ACS 5.3 userbased/custom enable passwords
Hello,
I've installed Cisco ACS 5.3. After I created several internal users (defined password and enabled password), Identiy Groups, Access Polices, Network Devices and AAA Clients (e.g. Cisco 1841) for Radius and configured my Router like this:
aaa authentication login VTY group radius local-case
aaa authentication enable default group radius enable
Now I'm able to login successful using my internal User. But if I try to use enable to enter the enable level I'll receive the message "% Error in authentication." when I use the defined enable password.
In the ACS logging I'll can see that "$enab15$" is missing.
If I setup a user name "$enab15" I can login to enable level, but what have I to do, to use the custom enable passwords?
Kind regards
Kai
=== Correct answer ===
Hello,
please see the attachment.
Step 1.2 - 1.5 is requiered for both (Radius and Tacacs). Then you have to switch to 2.1-2.7 for Radius or 3.1 - 3.7 for Tacacs authentication.
The document shows you all steps you have to take. The box on the right side shows to you in the headline "Requiered for".This should help you the find out why this is configured and where you will need in future steps. or "Provided by" should tell you where you have configured it.
But I'm sure, you will make it.
I've testet it with the following hardware:
Cisco Router:
600 ,800 ,1800 ,1900 ,2600 ,2800 ,2900, 3900, 4000, 7200 ,7300 Series
Cisco Switches:
2900, 2950, 2960, 3550, 3560, 3750, 4500, 6500, Nexus 5500 Series
Cisco Unified Communicaton:
Call Manager Express, UC560
Hewlett-Packard Switches:
1700, 1800, 2500, 2600, 3500, 5400, 8100 (out of sale) Series
Yes, working in a datacenter is fine for testing
Hi Kai,
can you share the configurations for TACACS?
Thanks
Similar Messages
-
Cisco Secure ACS with UCP assistance and enable password
I am running Cisco Secure ACS version 4.2 running on a
Standalone Windows 2003 Enterprise 2003with the lastest
windows service pack and update. Secure ACS is running
fine and I can authenticate with Cisco routers and
switches. The Windows 2003 server is also running Microsoft
IIS Server. In other words, the IIS server and Cisco
Secure ACS is running on the same windows 2003 server.
I am trying to get Cisco User-Changeable password to work
with Cisco Secure ACS. I followed the release notes lines
by lines and the work around provided below:
Also server require more privileges for the internal windows user that runs CSusercgi.exe.
The name of the windows user that runs UCP is IUSR_<machine_name>.
Workaround steps:
1) Install UCP 4 on a machine that runs IIS server.
2) Open IIS manager
3) Locate Default Web Site
4) Double click on the virtual name 'securecgi-bin'
5) Right click on CSusercgi.exe and choose Properties
6) Choose 'File Security' tab
7) Choose 'Edit' in 'Authentication and access control' area
8) Change username from IUSR_<machine_name> to 'Administrator' and enter his
password (make sure that 'Integrated Windows authentication' is checked)
I still can NOT get this to work. I got this error:
It says:
The page cannot be found
The page you are looking for might have been removed,
had its name changed, or is temporarily unavailable.
HTTP Error 404 - File or directory not found.
Internet Information Services (IIS)
I modified everything in the Windows 2003 to be "ALLOWED" by
EVERYONE. In other words, there are NO security on the windows 2003.
It is still NOT working.
The other question I have is that can Cisco UCP allow user
to change his/her enable password?
Can someone help? Thanks.Yes bastien,
Thank you.
But one thing more i want to know that in its Redundant AAA server, when i try to open IIS 6.0 window 2003; it prompts for Username and Password.
I've given it several time; also going through Administrator account with administrative credentials but it always failed.
Any suggestions/solution/?
This time many thanks in advance.
Regards
Mehdi Raza -
TACACS enable password is not working after completing ACS & MS AD integration
Enable password for (Router, Switches) is working fine if identify source is "Internal Users", unfortunately after completed the integration between ACS to MS AD, and change the Identity source to "AD1" I got the following result
1. able to access network device (cisco switch) using MS AD username and password via SSH/Telnet.
2. Enable password is not working (using the same user password configured in MS AD.
3. When I revert back and change the ACS identity source from "AD1" to "Internal Users" enable password is working fine.
Switch Tacacs Configuration
aaa new-model
aaa authentication login default none
aaa authentication login ACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec ACS group tacacs+ local
aaa authorization commands 15 ACS group tacacs+ local
aaa accounting exec ACS start-stop group tacacs+
aaa accounting commands 15 ACS start-stop group tacacs+
aaa authorization console
aaa session-id common
tacacs-server host 10.X.Y.11
tacacs-server timeout 20
tacacs-server directed-request
tacacs-server key gacakey
line vty 0 4
session-timeout 5
access-class 5 in
exec-timeout 5 0
login authentication ACS
authorization commands 15 ACS
authorization exec ACS
accounting commands 15 ACS
accounting exec ACS
logging synchronous
This is my first ACS - AD integration experience, hoping to fix this issue with your support, thanks in advance.
Regards,Hi Edward,
I created a new shell profiles named "root" as the default one "Permit Access" can't be access or modified, underneath the steps I've made.
1. Create a new shell profile name "root" with max privilege of 15. And then used it in "Default Device Admin/Authorization/Rule-1" shell profile - see attached file for more details.
2. Telnet the Switch and then Issue "debug aaa authentication" using both "Root Shell" and "Permit Access" applied in Rule-1 profile.
Note:
I also attached here the captured screen and debug result for the "shell profiles" -
Radius authentication for the enable password
Dear Sir
I have an ACS and I have many switches in the network. I used to secure the telnet and
enable access to these switches with tacacas+ authentication protocol. so the username and
password is taken form the ACS internal database. Also the enable password is taken from
the ACS. Today we changed the tacacas+ to Radius because we use the 802.1x framework on
the wired network. Dot1x authentication worked fine and when you try to telnet to the
switch the username and password is taken but the enable password isnot taken from the
ACS. When I check the configuration on the ACS under the user page I found a checkmark to
use the enable password as the PAP password of the user but this is only under tacacs+
settings how can I make this for Radius This is my question. Please answer me asap. It is
urgent.
Thanks,Dear iqambhir
Thank you very much for your help.
I already did that but this makes the enable pasword shared with all users and we don't want that.
I want the enable password to be taken as the PAP password of the user who tries to login but I didn't find that with radius. This option is there with tacacas+.
I want to know why the router or the switch sends that user " $enab15$ ". Is this bug on the system?
Pleae, If there is any other way to authenticate the enable password with the radius submit it.
Thanks alot, -
3750X Prompts for Device/Enable Password Instead of Local Username/Password
I've got two 3750X switches that were built from a fairly basic template from my existing 3750/3560 switches. However, these new switches ONLY prompt for the device/enable passwords instead of the configured local username/password when connecting by console/telnet/ssh. Here's the config that I think is relevant, sans password strings. Only real difference is that the new switches are running an IOS 15.2 build, the 3750 switches are running 12.4, and the 3560 is currently running 15.0 (pending an update).
enable secret 5 string
username Administrator privilege 15 secret 5 string
line con 0
password 7 string
login local
line vty 0 4
password 7 string
login local
length 0
line vty 5 15
password 7 string
login
length 0
Any way to correct this?
Thanks!usually you need "login local" under all the vty lines in order to authenticate locally unless you use ACS server for authentication.
HTH -
Enabling Password controls in the Default Profile
After sharing with customer metalink note 114930.1, customer has the following questions:
1. Will Oracle suggest enabling password controls in the profile "Default" that is created during the installation without those controls enabled?
2. Oracle accounts (SYS, SYSTEM etc.) are created with the default profile associated with them (at that time there are no manually created profiles). Does Oracle permit assigning other profiles (created after installation) to those most critical accounts
Any help/direction is much appreciatedHi,
1/ I don't know if Oracle would suggest that, but I would either enable password control if you have such a requirement, wherever you set it up, or don't touch anything if it's just to leave it disabled... I usually create specific profiles for the users and set up the limits according to the kind/type of users they are.
2/ Don't you have no test instance?
TEST> create profile p limit failed_login_attempts 5;
Profil cr�
TEST> alter user sys profile p;
Utilisateur modifi
TEST> alter user system profile p;
Utilisateur modifi
TEST> select username, profile from dba_users where username in ('SYS','SYSTEM');
USERNAME PROFILE
SYS P
SYSTEM PMy 2cp,
Yoann. -
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Issue:
Cisco firewalls require only one level of password i.e. the domain username and password are used for both logging in as well as reaching global configuration mode.
Background:
We have multiple Cisco network devices set up which authenticate to our Windows domain controller using NPS (Windows 2008 R2). The switches we have set up all function exactly as we would hope as they require your domain username and password to login to the device. They then require a separate password when you use the enable command, this is stored in Active Directory:
Switches:
Username:domain-username
Password:domain-password
SWITCH>enable
Password:enable-password-in-Active-Directory
SWITCH#
Firewalls (as they currently are):
Username:domain-username
Password:domain-password
FIREWALL>enable
Password:domain-password
FIREWALL #
With the firewalls however, they require your domain username and password first, and then your domain password again when using the enable command. I want the firewalls to use the enable level password that the switches currently use instead of the domain password again. The current configuration look like the following:
Current switch configuration:
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius enable
aaa authorization exec default group radius local
aaa session-id common
radius-server host 192.168.0.1 auth-port 1645 acct-port 1646
radius-server source-ports 1645-1646
radius-server key 7 1234abcd
Current firewall configuration:
aaa-server DC01 protocol radius
aaa-server DC01 (outside) host 192.168.0.1
aaa authentication ssh console DC01 LOCAL
aaa authentication enable console DC01 LOCAL
key 1234abcd
Any help would be great, thanks!Cisco ASA works that way by design. You could remove "aaa authentication enable" and then you could use the "enable password" command to set your enable password.
But if you do that, then ASA would change your username to "enable_15". That would break Authorization and Accounting if you're using them. Let me clarify with an example
Firewalls :
Username:domain-username
Password:domain-password
FIREWALL>show curpriv
Username : domain-username
Current privilege level : 1
Current Mode/s : P_UNPR
FIREWALL>enable
Password:enable-password-from-running-config
FIREWALL #show curpriv
Username : enable_15
Current privilege level : 15
Current Mode/s : P_PRIV
If you're using Authorization and Accounting it's recommended to stick with your current behavior. -
ACS 5.3 Showing Clear Text Password in Authorization reports
Hello,
When a tacacs user is changing the local password on the router (for local user), the acs 5.3 is showing the new password in clear text in authorization reports/logs.
This behaviour is seen on acs 5.x, whereas acs 4.2 is showing encrypted password in the reports.
I have checked debugs on Router and it is sending password in clear text in Tacacs Authorization packet but encrypted password in Tacacs Accounting logs.
Debug tacacs accounting
debug aaa accounting
4w3d: TPLUS: Received accounting response with status PASS
4w3d: TPLUS: Queuing AAA Accounting request 208 for processing
4w3d: TPLUS: processing accounting request id 208
4w3d: TPLUS: Sending AV task_id=459
4w3d: TPLUS: Sending AV timezone=UTC
4w3d: TPLUS: Sending AV service=shell
4w3d: TPLUS: Sending AV priv-lvl=15
4w3d: TPLUS: Sending AV cmd=username sansehga privilege 15 password *****
4w3d: TPLUS: Accounting request created for 208(sanjay)
debug tacas authorization
debug aaa authorization
4w3d: AAA/MEMORY: create_user (0x851611DC) user='sanjay' ruser='R1' ds0=0
port='tty7' rem_addr='10.76.212.159' authen_type=ASCII service=NONE priv=15
initial_task_id='0', vrf= (id=0)
4w3d: tty7 AAA/AUTHOR/CMD(1390711548): Port='tty7' list='' service=CMD
4w3d: AAA/AUTHOR/CMD: tty7(1390711548) user='sanjay'
4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV service=shell
4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd=username
4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd-arg=sansehga
4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd-arg=privilege
4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd-arg=15
4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd-arg=password
4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd-arg=sehgal
4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd-arg=<cr>
4w3d: tty7 AAA/AUTHOR/CMD(1390711548): found list "default"
4w3d: tty7 AAA/AUTHOR/CMD(1390711548): Method=tacacs+ (tacacs+)
4w3d: AAA/AUTHOR/TAC+: (1390711548): user=sanjay
4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV service=shell
4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd=username
4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd-arg=sansehga
4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd-arg=privilege
4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd-arg=15
4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd-arg=password
4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd-arg=sehgal
4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd-arg=<cr>
4w3d: AAA/AUTHOR (1390711548): Post authorization status = PASS_ADD
Please share if someone has found the fix to this problem.
Regards,
AkhtarThanks Tarik,
But it seems it did not help overall
Akhtar: Cisco needs long time to fix bugs unless it is P1 or P2 bug. Otherwise they'll do it at their leisure.
If you are not on latest patch already then upgrade. If you are already on the latest patch then wait for the next one. If your bug is not mentioned to be fixed on the resolved caveats don't panic. I've seen many bugs fixed but not mentioned in the release notes. What you need to do is to contact TAC so they contact the BU for your behalf to confirm if the bug is resolved or not.
Regards,
Amjad -
Resetting PIX 515E 'enable' password and/or Factory Reset
We have a PIX Firewall where the last user of the device had not changed the 'enable' password and username so we are locked out of the device. I did some research and found a password reset tool that was supposed to clear the 'enable' password on the device. I set up a TFTP with the 'np61.bin' file needed. I went into 'monitor>' mode, set the interface, address and server address and it pings with success. I pointed it at the file and sent the 'tftp' command. I saw it downloading and booting off the binary file and after letting it go for a little bit (I walked away for a little while and came back to my telnet prompt) I noticed it was stuck in a loop:
No bootable image in flash. Please download an image from a network server in the monitor mode
Failed to find an image to boot
Rebooting......
I downloaded a copy of the latest firmware, 'pix804-28.bin', and repeated the process used for the password reset file. After loading, I am greeted with my familiar prompt:
XXXX-XXX-Xx-Xx0-XX>
XXXX-XXX-Xx-Xx0-XX>enable
Username: pix
Password: pix
Username: pix
Password:
Username: cisco
Password: cisco
Access denied.
XXXX-XXX-Xx-Xx0-XX>
I then did a hard reset, and was stuck back in the loop I was in before, asking me to reflash a boot image. I now need to somehow load the IOS back onto the router (As it seems to just be booting from the TFTP server), and then after that still remove the enable password or somehow default the entire firewall to Factory Defaults. If anyone knows how to solve my issue or has any ideas for me to try, you help would be greatly appreciated, thanks!Still having trouble with this, has no one encountered this problem before?
-
Accounts getting disabled after enabling password expiration on BOXI R2 SP2
Hi All,
We have a strange issue with our production environment.After enabling password expiration on the enterprise some accounts got disabled,on further investigation I found that these users were either trying to log on to Designer or 2 tier Deski.
I made them login through the Infoview to fix the issue.These users were Universe deginer or report writers.
Any SuggestionsHi Tim,
These accounts are Enterprise accounts,according to the users they were not given a chance and they never got any prompt for the password change it was disabled directly at the first login.
These people were trying to logon using the Desginer or 2 Tier DESKI login and they are the members of the Administrtor Group also.
Is it important to logon to infoview or 3 tier DESKI to change your password?
I have no answer to give them why there accounts were disabled.
Please suggest
Thanks,
Arun -
Enable password recovery in cisco 2950 with AAA
Hello friends,
I need to reccover switch enable password, i have already configured AAA also, when i am tryig to follow below proceedure finally saying Authorization failed. how can i recover enable password,
Regards,
Haris
If I try to recover password like this description says
http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_see/configuration/guide/swtrbl.html#wp1090048
Step 1 Connect a terminal or PC with terminal-emulation software to the switch console port.
Step 2 Set the line speed on the emulation software to 9600 baud.
Step 3 Power off the switch. Reconnect the power cord to the switch and, within 15 seconds, press the Mode button while the System LED is still flashing green.
Base ethernet MAC Address: 00:0x:xx:xx:xx:xx
Xmodem file system is available.
The password-recovery mechanism is enabled.
The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
load_helper
boot
switch:
Step 4 switch: flash_init
Initializing Flash...
flashfs[0]: 600 files, 19 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32514048
flashfs[0]: Bytes used: 7713792
flashfs[0]: Bytes available: 24800256
flashfs[0]: flashfs fsck took 10 seconds.
...done Initializing Flash.
Boot Sector Filesystem (bs) installed, fsid: 3
Setting console baud rate to 9600...
Step5 switch:load_helper
Step6 switch: dir flash:
Directory of flash:/
2 -rwx 916 <date> vlan.dat
5 drwx 192 <date> c2960-lanbase-mz.122-25.SEE1
620 -rwx 5488 <date> config.text
621 -rwx 5 <date> private-config.text
24800256 bytes available (7713792 bytes used)
Step7 switch: rename flash:config.text flash:config.text.old
Step8 switch: boot
Loading "flash:c2960-lanbase-mz.122-25.SEE1/c2960-lanbase-mz.122-25.SEE1.bin"...
Initializing flashfs...
flashfs[1]: 600 files, 19 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32514048
flashfs[1]: Bytes used: 7713792
flashfs[1]: Bytes available: 24800256
flashfs[1]: flashfs fsck took 1 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
64K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:0x:xx:xx:xx:xx
Motherboard assembly number : xxxxxxxxxx
Power supply part number : xxxxxxxxxxx
Motherboard serial number : xxxxxxxxxxx
Power supply serial number : xxxxxxxxxxx
Model revision number : B0
Motherboard revision number : B0
Model number : WS-C2960G-24TC-L
System serial number : xxxxxxxxxxxx
Top Assembly Part Number : xxxxxxxxxxxx
Top Assembly Revision Number : B0
Version ID : V02
CLEI Code Number : xxxxxxxxxxxxx
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image
* 1 24 WS-C2960G-24TC-L 12.2(25)SEE1 C2960-LANBASE-M
Press RETURN to get started!
Step9 Hit <Enter>
Would you like to terminate autoinstall? [yes]: yes
Step10
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]no
Switch>
Step11 Switch> enable
Step12 Switch# rename flash:config.text.old flash:config.text
Destination filename [config.text]? <Enter>
Step13 Switch# copy flash:config.text system:running-config
Destination filename [running-config]?<Enter>
5488 bytes copied in 0.940 secs (5838 bytes/sec)
Step14 NewSwitchName#conf t
% Authorization failed.
Doesn't this procedure work any more ?The password recovery worked, but you copied your problematic config back to the switch. Skip Step 13 and paste only the working part of the config to the switch.
You can see your renamed config with "more flash:config.text.old". -
How to enable password request for restart and shutdown?
Hi,
I'm neither a Linux nor an Arch Linux newbie, but inexperienced regarding this particular issue.
I want to enable password request for restart and shutdown and want to know if I'm mistaken, because trial and error might become to time-consuming while working on a project.
I read https://wiki.archlinux.org/index.php/Al … o_shutdown.
$ ls -hAl /usr/bin/shutdown
lrwxrwxrwx 1 root root 9 Apr 22 03:02 /usr/bin/shutdown -> systemctl
If I try to run $ shutdown -hP 28 or $ shutdown -c nothings happens, I need to run $ sudo shutdown -hP 28 and $ sudo shutdown -c and type a password. That's the way I want it.
If I e.g. run $ shutdown -r now no password is needed. I want to disable this. It should behave the same way as shutdown -hP/-c behave. I want to type
$ sudo shutdown -r now or $ sudo systemctl reboot etc. and then the password should be required.
$ sudo grep -vn "#" /etc/sudoers | grep [[:blank:]]
72:root ALL=(ALL) ALL
73:rocketmouse ALL=(ALL) ALL
The user "rocketmouse" should have all permissions after typing a password, but not without typing the password.
IIUC what's written at https://wiki.archlinux.org/index.php/Polkit, I need to edit
$ pkaction | grep login
org.freedesktop.accounts.set-login-option
org.freedesktop.login1.attach-device
org.freedesktop.login1.flush-devices
org.freedesktop.login1.hibernate
org.freedesktop.login1.hibernate-ignore-inhibit
org.freedesktop.login1.hibernate-multiple-sessions
org.freedesktop.login1.inhibit-block-idle
org.freedesktop.login1.inhibit-block-shutdown
org.freedesktop.login1.inhibit-block-sleep
org.freedesktop.login1.inhibit-delay-shutdown
org.freedesktop.login1.inhibit-delay-sleep
org.freedesktop.login1.inhibit-handle-hibernate-key
org.freedesktop.login1.inhibit-handle-lid-switch
org.freedesktop.login1.inhibit-handle-power-key
org.freedesktop.login1.inhibit-handle-suspend-key
org.freedesktop.login1.power-off
org.freedesktop.login1.power-off-ignore-inhibit
org.freedesktop.login1.power-off-multiple-sessions
org.freedesktop.login1.reboot
org.freedesktop.login1.reboot-ignore-inhibit
org.freedesktop.login1.reboot-multiple-sessions
org.freedesktop.login1.set-user-linger
org.freedesktop.login1.suspend
org.freedesktop.login1.suspend-ignore-inhibit
org.freedesktop.login1.suspend-multiple-sessions
org.freedesktop.machine1.login
IOW I need to replace every yes and no etc. with auth_admin in $ grep -v lang /usr/share/polkit-1/actions/org.freedesktop.login1.policy.
Am I mistaken?
Regards,
RalfYou'll need to create a rules file which uses javascript.
https://wiki.archlinux.org/index.php/Po … tion_rules
// /etc/polkit-1/rules.d/10-admin-shutdown-reboot.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.login1.power-off" ||
action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
/*...SOME_MORE_IDS_HERE...*/
// return polkit.Result.AUTH_ADMIN_KEEP;
return polkit.Result.AUTH_SELF_KEEP;
Last edited by progandy (2015-06-21 17:42:35) -
How to Enable password saving in SAP Logon for Windows
how to Enable password saving in SAP Logon for Windows
Even though password saving, in SAP Logon for Windows is disabled by default, this can be enabled following the steps listed below:
Open the command prompt by navigating to Start → Run and by typing “cmd”.
Go to the \SAP\FrontEnd\SAPgui directory (in Program Files), through the command prompt.
Create the necessary value in Windows registry by typing: sapshcut -register An information message will appear.
Open the registry editor, in order to access Windows registry, by navigating to Start → Run and by typing “regedit”.
Go to the HKEY_CURRENT_USER\Software\SAP\SAPShortcut\Security registry key.
Change the value data of “EnablePassword“ from 0 to 1.
Close SAP Logon and open it again, in case it was open during the whole process. -
Cisco router 3800 hub .. enable password not configure
Dear All,
Please Help me what i do ?
When i m configured enable password by command Router(config)#enable password xyz
Then password is not set the same is in secret password
pls tell the problem and what the solution for that.Hi,
Not sure if I understand your question. If you assigned a password using "enable password xyz"
You can see the password if you issue "sh run" you can than change the password to whatever you want.
Maybe you can clarify what you are trying to do
HTH -
Hey,
I am trying to change the enable password on cisco ASA 5510. I run enable password <password>. I log off, and log back in with my username/password and type en, it asks for a password and enter the password that I just set but it does not work.
what am I missing?
ThanksAre you using the local user database or a TACACS or RADIUS server to authenticate?
If using a TACACS or RADIUS server enter your user password when you type enable. If that doesn't work disconnect the TACACS or RADIUS server and try to enter the enable password you created.
If using the local user database, are you sure that you are entering the password correctly? Perhaps you typed it incorrectly when creating it and accidentally put a space at the begining or end?
If non of the above work then you will need to perform a password recovery:
Reboot your ASA
Press the Esc key to enter ROMON mode when prompted
Change the configuration register value to 0x41 by using the command confreg 0x41
To tell the ASA to ignor the startup configuration issue the command confreg
Current Configuration Register: 0x00000041
Configuration Summary:
boot default image from Flash
ignore system configuration
Do you wish to change this configuration? y/n [n]: y
5. At the prompt enter Y
6. Accept all default values when prompted
7. Reload the ASA by enter the command boot
8. When prompted enter enable and leave the password blank
9. Issue the command copy start run
10. Enter configuration mode configure terminal
11. Enter the command no config-register (the value is returned to its default value of 0x1)
12. Save your configuration copy run start
Please remember to rate and select a correct answer
Maybe you are looking for
-
How to disable Time Machine from backing up to hard drive
Mountain Lion (OSX 10.8) will not install onto iMac (under OSX 10.7.4) because: "hard drive is Time Machime backup disk" error message. However, TM Preferences does not show the iMac HD as a TM backup Location Option - it only shows the LaCie Extern
-
Importing audio from a DVD?
My from has a concert dvd and two other formats that are dvd-audio. He wants to import them as just the audio file into itunes. Is this possible in itunes or with another application? Thanks in advance!
-
Assignment field being automatically populated in Vendor Credit Memo
Dears, While posting Vendor Credit Memo with Reference Invoice (field Inv.Ref under Payment tab) the Assignment field (field Assign. under Details tab) is being automatically populated with assignment value from the referenced invoice. Is there a way
-
Hi all, I want to develop a query based report that takes in a parameter and runs different queries based on the value of the parameter. How can I accomplish this? -Vatsa
-
BBP_ITEM_CHECK_BADI for Category check
Dear Experts, I have to implement further checks based on the category during contract, requisition and order creation and update. The badi I looked was BBP_ITEM_CHECK_BADI. The problem is that I couldnt find the way to get the data on line: there i