Custom SSH adaptor

It is possible to develop a custom SSH resource adaptor? I've got some homegrown software that runs on a Linux box that I'd like to have managed by Sun IDM. All of the account administration can be done by scripts from the command line, but how would I develop a resource adapter to do that?
I've read through the documentation on developing custom resources, but what I'm missing is how to establish an ssh connection, and if there is any support for doing the "Expect" type string matching, etc. needed. Are there some standard Java libraries for doing this sort of thing?

Wouldn't the after/before actions be enough for you?
We have a customer which has some application with command line interface and the application is accessible via SSH, and users need to have application account and SSH server account as well. We're using after-create action to create the application account.
This solution is pretty simple and is not perfect by means of reconciliation - you would be able to reconcile ssh accounts only, not the application acounts off course. But if all of your users on the machine should have the application accounts, you can suppose that by reconcilling SSH accounts you also reconcile the application accounts.
Regards,
IVan

Similar Messages

Custom ssh port to sftp server through ASA

Hello all,
I have a vendor that needs to ftp files to our Linux server using sftp, so I decided to change the default port 22 that ssh uses to a higher number for security reasons (too many brute force attempts), it works internally but somehow I can't get the ASA working with a custom port, I have the configs for the sftp server below, is there another way to achieve it, thanks in advanced.
object network mysftpbox nat (inside,outside) static publicip
access-list ACL_OUT extended permit tcp any host mysftpboxinternalip eq 2128

If your Server is running on tcp/2128, then your config is ok:
object network mysftpbox
nat (inside,outside) static publicip
access-list ACL_OUT extended permit tcp any object mysftpbox eq 2128
If you only want to forward this one port, then you can specify that in the NAT:
object network mysftpbox
nat (inside,outside) static publicip service tcp 2128 2128
access-list ACL_OUT extended permit tcp any object mysftpbox eq 2128
If your server is using the default-port tcp/22, but the connection should go externally to tcp/2128, the ASA can translate that as well:
object network mysftpbox
nat (inside,outside) static publicip service tcp 22 2128
access-list ACL_OUT extended permit tcp any object mysftpbox eq 22

Customizing HTML Adaptor

Dear Listers,
We have a requirement to cutomize the HTML adaptor. Would like to know if this is possible to customize the same and if there are any examples that we can follow.
Thanks
Vilas

Hi,
the HTMLAdaptor used to be part of Java Dynamic Management Kit. The project is now open source so you can grab a copy of the source code and have a look at the com.sun.jdmk.comm.HtmlAdaptorServer.java
The project can be found here:
[https://opendmk.dev.java.net/]
and the source code here:
[https://opendmk.dev.java.net/download/index.html] (click the latest Download Source Zip)
Regards
Christos
Edited by: cvasilak@java on Aug 4, 2010 9:56 PM

How do you invoke custom java classes???

Could someone post a detailed method of invoking custom java classes that works including what files go where, settings and the way it is invoked etc.
I have tried various ways from this forum and in the documentation without success. I am using IDM 8. I found these instructions regarding how you would do it if you were writing custom resource adaptors in the deployment tools guide:
To install a resource adapter youve customized:
1. Load the NewResourceAdapter.class file in the Identity Manager installation
directory under
idm/WEB-INF/classes/com/waveset/adapter/sample
(You might have to create this directory.)
2. Copy the .gif file to idm/applet/images.
This .gif file is the image that displays next to the resource name on the List
Resources page, and it should contain an image for your resource that is
18x18 pixels and 72 DPI in size.
3. Add the class to the resource.adapter property in
config/waveset.properties.
4. Stop and restart the application server. (For information about working with
application servers, see Identity Manager Installation.)
I tried the instructions here but placed my custom class in a folder entitled custom instead of /adapter/sample. Not sure about instruction 3 or whether it is relevent. Anyway nothings working.
Edited by: masj78 on Nov 25, 2008 3:50 AM
Edited by: masj78 on Nov 25, 2008 4:03 AM

Hi,
The way to add custom class is the same as you followed , put them in the WEB-INF/classes.
To use the custom adapter ,
Go To Resources - > Configure Types -> Add Custom Resource .
Type in the fully qualified class name of the custom adapter you added.and Save.
Now the new adapter you added should showup in the list of available adapters when you try to
configure a new adapter.
(Make sure that the prototype XML of your custom adapter is correct so that it displays the correct name / type for the adapter in the adapter list.
Thanks,
Balu

Default data adaptor error when deploying a war file in weblogic

Hi All,
Newbie here with a few questions regarding the deployment of OPA 10.1. Really hoping you guys can help...
1) I'm attempting to deploy an unexploded web-determinations.war file on WebLogic. Thanks to this forum I've got past the issues of "rulebase directory not found" etc. However, i'm now faced with an issue which I can't find any info on. Please see below.
3672074 [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] WARN com.or
acle.determinations.web.platform.controller.actions.StartSessionAction - Could not instansate defau
lt data adaptor
java.lang.NullPointerException
at java.io.File.<init>(File.java:194)
at com.oracle.determinations.web.platform.plugins.data.XDSDataAdaptor.<init>(XDSDataAdaptor.
java:55)
at com.oracle.determinations.web.platform.controller.actions.StartSessionAction.createInterv
iewSession(StartSessionAction.java:173)
at com.oracle.determinations.web.platform.controller.actions.StartSessionAction.getResource(
StartSessionAction.java:66)
at com.oracle.determinations.web.platform.servlet.WebDeterminationsServlet.doGet(WebDetermin
ationsServlet.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.
java:226)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:124)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at com.oracle.determinations.web.platform.util.CharsetFilter.doFilter(CharsetFilter.java:46)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletC
ontext.java:3393)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2
140)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2046)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
I've got the following entry in the application.properties file too...
# Default XDS data adaptor file path
#xds.file.path =data
From what we can see we believe the code is getting a null pointer because of the following method in the WebDeterminationsServletContext class.
public String resolveFullPath(String path)
File f = new File(path);
return f.isAbsolute() ? f.getAbsolutePath() : this.servletContext.getRealPath(path);
We believe the getRealPath(path), highlighted in red, is returning null. Any ideas how we can resolve this?
2) The second issue I'm facing is with regards the plugins.libraries property in the application.properties file. I've got the entry as
plugin.libraries =DataAdaptor.DA;
which should point to our customised data adaptor. However I'm getting the following error.
4242994 [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] WARN com.or
acle.determinations.web.platform.servlet.WebDeterminationsServletContext - Can not find class: Data
Adaptor.DA
4243025 [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] WARN com.or
acle.determinations.interview.engine.local.LocalInterviewEngine - Can not find class: DataAdaptor.D
A
3) Also, does anyone know if it's possible to deploy a web-determinations.war file containing additional internal application code? What we're attempting to do is deliver a single war file which not only holds the web determination code but also all the code for an application which wraps the OWD within it. At present this just isn't working. I'm not sure what the conflict is exactly. The only way i seem to be able to get this working is by deploying the code in two seperate war files.
Any help on these issues would be greaty appreciated.
Thanks,
Taj

(2) is being caused because your data adaptor plugin is not installed properly. The jar that contains your plugin needs to go in the WEB-INF/lib directory and you must specify the fully qualified class name in the plugin.libraries property of the application.properties file.
If you haven't provided a custom data adaptor, Web Determinations will configure and attach the default one for use instead, which is file based. If you are deploying to WebLogic as an unxeploded war, you must configure the directory the default data directory the plugin will uses by specifying an absolute path that your instance of Web Determinations has read/write permissions to in the xds.file.path property of the application.properties file. In your case (1) is basically being caused by (2) since if the your data adaptor was loaded correctly the default one wouldn't load at all.
As for (3) yes it's likely possible, provided you don't have library conflicts. How it's done really depends on what these additional customisations consist of.

Ssh server with keys for authentication?

Anyone have a link to doco or tutorial that covers how to setup an ssh server running on your Mac (latest version OSX) such that:
* assumption - port forward ssh port on your home gateway to your Mac
* keys established (for better security) - i.e. need to have the key available on your external PC when wanting to ssh back to home
* custom ssh port
* only access ssh requires for logon from predefined external IP addresses (or perhaps this is something you'll setup on your home internet gateway/router along with port forwarding)

hi kbwrecker,
as i know, sharepoint will as well follow the diagram that you posted before, additional article
https://technet.microsoft.com/en-us/library/cc262350(v=office.15).aspx#plansaml
i checked with our ADFS engineer, the certificate is to sign the token, so, it should not have any relation directly to each of the realm.
i am not quite sure on how this ADFS and token signing, will work that deep, as from sharepoint side, we may need only the certificate that is valid, and update them to our environment, to make it work.
for more details regarding this issue, you may try to open a thread as well in the ADFS thread for this.
based on the additional article, your design may able to work, but we encourage you to seek more deep answer in ADFS forum thread
https://technet.microsoft.com/en-us/windowsserver/dd448613.aspx
Regards,
Aries
Microsoft Online Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Securing SSH

I'm posting this to help others who might not be familiar with securing ssh, something that I can't recommend strongly enough, for any platform (OS X, BSD & other unix variants & offshoots such as linux).
Keep in mind that with OS X Server , ssh is enabled by default and you should secure it sooner rather than later.
I strongly recommend that you use vi (or emacs) as your editor (via the Terminal).
Observe what the existing permissions are and be sure you preserve them.
If you must work in the GUI, then I suggest TextWrangler (or buy their excellent BBEdit software - TextEdit is free)
http://www.barebones.com/products/textwrangler/index.shtml
There are a number of existing tutorials on this subject, but few are specific to OS X.
http://www.google.com/search?client=safari&rls=en-us&q=securing+ssh
To start, I recommend you read the following articles for how to setup ssh passwordless public-private key login:
http://www.afp548.com/article.php?story=20040816224717742
see also (in this context), _ONLY, "Create authentication keys_" in:
http://www.bombich.com/mactips/rsync.html
Do use DSA keys, not RSA
You can explore Mike Bombich' excellent discussion of limiting ssh commands but please, *ignore that* for now if you're not already comfortable with the material. I'm trying to save you unnecessary pain.
If your server is public-facing, then it will help stem the brunt of any bots knocking at your server.
For changing the port correctly in OS X, see:
http://www.macosxhints.com/article.php?story=20050707140439980
I also recommend limiting what IP addresses or address ranges can connect to your (custom) ssh port at the firewall. If you don't have a static IP at your remote location, you can use "whois" in the terminal on your IP address and gather info on the IP ranges your ISP owns. Keep in mind that they may have several other groups of IP addresses, you don't want to lock yourself out inadvertently.
Finally, edit /etc/sshd_config , make sure to back it up first !
So then, edit /etc/sshd_config
IF you use a DSA key-type (and unless you know you need RSA keys for some unlikely reason),
change:
Protocol 1,2
to:
Protocol 2
Look for the line ( _no actual quotation-marks ! _, have to do that to keep this forum from converting the "#" to a number):
"# To disable tunneled clear text passwords, change to no here!"
and set the next two lines to:
PasswordAuthentication no
PermitEmptyPasswords no
You can also add after that:
AllowUsers usershortname
for example (and what I do), where usershortname is the short name of a non-admin account. is Then once you've connected (at that point, securely via ssh) then:
su admin-name
whatever the name of your admin account is.

the tcp-wrappers hosts.allow and .deny is , if I recall correctly, not enabled by default in 10.4
Also *PLEASE NOTE*, to finally, fully disable password logins,
please also change in /etc/ssdh_config
from - again no actual quotation marks:
"#UsePAM yes"
to:
UsePAM no

Error occurred saving the cache

I'm creating an AIR application using the Model Driven Development tools and hoping to make use of the offline cache. The generated value objects and services are working well when connected but I have been unable to get the cache working.
Currently I am generating custom offline adaptors for each of my Model entities and assigning them to the offlineAdapter property of each data service as follows:
_terminalService.serviceControl.autoCommit=false;
_terminalService.serviceControl.autoConnect=true;
_terminalService.serviceControl.fallBackToLocalFill=true;
_terminalService.serviceControl.autoSaveCache=true;
_terminalService.serviceControl.autoMerge=true;
_terminalService.serviceControl.autoSyncEnabled=true;
_terminalService.serviceControl.encryptLocalCache=false;
_terminalService.serviceControl.offlineAdapter=new TerminalOfflineAdapter();
_terminalService.serviceControl.cacheID="ss-sclient-39";
When I run my application it works as anticipated but I am seeing the following error in the console log:
7/27/2010 12:21:25.677 [DEBUG] mx.data.DataStore Saving cached query: store id: ["getByMacAddress","001CC4313675"] lastWritten: Tue Jul 27 12:21:25 GMT+0100 2010 lastAccessed: Tue Jul 27 12:21:25 GMT+0100 2010 created: Tue Jul 27 12:21:25 GMT+0100 2010 metadata: (null) type: 1 referenced ids: ["common.Terminal:#:13"]
7/27/2010 12:21:25.677 [DEBUG] mx.data.LSODataStore dbStore lock released: 965366152
7/27/2010 12:21:25.677 [ERROR] mx.data.DataStore Error occurred saving the cache: TypeError: Error #1009: Cannot access a property or method of a null object reference. stack: TypeError: Error #1009: Cannot access a property or method of a null object reference.
     at mx.data.offline::EntityManager/save()[C:\depot\DataServices\trunk\frameworks\projects\airfds\src\mx\data\offline\EntityManager.as:104]
     at mx.data.offline::EntityManager/update()[C:\depot\DataServices\trunk\frameworks\projects\airfds\src\mx\data\offline\EntityManager.as:345]
     at mx.data::SQLiteOfflineAdapter/updateOfflineItems()[C:\depot\DataServices\trunk\frameworks\projects\airfds\src\mx\data\SQLiteOfflineAdapter.as:120]
     at mx.data::DataStore/persistCacheItems()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataStore.as:4543]
     at mx.data::DataStore/persistDataService()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataStore.as:4679]
     at mx.data::DataStore/doSaveCache()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataStore.as:3755]
     at Function/()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataStore.as:3711]
     at mx.data::DataStore/http://www.adobe.com/2006/flex/mx/internal::saveCache()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataStore.as:3727]
     at mx.data::DataList/http://www.adobe.com/2006/flex/mx/internal::processSequenceResult()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataList.as:3063]
     at mx.data::DataListRequestResponder/result()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataListRequestResponder.as:103]
     at mx.rpc::AsyncRequest/acknowledge()[E:\dev\4.x\frameworks\projects\rpc\src\mx\rpc\AsyncRequest.as:84]
     at NetConnectionMessageResponder/resultHandler()[E:\dev\4.x\frameworks\projects\rpc\src\mx\messaging\channels\NetConnectionChannel.as:547]
If I then disconnect from the server and attempt to run my client again I get the following error:
7/27/2010 12:27:46.548 [DEBUG] mx.data.DataService.common.Terminal DataService.fill() called for destination: common.Terminal with args: ["getByMacAddress","001CC4313675"] includesProperties: (include default - excludes: [])
7/27/2010 12:27:46.548 [INFO] mx.messaging.Producer 'ds-producer-common.Terminal' producer sending message 'EF832901-F3A4-7AE3-EF12-13A8897408CC'
TypeError: Error #1009: Cannot access a property or method of a null object reference.
     at mx.data.offline::EntityManager/executeSelectQuery()[C:\depot\DataServices\trunk\frameworks\projects\airfds\src\mx\data\offline\EntityManager.as:446]
     at mx.data.offline::EntityManager/executeQuery()[C:\depot\DataServices\trunk\frameworks\projects\airfds\src\mx\data\offline\EntityManager.as:432]
     at mx.data::SQLiteOfflineAdapter/internalExecuteOfflineQuery()[C:\depot\DataServices\trunk\frameworks\projects\airfds\src\mx\data\SQLiteOfflineAdapter.as:318]
     at mx.data::SQLiteOfflineAdapter/executeOfflineQuery()[C:\depot\DataServices\trunk\frameworks\projects\airfds\src\mx\data\SQLiteOfflineAdapter.as:202]
     at Function/()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataStore.as:1651]
     at mx.data::DataStore/http://www.adobe.com/2006/flex/mx/internal::fill()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataStore.as:1765]
     at mx.data::ConcreteDataService/internalFill()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\ConcreteDataService.as:7235]
     at Function/()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\ConcreteDataService.as:1317]
     at mx.data::ConcreteDataService/fill()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\ConcreteDataService.as:1336]
     at mx.data::DataManager/fill()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataManager.as:1560]
     at _Super_TerminalService/getByMacAddress()[C:\Documents and Settings\benp.NB\My Documents\src\qms\workspace\CommonClient\src\common\model\_Super_TerminalService.as:226]
     at airclient.application::AirClientImpl/initialiseTerminalDetails()[C:\Documents and Settings\benp.NB\My Documents\src\qms\workspace\AirClient\src\airclient\application\AirClientImpl.as:146]
     at Function/()[C:\Documents and Settings\benp.NB\My Documents\src\qms\workspace\AirClient\src\airclient\application\AirClientImpl.as:268]
     at mx.collections::ItemResponder/result()[E:\dev\4.x\frameworks\projects\framework\src\mx\collections\ItemResponder.as:129]
     at mx.rpc::AsyncToken/http://www.adobe.com/2006/flex/mx/internal::applyResult()[E:\dev\4.x\frameworks\projects\rpc\src\mx\rpc\AsyncToken.as:239]
     at mx.rpc.events::ResultEvent/http://www.adobe.com/2006/flex/mx/internal::callTokenResponders()[E:\dev\4.x\frameworks\projects\rpc\src\mx\rpc\events\ResultEvent.as:207]
     at mx.data::ConcreteDataService/http://www.adobe.com/2006/flex/mx/internal::dispatchResultEvent()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\ConcreteDataService.as:3427]
     at Function/http://adobe.com/AS3/2006/builtin::apply()
     at mx.rpc::AsyncDispatcher/timerEventHandler()[E:\dev\4.x\frameworks\projects\rpc\src\mx\rpc\AsyncDispatcher.as:50]
     at flash.utils::Timer/_timerDispatch()
     at flash.utils::Timer/tick()
I'm slightly confused by the fact that the offline adaptors are derived from SQLiteOfflineAdapter and are being run within an AIR application but I am still seeing references to the LSODataStore in the logs (which I thought was only used for Flash applications). Also if I attempt to set encryptLocalCache to true I get the following error:
7/27/2010 12:32:10.409 [DEBUG] mx.data.DataStore Adding data service: common.Terminal to the data store: my-rtmp:true initialized: false
Error: Encryption is not supported for local shared objects.
     at mx.data::LSODatabase/set encryptLocalCache()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\LSODatabase.as:149]
     at mx.data::DataStore/set encryptLocalCache()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataStore.as:391]
     at mx.data::ConcreteDataService/set encryptLocalCache()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\ConcreteDataService.as:227]
     at mx.data::DataManager/set encryptLocalCache()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataManager.as:392]
     at airclient.application::AirServiceFactory/configureService()[C:\Documents and Settings\benp.NB\My Documents\src\qms\workspace\AirClient\src\airclient\application\AirServiceFactory.as:236]
Does anyone know what's going on here?
Thanks!

Ah, thanks! That certainly solves the LSO issue - I've changed to linking with airfds.swc and I'm now seeing lots of healthy looking SQLDBCache output in the logs when I run the application with a connection. Unfortunately if I then stop the server and run the application again I'm still seeing a problem. The app does load some data from the cache (I have several services) but then stops with the following error before it can load everything:
7/27/2010 15:43:46.929 [DEBUG] mx.data.SQLDBCache SQLDBCache - getCollection(_common.Customer_ic) creating new collection
7/27/2010 15:43:46.929 [DEBUG] mx.data.SQLDBCache SQLDBCache - before load data - create table if not exists: CREATE TABLE IF NOT EXISTS [_common_Customer_ic] (id VARCHAR PRIMARY KEY, data BLOB);
7/27/2010 15:43:46.960 [DEBUG] mx.data.SQLDBCache SQLDBCache - after load data - create table if not exists
7/27/2010 15:43:46.960 [DEBUG] mx.data.SQLDBCache SQLDBCache - before select: SELECT id,data FROM [_common_Customer_ic]
TypeError: Error #1009: Cannot access a property or method of a null object reference.
     at mx.data::DataStore/restoreReferencedIds()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataStore.as:4766]
     at mx.data::DataStore/restoreReferencedItems()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataStore.as:4736]
     at mx.data::DataStore/restoreAssociations()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataStore.as:4880]
     at mx.data::DataStore/restoreReferencedItems()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataStore.as:4759]
     at Function/()[C:\depot\DataServices\trunk\frameworks\projects\data\src\mx\data\DataStore.as:1742]
     at mx.rpc::Responder/result()[E:\dev\4.x\frameworks\projects\rpc\src\mx\rpc\Responder.as:56]
     at mx.rpc::AsyncToken/http://www.adobe.com/2006/flex/mx/internal::applyResult()[E:\dev\4.x\frameworks\projects\rpc\src\mx\rpc\AsyncToken.as:239]
     at mx.rpc.events::ResultEvent/http://www.adobe.com/2006/flex/mx/internal::callTokenResponders()[E:\dev\4.x\frameworks\projects\rpc\src\mx\rpc\events\ResultEvent.as:207]
     at Function/http://adobe.com/AS3/2006/builtin::apply()
     at mx.rpc::AsyncDispatcher/timerEventHandler()[E:\dev\4.x\frameworks\projects\rpc\src\mx\rpc\AsyncDispatcher.as:50]
     at flash.utils::Timer/_timerDispatch()
     at flash.utils::Timer/tick()
In both connected and disconnected operation there is no user input, so the sequence of queries should be identical. Each service I use is configured identically except that they each use their own automatically-generated OfflineAdaptor. Any suggestions?
Many thanks

Charge Voltage

I was at the Apple Store yesterday afternoon. I asked their employee if the current speaker docks / clock radios that Apple sells are compatible with the iPhone. The employee told me it's a "qualified yes" with the qualification being the GSM Buzz issue. When I asked her about the charge voltage output issues I'd read about around these forums, she said that "all 30 pin iPods use a 5V charger - which SHOULD be compatible with the iPhone." She said the first versions of the iPod used a higher voltage, but since Apple switched to the flat paddle connector they have all used 5V chargers.
*Can anyone confirm (or deny) the statement that "all 30 pin iPods use a 5V charger"?*
I have seen some speaker docks at Brookstone that use the universal 30 pin connector. If this is true, that all 30 pin connectors are only outputting 5V, then those speaker docks should work with the iPhone. The nice thing was that none of the Brookstone speakers I looked at, had the GSM Buzz. I turned them on, tried to check e-mail, made phone calls, and listened to voicemails, with my iPhone right next to the speakers - no GSM Buzz. They appear to use shielded speakers in their docks.
I did not connect my iPhone to the dock, for fear they were outputting a higher voltage that may damage my iPhone.

Thank you for your kind words.
Another possibility is that with so many 'not made for iPhone' products out there, some quite expensive, an entrepreneur will offer adaptors that convert many of them to more iPhone-friendly versions.
Which leads me to a fairly off-topic anecdote (but is at least technical in nature ...kinda):
In an earlier age, I ran an electronics repair shop noted for good work but a twisted sense of humor. When you walked in, you could not help noticing a sign proclaiming our business to be a combined repair shop & cafe, the latter complete with daily specials that (should have) convinced you the cafe part was a spoof. We also offered custom cable adaptors, some of which were bagged up for immediate sale. In keeping with the cafe theme, I made & bagged up a BNC to fork adaptor -- an RF connector expertly soldered to the end of a dinner fork. I never ceased to be amazed at the number of people that expressed an interest in buying it, for what reason I have not a clue.
The point (to the extent there is one) is to make sure the adaptor you buy does what you need it to do.

Deny traffic by vrf - acl?

Hello,
I have a service provider network with multiple public vrfs and some private vpns also. We liked the design of this it seemed to keep the public routing completely separate from the core routing. However it seems there is an awkward do to shut, as if we set a public addressed sub-interface for a customer ssh access is available. We want to keep ssh access around out network, so have filtered out who can access using acl on the vty, say to 10.x.x.x
However we also have some private vpns, so I could quite easily set 10.x.x.x addressing which would allow people to attempt ssh access.
So basically, what is the best way to completely drop all telnet/ssh access to sub-interfaces on a per vrf basis, i.e. if you are in this vrf, regardless of IP, you cannot ever see telnet/ssh ports filtered/closed or otherwise?
Many thanks
Nicholas

Hello,
Many thanks for the reply. Unfortunately this will restrict telnet through the interface - we want to allow our customers to use any application through our router. So we can do:
10 deny tcp any 10.x.x.x eq telnet
20 permit ip any any
And apply this to the interface. However if we give a customer a couple of private vpn to route between, we need a sub-interface which could overlap with this address, so be of security interest, and also presumably is open to spoofing.
What I am looking for, if it exists, is to completely disable telnet/ssh services on an interface, not necessarily by ip access list.
Many thanks
nicholas

Non-Web Server Publishing Rule for Internal and External

Hi there,
I have a problem with my TMG and publishing SSH for Internal and External users to an internal Server.
Network:
Internal Network
SSH Server, 10.10.10.25
Internal DNS record "ssh.domain.com" pointing to 10.10.10.254
TMG Server, 10.10.10.254/192.168.0.254
External Network
External DNS record "ssh.domain.com pointing to 192.168.0.254
I want my users (internal AND external) using their SSH client to connect to ssh.domain.com and TMG to forward the request to the SSH server. Note that internal clients and the SSH server are in the same network.
I have created a custom "SSH Server" protocol with inbound TCP for port 22 and created a Non-Web Server publishing rule.
Traffic Tab: SSH Server Protocol
From Tab: Internal, External
To Tab: 10.10.10.25, original client
Networks Tabs: Internal, External
External users cann connect without a problem, all fine here. Internal users get a timout. The TMG Log says: Denied Connection (Default Rule,
The policy rules do not allow the user request) and doesn´t recognize this is an inbound request. The log gives me dest IP 10.10.10.254 and protocol SSH and not 10.10.10.25 and SSH Server.
I read a lot of networking rules and NAT/Routing, tried a bit but never got a success.
Can you help me fix or working around this and tell me whats going on there and if there a limitations in TMG I don´t know yet?
Regards,
Sascha

Hi,
According to your description, it seems that request was denied by the TMG rules so the request from the internal users
could not be forwarded to the SSH server. I would appreciate it if you can post the logs to us and the results of running ipconfig/all on the TMG server.
In addition, maybe you can change the firewall policy only from
External and add another firewall policy for the internal user to see if the issue persists.
More information:
Creating and using a server protocol
TMG
Back to Basics - Part 1: Server Publishing Rules
Best regards,
Susie

Router Managment Access when interface is down

Hi,
Please see the topology attached.
We have a customer network with number of routers/switches. We have a management network to manage devices via telnet/ssh.
On switches we have a vlan interface for switch management while on routers we have sub-interfaces ( 802.1Q trunk, with encapsulation) connected back to the switch for the management.
Problem :
Customer has ask us to give them a access to router/switches, we have give them telnet/ssh access via management network, to access router remotely customer ssh router (the sub-interface IP address F0/0.10 on router), but when the router interface Fa0/0.10 is down ( because switch at the remote end is down), customer cannot the telnet/ssh to router.
How can I allow customer to keep accessing the router while sub-interface on the router is down ( which they are telneting to)? I am happy to change to router config, but not sure which bits.
I can't create the loopback interface and assign the IP address to it from the managment network as the router subinterface F0/0.10 is already have IP address from that subnet and router gives overlapping mask error message.
I created the new looback interface on router and give is the same IP as of F0/0.10 and configure F0/0.10 as a IP unumbered loopback 0, it;s not working either for me.
Can I somehow configure the router to respond to the telnet/ssh when subinteface is down- I am happy to move the addresses, create new interfaces , change routing etc. but I can't change the network subnet that is already assigned to customer.
Please see the topology attached.
Any idea from anyone.
Regards

Thanks for your responses.
I don't want to allocate the new subnet with /32 for the management as it will require many changes in the network such firewall etc.
There will be a single switch connected to the router physical interface F0/0, but there will be a multiple switches hanging off the first switch. ( all switches in the vlan10, including router sub-interface F0/0.10).
Customer will require access to both, switch(es) and router, customer understand that if the first switch ( that physically connects to the router interface F0/0 ) fails, access to all other switches will also fail, which is acceptable. At this point we must have access to router regardless we have lost access to the switch.
Customer want router to be accessible even if the switch(es) are down, as the router at the point router is fine and is still connected to the WAN network. Customer will lose the access to the switch(es) but should not lose the router access.
We have different IP subnets ( VRF's) for the customer data network ( LAN) and the router management, so I can't assign the router management IP address from the customer LAN subnet
Forgot to mentioned that we have three VRF's on router ( vrf-lite/ multi vrf) , one for customer data network, one for router management, one switch ( es) management.
Fa0/0.10 is in the switch management VRF, while router Loopback 0 is in the router VRF.
We have to maintain the vrf's to keep router and switch management traffic separate.
Router is always accessible to us ( not to customer) via router vrf hence its still available even if the router LAN management interface F0/0 is down.
Customer lose the access to both router and switch(es) if the F0/0 down.
The only option I can see would be to allocate a new subnet for customer router management and assign this to a new loopback and put under the switch management vrf.
Regards

Java Adapter Compile Error - Missing Libraries

I am trying to convert my project from being deployed on Flex Data Services 2 To LiveCycle Data Services. I dont know very much about java and have hit a snag when trying to recompile my custom java adaptor.
It compiles fine under a FDS2 project, but when compiled under a LCDS deployment on JRun, Eclipse gives me the following error when trying to compile:
Project PTSChat_Java is missing required library: lib/commons-codec.jar
Project PTSChat_Java is missing required library: lib/commons-httpclient.jar
The project cannot be built until build path errors are resolved
It appears that the libraries have been renamed to commons-codec-1.3.jar & commons-httpclient-3.0.1.jar in LCDS, but I am not sure where to update these references? They are not direct library imports in my java code.
As a shot in the dark, I tried just copying the old FDS2 libraries back over to the WEB-INF\lib\ DIR since there are named differently. It resolved the missing library error, but then I got a compile error with service cannot be resolved in references to my MessageService msgService = (MessageService) service; java code. I quickly realized this is not the correct path to head down.
Does anyone have any clues what I may be doing wrong? Any help is much appreciated.
Thanks!

I resovled the problems I was having.
I was able to figure out how to change the library linking in eclipse and switched the commons-codec-1.3.jar & commons-httpclient-3.0.1.jar in the place of commons-codec.jar & commons-httpclient.jar libraries previously used with the project (properties:libraries).
I was not able to correct the service cannot be resolved. Everything I did kept crashing and dropping my connection tot he channel. I ended up just switching the code in my java adapter from:
MessageService msgService = (MessageService) service
to
MessageBroker broker = MessageBroker.getMessageBroker(null);
MessageService msgService = (MessageService) broker.getService("message-service");
This appears to be working as desired for my use of the java adapter for the session management & logging. I am not really certain why the "service" became undefined between FDS2 & LCDS, something must have been depreciated or changed around.

Solaris resource adapter

Wanted to Know whether the out of the box Solaris resource adapter manages passwords for users in the Solaris resource from IDM.
like changing passwords, Unlocking accounts etc..

I don't quite see what you need it for? As I can see (and use in my custom shellscript adaptors) IDM simply calls the passwd command with either -l og -u to lock or unlock a user, which then sets the password to a LK. This value is probably retrieved by IDM whenever a query on any given user is made, to see if it has been locked or not.
There is a inactive value in the resource schema, but I think this is only used by the adaptor to know if a useraccount should be locked.

Ctrl+Shift+Option+5 registers as Option+5 in custom emacs build or over ssh

I'm having trouble with custom emacs and emacs over ssh with Leopard. Included below is the text of the bug report I filed with Apple. If anyone has any thoughts or suggestions, I'd love to hear about them.
It won't let me change the OS on this post for some reason, but I'm running Leopard, not Tiger.
In Terminal.app Version 2.0 (237) when I ssh into my Gentoo Linux server and run emacs, or if I run a custom-compiled version of emacs in terminal mode locally, pressing CtrlShift+Option5 (which should bring up "Query replace regexp:" in the bottom input bar) registers as if only Option+5 was pressed.
NOTE: I am using the new aluminum USB-2.0 apple keyboard connected to a MacBook Pro running Leopard 9A581. I have not tested any other hardware configurations.
Steps to reproduce:
1. Download http://ftp.gnu.org/pub/gnu/emacs/emacs-22.1.tar.gz
2. Untar the above
3. cd emacs/mac && ./make-package --self-contained
4. Copy or move Emacs.app to /Applications
5. From Terminal.app run "/Applications/Emacs.app/Contents/MacOS/Emacs -nw"
6. Press CtrlShift+Option5
OR
1. SSH into a linux server and run emacs.
2. Press CtrlShift+Option5
Expected Results:
"Query replace regexp:" should appear in the input line at the bottom of the screen.
Actual Results:
"ESC 5-" shows up. The escape key is an alternate meta-key, so this indicates that the program believes Meta+5 was pushed, where the actual meta-key that I'm using is Option.
I never noticed this problem in any version of Tiger, but it occurs in Leopard.

Perhaps, you should try to reset your preference file to see if it corrects itself. I have posted the instructions at this link:
http://forums.adobe.com/thread/1097046?tstart=0
Good luck.

Custom SSH adaptor

Similar Messages

Maybe you are looking for