Configuring AAA to include local auth for Console connections

Similar Messages

• Help with configuring AP-1240AG as local authenticator for EAP-FAST client

  Hi,
  I am trying to configure an AP-1240AG as a local authenticator for a Windows XP client with no success. Here is a part of the AP configuration:
  dot11 lab_test
     authentication open eap eap_methods
     authentication network-eap eap_methods
     guest-mode
     infrastructure-ssid
  radius-server local
    eapfast authority id 0102030405060708090A0B0C0D0E0F10
    eapfast authority info lab
    eapfast server-key primary 7 211C7F85F2A6056FB6DC70BE66090DE351
    user georges nthash 7 115C41544E4A535E2072797D096466723124425253707D0901755A5B3A370F7A05
  Here is the Windows XP client configuration:
  Authentication: Open
  Encrpytion WEP
  Disable Cisco ccxV4 improvements
  username: georges
  password: georges
  Results: The show radius local-server statistics does not show any activity for the user georges and the debug messages are showing the following:
  *Mar  4 01:15:58.887: %DOT11-7-AUTH_FAILED: Station 0016.6f68.b13b Authentication failed
  *Mar  4 01:16:28.914: %DOT11-7-AUTH_FAILED: Station 0016.6f68.b13b Authentication failed
  *Mar  4 01:16:56.700: RADIUS/ENCODE(00001F5C):Orig. component type = DOT11
  *Mar  4 01:16:56.701: RADIUS:  AAA Unsupported Attr: ssid              [263] 19
  *Mar  4 01:16:56.701: RADIUS:    [lab_test]
  *Mar  4 01:16:56.701: RADIUS:   65                                               [e]
  *Mar  4 01:16:56.701: RADIUS:  AAA Unsupported Attr: interface         [156] 4
  *Mar  4 01:16:56.701: RADIUS:   38 32                                            [82]
  *Mar  4 01:16:56.701: RADIUS(00001F5C): Storing nasport 8275 in rad_db
  *Mar  4 01:16:56.702: RADIUS(00001F5C): Config NAS IP: 10.5.104.22
  *Mar  4 01:16:56.702: RADIUS/ENCODE(00001F5C): acct_session_id: 8026
  *Mar  4 01:16:56.702: RADIUS(00001F5C): sending
  *Mar  4 01:16:56.702: RADIUS/DECODE: parse response no app start; FAIL
  *Mar  4 01:16:56.702: RADIUS/DECODE: parse response; FAIL
  It seems that the radius packet that the AP receive is not what is expected. Do not know if the problem is with the client or with the AP configuration. Try many things but running out of ideas. Any suggestions would be welcome
  Thanks

  Hi Stephen,
  I do not want to create a workgroup bridge, just want to have the wireless radio bridge with the Ethernet port. I will remove the infrastructure command.
  Thanks for your help
  Stephane
  Here is the complete configuration:
  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname Lab
  ip subnet-zero
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 lab_test
     authentication open eap eap_methods
     authentication network-eap eap_methods
     guest-mode
     infrastructure-ssid
  power inline negotiation prestandard source
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid lab_test
  traffic-metrics aggregate-report
  speed basic-54.0
  no power client local
  channel 2462
  station-role root
  antenna receive right
  antenna transmit right
  no dot11 extension aironet
  bridge-group 1
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  dfs band 3 block
    speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
  channel dfs
  station-role root
  no dot11 extension aironet
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  hold-queue 160 in
  interface BVI1
  ip address 10.5.104.22 255.255.255.0
  ip default-gateway 10.5.104.254
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  radius-server local
    eapfast authority id 000102030405060708090A0B0C0D0E0F
    eapfast authority info LAB
    eapfast server-key primary 7 C7AC67E296DF3437EB018F73BE00D822B8
    user georges nthash 7 14424A5A555C72790070616C03445446212202080A75705F513942017A76057007
  control-plane
  bridge 1 route ip
  line con 0
  line vty 0 4
  end

• RJ-45 to USB Adapter for console connection?

  Hello,
  I would like to configure a Cisco 3600 Router with my laptop, however, I do not have the RJ-45 to DB-15 cable, nor do I have the DB-15 serial port on my laptop. I also do not have the required DB-15 to USB adapter that would be needed to assist me in connecting my computer to the router.
  Just curious (so I won't have to buy the cable and the adapter), is there an RJ-45 to USB cable that would allow me to connect directly from Cisco's 3600 Router console port directly to my laptop?
  Thank you,

  In the labs here at Cisco, and at the Cisco Networking Academy I work for, we use the light blue Cisco flat console cable (Male RJ-45 connection and a Female DB-9 Serial connection), and then a USB adapter to hook to our computers.
  The blue cables are very cheap online, as every lab that orders Cisco equipment has ZILLIONS of them.  The adapters are pretty inexpensive as well; just note not all are plug-and-play; some need specific drivers (usually easily found online).
  Recomended Google/E-bay/Amazon search criteria:  "Cisco Console Cable" and "Female DB-9 Serial to USB"

• DB-15 for console connection?

  I have a DB-15 port on the back of my laptop.  Can I use this to console into a router?  What cables and adaptors do I need to make this work?

  The "standard" console cable that ships with many Cisco products is a serial DB-9 to RJ-45 type. If your laptop has a DB-15 RS-232 serial port I suppose your COULD purchase a DB-15 to DB-9 adapater and then plug in a standard Cisco console cable to that.
  Personally I'd strongly prefer getting a USB-Serial adapter and using that from your PC to the standard Cisco console cable. I use a TRENDnet TU-S9 Serial adapter - USB. you can get them for about US$11 at Amazon.com. With one of those, you can use it with any PC with a USB connection - much more common than one with a DB-15 serial port.
  While you're at it, if you use any of the newer switches like the 3750X series that have the mini-USB console you might want to order one of those for your toolkit. They cost a bit more at about $23 but it's nice to have that cable since the newere console ports are on the front of the switch and typically more accessible. Search for "Cisco Type A T0 Mini Type B USB Cable (6 feet)".

• Configuring aaa local command authorization

  i am a bit struggling with how to configure aaa local command authorization, i am not getting any material also for configuring it. Please tell me how to configure aaa local command authorization.. or possible give me some useful links for that..

  Hi,
  For aaa authorization command set.Kindly refer to link.
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_command_reference_chapter09186a00800ca5d4.html
  I hope this help.Please rate this post.
  cheers
  Sachin

• Configuring the Access Point 1602 IOS 15.2(2)JAX as a Local RADIUS for a MAC authenticator

  Hello Everyone,
  I have an issue with my Cisco 1602 WAP. I am trying to configure the WPA-PSK and MAC authentication on local RADIUS but I don't know why it doesn't work and client can bypass the MAC authentication. below is partial configuration:
  dot11 ssid WLAN
     vlan 20
     authentication open
     authentication key-management wpa version 2
     mbssid guest-mode
     wpa-psk ascii 7 XXX
  interface Dot11Radio0
   no ip address
   no ip route-cache
   encryption mode ciphers aes-ccm
   encryption vlan 20 mode ciphers aes-ccm
   ssid WLAN
   antenna gain 0
   stbc
   beamform ofdm
   mbssid
   channel 2462
   station-role root
  interface Dot11Radio0.20
   encapsulation dot1Q 20 native
   no ip route-cache
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface BVI1
   ip address 10.133.16.2 255.255.255.128
   no ip route-cache
  adius-server local
      nas 10.133.16.2 key 7 10.133.16.2
    group MAC
      vlan 20
      ssid WLAN
      block count 3 time infinite
      reauthentication time 1800
   user 54724f80421c  password 54724f80421c group MAC 
  Further information can be provided by request.
  Cheers,
  Parham

  what are you trying to accomplish?
  With the PSK you aren't telling the client it needs to do .1x auth for the Mac authentication.
  If you are just trying to keep some clients off the wireless, I would take a look at doing a MAC ACL (ACL 700)
  HTH,
  Steve

• Configure Jabber for Mac with local CUCM and WebEx Connect

  Hi, I was wondering if anyone has been able to configure the Jabber for Mac 8.6.2 client to use the WebEx Connect presence server with a local CUCM and Unity Connection servers. The preferences accounts tab does not show or allow the addition of the voice services. I have added from a working local CUCM preferences plist file what I believe are the correct entries however I still cannot see the accounts on the preferences tab. We currently do not have a local cisco presence server hence the requirement to trial the WebEx Connect server as I can't get past the first configuration step without it.
  regards
      paul

  Hi - I have done this via the admin portal but still cannot get the Jabber client for Mac to register for voice.  The Windows version works fine for the same user and CUCM device.   Are there any other settings that need to be enabled specific to the Mac client?
  Thanks.

• Cisco UCM 8.5.1 integrated with ARC server 5.1 for console services-configuration of ARC secondary subscriber

  We have a setup wherein we have integrated ARC server for exchange console services to the call manager.In our cluster CTI Manager services are running on two subscribers-one of them is a primary and the other is secondary.Similary , we have ARC server installed on a primary server and a secondary server.ARC Server  uses TAPI and CISCO TSP to integrae with the call manager.In the secondary ARC server, when we go to to ARC aConnect admionistration- console connect-Queue location we see the the same queue location numbers as configured in primary ARC server.When we try to change the queue location numbers, it fails to update ,throws up a pop up which says"Queue location cannot be pointed to a routing device.Kindly select a different number".Could you suggest where the conflict might have been occuring and how can we update the queue location numbers in ARC secondary server?Could you also please explain how the CISCO TSP and TAPI function together?

  Thanks a lot Brad,
  All is working, just a couple of question, i'm also using voice recognition, it works but it doens't has the
  play external messages option, is there any specific i have to set or say?
  The touchtone command in my classic conversation is not 7 but i have to execute a little procedure following the
  menu, somenthing like 0 --> 9 --> 1 ---> 7 ( external message option ) --> 1
  Is there any way to change or abbreviate this ?
  Thanks again
  Michele

• How can I configure AAA authentication on ASR9K?

  Hi everyone,
  I´m looking for how can I configure AAA authenticacion on ASR9K.
  I have a TACACS+ server
  Thanks and regards,
  Jaime.

  Hi Jaime,
  here is the basic configuration:
  tacacs-server host port 49
  key 7 !
  aaa group server tacacs+ acs-group
  server
  aaa authentication login acs-auth group acs-group local
  line console
  login authentication acs-auth
  line default
  login authentication acs-auth
  An example:
  RP/0/RSP1/CPU0:router#sh run tacacs-server
  tacacs-server host 1.1.1.1 port 49
  key 7 0822455D0A16544541
  RP/0/RSP1/CPU0:router#sh run aaa group server tacacs+
  aaa group server tacacs+ acs-group
  server 1.1.1.1
  RP/0/RSP1/CPU0:router#sh run aa authentication
  aaa authentication login acs-auth group acs-group local
  RP/0/RSP1/CPU0:router#sh run line default
  line default
  login authentication acs-auth
  exec-timeout 0 0

• 2504 with new-architecture enabled breaks MAC auth for guest access

  Hello,
  We have (2) 2504 WLC running version 7.6.120. WLC1 is the local controller and WLC2 is an achor controller for guest-access. We need to incorporate a 3850 for use with the WLC2 anchor. The guest access is currently working with Mac-Auth and Mac-Auth-Fail to Web-Auth.
  When converged access is enabled on the WLC1 and WLC2, the MAc-Auth no longer works. That is, the previously authenticated user is now redirected to the Web-Auth page. The local controller shows the user as authenticated but the Anchor controller shows the state as WEb-Auth-REQD.
  Rolling back using "config mobility new-architecture disable" and rebooting resolves the issue.
  Does anyone what changes from the old to the new that would break this mac-auth/web-auth configuration?

  You should reach TAC for these sort of issues. Not many people deploying this CA setup yet & you may not get direct feedback immediately.
  HTH
  Rasika

• Sql Exception on Testing Configuration with SQL Server JDBC driver for XA

  I have a requirement of analyzing the behavior of SQL Server JDBC data sources for XA transactions in our application.We have been using Non-XA drivers for both Oracle and SQL Server as we had no requirement for transactions spanning across multiple databases in past.I have setup and tested the XA driver for Oracle (Oracle Driver (Thin XA) for Instance Connections 9.0.1,9.2.0,10,11) in Weblogic 11g and its working perfectly for transactions spanning across two databases.No when I am trying to configure weblogic 11g R1 for Sql server JDBC driver to support XA transactions with driver details as follows,
  Server:Weblogic 11g R1
  Driver Type: MS Sql Server
  Database Driver :Oracle's MS SQL Server Driver(Type 4 XA) Version:7.0,2000,2005)
  Database:SQL Server 2005(Single Instance)
  and try to create a new data source and select "Test Configuration" and following error is thrown ,
  <Mar 17, 2011 4:49:49 PM GMT+05:30> <Error> <Console> <BEA-240003> <Console encountered the following error java.sql.SQLException: [OWLS][SQLServer JDBC Driver][SQLServer]xa_open (0) returns -3
  at weblogic.jdbc.sqlserverbase.BaseExceptions40.createAppropriateSQLExceptionInstance(Unknown Source)
  at weblogic.jdbc.sqlserverbase.BaseExceptions40.createSQLException(Unknown Source)
  at weblogic.jdbc.sqlserverbase.BaseExceptions.createException(Unknown Source)
  at weblogic.jdbc.sqlserverbase.BaseExceptions.getException(Unknown Source)
  at weblogic.jdbc.sqlserver.tds.TDSRequest.processErrorToken(Unknown Source)
  at weblogic.jdbc.sqlserver.tds.TDSRequest.processReplyToken(Unknown Source)
  at weblogic.jdbc.sqlserver.tds.TDSRPCRequest.processReplyToken(Unknown Source)
  at weblogic.jdbc.sqlserver.tds.TDSRequest.processReply(Unknown Source)
  at weblogic.jdbc.sqlserver.SQLServerImplStatement.getNextResultType(Unknown Source)
  at weblogic.jdbc.sqlserverbase.BaseStatement.commonTransitionToState(Unknown Source)
  at weblogic.jdbc.sqlserverbase.BaseStatement.postImplExecute(Unknown Source)
  at weblogic.jdbc.sqlserverbase.BasePreparedStatement.postImplExecute(Unknown Source)
  at weblogic.jdbc.sqlserverbase.BaseStatement.commonExecute(Unknown Source)
  at weblogic.jdbc.sqlserverbase.BaseStatement.executeUpdateInternal(Unknown Source)
  at weblogic.jdbc.sqlserverbase.BasePreparedStatement.executeUpdate(Unknown Source)
  at weblogic.jdbcx.sqlserver.SQLServerImplXAResource.executeXaRpc(Unknown Source)
  at weblogic.jdbcx.sqlserver.SQLServerImplXAResource.executeXaRpc(Unknown Source)
  at weblogic.jdbcx.sqlserver.SQLServerImplXAResource.open(Unknown Source)
  at weblogic.jdbcx.sqlserverbase.BaseXAConnection.init(Unknown Source)
  at weblogic.jdbcx.sqlserverbase.BaseXAConnection40.init(Unknown Source)
  at weblogic.jdbc.sqlserverbase.BaseClassCreatorForJDBC40.createXaConnection(Unknown Source)
  at weblogic.jdbcx.sqlserverbase.BaseXADataSource.getXAConnection(Unknown Source)
  at com.bea.console.utils.jdbc.JDBCUtils.testConnection(JDBCUtils.java:550)
  at com.bea.console.actions.jdbc.datasources.createjdbcdatasource.CreateJDBCDataSource.testConnectionConfiguration(CreateJDBCDataSource.java:450)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:870)
  at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809)
  at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478)
  at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:306)
  at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
  at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:52)
  at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
  at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
  at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
  at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors$WrapActionInterceptorChain.continueChain(ActionInterceptors.java:64)
  at org.apache.beehive.netui.pageflow.interceptor.action.ActionInterceptor.wrapAction(ActionInterceptor.java:184)
  at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors$WrapActionInterceptorChain.invoke(ActionInterceptors.java:50)
  at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors$WrapActionInterceptorChain.continueChain(ActionInterceptors.java:58)
  at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:87)
  at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
  at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
  at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
  at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
  at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
  at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
  at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
  at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256)
  at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
  at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133)
  at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
  at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
  at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.processActionInternal(ScopedContentCommonSupport.java:142)
  at com.bea.portlet.adapter.scopedcontent.PageFlowStubImpl.processAction(PageFlowStubImpl.java:106)
  at com.bea.portlet.adapter.NetuiActionHandler.raiseScopedAction(NetuiActionHandler.java:111)
  at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:181)
  at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:167)
  at com.bea.netuix.servlets.controls.content.NetuiContent.handlePostbackData(NetuiContent.java:225)
  at com.bea.netuix.nf.ControlLifecycle$2.visit(ControlLifecycle.java:180)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:324)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
  at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:130)
  at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
  at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
  at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:352)
  at com.bea.netuix.nf.Lifecycle.runInbound(Lifecycle.java:184)
  at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:159)
  at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
  at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
  at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:199)
  at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
  at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
  at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  I followed the instruction in weblogic jdbc drivers guide to configure the JTA Transactions to support XA on SQL Server machine and weblogic server which included,
  1.Copying sqljdbc.dll copied to SQL_Server_Root/bin directory from WL_HOME\server\lib.
  2.Copied instjdbc.sql to sql server machine and executed the script with following output,
  Changed database context to 'master'.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_open', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_open2', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_close', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_close2', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_start', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_start2', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_end', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_end2', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_prepare', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_prepare2', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_commit', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_commit2', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_rollback', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_rollback2', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_forget', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_forget2', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_recover', because it does not exist or you do not have permission.
  Msg 3701, Level 11, State 5, Server SQLDB, Procedure sp_dropextendedproc, Line 16
  Cannot drop the procedure 'xp_jdbc_recover2', because it does not exist or you do not have permission.
  creating JDBC XA procedures
  instxa.sql completed successfully.
  3.Verified that MSDTC service is running on both SQL Server and weblogic machines with XA Transaction enabled and DTC option enabled for both inbound and outbound connections.
  4.Copied sqljdbc.jar (version 3.0 downloaded from msdn portal) to "C:\Oracle\Middleware\wlserver_10.3\server\ext\jdbc\sqlserver" directory and updated weblogic_classpth variable in commEnv.cmd file.
  set WEBLOGIC_CLASSPATH=%JAVA_HOME%\lib\tools.jar;%BEA_HOME%\utils\config\10.3\config-launch.jar;%WL_HOME%\server\lib\weblogic_sp.jar;%WL_HOME%\server\lib\weblogic.jar;%FEATURES_DIR%\weblogic.server.modules_10.3.2.0.jar;%WL_HOME%\server\lib\webservices.jar;%ANT_HOME%/lib/ant-all.jar;%ANT_CONTRIB%/lib/ant-contrib.jar;C:\Oracle\Middleware\wlserver_10.3\server\ext\jdbc\sqlserver\server\ext\jdbc\sqlserver\sqljdbc.jar
  Can some one please provide some input on whats causing this and any other steps needs to be followed to implement XA support using SQL Server JDBC driver.

  You seem to have done everything correctly and diligently. I would ask that you open
  an official support case.

• Exchange 2013 sp1 smtp NTLM auth for child domain users

  i have exchange organization with exchange 2007 sp 3 & exchange 2013 sp1.
  there are  all users in Exchange 2013 server (mail flow is through Exchange 2013 server)
  i have single forest, 2 site (site1, site2), root domain root.local and 1 child domain ch.root.local
  DC  for child domain is located in site2 (dc.ch.root.local)
  multirole exchange 2013 server is installed in root domain.
  i am traing to configure smtp receive connector with NTLM auth and have one problem.
  when user in child domain try send email through this receive connector i see in log
  <,AUTH NTLM,
  >,334 <authentication response>,
  *,SMTPSubmit SMTPAcceptAnyRecipient BypassAntiSpam AcceptRoutingHeaders,Set Session Permissions
  *,CH\user1,authenticated
  *,,Setting up client proxy session failed with error: 535 5.7.3 Unable to proxy authenticated session because either the backend does not support it or failed to resolve the user
  *,,"Setting up client proxy session failed with error: 451 4.4.0 Primary target IP address responded with: ""535 5.7.3 Unable to proxy authenticated session because either
  the backend does not support it or failed to resolve the user."" Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 192.168.1.15:465"
  but authentication is succesfull for users from root domain.
  why do it can be?
  Thanks.

  thanks for link
  at smtp receive logs (Hub transport role) i've found the  next:
  Client Proxy EXMAIL2013,08D134DAF6CE1C51,49,192.168.1.15:465,
  *,NT AUTHORITY\SYSTEM,authenticated
  >,235 <authentication response>,
  <,XPROXY SID=08D130D354F520D1 IP=192.168.1.21 PORT=57085 DOMAIN=[192.168.1.21] CAPABILITIES=0 SECID=Uy0xxx...
  *,,Error while looking up SamAccountName chuser: The user name or password is incorrect.\r\n
  *,None,Set Session Permissions
  >,250 XProxy accepted but user identity could not be obtained,

• Problem configuring SOA suite to use OID for authentication

  We are in the process of rebuilding our environment to use the full SOA suite with our OID server for authentication (was previously just BPEL using AD directly), and have encountered several problems (below). We have rebuilt the OID server, and reinstalled the SOA suite into a clean ORACLE_HOME to no avail.
  We first rebuilt the OID server using the following steps (derived from Oracle® Internet Directory Administrator's Guide):
  1)     Create the Import and Export profiles for AD synchronization. We did this using the Directory Integration and Provisioning Server Administration tool under “Active Directory Configuration”
  2)     Modify the map file to specify the correct OU mappings between AD and OID.
  3)     Update the profile with the new map file using “dipassistant.bat mp”
  4)     Bootstrap the import profile using “dipassistant.bat bootstrap”
  5)     Start a new instance of the Integration server (odisrv) running on config set 1 (the config set containing the Active Directory import/export profiles) using “oidctl”
  6)     Set the Import profile to Enable. The OID server does not export changes to AD in our current configuration, so the Export profile is left on disable (and not bootstrapped)
  At this point it appears that the AD synchronizes correctly into our new OID server.
  Next we installed the SOA suite:
  1)     We ran “irca.bat” on our database server to create the ORABPEL, ORAESB, and ORAWSM schemas and associated integration repository structure.
  2)     After launching the SOA suite installer, we selected Advanced Install.
  3)     On the next screen, we selected J2EE Server, Web Server, and SOA Suite.
  4)     We then provided the credentials for our Oracle database, and the passwords for ORABPEL, ORAESB, and ORAWSM.
  5)     We configured our new AS instance as an administration instance, but did not opt to use from a separate HTTP server, and did not make this instance part of an OAS cluster topology.
  And finally, we configured our new SOA suite instance to use OID for authentication (using the instructions in Oracle® BPEL Process Manager Administrator's Guide section 2.1.3):
  1)     Used the configure_oid.bat command to seed OID with required users only.
  2)     Logged into the OracleAS Control Console
  3)     Chose the oc4j_soa instance, then Administration->Security->Identity Management
  4)     Configured the OID server using a non-ssl connection and the cn=orcladmin account.
  5)     When prompted, chose to reconfigure all applications in the oc4j_soa instance to OID, but not to use SSO for any of them.
  6)     Copied the contents of ORACLE_HOME\j2ee\home\config\jazn.xml to ORACLE_HOME\j2ee\oc4j_soa\config\jazn.xml
  7)     Restarted the application server.
  After this procedure, we encountered the following issues:
  1)     The BPEL console appears to authenticate users correctly out of OID, but no users have access to the default domain, including bpeladmin and oc4jadmin. All users receive a similar access denied message when attempting to log into the BPEL Admin Console.
  2)     We cannot upload a BPEL process to our new server via JDeveloper’s standard BPEL deployment mechanisms. The connection appears to be working properly and passes all tests, but on uploading a process we get a Java AccessDeniedException. ESB appears to be functioning properly, and accepts uploaded projects without issue.

  Bassman,
  We recently configured our SOA Suite to use OID and SSO. We had the same issues you are having, and we found the resolutions in a blog from Jaas Poot (http://blog.jpoot.com/category/oracle-appserver/oid-ldap/). For the BPEL domain access, this involved going to the data-sources.xml file and changing the database passwords from using ->pwForOrabpel for the orabpel schema and ->pwForOraesb for the oraesb schema to the real passwords; the blog explains more about this.
  The blog also covers the JDeveloper deployment issue, and another issue we encountered, where we couldn't access the BPEL Admin console. All of these were resolved following the steps in the blog.
  Hope this helps
  Candace

• 2960X 15.02(EX5) %AAA-3-ACCT_LOW_MEM_UID_FAIL:AAA unable to create UID for incoming calls due to insufficient processor memory.

  Deployed four 2960X switches in a stack.  All okay for about one month then tried to web browse for the first time via firefox which partially displayed the page.  I assumed this was a browser error.  So tried Chrome then IE which both failed.  Chrome was a bad display and IE fails to connect.
  After this, I could not telnet or ssh.  Plugged into the console and immediately started receiving:
  %AAA-3-ACCT_LOW_MEM_UID_FAIL: AAA unable to create UID for incoming calls due to insufficient processor memory
  %% Low on memory; try again later
  I am unable to log in.  I have a TAC case logged but the first step to try is a reboot which will be difficult until I can get a maintenance window.  When I do get a maintenance window, I would also like to deploy a fix such as a different version of code or a work-around cofig command.  I don't mind disabling HTTP.
  Any suggestions?

  I am currently working with TAC
  The switches failed about 18 hours later and had to be rebooted to get back up.  Now that I have console/telnet access, I can see the memory being depleted mostly by the Auth Manager process at about the same rate as free memory is dropping.
  SW13#sho proc mem sort | i Auth Manager
   191   0  177721332   95004616   34757416          0          0 Auth Manager
  SW13#sho proc mem sort | i Auth Manager
   191   0  177754888   95025696   34759780          0          0 Auth Manager
  SW13#sho proc mem sort | i Auth Manager
   191   0  177774316   95037928   34761056          0          0 Auth Manager
  SW13#sho proc mem sort | i Auth Manager
   191   0  177799720   95053940   34762888          0          0 Auth Manager
  SW13#sho proc mem sort | i Auth Manager
   191   0  177824976   95069732   34764696          0          0 Auth Manager
  SW13#
  SW13#
  SW13#sho proc mem sort | i Processor
  Processor Pool Total:  442796836 Used:  103448576 Free:  339348260
  SW13#sho proc mem sort | i Processor
  Processor Pool Total:  442796836 Used:  103454416 Free:  339342420
  SW13#sho proc mem sort | i Processor
  Processor Pool Total:  442796836 Used:  103455860 Free:  339340976
  SW13#sho proc mem sort | i Processor
  Processor Pool Total:  442796836 Used:  103459236 Free:  339337600
  SW13#sho proc mem sort | i Processor
  Processor Pool Total:  442796836 Used:  103461040 Free:  339335796

• AAA Authorization Using Local Database

  Hi Guys,
  I'm planning to use AAA authorization using local database. I have read already about it, I have configured the AAA new-model command and I have setup user's already. But I'm stuck at the part where I will already give certain user access to certain commands using local database. Hope you can help on this.
  FYI: I know using ACS/TACACS+/RADIUS is much more easy and powerful but my company will most likely only use local database.

  For allowing limited read only access , use this example,
  We need these commands on the switch
  Switch(config)#do sh run | in priv
  username admin privilege 15 password 0 cisco123!
  username test privilege 0 password 0 cisco
  privilege exec level 0 show ip interface brief
  privilege exec level 0 show ip interface
  privilege exec level 0 show interface
  privilege exec level 0 show switch
  No need for user to login to enable mode. All priv 0 commands are now there in the user mode. See below
  User Access Verification
  Username: test
  Password:
  Switch>show ?
  diagnostic Show command for diagnostic
  flash1: display information about flash1: file system
  flash: display information about flash: file system
  interfaces Interface status and configuration
  ip IP information
  switch show information about the stack ring
  Switch>show switch
  Switch/Stack Mac Address : 0015.f9c1.ca80
  H/W Current
  Switch# Role Mac Address Priority Version State
  *1 Master 0015.f9c1.ca80 1 0 Ready
  Switch>show run
  ^
  % Invalid input detected at '^' marker.
  Switch>show aaa server
  ^
  % Invalid input detected at '^' marker.
  Switch>show inter
  Switch>show interfaces
  Vlan1 is up, line protocol is up
  Hardware is EtherSVI, address is 0015.f9c1.cac0 (bia 0015.f9c1.cac0)
  Internet address is 192.168.26.3/24
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
  reliability 255/255, txload 1/255, rxload 1/255
  Switch>
  Please check this link,
  http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
  Regards,
  ~JG
  Do rate helpful posts