              = null;
    String confirmNewPwd       = null;
    try
      LDAPJAZNProvider ldapProvider = (LDAPJAZNProvider)JAZNConfig.getJAZNConfig().getJAZNProvider();
      host = ldapProvider.getJAZNConfig().getLocationURL().getHost();
      port = "" + ldapProvider.getJAZNConfig().getLocationURL().getPort();
    catch (ClassCastException e)
      //System.out.println(e);
      throw new Exception("Missing LDAP location");
    try
      userDN = request.getHeader("Osso-User-Dn");
    catch (NullPointerException e)
      //System.out.println(e);
      throw new Exception("Missing User DN.");
    SSOUsername   = request.getRemoteUser();
    oldPwd        = (String)request.getParameter("oldPwd");
    newPwd        = (String)request.getParameter("newPwd");
    confirmNewPwd = (String)request.getParameter("confirmNewPwd");
    request.setAttribute("Host", host);
    request.setAttribute("Port", port);
    request.setAttribute("UserDN", userDN);
    request.setAttribute("SSOUsername", SSOUsername);
    request.setAttribute("OldPwd", (String)ctx.getHttpServletRequest().getParameter("oldPwd"));
    request.setAttribute("NewPwd", (String)ctx.getHttpServletRequest().getParameter("newPwd"));
    request.setAttribute("ConfirmNewPwd", (String)ctx.getHttpServletRequest().getParameter("confirmNewPwd"));
    //System.out.println (userDN + "-" + SSOUsername);
// To override a method of the lifecycle, go to
// the main menu "Tools/Override Methods...".
}Thanks in advance.

Hi again,
First of all, thanks for your reply.
Yes, I know I can use JNDI instead of a call to a PL/SQL package (I visited this link: http://forum.java.sun.com/thread.jspa?threadID=592611&start=0 that explains how to do it), but in both cases I have the same problem: I don't know if it's possible to get the LDAP's environment specifications (PROVIDER_URL, SECURITY_PROTOCOL) dynamically.
Our production environment's LDAP is not the same as our development environment's LDAP. This is why I want to get this information dynamically.
I think that this information is stored in the jazn.xml file: Is there any way to get this information?
Thanks a lot.

How to change Analyzer user password with Administration API?

Hi, I would like to change Analyzer user password with Administration API. Can someone post some sample commands to do the task? I would just like to write an application to change end user's Analyzer password. As I see I would need to do the following: 1. login with admin userid/password 2. execute some method to change password for required userid. I think the input parameter should be userid (of the user I would like to change password) and new password (the new password for the user). 3. logout Can someone post some sample code (commands to execute)? Thanks, grofaty My system: Analyzer Server 7.0.1. Essbase server 7.1 Windows XP SP2 

<blockquote>quote: <hr>Originally posted by: knightrich Hello Mr. Jordan. I would like to exchange some thoughts about "housekeeping" Analyzer reports in preparation for migration from Analyzer 7.0.0.0.01472 to 9.x: ... Did you solved such a problem or do you have an idea if it could be solved with the Admin API methods? ... Migration from 7.00 to 9.x: As we heard last week the "Migration Wizard for Reports" in 9.3 should be able to migrate reports. Do you have experience or more detailed information about that Wizard? Many thanks in advance knigthrich<hr></blockquote> knighrich, I'd like to be more help, but I have no experience with System 9. I did substantial cleanup when we migrated from Analyzer 6 to Analyzer 7.1, and even more cleanup when moving up to 7.2, but our installation is smaller in scale than yours and we didn't need to automate report cleanup. You might be able to get the ownership information you need through the back door, doing a direct query on the database, but simpler might be an export users, at least from 7.0. (This facility probably doesn't exist in system 9; it was dropped in 7.2 in favor of an undocumented API) The export file is an xml file that could easily be parsed to identify reports that have the administrator as user and then a second pass to delete those with otuer ownership as well. As previously suggested, you might be able to get this by a well crafted SQL query against the repository. Procedurally, we have both public reports that have the blessing of management and are widely available, owned by a "public owner", and private reports developed by indivdual users and shared or not. Our team maintains the public reports, but not the private reports. We may be asked to make a previously private report public and take over maintenance of it. I hope that you can find a solution that meets your needs. Certainly a call to customer support to identify a poorly documented feature would be in order.

How to configure ACS 5.2 for policy condition on TACACS+ Service

In https://supportforums.cisco.com/message/3953175#3953175 thread, I was able to get the ACS 5.2 work with SRX for both SSH CLI and J-Web TACACS+ accounts. However, I found the behavior is different on our production environment. I found our ACS 5.2 was configured authorization rule with condition "TACACS+ Service" = "junos-exec". I don't know how to configure this on my ACS 5.2 Please guide me how to configure this.
I found there was NO TACACS+ "Authorization Request" when access via J-Web in our production SRX and ACS. However, there were TACACS+ "Authorzation Request" when access via J-Web in our production SRX and ACS. The difference between my lab ACS and production ACS is the authorization rule condition. In my condition, I configure with all "SRX" Device Type. but in our production ACS 5.2, it was configure to TACACS+ Service=junos-exec. so I like to test it in our lab to find out the difference. Thanks.

I would suggest you to go through the below two link.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/migration/guide/Migration_Configure.html
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/common_scenarios.html

Error while trying to change the user password on OSX Lion

Hello,
I am trying to change the user password ( no admin user ) using the webinterface. I enabled the functionality in webservices on the server.
I can loginto the three line password changing form. After I enter the old and two times the new password, I get the information
"Your request could not be completed. The password server may be unavailable."
How can I fix this problem? I also tried https://discussions.apple.com/thread/2485167?start=0&tstart=0.
Thanks in advance for help.

I currently have this error on my 10.6.8 ML server when trying to change password.
In my situation, the message definitely comes from the password policies. As soon as I use a new password that respects minimum complexity (e.g. 8 characters min, 1 lowercase letter, 1 uppercase letter, 1 number), the password changes flawlessly.
It would be nice to change this horrible message to something more meaningful... If someone has any ideas on how to do this, thanks for sharing!

Exit or Badi for controlling the change of user status in notification

Hi,
I want to check the current user status of notification while saving the notificaton. If the current user status satisifies particular situation, then the notification should be save else not.
Is there any user exit or Badi which can be used to control the change of user status in notification.
Thanks
SUMIT

Hi Pushpa,
Thanks for the reply.
the problem over here is that the BADi IQS0_STATUS_MAINTAIN only allows to disable the user status.
the other function module STATUS_READ only fetches the data from JEST.
whereas my problem is that i want to check on the changed status on the screen(which is not saved also).
Appreciate your reply on the same.
Thanks
SUMIT

Charm: BP problem with the user

Hi!
I have problem with the user for the usage of ChaRM.
When I try to set the the (urgent) correction in Development i get the following error.
There is no valid business partner assigned to your user.
Meanwhile the appropriate BP-entry for the user exists:
External BP number: <SID> <CLNT> <user name>
Identification number: <SID> <installation number> <user name>
Furthermore I have the following error, when I try to approve the change request:
Partner 141 (Change-Manager) is neither an employee nor an organizational unit
I would be great to get some help here.
Thank you
regards
Thom

Hi Thomm,
1. There is no valid business partner assigned to your user.
In BP under identification tab,
ID type idenification number
CRM001 <SID> <installation number><CLNT><username>
2.Partner 141 (Change-Manager) is neither an employee nor an organizational unit
Assign the BP role as "Employee" for Change Manager
regards
Naveen

Problem setting up user ids to use the Oracle password file.

I want to set up my database users so that a password file is used for connecting to the database. I have completed these steps successfully.
BTW - DB is 11.2.0.3 on AIX power 64
1. Created the password file for the database using the orapwd command. Allowing 20 entries. Confirmed the file was created in the $ORACLE_HOME/dbs directory
2. Created a database user, sbrower
CREATE USER SBROWER IDENTIFIED BY <password> DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP PROFILE DEFAULT ACCOUNT UNLOCK ;
GRANT DBA TO SBROWER;
ALTER USER SBROWER DEFAULT ROLE ALL;
GRANT UNLIMITED TABLESPACE TO SBROWER;
ALTER USER SBROWER QUOTA UNLIMITED ON USERS;
3. Connected to the database as SYS and granted sysoper to SBROWER
4. Using putty, ssh'ed into the server where the database resides.
5. Set the oracle variables (ORACLE_HOME, ORACLE_BASE, etc.) and PATH
6. Was able to connect to the database using sqlplus / as syoper
THE PROBLEM
For another user, EA_RDX_ORACLE1, I follow the same steps (2-6) bu when I execute step 6, it does not allow the connection
ERROR:
ORA-01031: insufficient privileges
 but, if I use sqlplus ea_rdx_oracle1/thepassword as sysoper it works
Looking at v$pwfile_users on the database:
USERNAME SYSDBA SYSOPER SYSASM
SYS TRUE TRUE FALSE
SBROWER FALSE TRUE FALSE
EA_RDX_ORACLE1 FALSE TRUE FALSE
3 rows selected.
There is one thing that is different for the ea_rdx_oracle1 id's:
- The users who use this id, use a took called CyberVault to check out the id. The password for the id changes each time the id is checked out; however, the way the id is set up on the DB servers, us user does not have to enter the password when they log in (ssh).
I have sent an email to our unix admin asking his how the id was set up so that it can ssh into the server. It is not included in the list of users in any group in the /etc/ogroup file and it is not included in the /etc/opassword file.

The OS authentication ( sqlplus / as sysdba ) does not require the password file.
The problem may be related to the OS user you are connecting to that server - it is not a member of OSDBA group ( usually DBA ).

Problem When Multiple Users Export To PDF Simultaneously

I am hoping someone out there can help. We have had no luck at all with Crystal Reports / SAP support for this issue.
We have a client/server aplication and have written a C# program to load a crystal report on the server, export it to PDF and then we send the PDF to the client. We are using Crystal Reports 2008 and have applied SP4.
The scenario is as follows:
Two users log into our application from different PC's.
User 1 prints a report with no issue.
User 2 prints a report 5 seconds later with no issue.
If User 1 prints a report and while that report is being exported to PDF, User 2 prints a report, the first will be successful and the second will fail. If User 2 reprints the report after receiving a failure, the report prints successfully the second time (using the same temp report folders as the previous attempt). We have done a lot of tracing and have narrowed the problem down to the point in out C# program when the cryRpt.Export() routine is called. It seems to be what is failing and doesn't seem to be able to run 2 exports simultaneously.
All exporting to PDF occurs on the application server and the processes run as "Administrator" so permissions should certainly not be a problem. Each user is printing a different physical .rpt file and the data for each report is in a different physical directory.
Has anyone come across this before or have any suggestions?

We thought the same thing as you suggest and have already made that change without sucess. Below is what the code looks like for our export routine. Perhaps you can spot something we have not. As mentioned before the export appears to be faulting at the statement "cryRpt.ExportToDisk(ExportFormatType.PortableDocFormat, pdfname);" in the below code.
The code is as follows:
 public void exportReport(string xmldir, string crname, string pdfname, string termid, bool debug)
 try
 if (debug)
 dt = DateTime.Now;
 tw.WriteLine(dt.ToString() + "-Start exportReport: " + crname);
 ReportDocument cryRpt;
 cryRpt = new ReportDocument();
 cryRpt.Load(crname, OpenReportMethod.OpenReportByTempCopy);
 if (debug)
 tw.WriteLine("Done loading report: " + crname);
 int tmpct = 0;
 int tmpint = crname.IndexOf("
", tmpct);
 while (tmpint != -1)
 tmpct = tmpint;
 tmpint = crname.IndexOf("
", tmpct + 1);
 string ODBCReportFileName = crname.Substring(tmpct + 1, crname.Length - tmpct - 5);
 if (debug)
 tw.WriteLine("ODBC Report Filename: " + ODBCReportFileName);
 Database crDatabase;
 Tables crTables;
 Table crTable;
 TableLogOnInfo crTableLogOnInfo;
 ConnectionInfo crConnectionInfo = new ConnectionInfo();
 //Setup the connection information structure to log on to the data source for the report.
 // If using ODBC, this should be the DSN. If using OLEDB, etc, this should be the physical server name
 crConnectionInfo.ServerName = "SH" + ODBCReportFileName;
 if (debug)
 tw.WriteLine("Resetting connection to: " + crConnectionInfo.ServerName);
 crConnectionInfo.DatabaseName = "";
 //Get the table information from the report
 crDatabase = cryRpt.Database;
 crTables = crDatabase.Tables;
 //Loop through all tables in the report and apply the
 //connection information for each table.
 if (debug)
 tw.WriteLine("Applying new connection to all tables...");
 for (int i = 0; i < crTables.Count; i++)
 crTable = crTables;
 crTableLogOnInfo = crTable.LogOnInfo;
 crTableLogOnInfo.ConnectionInfo =
 crConnectionInfo;
 crTable.ApplyLogOnInfo(crTableLogOnInfo);
 if (debug)
 tw.WriteLine("Applying new connection to tables " + crTable.Name);
 cryRpt.Refresh();
 if (debug)
 tw.WriteLine("Applying new connection to all tables... DONE");
 if (debug)
 tw.WriteLine("Target report: " + pdfname);
 cryRpt.ExportToDisk(ExportFormatType.PortableDocFormat, pdfname);
 if (debug)
 tw.WriteLine("Export Complete");
 cryRpt.Dispose();
 cryRpt.Close();
 if (debug)
 dt = DateTime.Now;
 tw.WriteLine(dt.ToString() + "-Done export to PDF.");
 catch (Exception e)
 TextWriter tw1 = new StreamWriter(logpath + "
exporterror.log", true);
 tw1.WriteLine("Exception when export report: " + e.Message);
 tw1.WriteLine(e.StackTrace);
 tw1.Close();

RFC Adapter Receiver - change SAP User for each call

Hi guys,
I need to create one connection between PI and SAP, all right, i can use RFC Adapter Receiver, no problem.
But, for each call i need to use User and Password different, then, I would pass SAP User and Password in my XML Payload.
Can anybody help me, please?

hi,
>>But, for each call i need to use User and Password different, then, I would pass SAP User and Password in my XML Payload.
sure we can help you but no in this way:)
it is possible to change the user for RFC adapter but using
principal propagation:
/people/alexander.bundschuh/blog/2007/01/16/principal-propagation-in-sap-xi
this is the way you need to go and not send password in XML payload
(this is certainly not the way and no client will approve it)
why use a password is anyone can see it ?
Regards,
Michal Krawczyk

ORA-20001: Current version of data in database has changed since user.....

Hi,
I am having a tabular form which I created using the wizard
I am facing the below error when I try to update or 'Add Row'
Error in mru internal routine: ORA-20001: Error in MRU: row= 1, ORA-20001: ORA-20001: Current version of data in database has changed since user initiated update process."
I havenot changed the query but I made certain columns based on select list,gave some default values,etc..
How can I solve this problem?
Also,I am getting the above error once I change the query for another tabular form.The client wanted some more fields to be displayed on the page.
How can I solve this problem too?
Thanks and Regards,
K.tanna

Can somebody help me out?

Authorization problems with oranetb user

We have set up Apex in an oracle database, that are installed on unix operative. We have problem with the authorization
for the oranetb user. On the unix system we have one user that can call scripts with for example unix command like ls,
cp, etc.
Now we want this oranetb user to run unix commands in scripts, without change the user in unix environment. We have
been told that we can use something in the script, with PATH’s and authorization for oranetb user. Have you ever done
something like this? And can you help us with something that you think can help us?
We also have the same problem to run workflow (Informatica) from a script in unix, when apex is calling the script.
If you want more information, please send a mail to me.
Email: [[email protected]]

hunt3r,
iTunes Store menu -> View my account... Once you've logged in, there's a button to deauthorize all your current machines and start you back at zero machines authorized. Try that.

ACS 4.2 Problem: Change of user TACACS attribute

Similar Messages

Maybe you are looking for