Acs 4.2 :- router# test aaa group tacacs+ uid pwd .... works but not when authenticating

I have setup ACS 4.2 and when I run
router# test aaa group tacacs+ myuser mypasswd [ legacy | new-code]
               Both options work fine
But when I try and login, over telnet, the request reaches the aaa server, but returns fail !
My commands are :-
tacacs-server host xx.xx.xx.xx single-connection port 49
tacacs-server key xxxxxxxxxxx
aaa authentication banner ^CUnauthorized access forbidden^C
aaa authentication username-prompt "Enter Username: "
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
I dont see the banner NOR the "Enter Username:" prompt.
Also a debug aaa authentication and debug aaa subsys show that the request reaches AAA, but it simply returns fail
I had the same issue in 5.1, but that was due to the tacacs+ single-connection not being set or something similar, and the error
there was "shared secret does not match", on the AAA server logs
I am still new to 4.2, so am still trying to determine where the log files are etc, but since it works with the test command, I cant
seem to understand why it fails with telnet
Any idea why this may be happning ?
Thanks

I tried both the sugestion.. no luck
Below are th eoutput of debug, with some lines in BOLD to help you
find interesting lines in the log output.
Thanks
fixeddemo#sh run | inc tacacs
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
ip tacacs source-interface FastEthernet0/1
tacacs-server host 10.1.7.15
tacacs-server key xxxxxxxxxx
fixeddemo#sh debugging
General OS:
  TACACS+ events debugging is on
  TACACS+ authentication debugging is on
  TACACS+ packets debugging is on
  AAA Authentication debugging is on
  AAA Subsystem debugs debugging is on
fixeddemo#
Jun 17 14:15:54.666: AAA/BIND(00000072): Bind i/f
Jun 17 14:15:54.666: AAA/AUTHEN/LOGIN (00000072): Pick method list 'default'
Jun 17 14:15:54.666: AAA SRV(00000072): process authen req
Jun 17 14:15:54.670: AAA SRV(00000072): Authen method=SERVER_GROUP tacacs+
Jun 17 14:15:54.670: TPLUS: Queuing AAA Authentication request 114 for processin
g
Jun 17 14:15:54.670: TPLUS: processing authentication start request id 114
Jun 17 14:15:54.670: TPLUS: Authentication start packet created for 114()
Jun 17 14:15:54.670: TPLUS: Using server 10.1.7.15
Jun 17 14:15:54.670: TPLUS(00000072)/0/NB_WAIT/45585278: Started 5 sec timeout
Jun 17 14:15:54.674: TPLUS(00000072)/0/NB_WAIT: socket event 2
Jun 17 14:15:54.674: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Jun 17 14:15:54.674: T+: session_id 3123693045 (0xBA2FC5F5), dlen 24 (0x18)
Jun 17 14:15:54.674: T+: type:AUTHEN/START, priv_lvl:1 action:LOGIN ascii
Jun 17 14:15:54.674: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:10 (0xA
) data_len:0
Jun 17 14:15:54.674: T+: user:
Jun 17 14:15:54.674: T+: port:  tty515
Jun 17 14:15:54.674: T+: rem_addr:  10.1.1.216
Jun 17 14:15:54.674: T+: data:
Jun 17 14:15:54.674: T+: End Packet
Jun 17 14:15:54.674: TPLUS(00000072)/0/NB_WAIT: wrote entire 36 bytes request
Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: Would block while reading
Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: read entire 12 header bytes (expect
16 bytes data)
Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:15:54.674: TPLUS(00000072)/0/READ: read entire 28 bytes response
Jun 17 14:15:54.674: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Jun 17 14:15:54.674: T+: session_id 3123693045 (0xBA2FC5F5), dlen 16 (0x10)
Jun 17 14:15:54.674: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:10, data_len:0
fixeddemo#
Jun 17 14:15:54.674: T+: msg:  Username:
Jun 17 14:15:54.674: T+: data:
Jun 17 14:15:54.678: T+: End Packet
Jun 17 14:15:54.678: TPLUS(00000072)/0/45585278: Processing the reply packet
Jun 17 14:15:54.678: TPLUS: Received authen response status GET_USER (7)
Jun 17 14:15:54.678: AAA SRV(00000072): protocol reply GET_USER for Authenticati
on
Jun 17 14:15:54.678: AAA SRV(00000072): Return Authentication status=GET_USER
fixeddemo#
Jun 17 14:15:58.794: AAA SRV(00000072): process authen req
Jun 17 14:15:58.794: AAA SRV(00000072): Authen method=SERVER_GROUP tacacs+
Jun 17 14:15:58.794: TPLUS: Queuing AAA Authentication request 114 for processin
g
Jun 17 14:15:58.794: TPLUS: processing authentication continue request id 114
Jun 17 14:15:58.794: TPLUS: Authentication continue packet generated for 114
Jun 17 14:15:58.794: TPLUS(00000072)/0/WRITE/47194394: Started 5 sec timeout
Jun 17 14:15:58.794: T+: Version 192 (0xC0), type 1, seq 3, encryption 1
Jun 17 14:15:58.794: T+: session_id 3123693045 (0xBA2FC5F5), dlen 10 (0xA)
Jun 17 14:15:58.794: T+: AUTHEN/CONT msg_len:5 (0x5), data_len:0 (0x0) flags:0x0
Jun 17 14:15:58.794: T+: User msg:
Jun 17 14:15:58.794: T+: User data:
Jun 17 14:15:58.794: T+: End Packet
Jun 17 14:15:58.794: TPLUS(00000072)/0/WRITE: wrote entire 22 bytes request
Jun 17 14:15:58.798: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:15:58.798: TPLUS(00000072)/0/READ: read entire 12 header bytes (expect
16 bytes data)
Jun 17 14:15:58.798: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:15:58.798: TPLUS(00000072)/0/READ: read entire 28 bytes response
Jun 17 14:15:58.798: T+: Version 192 (0xC0), type 1, seq 4, encryption 1
Jun 17 14:15:58.798: T+: session_id 3123693045 (0xBA2FC5F5), dlen 16 (0x10)
fixeddemo#
Jun 17 14:15:58.798: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
Jun 17 14:15:58.798: T+: msg:  Password:
Jun 17 14:15:58.798: T+: data:
Jun 17 14:15:58.798: T+: End Packet
Jun 17 14:15:58.798: TPLUS(00000072)/0/47194394: Processing the reply packet
Jun 17 14:15:58.798: TPLUS: Received authen response status GET_PASSWORD (8)
Jun 17 14:15:58.798: AAA SRV(00000072): protocol reply GET_PASSWORD for Authenti
cation
Jun 17 14:15:58.798: AAA SRV(00000072): Return Authentication status=GET_PASSWOR
D
fixeddemo#
Jun 17 14:16:02.502: AAA SRV(00000072): process authen req
Jun 17 14:16:02.502: AAA SRV(00000072): Authen method=SERVER_GROUP tacacs+
Jun 17 14:16:02.502: TPLUS: Queuing AAA Authentication request 114 for processin
g
Jun 17 14:16:02.502: TPLUS: processing authentication continue request id 114
Jun 17 14:16:02.502: TPLUS: Authentication continue packet generated for 114
Jun 17 14:16:02.502: TPLUS(00000072)/0/WRITE/47194394: Started 5 sec timeout
Jun 17 14:16:02.502: T+: Version 192 (0xC0), type 1, seq 5, encryption 1
Jun 17 14:16:02.502: T+: session_id 3123693045 (0xBA2FC5F5), dlen 14 (0xE)
Jun 17 14:16:02.502: T+: AUTHEN/CONT msg_len:9 (0x9), data_len:0 (0x0) flags:0x0
Jun 17 14:16:02.502: T+: User msg:
Jun 17 14:16:02.502: T+: User data:
Jun 17 14:16:02.502: T+: End Packet
Jun 17 14:16:02.506: TPLUS(00000072)/0/WRITE: wrote entire 26 bytes request
Jun 17 14:16:02.550: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:16:02.550: TPLUS(00000072)/0/READ: read entire 12 header bytes (expect
6 bytes data)
Jun 17 14:16:02.550: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:16:02.550: TPLUS(00000072)/0/READ: read entire 18 bytes response
Jun 17 14:16:02.550: T+: Version 192 (0xC0), type 1, seq 6, encryption 1
Jun 17 14:16:02.554: T+: session_id 3123693045 (0xBA2FC5F5), dlen 6 (0x6)
fixeddemo#
Jun 17 14:16:02.554: T+: AUTHEN/REPLY status:2 flags:0x0 msg_len:0, data_len:0
Jun 17 14:16:02.554: T+: msg:
Jun 17 14:16:02.554: T+: data:
Jun 17 14:16:02.554: T+: End Packet
Jun 17 14:16:02.554: TPLUS(00000072)/0/47194394: Processing the reply packet
Jun 17 14:16:02.554: TPLUS: Received authen response status FAIL (3)
Jun 17 14:16:02.554: AAA SRV(00000072): protocol reply FAIL for Authentication
Jun 17 14:16:02.554: AAA SRV(00000072): Return Authentication status=FAIL
fixeddemo#
[ The output below is for the next Username: prompt I believe]Jun 17 14:16:04.554: AAA/AUTHEN/LOGIN (00000072): Pick method list 'default'
Jun 17 14:16:04.554: AAA SRV(00000072): process authen req
Jun 17 14:16:04.554: AAA SRV(00000072): Authen method=SERVER_GROUP tacacs+
Jun 17 14:16:04.554: TPLUS: Queuing AAA Authentication request 114 for processin
g
Jun 17 14:16:04.554: TPLUS: processing authentication start request id 114
Jun 17 14:16:04.554: TPLUS: Authentication start packet created for 114()
Jun 17 14:16:04.554: TPLUS: Using server 10.1.7.15
Jun 17 14:16:04.554: TPLUS(00000072)/0/NB_WAIT/47194394: Started 5 sec timeout
Jun 17 14:16:04.558: TPLUS(00000072)/0/NB_WAIT: socket event 2
Jun 17 14:16:04.558: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Jun 17 14:16:04.558: T+: session_id 2365877689 (0x8D046DB9), dlen 24 (0x18)
Jun 17 14:16:04.558: T+: type:AUTHEN/START, priv_lvl:1 action:LOGIN ascii
Jun 17 14:16:04.558: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:10 (0xA
) data_len:0
Jun 17 14:16:04.558: T+: user:
Jun 17 14:16:04.558: T+: port:  tty515
Jun 17 14:16:04.558: T+: rem_addr:  10.1.1.216
Jun 17 14:16:04.558: T+: data:
Jun 17 14:16:04.558: T+: End Packet
Jun 17 14:16:04.558: TPLUS(00000072)/0/NB_WAIT: wrote entire 36 bytes request
Jun 17 14:16:04.558: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:16:04.558: TPLUS(00000072)/0/READ: Would block while reading
Jun 17 14:16:04.562: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:16:04.562: TPLUS(00000072)/0/READ: read entire 12 header bytes (expect
43 bytes data)
Jun 17 14:16:04.562: TPLUS(00000072)/0/READ: socket event 1
Jun 17 14:16:04.562: TPLUS(00000072)/0/READ: read entire 55 bytes response
Jun 17 14:16:04.562: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Jun 17 14:16:04.562: T+: session_id 2365877689 (0x8D046DB9), dlen 43 (0x2B)
Jun 17 14:16:04.562: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:37, data_len:0
Jun 17 14:16:04.562: T+: msg:   0x0A User Access Verification 0x0A  0x0A Usernam
e:
fixeddemo#
Jun 17 14:16:04.562: T+: data:
Jun 17 14:16:04.562: T+: End Packet
Jun 17 14:16:04.562: TPLUS(00000072)/0/47194394: Processing the reply packet
Jun 17 14:16:04.562: TPLUS: Received authen response status GET_USER (7)
Jun 17 14:16:04.562: AAA SRV(00000072): protocol reply GET_USER for Authenticati
on
Jun 17 14:16:04.562: AAA SRV(00000072): Return Authentication status=GET_USER
fixeddemo#

Similar Messages

  • Single text works, but not when I add it to a group

    I have a text group with six members. One of the members used to get the texts but it stopped working a couple days ago. Nothing has changed in the group. When I send her a single text only to the same mobile number, she gets it. It's only when part of the group that she doesn't.
    Any idea what's wrong?

    Exception
    when others then raise;Isn't that the same as having no exception handler, except that it hides the line number where the error occurred?

  • I have a MacBook Pro and all of a sudden  I cannot get wireless internet connectivity to my router or any other router, I get connectivity through the ethernet port but not wireless. This was working well till this morning

    I  have a MacBook Pro and all of a sudden  I cannot get wireless internet connectivity to my router or any other router, I get connectivity through the ethernet port but not wireless. This was working well till this morning

    BXB1905 wrote:
    I tried the Apple diagnostics it did not work.
    What do you mean it did not work!  What were the results of the diagnostic tests?
    Have you contacted your ISP to determine if the problem is on their end?  
    Have you changed your router channel?  Sometimes this resolves wireless problems.
    Your profile confirms you are using Lion.  Check out the following: 
    Troubleshooting Wi-Fi issues in OS X Lion and Mac OS X v10.6
    Configuring 802.1X in Mac OS X Lion and Later

  • Any suggestions on how to get wifi to work?  I have a multitech router and can connect with a computer wirelessly but not the ipad.

    Any suggestions on how to get wifi to work?  I have a multitech router and can connect with a computer wirelessly but not the ipad.

    iOS: Troubleshooting Wi-Fi networks and connections
    http://support.apple.com/kb/TS1398

  • After TACACS configured, Authenticate successfully but not able to go in config mode.

    Hi All,
    I Have Cisco 4710 ACE, and configured TACACS on ACE for authentication and accounting. Configuration paste below.
    I am able to authenticate with ACS server 5.1 but not able to go in config mode of ACE 4710.
    Debug output attached.
    Need help on this.
    tacacs-server key 7 "wwxfeootjv"
    tacacs-server timeout 60
    tacacs-server host 128.9.31.70 key 7 "wwxfeootjv"
    aaa group server tacacs+ TACACS_Group_Server
      server 128.9.31.70
    ntp server 128.9.24.58
    aaa authentication login default group TACACS_Group_Server
    aaa accounting default group TACACS_Group_Server
    Below Logs are coming on Device.
    Sep 19 2010 16:35:55 : %ACE-6-302022: Built TCP connection 0x3853a for vlan1000:172.24.24.70/16477 (172.24.24.70/16477) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:35:55 : %ACE-6-302023: Teardown TCP connection 0x3853a for vlan1000:172.24.24.70/16477 (172.24.24.70/16477) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
    :00:00 bytes 743 TCP FINs
    Sep 19 2010 16:35:58 : %ACE-6-302022: Built TCP connection 0x38570 for vlan1000:172.24.24.70/16480 (172.24.24.70/16480) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:35:58 : %ACE-6-302023: Teardown TCP connection 0x38570 for vlan1000:172.24.24.70/16480 (172.24.24.70/16480) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
    :00:00 bytes 742 TCP FINs
    Sep 19 2010 16:37:51 : %ACE-6-302022: Built TCP connection 0x38aff for vlan1000:172.24.24.70/16545 (172.24.24.70/16545) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:37:51 : %ACE-6-302023: Teardown TCP connection 0x38aff for vlan1000:172.24.24.70/16545 (172.24.24.70/16545) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
    :00:00 bytes 736 TCP FINs
    Sep 19 2010 16:38:21 : %ACE-6-302022: Built TCP connection 0x38c9d for vlan1000:172.24.24.70/16559 (172.24.24.70/16559) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:38:21 : %ACE-6-302022: Built TCP connection 0x38c9f for vlan1000:172.24.24.70/16560 (172.24.24.70/16560) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:38:21 : %ACE-6-302023: Teardown TCP connection 0x38c9d for vlan1000:172.24.24.70/16559 (172.24.24.70/16559) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
    :00:00 bytes 722 TCP FINs
    Sep 19 2010 16:38:21 : %ACE-6-302023: Teardown TCP connection 0x38c9f for vlan1000:172.24.24.70/16560 (172.24.24.70/16560) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
    :00:00 bytes 788 TCP FINs
    Sep 19 2010 16:38:29 : %ACE-6-302022: Built TCP connection 0x38ce1 for vlan1000:172.24.24.70/16565 (172.24.24.70/16565) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:38:29 : %ACE-6-302022: Built TCP connection 0x38cff for vlan1000:172.24.24.70/16566 (172.24.24.70/16566) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:38:29 : %ACE-6-302023: Teardown TCP connection 0x38ce1 for vlan1000:172.24.24.70/16565 (172.24.24.70/16565) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
    :00:00 bytes 661 TCP FINs
    Sep 19 2010 16:38:29 : %ACE-6-302023: Teardown TCP connection 0x38cff for vlan1000:172.24.24.70/16566 (172.24.24.70/16566) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
    :00:00 bytes 712 TCP FINs
    Sep 19 2010 16:38:29 : %ACE-6-302022: Built TCP connection 0x38cf5 for vlan1000:172.24.24.70/16567 (172.24.24.70/16567) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:38:29 : %ACE-6-302023: Teardown TCP connection 0x38cf5 for vlan1000:172.24.24.70/16567 (172.24.24.70/16567) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
    :00:00 bytes 724 TCP FINs
    Sep 19 2010 16:39:41 : %ACE-6-302022: Built TCP connection 0x390a1 for vlan1000:172.24.24.70/3883 (172.24.24.70/3883) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:39:41 : %ACE-6-302023: Teardown TCP connection 0x390a1 for vlan1000:172.24.24.70/3883 (172.24.24.70/3883) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0:0
    0:00 bytes 737 TCP FINs
    Sep 19 2010 16:40:20 : %ACE-6-302022: Built TCP connection 0x3929b for vlan1000:172.24.24.70/3902 (172.24.24.70/3902) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:40:20 : %ACE-6-302022: Built TCP connection 0x392ab for vlan1000:172.24.24.70/3903 (172.24.24.70/3903) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:40:20 : %ACE-6-302023: Teardown TCP connection 0x3929b for vlan1000:172.24.24.70/3902 (172.24.24.70/3902) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0:0
    0:00 bytes 722 TCP FINs
    Sep 19 2010 16:40:20 : %ACE-6-302023: Teardown TCP connection 0x392ab for vlan1000:172.24.24.70/3903 (172.24.24.70/3903) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0:0
    0:00 bytes 791 TCP FINs
    Sep 19 2010 16:45:17 : %ACE-6-302022: Built TCP connection 0x3a127 for vlan1000:172.24.24.70/53389 (172.24.24.70/53389) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:45:17 : %ACE-6-302023: Teardown TCP connection 0x3a127 for vlan1000:172.24.24.70/53389 (172.24.24.70/53389) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
    :00:00 bytes 723 TCP FINs
    Sep 19 2010 16:46:11 : %ACE-6-302022: Built TCP connection 0x3a3b3 for vlan1000:172.24.24.70/53414 (172.24.24.70/53414) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:46:11 : %ACE-6-302022: Built TCP connection 0x3a3c3 for vlan1000:172.24.24.70/53415 (172.24.24.70/53415) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:46:11 : %ACE-6-302023: Teardown TCP connection 0x3a3b3 for vlan1000:172.24.24.70/53414 (172.24.24.70/53414) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
    :00:00 bytes 722 TCP FINs
    Sep 19 2010 16:46:11 : %ACE-6-302023: Teardown TCP connection 0x3a3c3 for vlan1000:172.24.24.70/53415 (172.24.24.70/53415) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
    :00:00 bytes 788 TCP FINs
    Sep 19 2010 16:46:23 : %ACE-6-302022: Built TCP connection 0x3a467 for vlan1000:172.24.24.70/53422 (172.24.24.70/53422) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:46:23 : %ACE-6-302022: Built TCP connection 0x3a469 for vlan1000:172.24.24.70/53423 (172.24.24.70/53423) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
    Sep 19 2010 16:46:23 : %ACE-6-302023: Teardown TCP connection 0x3a467 for vlan1000:172.24.24.70/53422 (172.24.24.70/53422) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
    :00:00 bytes 661 TCP FINs
    Sep 19 2010 16:46:23 : %ACE-6-302023: Teardown TCP connection 0x3a469 for vlan1000:172.24.24.70/53423 (172.24.24.70/53423) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
    :00:00 bytes 712 TCP FINs
    Regards
    MS.

    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/aaa.html#wp1411787
    To configure the TACACS+ role and domain settings on Cisco Secure ACS,  perform the following steps:
    Step 1 Go to the Interface Configuration section of the  Cisco Secure ACS HTML interface and access the TACACS+ (Cisco IOS) page.  Perform the following actions:
    a. Under the TACACS+ Services  section of the page, the User column or the Group column depending on  your configuration, check the Shell (exec) check  box.
    b. Under the Advanced Configuration  Options section of the page, check the Display a  window for each service selected in which you can enter customized  TACACS+ attributes check box.
    c. Click Submit.
    Step 2 Go to the Advanced Options page of the Interface  Configuration section of the Cisco Secure ACS HTML interface. Perform  the following actions:
    a. Check the Per-user  TACACS+/RADIUS Attributes check box.
    b. Click Submit.
    Step 3 Go to the User Setup section of the Cisco Secure  ACS HTML interface and double-click the name of an existing user that  you want to define a user profile attribute for virtualization. The User  Setup page appears.
    Step 4 Under the TACACS+ Settings section of the page,  configure the following settings:
    •Check the Shell (exec) check box.
    •Check the Custom  attributes check box.
    •In the text box under the Custom  attributes, enter the user role and associated domain for a specific  context in the following format:
    shell:= ...
    For example, to assign the selected user to the C1 context with the role  ROLE1 and the domain DOMAIN1, enter shell:C1=ROLE1  DOMAIN1.
    You can also substitute an asterisk (*) for the equals sign (=) as  follows:
    shell:* ...
    Use the above shell string if you are also using Cisco IOS command  authorization.
    Step 5 Under the Checking This option Will PERMIT all  UNKNOWN Services section of the page, check the Default  (Undefined) Services check box to permit unknown services.
    Step 6 Click Submit when you finish  configuring the TACACS+ role and domain settings.
    For example, if USER1 is assigned the role ADMIN and the domain  MYDOMAIN1 (where shell:Admin=ADMIN MYDOMAIN1), then one of the following  can occur:
    •If USER1 logs in through the Admin  context, that user is automatically assigned the Admin role and the  MyDomain1 domain.
    •If USER1 logs in through a different  context, that user is automatically assigned the default role  (Network-Monitor) and the default domain (default-domain). In this case,  the user profile attribute is not obtained from the TACACS+ server  during authentication.
    Gilles.

  • I would like to know why when i make a web page and test in my local browser it works fine then when i tranfer to my server i does not work fine example i used javascript to put a prompt bar on a page and it worked fine local but on server not working

    how come when i make a web site and i test it in my local server it works fine when i tranfer to server certain things do not work example i used javascript to put in a prompt bar for a newsletter page at the server it did not work but at local it did also it works at MOZZILLA but not internet explorer i also have cs4 was wondering if there is a way to test a page in dreamweaver and then transfer   THANK YOU X-FACTOR-MEDIA

    In future, please try to make the subject line of your posts shorter. In this case the following would have been sufficient: "JavaScript works locally, but not on remote server".
    Short, but meaningful subject lines make it easier for others to identify what your question is about, and often bring faster help.

  • ACS IS WORKING, BUT NOT THE WEB GUI

    I have an ACS ver 5.4.0.46.7 running on an applicance, ACS-1121-K9. After rebooting a Win2008-controller it stopped working and someone in my Department rebooted the ACS. It looks like the authentications are working now, but I can't Access the web gui. It responds to ping and ssh. I did a show acs-config-web-Interface and the view-Interface was disabled, I enabled it but still it isn't working:
    TBGACS02/admin# show acs-config-web-interface
    migration interface is disabled
    ucp interface is disabled
    view interface is enabled
    rest interface is disabled
    TBGACS02/admin# show application status acs
    ACS role: PRIMARY
    Process 'database'                  running
    Process 'management'                running (HTTP is nonresponsive)
    Process 'runtime'                   not monitored
    Process 'adclient'                  running
    Process 'ntpd'                      running
    Process 'view-database'             running
    Process 'view-jobmanager'           Execution failed
    Process 'view-alertmanager'         running
    Process 'view-collector'            running
    Process 'view-logprocessor'         running
    I could try to reboot again but I'd prefer not if possible..

    As a basic troubleshooting we can restart the services or server completely. However if that doesn't help, then we can also review the size of /opt to ensure accumulation of view database is not causing this issue. From the logging perspective we can look at management and ade/ADE logs. 
    In Majority of cases customer reset the application configuration and restore the last good backup. This always help them resolve the issue quickly without going through the troubleshooting process. 
    HTH
    -Jatin

  • UIImpersonator tests work in FlashBuilder, but not when run from Ant

    I'm in the process of converting a Flex 3 project to use FlexUnit4 tests.
    Everything compiles in Flashbuilder 4.5 and runs nicely. I've converted all the tests
    to use flexunit 4, which highlighted a few issues, but nothing too major, and all the
    tests now pass when run in Flashbuilder.
    So... now, I'm trying to convert the CI build to use the 4.5 SDK and flexunit4. So far,
    so good. Everything runs and I get a nicely formatted JUnit report. Unfortunately, though,
    any test that uses the UIImpersonator fails with an async method timeout, suggesting that
    the CreationComplete event hasn't fired.
    Here's a typical example of one of my UI test cases:
              [Test(async, ui)]
              public function testAvailableProductsSetupAdminForSell() : void {
                   var view:OrderBasketView = new OrderBasketView();
                   var user:CfxUser = new CfxUser();
                   user.admin = true;
                   ModelLocator.instance.userDetails = user;
                   view.buyOrSell = OrderType.SELL;
                   helper.createComponentAndAddListener(view, this, availableProductSetupAdminForSellCreationComplete);
              private function availableProductSetupAdminForSellCreationComplete(event:Event, view:OrderBasketView) : void {
                   Assert.assertTrue(view.availableProductTypes.contains(ProductType.PRODUCT_1));
                   Assert.assertTrue(view.availableProductTypes.contains(ProductType.PRODUCT_2));
                   Assert.assertTrue(view.availableProductTypes.contains(ProductType.PRODUCT_3));
    and helper.createComponentAndAddListener looks like this:
            public function createComponentAndAddListener(view:UIComponent, testCase:Object, creationComplete:Function) : void {
                   _view = view;
                   _view.addEventListener(FlexEvent.CREATION_COMPLETE, Async.asyncHandler(testCase, creationComplete, 4000, _view));
                   UIImpersonator.addChild(_view);
    If I use FlexGlobals.topLevelApplication.parent.addChild(_view) in place of UIImpersonator.addChild(_view), all the tests pass.
    I was wondering if it's a function of the fact that my helper class has no metadata that indicates it's a ui test, but that wouldn't explain why it works in FlashBuilder and not when run with ant.
    I also wondered if it was a function of running with headless server set to true, but when I changed it to false the same thing happened.
    My environment is:
    ubuntu 11.04
    ant 1.7.1
    Sun jdk 1.6.0_26
    Flex SDK 4.5.1.21328
    FlexUnit 4.1.0-8-4.1.0.16076
    I'm using the auto-generated TestRunner.mxml
    Any thoughts, anyone? Now that I can get it to work by adding the UI components to the topLevelApplication, at least I can make progress, but I'd like to get to the bottom of the problem, because that shouldn't be necessary.
    Thanks in advance,
    -Chrisl

    Changing to the topLevelApplication did not work. What's funny is that it then failed on a completely unrelated test by hanging and never returning... I'm thinking there must be something else that is going on here, but it's not clear what... :-/ Here is an example of my setup/teardown and a test that work great in the UI but not in CI...
    [Before(async, ui)]
    public function setUp():void
        _fromToList = new FromToList();
        _fromToList.setStyle('skinClass', FromToListSkin);
        Async.proceedOnEvent(this, _fromToList, FlexEvent.CREATION_COMPLETE, 1000);
        FlexGlobals.topLevelApplication.parent.addChild(_fromToList);
        // UIImpersonator.addChild(_fromToList);
    [After(ui)]
    public function tearDown():void
        FlexGlobals.topLevelApplication.parent.removeChild(_fromToList);
        // UIImpersonator.removeChild(_fromToList);
        _fromToList = null;
    [Test(async)]
    public function should_remove_selected_item_in_to_list_to_from_list():void
        _fromToList.fromArrayList = _dpArray;
        _fromToList.toArrayList = _toDpArray;
        var sequence:SequenceRunner = new SequenceRunner(this);
        sequence.addStep(new SequenceSetter(_fromToList.toList, { selectedItem: _toDpArray[1]}));
        sequence.addStep(new SequenceWaiter(_fromToList.toList, FlexEvent.VALUE_COMMIT, 100));
        sequence.addStep(new SequenceCaller(_fromToList, _fromToList.remove));
        sequence.addStep(new SequenceWaiter(_fromToList, FromToListChangeEvent.FROM_TO_LIST_CHANGE_EVENT, 100));
        sequence.addAssertHandler(handleListHasChangedThenRemoveEvent, {});
        sequence.run();
    private function handleListHasChangedThenRemoveEvent(event:FromToListChangeEvent, passThruData:Object):void
        assertThat(_fromToList.toArrayList.length, equalTo(_toDpArray.length - 1));
        assertThat(_fromToList.fromArrayList.length, equalTo(_dpArray.length - _toDpArray.length + 1));
        assertTrue(_fromToList.fromArrayList.contains(_toDpArray[1]));
    So you can see that I'm using Sequences to manage waiting for stuff to get updated in the background, and basically testing when I select an item in a list and act on it that it updates the model like I expect. Again, works GREAT in the UI Runner.
    I'm open to suggestions...

  • Router works but not harddrive

    Hi,
    I have recently bought a Airport Time Capsule and it's been working on and off on our different devices.
    Would really appriciate some "pro advices" on the problems I'm having.
    Here the router works fine and it's connected to the internet, but I can't seem to connect to the harddrive as a shared unit in finder. I have tried to make a copy of the harddrive and that works but everytime I click on the Time Capsule icon in finders left menu under shared, finder disapperas and the comes back after one second like nothing happened.
    Thanks in advance
    Erik

    I just need to check you are actually on Mountain Lion and not upgraded to Mavericks??
    In finder did you tick all the network options in preferences. Network drives do not show unless you make them.
    If you have all of that right..
    Start over.. the TC can be a painful little beast..
    First thing is a simple reboot.. unplug the TC, count to 10.. plug it back in again.
    Does it show up now??
    No luck.. do a full factory reset..
    When you redo the setup use all names that are short, no spaces and pure alphanumeric for everything..
    See C9 for why this is important.
    http://pondini.org/TM/Troubleshooting.html
    Try again mounting the TC hard disk..
    No luck.. manually mount.
    In Finder, use Go, Connect to server and type in the address thusly.
    AFP://TCname or TCIPaddress (you can use either.. name is better .. do not use IP if it is bridged as the IP can change.. if it is the main router then IP works ok).
    The computer can hopefully find the TC.. and will ask you for a password.. by default it is public. Store it in your keychain so the mount is easy next time.

  • Sound works when testing, but not when uploaded

    I used the Behaviors pallet to stream my mp3 files, and it
    works fine when tested locally, but as soon as I upload everything
    and test it online, nothing plays. The site is
    www.spidersandsnakes.net/media08.htm.
    Any ideas?

    I suspect this is where my issue lies, but I am not sure how
    to fix it. I have attached some code that defines the image
    location. I am able to successfully retrieve documents with the
    following, is this the same type of scenerio,
    http://www.skytitleagency.com/documents/Land_Contract.doc,
    except in the images folder ?

  • Template view fine in test browser but not when a page is created from it

    I'm trying to recreate a template page from my site using different code for the drop down menu at the top. The template behaves properly when i test it in Safari vs. 5.0.6 but when i test a page made from that template (using the File>New> Page from Template) it dosen't present with styles. Can anyone see anything wrong with the code? I checked both the code and the CSS using the validators.
    haworth.org/TEST2.html

    I put your HTML page (TEST2.html) and CSS file (body_new.css) on my server and it looks OK.
    http://www.ossiningdesignguild.com/TEST2.html
    It's possible your web server is not properly configured and sends a Content-Type HTTP header that says text/plain instead of text/css for your style sheet file.
    If you're using Apache, have your server admin check the httpd.conf file for MIME type settings.
    Should they need assistance, send them here:
    http://httpd.apache.org/docs/2.2/configuring.html
    This is not a problem with your main site since the CSS is embedded, rather than remote.
    I'll call you after lunch.
    Ken

  • Flash play works, but not test movie

    Admittedly, I am still very new to Flash and have worked
    through some of the tutorials. I created some animated text using
    the size and rotate feature as well as the alpha to lighted it up.
    I have 4 different layers with different text on each layer that
    comes in at different frames. When I "play" the frames it works
    great, but when I choose "Test Movie" it shows 2 frames of my work
    around 25 and 26. What am I missing and/or should I have created
    this another way?
    Thank you
    witoca

    What version does it show as installed if you go to http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_ Player_version_installed_on_your_machine ?

  • I have an airport express, which I want to use with my broadband providers router to create a second wireless access point but not with the same network name etc.

    In effect, I want to have my providers router working upstairs and the aiport express downstairs connected via wi fi. The airport would have a different network name, then allowing me to connect the children to the access point. This would allow me to turn their network off at times of day etc.
    any ideas ?

    I want to have my providers router working upstairs and the aiport express downstairs connected via wi fi
    Sorry, but the AirPort Express....or any other Apple router......cannot do this.
    In order to do what you want, you will need to establish an Ethernet connection from one of the LAN <-> ports on your "main" router to the WAN "O" port on the AirPort Express.
    Configure the AirPort Express to "create a wireless network" using a wireless network name, and password that you select. As far as controlling connections, you can use the settings in Timed Access to establish rules about when the kids and cannot connect.

  • Me edge animate project works when I test, but not when I publish. Please help.

    I feel like this has happened to me in the past, but I just cannot get the thing to work when I post it online. It's just a blank page, all white. I think there might be something in the code of one of the .js files that I need to change.
    ??  I saw something about the phrase 'use strict' but I can't find that code anywhere.
    There must be something I'm forgetting. I put all of the published files up on the server, and I just can't access it. Any help would be seriously appreciated.
    Thanks.

    Can you share the website link so that we can see what the issue is?
    Regards,
    Vivekuma

  • Query works in preview, but not when added under a Query Group

    Hello Experts-
    I'm trying to use this query as one of the options under the drop down on the Supplier Search under the Supplier Management.
    Error message:
    while trying to invoke the method com.sap.odp.comp.query.QueryParamValue.getPromptParamDef() of a null
    object loaded from local variable 'paramValue' while trying to invoke the method
    com.sap.odp.comp.query.QueryParamValue.getPromptParamDef() of a null object
    loaded from local variable 'paramValue'
    The query itself is complicated, but it works fine when executed under preview.
    Wondering if any one has ever seen this behavior and knows of any typical causes?
    Thanks,
    Mike

    Thanks for the offer, Vignesh.
    Sorry, I'm currently having trouble duplicating it, but next time it happens I'll try to get some screenshots.
    I have narrowed it down to blank values in optional string fields when the query loads. I fixed (kind of) the ones I was having trouble with by rearranging the filter parameters so there would not be blanks.
    Thanks again,
    Mike

Maybe you are looking for

  • Stolen ipod touch. serial number?

    my mom got her ipod touch stolen, it had accesories with it already, we believe it was 3G. How can i find the serial number in itunes? im having problems with my account and im not sure if we registered it or not. this was a used ipod and we plugged

  • I have malware and can't get rid of it...

    After running Bitdefender, it found this: Gen:Variant.Symmi.2065     Disinfect failed     /Users/rippeleffect/Library/Mail/V2/[email protected]@imap .mail.yahoo.com/Deleted Messages.mbox/AA6F5AF9-63F3-4748-82C8-E7C555C76881/Data/8/7/2/2/Messages/2278

  • How expand an existing database in a cluster to an existing cluster node?

    Hi Guys, I was installing a RAC yesterday and below is my installation steps path, please help me to move forward. I have 2 Redhat5 servers: Node1 and Node2. I installed Clusterware and ASM on both nodes, so the system looks like this: Node1: Cluster

  • Rich:DataGrid Problem

    Hi guys, i have a problem with the rich:datagrid. The page which have the datagrid starts with a search method by name. ( query includes like function ) Search components are in h:form. So the related names after the search, will be ordered on the da

  • How to award points for a topic I did not begin....

    i have received an excellent reply which solved a problem. I joined the discussion part way through. I would like to award points to the contributor who solved my problem but can not see how i do this. Can you only award points if you start the threa