ACS Authentications via RSA or local database

Similar Messages

• Client Authentication via middle tier to database.

  Is it possible to pass through the Identity of the Real User
  to the database when using an Application Server that uses
  connection pooling to connect to the database.
  Note. The Application server is running EJBs that connect to the
  database using JDBC, with any driver type (eg OCI, thin).
  null

  Trevor,
  What type of OS is the app server running on? How is the user
  logging into the app? There are middleware packages that can
  map the currently logged in user to the database on a per-
  connection basis. Openlink provides a middle-tier security
  layer that dispatches a connection to the database based on a
  combination of factors (client app, client IP, username,
  servertype).
  HTH,
  Stephen
  Trevor (guest) wrote:
  : Is it possible to pass through the Identity of the Real User
  : to the database when using an Application Server that uses
  : connection pooling to connect to the database.
  : Note. The Application server is running EJBs that connect to
  the
  : database using JDBC, with any driver type (eg OCI, thin).
  null

• After upgrading ACS 3.3.1 to 4.2 on windows the local database is not working

  Hi,
  I have upgaded the ACS 3.3.1 for windows server to 4.2. Everything went fine but the local database is not working.
  The CD is an upgrade kit from 3.x to 4.2 on windows. I tried to install directly the 4.2 I was able to install but integration with AD/LDAp is not working. Anysay its an upgrade kit so I cant expect it shoud work when install drectly the 4.2 but by upgrading from 3.3 to 4.2 everything should work fine.
  I followed the upgradation path as recomended.
  Also we have a requirment that once it is upgraded to 4.2 we need to shift the whole thing from the physical server to a virtual machine on VMware ESX server 3.5.
  Can anybody pls guide me if anything else to do after the upgradation.
  Thanks & Regards
  Sachi

  Hi Javier,
  First of all I was facing a problem of restoring the old database of 3.3 to 4.2. Somehow I overcame that issue by following the below steps. Now local authentication is working fine but AD/other External database authentication is not working. As you told the setting for the unknown users are configured to fetch the credentials from the external database if it is not in the local database.
  Do we need to do anything in the AD itself?
  Regards
  Sachi
  Steps for ACS upgrade to 4.2 version
  Below are the requested steps mentioned for the up gradation from ACS 3.3.2 to ACS 4.2.
          1)     Take a configuration backup from existing ACS. ACS--->System
  configuration----> ACS Backup
  2)    now if you have  ACS 3.3.2 on server. take backup of the ACS
  3)   Insert the cd or if you have the set up on the system then  Run the setup of ACS 3.3.4. During the process it will prompt you to
  upgrade existing configuration. Make sure you check that option else we will
  loose the database. Now you need to hit next.next to finish the 3.3.4 upgrade.
  4)     Once you are at 3.3.4, take a backup and keep it handy.
  5)     Run the setup of 4.1.1. During this process it will prompt you to
  upgrade existing configuration. Make sure you check that option else we will
  loose the database. Now you need to hit next.next to finish the 4.1 upgrade.
  6)Once you are at 4.1.1.24 take a backup and keep it handy.
  7)     Run the setup of 4.2. During this process it will prompt you to
  upgrade existing configuration. Make sure you check that option else we will
  loose the database. Now you need to hit next.next to finish the 4.2 upgrade.
  8)     Once you are at 4.2 take a backup and keep it handy. Now run the
  patch 12 and take a backup again.
  9)     Now fresh install 4.2 on your new production server and install patch
  12. Restore the 4.2 patch 12 backup and you should be all set.

• AP Authentication via ACS.

  Hi All,
  Just a basic question regarding MAC based authenitcation of AP with ACS.
  The scenario is - If I have a ACS installed and I want all my Cisco 3502 APs to be authenticated on MAC basis via ACS. I know that AP mac is used as a username and password at ACS so that whenever we plugin the new AP in the network, it gets authenticated via ACS first and if the AP is authorised to be used in network then only it gets the IP address from DHCP.
  My question is - What will happen, if the AP is connected in local mode on a remote location and the WLC, ACS & DHCP are in Datacenter. The traffic coming from remote location will pass through the Remote-site router and during that pass, it will remove the source mac address of AP and put the router interface MAC address as source, so how will the ACS authenticate the AP in that case.
  When working in a LAN I know its possible, but how will it work over the WAN.
  Pls. suggest ASAP.
  Thanks in Advance.
  Regards
  Harish

  Harish:
  As you may know that traffic between WLC and APs is encapsulated in CAPWAP tunnel.
  The information insdie the CAPWAP should tell the WLC what MAC address the AP uses.
  CAPWAP RFC metniones that you can do AP authorization by two ways:
  - with certificates
  - with PSK.
  The standards does no imply what the PSK should be, however, Cisco seems to use it to be the mac address of the AP when the ap authorization is enabled. RFC recommends to use mac address of AP as PSK.
  2.4.4.4.  PSK Usage
     When DTLS uses PSK Ciphersuites, the ServerKeyExchange message MUST
     contain the "PSK identity hint" field and the ClientKeyExchange
     message MUST contain the "PSK identity" field.  These fields are used
     to help the WTP select the appropriate PSK for use with the AC, and
     then indicate to the AC which key is being used.  When PSKs are
     provisioned to WTPs and ACs, both the PSK Hint and PSK Identity for
     the key MUST be specified.
     The PSK Hint SHOULD uniquely identify the AC and the PSK Identity
     SHOULD uniquely identify the WTP.  It is RECOMMENDED that these hints
     and identities be the ASCII HEX-formatted MAC addresses of the
     respective devices, since each pairwise combination of WTP and AC
     SHOULD have a unique PSK.  The PSK Hint and Identity SHOULD be
     sufficient to perform authorization, as simply having knowledge of a
     PSK does not necessarily imply authorization.
     If a single PSK is being used for multiple devices on a CAPWAP
     network, which is NOT RECOMMENDED, the PSK Hint and Identity can no
     longer be a MAC address, so appropriate hints and identities SHOULD
     be selected to identify the group of devices to which the PSK is
     provisioned
  you may spend more time reading the CAPWAP RFC if you are interested
  CAPWAP RFC: http://www.ietf.org/rfc/rfc5415.txt
  Hope this answers your concern.
  Amjad

• ACS 3.3, RSA Authentication Manager, Win2k3 AD

  What is the best practice for implementing cisco ACS 3.3, RSA, Win2k3 AD.
  We want to use these combo to authenticate our Remote access client. Our VPN/Firewall box is a ASA5540.
  Thx

  Hi
  You basically have 2 posibilities:
  Posibility 1:
  Use the ACS as the Central AAA Server and integrate all other Authentication-Servers with the ACS.
  The ACS Supports different Token Servers / AD / RADIUS Server directly.
  This is very smooth, you use the ACS to control all Authentication Request from your Network devices , TACACS+ or RADIUS.
  There is some limitations'thoug: ACS only supports One AD Domain and no Trusts ... this can be painful..
  Poisibility2:
  Use The ACS as a RADIUS proxy-Server.
  There are no "direct intagration" with the other Radius Servers - such as the ACE or the different ISA-Servers, but still alll client can use the ACS as their "AAA Radius Server".
  This requires separate configuration of all RADIUS servers, but it overcomes the limitation of the ACS Support of Microsoft TRUSTS.
  It is possible to use a mixture of both Cenarios, and you could use things like the domain-suffix (everything behind @ in [email protected]) to deside wich RADIUS server should do the Authentication.
  Hope This Helps
  Greetings
  Jarle

• VCS Local database Authentication

  Hi Everyone,
  As my subject above,
  I want to set my VCS Expressway's Authentication to use Local Database,
  So all user (either H323 and SIP) must have valid username and password to do registration with my VCS Expressway,
  In Cisco's guide Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-0 said that I must go to VCS configuration > Authentication > Devices > Configuration and change Database Type to Local Database,
  But the problem is I can not find this menu in my VCS Expressway,
  Attached screen capture from my VCS Expressway.
  How can I set the Database Type if I can not find this important menu?
  My VCS Expressway software is x7.2.2. 
  Please advise :(
  regards,
  Thanks,
  Ovindo

  Hello Ovindo -
  Because you're running a VCS with X7.2.2 software, and using an guide that's meant for X7.0, what you're looking for has changed since that guide.
  Please take a look at the X7.2.2 release notes on page 10, "Device Authentication".
  You should be using this device authentication guide for your version of VCS software.

• HTTP authentication via ACS TACACS+.

  Hi.
  I configure a router for tacacs+ access and the console and CLI work fine.
  HTTP access continually prompts for password and I can never gain access via web.
  I have tried the various cli combinations of IP HTTP AUTHENTICATION, but still does not seem to work with tacacs+.
  Debug authentication and authorization are ok (PASS)!
  Any suggestions??
  Thanks.
  Andrea.

  Hi Andrea,
  Make sure that you have privilege level 15, for your account, as telnet can work without it, but for http its a must.
  You can configure it for Group, under whihc you have your user account or per user basis too.
  Select group > Edit Settings > TACACS+ section
  Check "Shell" and "Privilege level" and in box in front of privilege level, put number "15".
  Also if you have configured enable authentication via TACACS+ ,amake sure under your user account you have selected "Use CiscoSecure..." option under TACACS+ enable password if you have your account configured on ACS, of select other as appropriate.
  Let me know if it helps :)
  I suppose you have "ip http authentiaction aaa" command configured.

• WSUS Database SUSDB authentication via SQL

  1) Just setup your frontend IIS and backend MSSQL server as described in Appendix C. http://www.microsoft...f7ad0cd638.mspx
  2) Create a SQL user, for example susdbuser and give it dbowner rights to the SUSDB database
  3) Setup the registry on the frontend iis server:
  Key: HKLM\Software\Microsoft\Update Services\Server\Setup
  Values:
  SqlAuthenticationMode SqlAuthentication (mind the case)
  SqlServerName <your sqlservername>
  SqlDatabaseName SUSDB
  SqlUserName <your sql-account>
  SqlEncryptedPassword <see below>
  4)
  compile it yourself, the source is below to C:\Program Files\Update Services\service\bin and run it
  from the commandline to determine your encryption string. Just run the program and give the "clear text" password as an argument and it will return an encrypted string. Paste the output in the SqlEncryptedPassword registry value.
  You need to run it in the mentioned directory, else you'll get an error...it needs a dll from that dir.
  5) Reset IIS (iisreset) and the "Windows Updates Services" service, and things should work !
  using System;
  using Microsoft.UpdateServices.Internal;
  // For compile add microsoft.updateservices.utils.dll to References from "C:\Program Files\Update Services\service\bin"
  namespace WsusEncryptString
      /// <summary>
      /// Summary description for Class1.
      /// </summary>
      class Class1
          /// <summary>
          /// The main entry point for the application.
          /// </summary>
          [STAThread]
          static void Main(string[] args)
              try
                  int c = args.Length;
                  if (c > 0)
                      System.Security.SecureString secureStringPwd = EncryptionUtilities.StringToSecureString(args[0]);
                      string resultEncryptPwd = EncryptionUtilities.Encrypt(secureStringPwd);
                      Console.WriteLine(resultEncryptPwd.ToString());
                  else throw new Exception("Need one argument!");
              catch (Exception e)
                  Console.WriteLine(e.Message);
  Ganapathy

  In some case we have to use SQL Authentication instead of Windows Authentication
  SQL Authentication is NOT supported for use with WSUS (for very good authentication reasons, never mind the *security* reasons).
  This scenario is useful if WSUS is in DMZ(within firewall) & SQL is in NON-DMZ environment (behind firewall).
  This configuration is totally unnecessary for this scenario. Furthermore, I would argue that a WSUS server in a DMZ ought to have a LOCAL database and thus completely ignore this entire consideration.
  The only thing that is *required* to support access to the remote SQL inside the firewall is that the WSUS server in the DMZ and the SQL Server inside the firewall belong to the same Active Directory Domain, and that's actually required even if there isn't
  a firewall between the two servers!
  So, if they're both members of the same domain (required), ALL authentication can be done with domain accounts, completely eliminating the need for SQL Authentication.
  But thanks for sharing yet another way for somebody to screw up their WSUS installation. :-)
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• ACS Authentication in another (trusted) domain bij ACS Agent

  Hi
  I have got two domains. Domain A is top level domain. Domain B is Child domain from Domain A.
  The ACS Agents are installed on two DC's in Domain A.
  Authentication of clients in Domain A is ok.
  Authentication of clients in Domain B is a problem.
  I created a Universal Group in Domain A. In this Universal Group, I put a Global User Group from Domain B. Authentication not ok.
  The ACS "Failed Authentication Log": sais: "External DB account Restriction".
  What is the problem here ?
  Gr.
  Remco

  Windows Group Mapping Limitations
  ACS has the following limits on group mapping for users who are authenticated by a Windows user database:
  •ACS can only support group mapping for users who belong to 500 or fewer Windows groups.
  •ACS can only perform group mapping by using the local and global groups to which a user belongs in the domain that authenticated the user. You cannot use group membership in domains that the authenticated domain trusts that is for ACS group mapping. This restriction is not removed by adding a remote group to a group that is local to the domain providing the authentication.
  What does the second bullet actually mean ?
  Is it not allowed to make a domain local group in Domain A (in which the Remote Agents are) that contains users (not groups) from Domain B ?
  Do you have to connect to Domain B in ACS (seen due to Trust relationship) and create a group mapping directly in Domain B ?

• ASA- ACS authentication

  I have an ASA, an ACS appliance, Active Directory, and RSA securID. SSL users should only authenticate with AD, while IPSec users should only authenticate with RSA. Not yet using anyconnect.
  here is my scenario:
  ACS -- AD - Dynamic users are created in ACS when authenticated with their AD domain login/password
  ACS -- AD - AD Group mapping to put user in the correct ACS group
  ASA SSL - matches username in ACS group to display customized SSL bookmarks
  all looks good
  ACS -- RSA - static users in ACS assigned to RSA group in ACS configured for authentication with external RSA DB
  ASA IPSec - Authenticates with ACS
  Question: How does the ASA or ACS know to authenticate IPSec users ONLY via RSA and SSL users only via AD?
  What do I have to do to not allow a windows user to simply enter their AD login/password into thei IPSec client and login. I could see this become common with users who dont have their keyfob handy or forget to use it.
  Thanks!

  You need to look at NAP feature in acs,
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/NAPs.html#wp1128143
  A NAP, also known as a profile, is essentially a classification of network-access requests for applying a common policy. You can use NAPs to aggregate all policies that should be activated for a certain location in the network. Alternatively, you can aggregate all policies that handle the same device type, for example, VPNs or Access Points (APs).
  Regards,
  ~JG
  Do rate helpful posts

• Same user in tacacs and local database with different privilege

  Hi there,
  i am just not sure if this is correct behavior.
  i am running NX-OS image n5000-uk9.5.1.3.N1.1.bin on the nexus 5020 platform.
  i have configured authorization with tacacs+ on ACS server version 5.2 with fall back to switch local database.
  aaa authentication login default group ACS
  aaa authorization commands default group ACS local
  aaa accounting default group ACS
  a user test with priv 15 is craeted on ACS server, password test2
  everything works fine, until i create the same username on the local database with privilege 0. ( it doesnt matter if the user in local database was created before user in ACS or after )
  e.g.:  
  username test password test1 role priv-0   (note passwords are different for users in both databases)
  after i create the same user in local database with privilege 0,
  if i try to connect to the switch with this username test and password defined on ACS,  i get only privilege 0 authorization, regardless, that ACS server is up and it should be primary way to authenticate and authorizate the user.
  is this normal?
  thank you for help...

  Hello.
  Privileges are used with traditional IOS. Privileges are part of "command authorization". Other operating systems (like IOS-XR, Nexus OS , Juniper JunOS) use "role-based authorization" instead of "command authorization".
  So traditional IOS can use the "privilege" attribute but other operating systems can not.
  Although IOS-XR, Nexus, ACE, Juniper  have "roled-based authorization" feature, every single one of them use their particular attributes.
  When I was configuring TACACS with ACE, Juniper and other devices I had to capture the packets to find out what were the particular attributes of ACE, what were the particular attributes of JunOS, etc, etc and to search deeply some hints the documentation , because sadly  documentation is not very good when talking about TACACS details.
  If you find which attributes to use, and what values to assign to the attributes then you can go to ACS and configure a "Shell Profile".
  Now back to Nexus 5000. It seems this particular device has the option to mix "role-based" with "command authorization" by overriding the default roles with other roles which names are called "priv". It seems this was an effort to try to map the old concept of "privileges" to the new concept of "roles". Although you see the word "priv", it's just the name of the role. My particular point of view is that this complicates the whole thing. I would recommend to use just the default roles, or customize some of them (only if needed), but not to use "command authorization".
  http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/security/502_n1_1/Cisco_n5k_security_config_gd_rel_502_n1_1_chapter5.html
  I will search the particular attributes Nexus use to talk to TACACS server. If I got them I will post them here.
  Please rate if it helps

• Error while importing a dump file in my local database

  Hi,
  I have a dump file named *"system_21Sep2010_DVSD.DMP"* which i'm trying to import in my local database named *"nandita1"*.
  The dump file is found under the following path *"C:\DevSuiteHome_1\BIN"* and i executed the following command for importing the dump file:
  C:\DevSuiteHome_1\BIN>imp system/system@nandita1 FILE=system_21Sep2010_DVSD.DMP FULL=YES
  I'm getting the following error while importing the dump file:
  Import: Release 10.1.0.4.2 - Production on Wed Oct 6 16:25:37 2010
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Produc
  tion
  With the Partitioning, OLAP and Data Mining options
  Export file created by EXPORT:V10.01.00 via conventional path
  import done in WE8MSWIN1252 character set and AL16UTF16 NCHAR character set
  IMP-00015: following statement failed because the object already exists:
  "CREATE UNDO TABLESPACE "UNDOTBS1" BLOCKSIZE 8192 DATAFILE '/oradata_dev/DV"
  "SD/undotbs01.dbf' SIZE 104857600 AUTOEXTEND ON NEXT 5242880 MAXSIZE "
  "32767M EXTENT MANAGEMENT LOCAL "
  IMP-00015: following statement failed because the object already exists:
  "CREATE TABLESPACE "SYSAUX" BLOCKSIZE 8192 DATAFILE '/oradata_dev/DVSD/sysa"
  "ux01.dbf' SIZE 367001600 AUTOEXTEND ON NEXT 10485760 MAXSIZE 32767M "
  "EXTENT MANAGEMENT LOCAL AUTOALLOCATE ONLINE PERMANENT SEGMENT SPACE MANA"
  "GEMENT AUTO"
  IMP-00015: following statement failed because the object already exists:
  "CREATE TEMPORARY TABLESPACE "TEMP" BLOCKSIZE 8192 TEMPFILE '/oradata_dev/D"
  "VSD/temp01.dbf' SIZE 20971520 AUTOEXTEND ON NEXT 655360 MAXSIZE 3276"
  "7M EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1048576"
  IMP-00015: following statement failed because the object already exists:
  "CREATE TABLESPACE "USERS" BLOCKSIZE 8192 DATAFILE '/oradata_dev/DVSD/users"
  "01.dbf' SIZE 5242880 AUTOEXTEND ON NEXT 1310720 MAXSIZE 32767M EXTEN"
  "T MANAGEMENT LOCAL AUTOALLOCATE ONLINE PERMANENT SEGMENT SPACE MANAGEMEN"
  "T AUTO"
  IMP-00015: following statement failed because the object already exists:
  "CREATE TABLESPACE "XX_DATA" BLOCKSIZE 8192 DATAFILE '/oradata_dev/DVSD/XX_"
  "DATA01.dbf' SIZE 140509184 AUTOEXTEND ON NEXT 1048576 MAXSIZE 32767M"
  " EXTENT MANAGEMENT LOCAL AUTOALLOCATE ONLINE PERMANENT "
  IMP-00015: following statement failed because the object already exists:
  "CREATE TABLESPACE "XX_INDEX" BLOCKSIZE 8192 DATAFILE '/oradata_dev/DVSD/XX"
  "_INDEX.dbf' SIZE 93323264 AUTOEXTEND ON NEXT 1048576 MAXSIZE 32767M "
  "EXTENT MANAGEMENT LOCAL AUTOALLOCATE ONLINE PERMANENT "
  IMP-00015: following statement failed because the object already exists:
  "CREATE PROFILE "MONITORING_PROFILE" LIMIT COMPOSITE_LIMIT DEFAULT SESSIONS_"
  "PER_USER DEFAULT CPU_PER_SESSION DEFAULT CPU_PER_CALL DEFAULT LOGICAL_READS"
  "_PER_SESSION DEFAULT LOGICAL_READS_PER_CALL DEFAULT IDLE_TIME DEFAULT CONNE"
  "CT_TIME DEFAULT PRIVATE_SGA DEFAULT FAILED_LOGIN_ATTEMPTS UNLIMITED PASSWOR"
  "D_LIFE_TIME DEFAULT PASSWORD_REUSE_TIME DEFAULT PASSWORD_REUSE_MAX DEFAULT "
  "PASSWORD_LOCK_TIME DEFAULT PASSWORD_GRACE_TIME DEFAULT"
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "OUTLN" IDENTIFIED BY VALUES '4A3BA55E08595C81' TEMPORARY TABLE"
  "SPACE "TEMP" PASSWORD EXPIRE ACCOUNT LOCK"
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "TSMSYS" IDENTIFIED BY VALUES '3DF26A8B17D0F29F' DEFAULT TABLES"
  "PACE "USERS" TEMPORARY TABLESPACE "TEMP" PASSWORD EXPIRE ACCOUNT LOCK"
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "ANONYMOUS" IDENTIFIED BY VALUES 'anonymous' DEFAULT TABLESPACE"
  " "SYSAUX" TEMPORARY TABLESPACE "TEMP" PASSWORD EXPIRE ACCOUNT LOCK"
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "OLAPSYS" IDENTIFIED BY VALUES '3FB8EF9DB538647C' DEFAULT TABLE"
  "SPACE "SYSAUX" TEMPORARY TABLESPACE "TEMP" PASSWORD EXPIRE ACCOUNT LOCK"
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "MDDATA" IDENTIFIED BY VALUES 'DF02A496267DEE66' DEFAULT TABLES"
  "PACE "USERS" TEMPORARY TABLESPACE "TEMP" PASSWORD EXPIRE ACCOUNT LOCK"
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "SYSMAN" IDENTIFIED BY VALUES '28F72A3C2D75FDE9' DEFAULT TABLES"
  "PACE "SYSAUX" TEMPORARY TABLESPACE "TEMP""
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "MGMT_VIEW" IDENTIFIED BY VALUES '442167C25FAC883C' TEMPORARY T"
  "ABLESPACE "TEMP""
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "SCOTT" IDENTIFIED BY VALUES 'F894844C34402B67' DEFAULT TABLESP"
  "ACE "USERS" TEMPORARY TABLESPACE "TEMP" PASSWORD EXPIRE ACCOUNT LOCK"
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "BUXXDDWA" IDENTIFIED BY VALUES '2672292A792DB64B' DEFAULT TABL"
  "ESPACE "XX_DATA" TEMPORARY TABLESPACE "TEMP""
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "XXDDWA" IDENTIFIED BY VALUES 'F5C178B2796496F4' DEFAULT TABLES"
  "PACE "XX_INDEX" TEMPORARY TABLESPACE "TEMP""
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "BUXXDDWS" IDENTIFIED BY VALUES '06D47E0665132890' DEFAULT TABL"
  "ESPACE "XX_DATA" TEMPORARY TABLESPACE "TEMP""
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "BUXXSUC" IDENTIFIED BY VALUES '1705C688518ADCDC' DEFAULT TABLE"
  "SPACE "XX_DATA" TEMPORARY TABLESPACE "TEMP""
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "JIRAUSER" IDENTIFIED BY VALUES 'F0E1C662FCD1E09F' DEFAULT TABL"
  "ESPACE "XX_DATA" TEMPORARY TABLESPACE "TEMP""
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "XXSFA" IDENTIFIED BY VALUES 'C3DFA37A29E072B6' DEFAULT TABLESP"
  "ACE "XX_INDEX" TEMPORARY TABLESPACE "TEMP""
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "XXDDW" IDENTIFIED BY VALUES 'CFF3D9B1B6C20DCC' DEFAULT TABLESP"
  "ACE "XX_DATA" TEMPORARY TABLESPACE "TEMP""
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "XXDDWS" IDENTIFIED BY VALUES '9EF0EE1BAC5855C4' DEFAULT TABLES"
  "PACE "XX_DATA" TEMPORARY TABLESPACE "TEMP""
  IMP-00015: following statement failed because the object already exists:
  "CREATE USER "XXSUC" IDENTIFIED BY VALUES '39594B53A6F1CED0' DEFAULT TABLESP"
  "ACE "XX_INDEX" TEMPORARY TABLESPACE "TEMP""
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "SELECT_CATALOG_ROLE""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "SELECT_CATALOG_ROLE" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "EXECUTE_CATALOG_ROLE""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "EXECUTE_CATALOG_ROLE" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "DELETE_CATALOG_ROLE""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "DELETE_CATALOG_ROLE" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "RECOVERY_CATALOG_OWNER""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "RECOVERY_CATALOG_OWNER" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "GATHER_SYSTEM_STATISTICS""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "GATHER_SYSTEM_STATISTICS" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "LOGSTDBY_ADMINISTRATOR""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "LOGSTDBY_ADMINISTRATOR" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "AQ_ADMINISTRATOR_ROLE""
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "AQ_USER_ROLE""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "AQ_USER_ROLE" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "GLOBAL_AQ_USER_ROLE" IDENTIFIED GLOBALLY "
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "SCHEDULER_ADMIN""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "SCHEDULER_ADMIN" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "HS_ADMIN_ROLE""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "HS_ADMIN_ROLE" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "AUTHENTICATEDUSER""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "AUTHENTICATEDUSER" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "OEM_ADVISOR""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "OEM_ADVISOR" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "OEM_MONITOR""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "OEM_MONITOR" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "WM_ADMIN_ROLE""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "WM_ADMIN_ROLE" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "JAVAUSERPRIV""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "JAVAUSERPRIV" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "JAVAIDPRIV""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "JAVAIDPRIV" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "JAVASYSPRIV""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "JAVASYSPRIV" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "JAVADEBUGPRIV""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "JAVADEBUGPRIV" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "EJBCLIENT""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "EJBCLIENT" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "JAVA_ADMIN""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "JAVA_ADMIN" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "JAVA_DEPLOY""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "JAVA_DEPLOY" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "CTXAPP""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "CTXAPP" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "XDBADMIN""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "XDBADMIN" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "XDBWEBSERVICES""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "XDBWEBSERVICES" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "OLAP_DBA""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "OLAP_DBA" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "OLAP_USER""
  IMP-00015: following statement failed because the object already exists:
  "REVOKE "OLAP_USER" FROM SYSTEM"
  IMP-00015: following statement failed because the object already exists:
  "CREATE ROLE "MGMT_USER""
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "MVIEW$_ADVSEQ_GENERIC" MINVALUE 1 MAXVALUE 4294967295 INCR"
  "EMENT BY 1 START WITH 1 CACHE 50 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "MVIEW$_ADVSEQ_ID" MINVALUE 1 MAXVALUE 4294967295 INCREMENT"
  " BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "LOGMNR_EVOLVE_SEQ$" MINVALUE 1 MAXVALUE 999999999999999999"
  "999999999 INCREMENT BY 1 START WITH 1 CACHE 20 ORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "LOGMNR_SEQ$" MINVALUE 1 MAXVALUE 9999999999999999999999999"
  "99 INCREMENT BY 1 START WITH 1 CACHE 20 ORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "LOGMNR_UIDS$" MINVALUE 1 MAXVALUE 999999999999999999999999"
  "999 INCREMENT BY 1 START WITH 100 CACHE 20 ORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT$_FLAVORS_S" MINVALUE -2147483647 MAXVALUE 214748364"
  "7 INCREMENT BY 1 START WITH 1 NOCACHE NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT$_FLAVOR_NAME_S" MINVALUE 1 MAXVALUE 999999999999999"
  "999999999999 INCREMENT BY 1 START WITH 1 NOCACHE NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT$_REPPROP_KEY" MINVALUE 1 MAXVALUE 99999999999999999"
  "9999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT_LOG_SEQUENCE" MINVALUE 1 MAXVALUE 99999999999999999"
  "9999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT$_REFRESH_TEMPLATES_S" MINVALUE 1 MAXVALUE 999999999"
  "999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT$_USER_AUTHORIZATIONS_S" MINVALUE 1 MAXVALUE 9999999"
  "99999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT$_TEMPLATE_REFGROUPS_S" MINVALUE 1 MAXVALUE 99999999"
  "9999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT$_TEMPLATE_OBJECTS_S" MINVALUE 1 MAXVALUE 9999999999"
  "99999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT$_TEMPLATE_PARMS_S" MINVALUE 1 MAXVALUE 999999999999"
  "999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT$_USER_PARM_VALUES_S" MINVALUE 1 MAXVALUE 9999999999"
  "99999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT$_TEMPLATE_SITES_S" MINVALUE 1 MAXVALUE 999999999999"
  "999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT$_TEMP_OUTPUT_S" MINVALUE 1 MAXVALUE 999999999999999"
  "999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT$_RUNTIME_PARMS_S" MINVALUE 1 MAXVALUE 9999999999999"
  "99999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "TEMPLATE$_TARGETS_S" MINVALUE 1 MAXVALUE 99999999999999999"
  "9999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "REPCAT$_EXCEPTIONS_S" MINVALUE 1 MAXVALUE 9999999999999999"
  "99999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE"
  . importing OLAPSYS's objects into OLAPSYS
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "OLAP_ID_SEQ" MINVALUE 1 MAXVALUE 9999999999999999999999999"
  "99 INCREMENT BY 1 START WITH 122 NOCACHE NOORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "OLAP_IRID" MINVALUE 1 MAXVALUE 999999999999999999999999999"
  " INCREMENT BY 1 START WITH 24 NOCACHE ORDER NOCYCLE"
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "CWM2_OLAP_ENABLESEQ" MINVALUE 1 MAXVALUE 9999 INCREMENT BY"
  " 1 START WITH 1 NOCACHE ORDER CYCLE"
  I've been waiting for hours, but still it is blocked at the same place, that is:
  IMP-00015: following statement failed because the object already exists:
  "CREATE SEQUENCE "CWM2_OLAP_ENABLESEQ" MINVALUE 1 MAXVALUE 9999 INCREMENT BY"
  " 1 START WITH 1 NOCACHE ORDER CYCLE"
  I've tried recreating the database, but still the error is the same.
  I've tried including the ignore=Y, that is:
  C:\DevSuiteHome_1\BIN>imp system/system@nandita1 FILE=system_21Sep2010_DVSD.DMP
  FULL=YES IGNORE=YES
  The error generated is as displayed below:
  Import: Release 10.1.0.4.2 - Production on Wed Oct 6 16:34:04 2010
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Produc
  tion
  With the Partitioning, OLAP and Data Mining options
  Export file created by EXPORT:V10.01.00 via conventional path
  import done in WE8MSWIN1252 character set and AL16UTF16 NCHAR character set
  . importing OLAPSYS's objects into OLAPSYS
  Over here also, i had to kill the process since it was blocked at the following statement: ". importing OLAPSYS's objects into OLAPSYS"
  Please can someone help me out.
  Thanking in advanced

  plzzzzzzzzzzzzzzzzz.............sme1 help me out

• Problem installing oracle 8.1.5 as local database, Help me!

  Hello, my friends!
  I've been having problems with the connection to oracle 8.1.5 via ODBC. Does Exist any way to install a protocol that no requieres a net like TCP, SPX. I have a pc in my house and I'm not in a networking, so when i configure a tnsnames it requieres a protocol, and it shows: TCP, SPX, IPC, named pipes, which of them are for a Local PC, because i configured a tnsnames with TCP protocol and the connection via ODBC shows the message: 'Server rejected the connection'. My application and the database are in the same PC, so i'm accesing via ODBC to the database locally.
  so, i'd appreciate any help, please, any comments send me an email to : [email protected]
  Aldemar cuartas
  Colombia

  hi,
  Please confirm that your media(oracle 8.1) is for Intel Solaris or for Sun Sparc (RISC).
  bye
  [email protected]

• ODBC in a local database not connects by IPC/TCP. Oracle 8.1.5 or 8.1.7

  Hello, my friends!
  I've been having problems with the connection to oracle 8.1.5 via ODBC.I configure a tnsnames and it requieres a protocol: TCP, SPX, IPC, named pipes. I started using
  tnsnames with TCP protocol and the connection via ODBC shows the message: 'Server rejected the connection'. My application and the database are in the same PC, so i'm accesing via ODBC to the database locally. Then i tried configuring IPC protocol and then i tested by ODBC test and it showed me a message: ERROR: native error: 12560, TNS: protocol adapter error.
  my intention it's to access oracle by ODBC, both the application and the database are in the same PC, i have not network.
  so, i'd appreciate any help, please, any comments send me an email to :
  [email protected]

  Hi, Yes! i can connect by SQL*Plus and it works well, but the problem it's because i have the database and my application in the same PC, so I need to connect in local mode. I couldn4t do it by IPC, it shows the message: Protocol Error, using TCP it shows me the message: TNS: 12154 - No listener
  thanks

• Synchronizing local database and server database

  Hi,
  I am working on an application where users store information on their laptops in a local database. Once a day, synchronizing has to take place with the server database. The clients will send their mutated data to the server and the server will send its mutated data, e.g. changed item file.
  The choice of database is Mysql for the laptop, and server resides on AS400, so DB2 is the platform.
  I am wondering what techniques could be used to accomplish this. Should it be done by sql or via text files? Through a socket or something else?
  Does anyone have an idea what the best approach is for this matter?
  And if possible, some sample code would be very much appreciated.
  Thanks in advance.

  Hi,
  There are numerous solutions to this. I have worked on a similar project a couple of years ago. The plan is as follows:
  1. A java client is run on the laptop (user) which connects to the remote server on calls a procedure passing the localdata as the parameter.
  2. the server parses the local data and updates itself and returns the updated data to the client.
  The main considerations:
  1. Connectivity: Connecting via internet to the server tunnelling through firewall or VPN ( I have no adequate knowledge on this).
  2. The amount of data transfer. I was working on relatively less transactional data and hence the connection thru a dial up was not a problem.
  3. The frequency of this operation. TO me it was once a day process, and hence I scheduled it during vee hours when the network was relatively free.
  This is all my thoughts about the scenario. Any comments and suggestions are welcome.
  Cheers,
  Sekar