Configuring AAA to include local auth for Console connections
Recently realized, during a maintenance window, that my AAA configurations are not set to use local authentication if the AAA server is unavailable. Could use a little help in making sure I have the correct setup. Below is what I have configured today:
aaa new-model
aaa authentication login default group tacacs+
aaa authentication enable default group tacacs+
aaa authorization auth-proxy default group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
tacacs-server host x.x.x.x
tacacs-server timeout 120
tacacs-server directed-request
tacacs-server key <key>
Would I add that as a separate line, or to the current one? Examples:
aaa new-model
aaa authentication login default group tacacs+
aaa authentication enable default group tacacs+
aaa authorization auth-proxy default group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa authorization console
OR
aaa new-model
aaa authentication login default group tacacs+
aaa authentication enable default group tacacs+
aaa authorization auth-proxy default group tacacs+ console
aaa accounting commands 15 default start-stop group tacacs+
Similar Messages
-
Help with configuring AP-1240AG as local authenticator for EAP-FAST client
Hi,
I am trying to configure an AP-1240AG as a local authenticator for a Windows XP client with no success. Here is a part of the AP configuration:
dot11 lab_test
authentication open eap eap_methods
authentication network-eap eap_methods
guest-mode
infrastructure-ssid
radius-server local
eapfast authority id 0102030405060708090A0B0C0D0E0F10
eapfast authority info lab
eapfast server-key primary 7 211C7F85F2A6056FB6DC70BE66090DE351
user georges nthash 7 115C41544E4A535E2072797D096466723124425253707D0901755A5B3A370F7A05
Here is the Windows XP client configuration:
Authentication: Open
Encrpytion WEP
Disable Cisco ccxV4 improvements
username: georges
password: georges
Results: The show radius local-server statistics does not show any activity for the user georges and the debug messages are showing the following:
*Mar 4 01:15:58.887: %DOT11-7-AUTH_FAILED: Station 0016.6f68.b13b Authentication failed
*Mar 4 01:16:28.914: %DOT11-7-AUTH_FAILED: Station 0016.6f68.b13b Authentication failed
*Mar 4 01:16:56.700: RADIUS/ENCODE(00001F5C):Orig. component type = DOT11
*Mar 4 01:16:56.701: RADIUS: AAA Unsupported Attr: ssid [263] 19
*Mar 4 01:16:56.701: RADIUS: [lab_test]
*Mar 4 01:16:56.701: RADIUS: 65 [e]
*Mar 4 01:16:56.701: RADIUS: AAA Unsupported Attr: interface [156] 4
*Mar 4 01:16:56.701: RADIUS: 38 32 [82]
*Mar 4 01:16:56.701: RADIUS(00001F5C): Storing nasport 8275 in rad_db
*Mar 4 01:16:56.702: RADIUS(00001F5C): Config NAS IP: 10.5.104.22
*Mar 4 01:16:56.702: RADIUS/ENCODE(00001F5C): acct_session_id: 8026
*Mar 4 01:16:56.702: RADIUS(00001F5C): sending
*Mar 4 01:16:56.702: RADIUS/DECODE: parse response no app start; FAIL
*Mar 4 01:16:56.702: RADIUS/DECODE: parse response; FAIL
It seems that the radius packet that the AP receive is not what is expected. Do not know if the problem is with the client or with the AP configuration. Try many things but running out of ideas. Any suggestions would be welcome
ThanksHi Stephen,
I do not want to create a workgroup bridge, just want to have the wireless radio bridge with the Ethernet port. I will remove the infrastructure command.
Thanks for your help
Stephane
Here is the complete configuration:
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Lab
ip subnet-zero
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 lab_test
authentication open eap eap_methods
authentication network-eap eap_methods
guest-mode
infrastructure-ssid
power inline negotiation prestandard source
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
ssid lab_test
traffic-metrics aggregate-report
speed basic-54.0
no power client local
channel 2462
station-role root
antenna receive right
antenna transmit right
no dot11 extension aironet
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
dfs band 3 block
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel dfs
station-role root
no dot11 extension aironet
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
interface BVI1
ip address 10.5.104.22 255.255.255.0
ip default-gateway 10.5.104.254
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server local
eapfast authority id 000102030405060708090A0B0C0D0E0F
eapfast authority info LAB
eapfast server-key primary 7 C7AC67E296DF3437EB018F73BE00D822B8
user georges nthash 7 14424A5A555C72790070616C03445446212202080A75705F513942017A76057007
control-plane
bridge 1 route ip
line con 0
line vty 0 4
end -
RJ-45 to USB Adapter for console connection?
Hello,
I would like to configure a Cisco 3600 Router with my laptop, however, I do not have the RJ-45 to DB-15 cable, nor do I have the DB-15 serial port on my laptop. I also do not have the required DB-15 to USB adapter that would be needed to assist me in connecting my computer to the router.
Just curious (so I won't have to buy the cable and the adapter), is there an RJ-45 to USB cable that would allow me to connect directly from Cisco's 3600 Router console port directly to my laptop?
Thank you,In the labs here at Cisco, and at the Cisco Networking Academy I work for, we use the light blue Cisco flat console cable (Male RJ-45 connection and a Female DB-9 Serial connection), and then a USB adapter to hook to our computers.
The blue cables are very cheap online, as every lab that orders Cisco equipment has ZILLIONS of them. The adapters are pretty inexpensive as well; just note not all are plug-and-play; some need specific drivers (usually easily found online).
Recomended Google/E-bay/Amazon search criteria: "Cisco Console Cable" and "Female DB-9 Serial to USB" -
DB-15 for console connection?
I have a DB-15 port on the back of my laptop. Can I use this to console into a router? What cables and adaptors do I need to make this work?
The "standard" console cable that ships with many Cisco products is a serial DB-9 to RJ-45 type. If your laptop has a DB-15 RS-232 serial port I suppose your COULD purchase a DB-15 to DB-9 adapater and then plug in a standard Cisco console cable to that.
Personally I'd strongly prefer getting a USB-Serial adapter and using that from your PC to the standard Cisco console cable. I use a TRENDnet TU-S9 Serial adapter - USB. you can get them for about US$11 at Amazon.com. With one of those, you can use it with any PC with a USB connection - much more common than one with a DB-15 serial port.
While you're at it, if you use any of the newer switches like the 3750X series that have the mini-USB console you might want to order one of those for your toolkit. They cost a bit more at about $23 but it's nice to have that cable since the newere console ports are on the front of the switch and typically more accessible. Search for "Cisco Type A T0 Mini Type B USB Cable (6 feet)". -
Configuring aaa local command authorization
i am a bit struggling with how to configure aaa local command authorization, i am not getting any material also for configuring it. Please tell me how to configure aaa local command authorization.. or possible give me some useful links for that..
Hi,
For aaa authorization command set.Kindly refer to link.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_command_reference_chapter09186a00800ca5d4.html
I hope this help.Please rate this post.
cheers
Sachin -
Hello Everyone,
I have an issue with my Cisco 1602 WAP. I am trying to configure the WPA-PSK and MAC authentication on local RADIUS but I don't know why it doesn't work and client can bypass the MAC authentication. below is partial configuration:
dot11 ssid WLAN
vlan 20
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 XXX
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 20 mode ciphers aes-ccm
ssid WLAN
antenna gain 0
stbc
beamform ofdm
mbssid
channel 2462
station-role root
interface Dot11Radio0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface BVI1
ip address 10.133.16.2 255.255.255.128
no ip route-cache
adius-server local
nas 10.133.16.2 key 7 10.133.16.2
group MAC
vlan 20
ssid WLAN
block count 3 time infinite
reauthentication time 1800
user 54724f80421c password 54724f80421c group MAC
Further information can be provided by request.
Cheers,
Parhamwhat are you trying to accomplish?
With the PSK you aren't telling the client it needs to do .1x auth for the Mac authentication.
If you are just trying to keep some clients off the wireless, I would take a look at doing a MAC ACL (ACL 700)
HTH,
Steve -
Configure Jabber for Mac with local CUCM and WebEx Connect
Hi, I was wondering if anyone has been able to configure the Jabber for Mac 8.6.2 client to use the WebEx Connect presence server with a local CUCM and Unity Connection servers. The preferences accounts tab does not show or allow the addition of the voice services. I have added from a working local CUCM preferences plist file what I believe are the correct entries however I still cannot see the accounts on the preferences tab. We currently do not have a local cisco presence server hence the requirement to trial the WebEx Connect server as I can't get past the first configuration step without it.
regards
paulHi - I have done this via the admin portal but still cannot get the Jabber client for Mac to register for voice. The Windows version works fine for the same user and CUCM device. Are there any other settings that need to be enabled specific to the Mac client?
Thanks. -
We have a setup wherein we have integrated ARC server for exchange console services to the call manager.In our cluster CTI Manager services are running on two subscribers-one of them is a primary and the other is secondary.Similary , we have ARC server installed on a primary server and a secondary server.ARC Server uses TAPI and CISCO TSP to integrae with the call manager.In the secondary ARC server, when we go to to ARC aConnect admionistration- console connect-Queue location we see the the same queue location numbers as configured in primary ARC server.When we try to change the queue location numbers, it fails to update ,throws up a pop up which says"Queue location cannot be pointed to a routing device.Kindly select a different number".Could you suggest where the conflict might have been occuring and how can we update the queue location numbers in ARC secondary server?Could you also please explain how the CISCO TSP and TAPI function together?
Thanks a lot Brad,
All is working, just a couple of question, i'm also using voice recognition, it works but it doens't has the
play external messages option, is there any specific i have to set or say?
The touchtone command in my classic conversation is not 7 but i have to execute a little procedure following the
menu, somenthing like 0 --> 9 --> 1 ---> 7 ( external message option ) --> 1
Is there any way to change or abbreviate this ?
Thanks again
Michele -
How can I configure AAA authentication on ASR9K?
Hi everyone,
I´m looking for how can I configure AAA authenticacion on ASR9K.
I have a TACACS+ server
Thanks and regards,
Jaime.Hi Jaime,
here is the basic configuration:
tacacs-server host port 49
key 7 !
aaa group server tacacs+ acs-group
server
aaa authentication login acs-auth group acs-group local
line console
login authentication acs-auth
line default
login authentication acs-auth
An example:
RP/0/RSP1/CPU0:router#sh run tacacs-server
tacacs-server host 1.1.1.1 port 49
key 7 0822455D0A16544541
RP/0/RSP1/CPU0:router#sh run aaa group server tacacs+
aaa group server tacacs+ acs-group
server 1.1.1.1
RP/0/RSP1/CPU0:router#sh run aa authentication
aaa authentication login acs-auth group acs-group local
RP/0/RSP1/CPU0:router#sh run line default
line default
login authentication acs-auth
exec-timeout 0 0 -
2504 with new-architecture enabled breaks MAC auth for guest access
Hello,
We have (2) 2504 WLC running version 7.6.120. WLC1 is the local controller and WLC2 is an achor controller for guest-access. We need to incorporate a 3850 for use with the WLC2 anchor. The guest access is currently working with Mac-Auth and Mac-Auth-Fail to Web-Auth.
When converged access is enabled on the WLC1 and WLC2, the MAc-Auth no longer works. That is, the previously authenticated user is now redirected to the Web-Auth page. The local controller shows the user as authenticated but the Anchor controller shows the state as WEb-Auth-REQD.
Rolling back using "config mobility new-architecture disable" and rebooting resolves the issue.
Does anyone what changes from the old to the new that would break this mac-auth/web-auth configuration?You should reach TAC for these sort of issues. Not many people deploying this CA setup yet & you may not get direct feedback immediately.
HTH
Rasika -
Sql Exception on Testing Configuration with SQL Server JDBC driver for XA
I have a requirement of analyzing the behavior of SQL Server JDBC data sources for XA transactions in our application.We have been using Non-XA drivers for both Oracle and SQL Server as we had no requirement for transactions spanning across multiple databases in past.I have setup and tested the XA driver for Oracle (Oracle Driver (Thin XA) for Instance Connections 9.0.1,9.2.0,10,11) in Weblogic 11g and its working perfectly for transactions spanning across two databases.No when I am trying to configure weblogic 11g R1 for Sql server JDBC driver to support XA transactions with driver details as follows,
Server:Weblogic 11g R1
Driver Type: MS Sql Server
Database Driver :Oracle's MS SQL Server Driver(Type 4 XA) Version:7.0,2000,2005)
Database:SQL Server 2005(Single Instance)
and try to create a new data source and select "Test Configuration" and following error is thrown ,
<Mar 17, 2011 4:49:49 PM GMT+05:30> <Error> <Console> <BEA-240003> <Console encountered the following error java.sql.SQLException: [OWLS][SQLServer JDBC Driver][SQLServer]xa_open (0) returns -3
at weblogic.jdbc.sqlserverbase.BaseExceptions40.createAppropriateSQLExceptionInstance(Unknown Source)
at weblogic.jdbc.sqlserverbase.BaseExceptions40.createSQLException(Unknown Source)
at weblogic.jdbc.sqlserverbase.BaseExceptions.createException(Unknown Source)
at weblogic.jdbc.sqlserverbase.BaseExceptions.getException(Unknown Source)
at weblogic.jdbc.sqlserver.tds.TDSRequest.processErrorToken(Unknown Source)
at weblogic.jdbc.sqlserver.tds.TDSRequest.processReplyToken(Unknown Source)
at weblogic.jdbc.sqlserver.tds.TDSRPCRequest.processReplyToken(Unknown Source)
at weblogic.jdbc.sqlserver.tds.TDSRequest.processReply(Unknown Source)
at weblogic.jdbc.sqlserver.SQLServerImplStatement.getNextResultType(Unknown Source)
at weblogic.jdbc.sqlserverbase.BaseStatement.commonTransitionToState(Unknown Source)
at weblogic.jdbc.sqlserverbase.BaseStatement.postImplExecute(Unknown Source)
at weblogic.jdbc.sqlserverbase.BasePreparedStatement.postImplExecute(Unknown Source)
at weblogic.jdbc.sqlserverbase.BaseStatement.commonExecute(Unknown Source)
at weblogic.jdbc.sqlserverbase.BaseStatement.executeUpdateInternal(Unknown Source)
at weblogic.jdbc.sqlserverbase.BasePreparedStatement.executeUpdate(Unknown Source)
at weblogic.jdbcx.sqlserver.SQLServerImplXAResource.executeXaRpc(Unknown Source)
at weblogic.jdbcx.sqlserver.SQLServerImplXAResource.executeXaRpc(Unknown Source)
at weblogic.jdbcx.sqlserver.SQLServerImplXAResource.open(Unknown Source)
at weblogic.jdbcx.sqlserverbase.BaseXAConnection.init(Unknown Source)
at weblogic.jdbcx.sqlserverbase.BaseXAConnection40.init(Unknown Source)
at weblogic.jdbc.sqlserverbase.BaseClassCreatorForJDBC40.createXaConnection(Unknown Source)
at weblogic.jdbcx.sqlserverbase.BaseXADataSource.getXAConnection(Unknown Source)
at com.bea.console.utils.jdbc.JDBCUtils.testConnection(JDBCUtils.java:550)
at com.bea.console.actions.jdbc.datasources.createjdbcdatasource.CreateJDBCDataSource.testConnectionConfiguration(CreateJDBCDataSource.java:450)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:870)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:306)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:52)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors$WrapActionInterceptorChain.continueChain(ActionInterceptors.java:64)
at org.apache.beehive.netui.pageflow.interceptor.action.ActionInterceptor.wrapAction(ActionInterceptor.java:184)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors$WrapActionInterceptorChain.invoke(ActionInterceptors.java:50)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors$WrapActionInterceptorChain.continueChain(ActionInterceptors.java:58)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:87)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.processActionInternal(ScopedContentCommonSupport.java:142)
at com.bea.portlet.adapter.scopedcontent.PageFlowStubImpl.processAction(PageFlowStubImpl.java:106)
at com.bea.portlet.adapter.NetuiActionHandler.raiseScopedAction(NetuiActionHandler.java:111)
at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:181)
at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:167)
at com.bea.netuix.servlets.controls.content.NetuiContent.handlePostbackData(NetuiContent.java:225)
at com.bea.netuix.nf.ControlLifecycle$2.visit(ControlLifecycle.java:180)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:324)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:130)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:352)
at com.bea.netuix.nf.Lifecycle.runInbound(Lifecycle.java:184)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:159)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:199)
at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
I followed the instruction in weblogic jdbc drivers guide to configure the JTA Transactions to support XA on SQL Server machine and weblogic server which included,
1.Copying sqljdbc.dll copied to SQL_Server_Root/bin directory from WL_HOME\server\lib.
2.Copied instjdbc.sql to sql server machine and executed the script with following output,
Changed database context to 'master'.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_open', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_open2', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_close', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_close2', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_start', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_start2', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_end', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_end2', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_prepare', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_prepare2', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_commit', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_commit2', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_rollback', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_rollback2', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_forget', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_forget2', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_recover', because it does not exist or you do not have permission.
Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
Cannot drop the procedure 'xp_jdbc_recover2', because it does not exist or you do not have permission.
creating JDBC XA procedures
instxa.sql completed successfully.
3.Verified that MSDTC service is running on both SQL Server and weblogic machines with XA Transaction enabled and DTC option enabled for both inbound and outbound connections.
4.Copied sqljdbc.jar (version 3.0 downloaded from msdn portal) to "C:\Oracle\Middleware\wlserver_10.3\server\ext\jdbc\sqlserver" directory and updated weblogic_classpth variable in commEnv.cmd file.
set WEBLOGIC_CLASSPATH=%JAVA_HOME%\lib\tools.jar;%BEA_HOME%\utils\config\10.3\config-launch.jar;%WL_HOME%\server\lib\weblogic_sp.jar;%WL_HOME%\server\lib\weblogic.jar;%FEATURES_DIR%\weblogic.server.modules_10.3.2.0.jar;%WL_HOME%\server\lib\webservices.jar;%ANT_HOME%/lib/ant-all.jar;%ANT_CONTRIB%/lib/ant-contrib.jar;C:\Oracle\Middleware\wlserver_10.3\server\ext\jdbc\sqlserver\server\ext\jdbc\sqlserver\sqljdbc.jar
Can some one please provide some input on whats causing this and any other steps needs to be followed to implement XA support using SQL Server JDBC driver.You seem to have done everything correctly and diligently. I would ask that you open
an official support case. -
Exchange 2013 sp1 smtp NTLM auth for child domain users
i have exchange organization with exchange 2007 sp 3 & exchange 2013 sp1.
there are all users in Exchange 2013 server (mail flow is through Exchange 2013 server)
i have single forest, 2 site (site1, site2), root domain root.local and 1 child domain ch.root.local
DC for child domain is located in site2 (dc.ch.root.local)
multirole exchange 2013 server is installed in root domain.
i am traing to configure smtp receive connector with NTLM auth and have one problem.
when user in child domain try send email through this receive connector i see in log
<,AUTH NTLM,
>,334 <authentication response>,
*,SMTPSubmit SMTPAcceptAnyRecipient BypassAntiSpam AcceptRoutingHeaders,Set Session Permissions
*,CH\user1,authenticated
*,,Setting up client proxy session failed with error: 535 5.7.3 Unable to proxy authenticated session because either the backend does not support it or failed to resolve the user
*,,"Setting up client proxy session failed with error: 451 4.4.0 Primary target IP address responded with: ""535 5.7.3 Unable to proxy authenticated session because either
the backend does not support it or failed to resolve the user."" Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 192.168.1.15:465"
but authentication is succesfull for users from root domain.
why do it can be?
Thanks.thanks for link
at smtp receive logs (Hub transport role) i've found the next:
Client Proxy EXMAIL2013,08D134DAF6CE1C51,49,192.168.1.15:465,
*,NT AUTHORITY\SYSTEM,authenticated
>,235 <authentication response>,
<,XPROXY SID=08D130D354F520D1 IP=192.168.1.21 PORT=57085 DOMAIN=[192.168.1.21] CAPABILITIES=0 SECID=Uy0xxx...
*,,Error while looking up SamAccountName chuser: The user name or password is incorrect.\r\n
*,None,Set Session Permissions
>,250 XProxy accepted but user identity could not be obtained, -
Problem configuring SOA suite to use OID for authentication
We are in the process of rebuilding our environment to use the full SOA suite with our OID server for authentication (was previously just BPEL using AD directly), and have encountered several problems (below). We have rebuilt the OID server, and reinstalled the SOA suite into a clean ORACLE_HOME to no avail.
We first rebuilt the OID server using the following steps (derived from Oracle® Internet Directory Administrator's Guide):
1) Create the Import and Export profiles for AD synchronization. We did this using the Directory Integration and Provisioning Server Administration tool under “Active Directory Configuration”
2) Modify the map file to specify the correct OU mappings between AD and OID.
3) Update the profile with the new map file using “dipassistant.bat mp”
4) Bootstrap the import profile using “dipassistant.bat bootstrap”
5) Start a new instance of the Integration server (odisrv) running on config set 1 (the config set containing the Active Directory import/export profiles) using “oidctl”
6) Set the Import profile to Enable. The OID server does not export changes to AD in our current configuration, so the Export profile is left on disable (and not bootstrapped)
At this point it appears that the AD synchronizes correctly into our new OID server.
Next we installed the SOA suite:
1) We ran “irca.bat” on our database server to create the ORABPEL, ORAESB, and ORAWSM schemas and associated integration repository structure.
2) After launching the SOA suite installer, we selected Advanced Install.
3) On the next screen, we selected J2EE Server, Web Server, and SOA Suite.
4) We then provided the credentials for our Oracle database, and the passwords for ORABPEL, ORAESB, and ORAWSM.
5) We configured our new AS instance as an administration instance, but did not opt to use from a separate HTTP server, and did not make this instance part of an OAS cluster topology.
And finally, we configured our new SOA suite instance to use OID for authentication (using the instructions in Oracle® BPEL Process Manager Administrator's Guide section 2.1.3):
1) Used the configure_oid.bat command to seed OID with required users only.
2) Logged into the OracleAS Control Console
3) Chose the oc4j_soa instance, then Administration->Security->Identity Management
4) Configured the OID server using a non-ssl connection and the cn=orcladmin account.
5) When prompted, chose to reconfigure all applications in the oc4j_soa instance to OID, but not to use SSO for any of them.
6) Copied the contents of ORACLE_HOME\j2ee\home\config\jazn.xml to ORACLE_HOME\j2ee\oc4j_soa\config\jazn.xml
7) Restarted the application server.
After this procedure, we encountered the following issues:
1) The BPEL console appears to authenticate users correctly out of OID, but no users have access to the default domain, including bpeladmin and oc4jadmin. All users receive a similar access denied message when attempting to log into the BPEL Admin Console.
2) We cannot upload a BPEL process to our new server via JDeveloper’s standard BPEL deployment mechanisms. The connection appears to be working properly and passes all tests, but on uploading a process we get a Java AccessDeniedException. ESB appears to be functioning properly, and accepts uploaded projects without issue.Bassman,
We recently configured our SOA Suite to use OID and SSO. We had the same issues you are having, and we found the resolutions in a blog from Jaas Poot (http://blog.jpoot.com/category/oracle-appserver/oid-ldap/). For the BPEL domain access, this involved going to the data-sources.xml file and changing the database passwords from using ->pwForOrabpel for the orabpel schema and ->pwForOraesb for the oraesb schema to the real passwords; the blog explains more about this.
The blog also covers the JDeveloper deployment issue, and another issue we encountered, where we couldn't access the BPEL Admin console. All of these were resolved following the steps in the blog.
Hope this helps
Candace -
Deployed four 2960X switches in a stack. All okay for about one month then tried to web browse for the first time via firefox which partially displayed the page. I assumed this was a browser error. So tried Chrome then IE which both failed. Chrome was a bad display and IE fails to connect.
After this, I could not telnet or ssh. Plugged into the console and immediately started receiving:
%AAA-3-ACCT_LOW_MEM_UID_FAIL: AAA unable to create UID for incoming calls due to insufficient processor memory
%% Low on memory; try again later
I am unable to log in. I have a TAC case logged but the first step to try is a reboot which will be difficult until I can get a maintenance window. When I do get a maintenance window, I would also like to deploy a fix such as a different version of code or a work-around cofig command. I don't mind disabling HTTP.
Any suggestions?I am currently working with TAC
The switches failed about 18 hours later and had to be rebooted to get back up. Now that I have console/telnet access, I can see the memory being depleted mostly by the Auth Manager process at about the same rate as free memory is dropping.
SW13#sho proc mem sort | i Auth Manager
191 0 177721332 95004616 34757416 0 0 Auth Manager
SW13#sho proc mem sort | i Auth Manager
191 0 177754888 95025696 34759780 0 0 Auth Manager
SW13#sho proc mem sort | i Auth Manager
191 0 177774316 95037928 34761056 0 0 Auth Manager
SW13#sho proc mem sort | i Auth Manager
191 0 177799720 95053940 34762888 0 0 Auth Manager
SW13#sho proc mem sort | i Auth Manager
191 0 177824976 95069732 34764696 0 0 Auth Manager
SW13#
SW13#
SW13#sho proc mem sort | i Processor
Processor Pool Total: 442796836 Used: 103448576 Free: 339348260
SW13#sho proc mem sort | i Processor
Processor Pool Total: 442796836 Used: 103454416 Free: 339342420
SW13#sho proc mem sort | i Processor
Processor Pool Total: 442796836 Used: 103455860 Free: 339340976
SW13#sho proc mem sort | i Processor
Processor Pool Total: 442796836 Used: 103459236 Free: 339337600
SW13#sho proc mem sort | i Processor
Processor Pool Total: 442796836 Used: 103461040 Free: 339335796 -
AAA Authorization Using Local Database
Hi Guys,
I'm planning to use AAA authorization using local database. I have read already about it, I have configured the AAA new-model command and I have setup user's already. But I'm stuck at the part where I will already give certain user access to certain commands using local database. Hope you can help on this.
FYI: I know using ACS/TACACS+/RADIUS is much more easy and powerful but my company will most likely only use local database.For allowing limited read only access , use this example,
We need these commands on the switch
Switch(config)#do sh run | in priv
username admin privilege 15 password 0 cisco123!
username test privilege 0 password 0 cisco
privilege exec level 0 show ip interface brief
privilege exec level 0 show ip interface
privilege exec level 0 show interface
privilege exec level 0 show switch
No need for user to login to enable mode. All priv 0 commands are now there in the user mode. See below
User Access Verification
Username: test
Password:
Switch>show ?
diagnostic Show command for diagnostic
flash1: display information about flash1: file system
flash: display information about flash: file system
interfaces Interface status and configuration
ip IP information
switch show information about the stack ring
Switch>show switch
Switch/Stack Mac Address : 0015.f9c1.ca80
H/W Current
Switch# Role Mac Address Priority Version State
*1 Master 0015.f9c1.ca80 1 0 Ready
Switch>show run
^
% Invalid input detected at '^' marker.
Switch>show aaa server
^
% Invalid input detected at '^' marker.
Switch>show inter
Switch>show interfaces
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 0015.f9c1.cac0 (bia 0015.f9c1.cac0)
Internet address is 192.168.26.3/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Switch>
Please check this link,
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
Regards,
~JG
Do rate helpful posts
Maybe you are looking for
-
Upgrade from SCM 5.1 to SCM 7.0 SR1 (with NW 7.0 EHP1 SR1)
Hi folks, we are trying to upgrade our SCM5.1 to SCM 7.0 SR1. There seems to be a problem in the phase, where SAPup is trying to detect the needed CDs / DVDs. SAPup recognizes that "FRP" is used within the system. There appears a dialog to enter the
-
Profit Centre Document Not Generating
Hello All, I have made GR entry and later on in the month end i found it as goods received but no invoice and done GR clearing using MR11. The issue is that the MR11 document is not generating the profit centre dcoument along with which it should gen
-
Automatic scheduling of Cproject
Hi All, We have changed the plan finish date of an item from 31.12.2011 to 31.12.2012. Corresponding Cproject project definition is in Released status. As a part of synchronization the dates on the Cproject project definition changes to 31.12.2012. B
-
Podcast subscriptions - where are my episodes?
i can't figure out where my podcast subscriptions are going. i have subscribed to one free podcast only. in itunes, on the left side, i see where it reads Podcasts and next to the word podcasts, it says 102. when i click on Podcasts, only one podcast
-
Problem instantiating COM+ object
Hi, I'm trying to instantiate a com+ object using <cfobject> and I'm getting: An exception occurred when instantiating a Com object The cause of this exception was that: AutomationException: 0x80070002 The com object is built in c# .net and implement