Debug radius local-server
Hi all!
Please help me/
I'm use c181x-adventerprisek9-mz.151-4.M9.bin.
I'm set AP with local radius server. In official documentation have "debug radius local-server", in ios command reference this command also exits.
But in my router not have this command.
This is bug?
Are you running this command in Privileged EXEC mode, or global config mode? This is a Privileged EXEC command, so when you enter it, your prompt should look like this:
RouterName# debug radius local-server
And not like this:
RouterName(config)# debug radius local-server
Please also note that since this is a debug command, it will not appear in your device's running-config, and it may not continue running if you reload or power-cycle your device. It will just show debug messages at the console line and/or log them to the logging buffer and/or to an Syslog server, if configured.
Similar Messages
-
Radius local server and wireless access points
Hello to all,
I would like to ask a question related to radius server. I have a Allied telesis core switch and i configure the radius server locally, also i configure the port1.0.7 for dot1x and i am using dynamic vlan. If i connect my laptop to port 1.0.7 i can get the correct ip from the dhcp server. If i connect an access point to the same port , how i should configure the dot1x ? for multiple hosts? I know i am using allied telessis but the config is very similar to the cisco: take a look:
(Radius and nas config)
radius-server host 127.0.0.1 key awplus-local-radius-server
aaa authentication dot1x default group radius
aaa authentication auth-web default group radius
crypto pki trustpoint local
crypto pki enroll local
radius-server local
server enable
nas 127.0.0.1 key awplus-local-radius-server
group Andrew
attribute NAS-Identifier andrew
attribute Tunnel-Medium-Type IEEE-802
attribute Tunnel-Private-Group-Id 10
attribute Tunnel-Type VLAN
user andrew encrypted password wh8q0J2oYSn0y4cynksNCqfbaUtRGv/E6JaJrW+s3Zs= group Andrew
(port config)
interface port1.0.7
switchport
switchport mode access
auth-web enable
dot1x port-control auto
auth host-mode multi-supplicant
auth dynamic-vlan-creation
I tried with auth-web and without but no luck. If someone have a sample config how to configure the dot1x to be able to use access point please paste it.
Thanks
AndrewI'm not sure if the Autonomous APs have the option for AAA Override. On the WLC, I can go into the BSSID, Security, Advanced, and there's a checkbox that I would check to allow a Radius server to send back the VLAN.
I did a little research and it looks like the 1300 may give this option but instead is defined as "VLAN Override". I've found the release notes for 12.3(7)JA5 (not sure what version you're running) that give mention and a link to configuring EAP on page 4: http://www.ciscosystems.ch/en/US/docs/wireless/access_point/1300/release/notes/o37ja5rn.pdf
Hope this helps -
H323 cisco attributes not being forwarded to Radius accounting server
I have enabled a Radius server to gather AAA Accounting CDR records but I don't see any of the Cisco h323 attributes. The following is an example of the list I WANT to see.
ATTRIBUTE h323-remote-address 23 string Cisco
ATTRIBUTE h323-conf-id 24 string Cisco
ATTRIBUTE h323-setup-time 25 string Cisco
ATTRIBUTE h323-call-origin 26 string Cisco
ATTRIBUTE h323-call-type 27 string Cisco
ATTRIBUTE h323-connect-time 28 string Cisco
ATTRIBUTE h323-disconnect-time 29 string Cisco
ATTRIBUTE h323-disconnect-cause 30 string Cisco
ATTRIBUTE h323-voice-quality 31 string Cisco
ATTRIBUTE h323-gw-id 33 string Cisco
ATTRIBUTE h323-incoming-conf-id 35 string Cisco
I see a lot of stuff comming in, but I don't see any of the attributes above.
PS. when I do a DEBUG AAA ACCOUNTING here's what I see.
*Oct 8 18:00:19.681: AAA/ACCT/CONN(00001863): STOP protocol reply FAIL
*Oct 8 18:00:19.681: AAA/ACCT(00001863): Accouting method=NOT_SET
Here's my config
aaa new-model
aaa group server radius ACS
server X.X.X.X auth-port 1645 acct-port 1646
aaa authentication login h323 group ACS
aaa authentication login no_rad local
aaa accounting update newinfo
aaa accounting exec default start-stop group ACS
aaa accounting connection default start-stop group ACS
aaa accounting connection h323 start-stop group ACS
aaa session-id common
gw-accounting aaa
attribute acct-session-id overloaded
attribute h323-remote-id resolved
acct-template callhistory-detail
radius-server host X.X.X.X auth-port 1645 acct-port 1646
radius-server timeout 60
radius-server key XXXXX
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
radius-server vsa send authentication
dial-peer voice 447 voip
destination-pattern 1647280....
voice-class aaa 1
session target ipv4:X.X.X.X
Any ideas?
thanks,
PaulTry the following command:
gw-accounting h323 vsa
See here (http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122tcr/122tvr/vrg_g1.htm#wp1505752) for details. -
ACE - Radius Auth - Server Deadtime strange behavior... bug?
Following issue...
Two ACE Contexts -> Admin and Test
Both are configured to authenticate via AAA and Radius. Everything works as intended, roles get submitted by Radius etc.
If you configure a deadtime >0 and for example you stop the Radius Service the current ACE context detects the unavailable radius server and marks it as dead after retransmit and timeout values have expired. If you activate the radius service again the ace context never clears the "Radius Server=Dead" flag.
If you don't login while doing maintenance on you're radius service everything is fine, but once the deadtimer kicks in it's over.
I verified this behavior with using context Admin and context Test the same time. I ended up with one context working with the same server perfect and one still having it marked as dead.
I got some debug output and the config for both contexts.
Ahmed or Gilles can you reproduce this behavior?
EDIT: Reloading the module and setting the "deadtime 0" fixes the behavior.
--- CONTEXT -> ADMIN ---
2006 Aug 24 16:08:06.875245 radius: (ctx:0)get_radius_server_info_from_group:
2006 Aug 24 16:08:06.875830 radius: (ctx:0)Skipping DEAD RADIUS server 10.10.10.1
2006 Aug 24 16:08:06.875888 radius: (ctx:0)radius_request_process_next_server:
All RADIUS servers failed to respond after retries.
--- CONTEXT -> TEST ---
2006 Aug 24 16:08:20.676439 radius: (ctx:0)get_radius_server_info_from_group:
2006 Aug 24 16:08:20.677049 radius: (ctx:0)radius_request_process_next_server:
found a server server index in group 0
2006 Aug 24 16:08:23.085763 radius: (ctx:0)get_radius_server_info_from_group:
2006 Aug 24 16:08:23.086024 radius: (ctx:0)radius_request_process_next_server:
found a server server index in group 0
2006 Aug 24 16:08:23.090753 radius: (ctx:0)Got context name Test
--- Configuration -> CONTEXT ADMIN ---
ace-module-01/Admin# sh run
Generating configuration....
radius-server host 10.10.10.1 key 7 "<secret>" auth-port 1645 acct-port 1646 authentication accounting
aaa group server radius RADIUS_VTY
server 10.10.10.1
deadtime 1
aaa authentication login default group RADIUS_VTY local
--- Configuration -> CONTEXT TEST ---
ace-module-01/Test#
Generating configuration....
radius-server host 10.10.10.1 key 7 "<secret>" auth-port 1645 acct-port 1646 authentication accounting
aaa group server radius RADIUS_VTY
server 10.10.10.1
deadtime 1
aaa authentication login default group RADIUS_VTY local
Software
loader: Version 12.2[118]
system: Version 3.0(0)A1(2) [build 3.0(0)A1(2)
jwilley_23:41:53-2006/06/11_/auto/adbu-rel/ws/REL_3_0_0_A1_2]
system image file: [LCP] disk0:c6ace-t1k9-mz.3.0.0_A1_2.binI see the same issue even with A1(3).
I have submitted a new ddts for this - CSCsf19177.
If you activate the 'debug radius server-monitor' command, you should see the ACE module trying to authenticate user test with password test.
However, this request never makes it to the radius server.
The bug has been logged and we will investigate.
Thanks for reporting this problem to us.
Gilles. -
WLS 9.2: MigrationException: Could not start JTAMT on local server
I have configured a two machine WLS 9.2 Cluster with two Managed Servers.
When I try to start the Managed Server through the Node Manager from Admin
Server's WLS Console, it fails with the following error (
actually both Managed Servers fail with the same error):
weblogic.cluster.migration.MigrationException: Could not start JTAMT on
local server because it could not be deactivated on the current host.
at
weblogic.transaction.internal.TransactionRecoveryService.deployAllTransactionRecoveryServices(TransactionRecoveryService.java:400)
at
weblogic.transaction.internal.TransactionRecoveryService.resume(TransactionRecoveryService.java:170)
at
weblogic.transaction.internal.TransactionRecoveryService.start(TransactionRecoveryService.java:181)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
This message resides in file:
bea920\weblogic92\common\nodemanager\servers\MANAGED-SERVER1\logs\MANAGED-SERVER1.log
The WLS installation was done including the Node Manager Service.
Is this error message familiar at all and what could be done to fix it?
These Managed Servers run on Win2000 and Win2003 respectively. Should I do
something to the OS (Enable XA Txs in Control Panel/MSDTC)?Did you start AdminServer before try to start MANAGED-SERVER1?
Did you ever migrate Transaction Recovery Service of MANAGED-SERVER1 to other servers?
If the problem still exist, you can enable the debug option "DebugJTAMigration" and post the stack trace. -
Cisco 871W as Radius Local Authenticator
We are tring to configure an Cisco 871w as an access point and also as an local authenticator.The NAS would be the same server. The sample config is as below
aaa group server radius rad_eap
server 10.10.200.1 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
ip dhcp excluded-address 10.10.200.1
ip dhcp excluded-address 10.10.200.31 10.10.200.254
ip dhcp pool <pool_name>
import all
network 10.10.200.0 255.255.255.0
dns-server 141.x.x.6 141.198.136.12
default-router 10.10.200.1
lease 0 2
interface Dot11Radio0
ip address 10.10.200.1 255.255.255.0
ssid <SSID Name>
authentication network-eap eap_methods
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
ip classless
ip http server
ip http secure-server
radius-server local
nas 10.10.200.1 key 0 <key>
user test nthash xxx
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.10.200.1 auth-port 1645 acct-port 1646 key <key>
radius-server vsa send accounting
By the above config, we are trying to make the clients to authenticate with username created in the RADIUS which is this router and get an ip address through DHCP pool configured for the same. Will the above config does the same. Kindly let me know.
Thanking You
Regards
Anantha Subramanian NatarajanHi,
Thanks .
Worked with cipher mode tkip and used WPA for key management.
Once again,Thanks for the repsonse
Regards
Anantha Subramanian Natarajan -
Hello... does anyone know if the CF Local server has log
files similar to IIS or Apache? What I'd like to see is traffic to
my local machine when running on 127.0.0.1:8500 instead of say IIS
on 127.0.0.1. In IIS for example I can view the server traffic and
store this in a SQL database even.
I've looked through the CF Logs folder and found nothing like
this.We are running Identity Server 6.1 on Solaris.
The logs are in /var/opt/SUNWam/debug/
The most useful one is amAuth. You might also want to look at amAuthInternal, amSession, amAuthLDAP, and amAuthContext.
If you are seeing these, checkout AMConfig.properties (in /opt/SUNWam/lib). It should have the log level set to warning or message for you to get all these logs. Here's the setting from my AMConfig.properties:
com.iplanet.services.debug.level=warningPS Sorry for the unix paths, but hopefully they map closely to the windows directories. -
Error at UDDI registry on Local Server - Help Please ?
Hi Naveen and all ,
What ever you have specified in your blog
/people/sap.user72/blog/2005/11/16/webas-a-step-by-step-guide-for-configuring-uddi-registry-on-local-server
/people/sap.user72/blog/2005/11/17/xi-how-to-publish-wsdl-generated-from-xi-to-uddi
In your step by step guide for Configuring UDDI Registry on Local Server
step 8: After the user is authenticated, the user will be taken to a Publis Service Definition page. Here one could specify service specific properties like categories, wsdl locaton. After entering required information hit the publish button for publishing the service definition onto the UDDI Register, which in our case happens to be the one on the local server.
May i know what kind of specific properties like categories, wsdl locaton. Do i need to give give my local PC location for WSDL or what else i have to give ?
Can you please give some mor information about this Step ?
When i was trying to publish i got the following error
<b>An ERROR has occurred
Invalid key passed: Unknown TModel key in reference. TModel key :uuid:c1acf26d-9672-4404-9d70-39b756e62ab4</b>
Best Regards.,
V.RangarajanI had a heck of a time trying to get rid of an swf in firefox the other day. I deleted it from the bin-debug folder and it was still coming up in the browser.
The fastest solution might be to rename the main app file to myApp2 and recompile. The cache won't get tempted if it has a new file name. You can change it back on the next compile.
Sometimes in IE7 I have a cache problem. I hit Ctrl-N to pop-up a new browser window. That seems to refresh everything in the window. -
RADIUS auth-server unavailable messages
Hello,
during troubleshooting of some other WLC (WiSM2, 7.4.121.0) issues I have noticed that there is some messages like this:
hu Feb 27 15:01:11 2014 RADIUS auth-server 192.168.4.66:1812 available
1 Thu Feb 27 15:01:06 2014 RADIUS auth-server 192.168.4.66:1812 unavailable
2 Thu Feb 27 15:01:06 2014 RADIUS server 192.168.4.66:1812 failed to respond to request (ID 216) for client 9c:d2:4b:bd:82:fb / user '***'
3 Thu Feb 27 14:58:24 2014 RADIUS auth-server 192.168.4.66:1812 available
4 Thu Feb 27 14:58:22 2014 RADIUS auth-server 192.168.4.66:1812 unavailable
5 Thu Feb 27 14:58:22 2014 RADIUS server 192.168.4.66:1812 failed to respond to request (ID 128) for client 9c:d2:4b:bd:82:fb / user '***'
6 Thu Feb 27 14:57:56 2014 RADIUS auth-server 192.168.4.66:1812 available
7 Thu Feb 27 14:57:43 2014 RADIUS auth-server 192.168.4.66:1812 unavailable
8 Thu Feb 27 14:57:43 2014 RADIUS server 192.168.4.66:1812 failed to respond to request (ID 103) for client 9c:d2:4b:bd:82:fb / user '***'
9 Thu Feb 27 14:57:18 2014 RADIUS auth-server 192.168.4.66:1812 available
10 Thu Feb 27 14:57:12 2014 RADIUS auth-server 192.168.4.66:1812 unavailable
During that time I have ping radius server from console but it looks OK:
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >
(WiSM-slot25-1) >show time
Time............................................. Thu Feb 27 15:00:10 2014
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
(WiSM-slot25-1) >ping 192.168.4.66
Send count=3, Receive count=3 from 192.168.4.66
There is only one radius configured in WLC.
(WiSM-slot25-1) >show radius auth statistics
Authentication Servers:
Server Index..................................... 1
Server Address................................... 192.168.4.66
Msg Round Trip Time.............................. 11 (msec)
First Requests................................... 31952
Retry Requests................................... 285
Accept Responses................................. 4002
Reject Responses................................. 274
Challenge Responses.............................. 27620
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 341
Unknowntype Msgs................................. 0
Other Drops...................................... 0
What I can do to troubleshoot this, some debug commands, timer tuning... ?
Regrds,
Mladenthat could also be load on the AAA server. the WLC callas a radius server dead/unavailable if it doesn't respond to 3 requests for a client authetication.
You may want to also try disabling agressive failover.
config radius aggressive-failover disable.
this changes the behavior of the WLC that the AAA has to not responde to three consecutive clients before it's called dead. but if you only have the one server it may not help too much.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
Accessing a local server web service over the internet
Hello,
This is not the first time i will configure over the internet access to a local server but this particular one is giving me a major headache and i thought to share the config with anyone who can help ppoint where the problem may be. While my NAT transalations seem to be working, when i attempt to browse the public IP, i am supposed to be routed to the local server, but this doesnt happen and i just get a blank page on my web browser. Please see config below:
J#sh run
Building configuration...
Current configuration : 5368 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname J
boot-start-marker
boot-end-marker
enable secret 5 $1$aNyD$j4lIgFXI84Xp9RR5dzwVk0
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock timezone PCTime 1
crypto pki trustpoint TP-self-signed-1366127775
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1366127775
revocation-check none
rsakeypair TP-self-signed-1366127775
crypto pki certificate chain TP-self-signed-1366127775
certificate self-signed 01
30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31333636 31323737 3735301E 170D3032 30333031 30303533
35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33363631
32373737 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CCDC 58E9E078 C978DBC5 CD0D97A0 6B506E2B 4843F38C 578721BF 285EC7BF
F3700E9C FAD9233C A4CC95F6 F29FE5CD 4664F85F 862FB879 1255F21B 725A2773
E1E4BEC0 632A7FFD C383F08E D5FAA4FC 4558BE6B 1B383D7E 19A871F6 3BAB9BAE
B7CB84BB 510A09A3 FA260893 B0BD5AB1 027C97C6 2B2D2B6C AE2683FC AC3015B6
CE8F0203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603
551D1104 21301F82 1D4C494E 45545241 4C455F41 424A2E6C 696E6574 72616C65
2E6C6F63 616C301F 0603551D 23041830 16801434 DD7F3F33 59A951AA 1BBBF414
59302323 10248530 1D060355 1D0E0416 041434DD 7F3F3359 A951AA1B BBF41459
30232310 2485300D 06092A86 4886F70D 01010405 00038181 00A9C9DF 5D2F2042
0AA151FF 72F7D52A 8244C102 4AEDDB6E C7FBA201 A283D693 5F5E9376 0D15E7FE
EBB804A5 C08F6CA1 A416118F D5A06864 EF242404 091F2FFE 3F85B0DE 98E1F747
AC5FBBDE 1E27AE14 64D71B5F A1A48EC7 90882BD2 C3617E7C 8D6426A0 EDA23AB1
32350B15 5E2489F6 018A76A0 3E1595DA 6797723E 563D268A 66
quit
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.111 192.168.1.254
ip dhcp pool J
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
domain-name linetrale.local
dns-server 192.168.1.254
no ip bootp server
ip domain name linetrale.local
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set 3DES-SHA-compression esp-3des esp-sha-hmac comp-lzs
crypto ipsec transform-set AES-SHA-compression esp-aes esp-sha-hmac comp-lzs
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
archive
log config
hidekeys
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
interface FastEthernet0
switchport access vlan 101
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description WAN_FW_OUTSIDE$ETH-WAN$
ip address x.x.x.x 255.255.255.192
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1400
ip nat outside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1380
duplex auto
speed auto
interface Vlan1
no ip address
interface Vlan101
description LAN_FW_INSIDE
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 y.y.y.y
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.243 80 x.x.x.x 80 extendable
! x.x.x.x is the public IP
access-list 1 remark INSIDE_IF=VLAN101
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
control-plane
line con 0
no modem enable
transport output telnet
speed 115200
line aux 0
modem InOut
transport output telnet
stopbits 1
speed 115200
flowcontrol hardware
line vty 0 4
privilege level 15
terminal-type moni
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
webvpn context Default_context
ssl authenticate verify all
no inservice
end
Any help will be really appreciated.
Regards,
FemiHi Alain,
Browsing the public IP from a remote location to the site, so its over the internet.
Not sure I understand what you refer to as SVI, could this be the VLAN? If it is, then I can say it is up because I can ping the server which is on this VLAN from within the router when I log into it. Also, when I am within the LAN, I am able to browse to the local IP on the server.
I suspect some firewall or access list issue may be preventing something...
Regards,
Femi -
How to set up local server to use a remote server for login authentication?
Thank you in advance for any help you can offer.
We are trying to set up a "sub-network" (dont' know if this is the right terminology) using a 10.4 Server OS, to manage a set of clients... the trick is that the client login/home directory information is on a different remote server, and shall remain there, for the most part.
To make it easy to understand here's the environment:
*Local Server:* 10.4 G4 Server Quicksilver 1G dual--we have total control of this one
*Main/remote server:* 10.5 Xserve.. don't know which vintage--we have very very very little input on this machine.. effectively at the mercy of the sysadmin of this system who is very conservative in changing anything (hence the need for a separate server to install applications and client machine-specific profiles, etc since the Xserve admin refuses do it). This serves MacBooks/MacBookPros and few iMacs. (no Windows PC.. as that group of comptuers have their own server)
client: ~20 eMacs/iBooks all running 10.4.
use environment: elementary school-->very low network demand (no e-mail, just running local apps linking to server(s) for licensing and login, and some file saving small files on remote server, user preferences, etc).
The remote server (the Xserve) has all the login authentication, as well as the home directories. every school year, the directories get updated as new students enroll and old students graduate. Currently all the clients are directly linked to the Xserve via LDAP while we bring the local server on-line.
the local sever (our G4 Quicksilver) will have few network applications that will support the client machines. We also will be setting up computer accounts and groups for our clients so that we can properly set their environments (the Xserve admin will not do this on the Xserve, so currently all the clients are connecting to the server as a "guest computer" from what little I understand watching what was done)
now, what is the best way to approach this type of set up with minimal "inconvenience" of the Xserve admin?
I am pretty experienced with standalone UNIX and macOS X administration, but a novice to this whole Server and network setup thing. Any suggestions, instructions, pointers to URLs with how-tos is much appreciated. I am not afraid to use Terminal (grew up on UNIX before GUI), etc., and willing to try safe but unconventional setups if that is what's needed...
thanks for any help!Oh never mind.... I figured it out myself helps to read up on the manuals. d'oh. sorry for the bandwidth waste...
-
Need to copy .txt file from FTP server and downloaded on local server directory.
I need to figure out a way to copy .txt file from ftp server in local server directory using sql jobs.
Below links will help achieving it:
https://www.virtualobjectives.com.au/sqlserver/ftp_scripts.htm
http://www.mssqltips.com/sqlservertip/2884/sql-server-integration-services-ssis-ftp-task-for-data-exchange/ -
I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
I need to allow the following IP addresses to have RDP access to my server:
66.237.238.193-66.237.238.222
69.195.249.177-69.195.249.190
69.65.80.240-69.65.80.249
My external WAN server info is - 99.89.69.333
The internal IP address of my server is - 192.168.6.2
The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
THE FOLLOWING IS MY CONFIGURATION FILE
Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
Also the bolded lines are the modifications I made but that arent working.
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password DowJbZ7jrm5Nkm5B encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.6.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 99.89.69.233 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network EMRMC
network-object 10.1.2.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 172.16.0.0 255.255.0.0
network-object 192.168.9.0 255.255.255.0
object-group service RDP tcp
description RDP
port-object eq 3389
object-group service GMED tcp
description GMED
port-object eq 3390
object-group service MarsAccess tcp
description MarsAccess
port-object range pcanywhere-data 5632
object-group service MarsFTP tcp
description MarsFTP
port-object range ftp-data ftp
object-group service MarsSupportAppls tcp
description MarsSupportAppls
port-object eq 1972
object-group service MarsUpdatePort tcp
description MarsUpdatePort
port-object eq 7835
object-group service NM1503 tcp
description NM1503
port-object eq 1503
object-group service NM1720 tcp
description NM1720
port-object eq h323
object-group service NM1731 tcp
description NM1731
port-object eq 1731
object-group service NM389 tcp
description NM389
port-object eq ldap
object-group service NM522 tcp
description NM522
port-object eq 522
object-group service SSL tcp
description SSL
port-object eq https
object-group service rdp tcp
port-object eq 3389
access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.6.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 68.156.148.5
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
tunnel-group 68.156.148.5 type ipsec-l2l
tunnel-group 68.156.148.5 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
: end
ciscoasa(config-network)#Unclear what did not work. In your original post you include said some commands were added but don't work:
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
and later you state you add another command that gets an error:
static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface. Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive? Static PAT usually makes sense when you need to change the TCP port number. In your example, you are not changing the TCP port 3389. -
The Report Server page comes up on local server, but the page does not open from clients
Hello,
The Report Server Page opens up just fine on the local server, but page does not open up from desktops and client PCs. SSRS is installed on a Windows Server 2008 R2 server and with SQL Server 2008 R2 SP2
Clients are using IE 11 and they see:
Oops! Internet Explorer could not connect to tumdv-fsql01
How can make this site accessible from clients?
Thanks
PaulThat did not work.
What port numbers specifically does SSRS use? I will check the firewall.
http://100.100.100.100/CengeaReports/Pages/Folder.aspx
When I add the IP Address and try the link again, IE says "This page can not be displayed". When I try the Fix connection problems, IE says:
"The website is online, but it is not responding to connection attempts."
Paul -
Error 500--Internal Server Error when running Facelet in Local Server
Hi Experts,
I have installed M2E plugin for eclipse and working on a Maven project in OEPE 12c.
Running the facelet on the remote server , the results are returned, wheras running the facelet in the local server , the below error occurs
Error 500--Internal Server Error
com.sun.faces.context.FacesFileNotFoundException: /showModule.xhtml Not Found in ExternalContext as a Resource
at com.sun.faces.facelets.impl.DefaultFaceletFactory.resolveURL(DefaultFaceletFactory.java:232)
at com.sun.faces.facelets.impl.DefaultFaceletFactory.resolveURL(DefaultFaceletFactory.java:273)
at com.sun.faces.facelets.impl.DefaultFaceletFactory.getMetadataFacelet(DefaultFaceletFactory.java:209)
at com.sun.faces.application.view.ViewMetadataImpl.createMetadataView(ViewMetadataImpl.java:114)
at com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:233)
Could anybody share some pointers?
Thanks,
VijayaI created the showModule.xhtml in the web.view.module\src\main\resources folder and test the application and Now I'm getting the error in both deployment ways.
a) Local deployment: Same result
Error 500--Internal Server Error
com.sun.faces.context.FacesFileNotFoundException: /showModule.xhtml Not Found in ExternalContext as a Resource
at com.sun.faces.facelets.impl.DefaultFaceletFactory.resolveURL(DefaultFaceletFactory.java:232)
at com.sun.faces.facelets.impl.DefaultFaceletFactory.resolveURL(DefaultFaceletFactory.java:273)
b) Remote server:
Error 500--Internal Server Error
com.sun.faces.context.FacesFileNotFoundException: /showModule.xhtml Not Found in ExternalContext as a Resource
at com.sun.faces.facelets.impl.DefaultFaceletFactory.resolveURL(DefaultFaceletFactory.java:232)
at com.sun.faces.facelets.impl.DefaultFaceletFactory.resolveURL(DefaultFaceletFactory.java:273)
Please check the below screenshots for the mappings captured in the properties window.
http://imageshack.us/photo/my-images/5/srwebviewmodule.png/
http://imageshack.us/photo/my-images/811/eclipseexplorer.png/
http://imageshack.us/photo/my-images/521/cdiandrichfacesear.png/
http://imageshack.us/photo/my-images/90/cdiandrichfaces.png/
Thanks,
Vijaya
Maybe you are looking for
-
W2 webdynpro application not found in ESS
Hi All, I am having XSS 600 webdynpro BP , I cannot find any application related to w2 reprint, i checked all the applications in ESS Track but didnot found essusw2reprint. Can anyone confirm that this application exists in XSS 600 SP13 webdynpro B
-
Hi, This is a strange one. I am importing an external XML language file, into Flash. In this XML file are a number of Chinese charaters that I want to use within my GUI. There are a number of text fields that I want these chinese characters to be pla
-
HT201343 Airplay Mirroring in Mac OS
Hi All, Am wondering why am not able to do a Airplay using My Macbook Pro 2010. Support team says its a hardware compatibility issue, however am able to use Google Chromecast from chrome browser for mirroring. Whats Apple Is doing ?
-
How access images from iPhoto Library?
I appear to have done something terrible with one of my iPhoto libraries. Over the holidays, as I recall, I had attempted to move the iPhoto library from the computer to an external hard drive. This particular library, now on the external drive, show
-
Finder - File extensions - strange behavior
Hi, I have a MacBook and an Intel iMac, both running 10.5.2. I noticed that for some file types, Finder hides the file extension on the iMac, but not on the MacBook. Some examples are VMware Fusion virtual machines (vmwarevm) and Safari web links (we