Do I need privilege exec level commands in router?

Similar Messages

• Privileged Exec password works for telnet but not web interface on Cisco AP 1242

  I recently configured a Cisco AP 1242, software version 12.4, via the web interface using the default Cisco credentials. At that time I setup an administrator account with read/write access and changed the Cisco to a read only access. Now went I attempt to login to the web interface it won't accept the administrator password. It will except the administrator password in a telnet session however. So via the telnet session I setup another user with privileged exec level access and that wont work on the web interface either. The Login box keeps coming back requesting a password. Strangely enough, I can login to the web Interface using admin username, with the Cisco password; but I can't do anything, and I also can't view everything.
  I've tried the following:
  I've turned on SSH and created a certificate in the AP, but the login box continues to pop on the https://url.
  I've attempted to setup a user with a non-encrypted password, but have been unsuccessful.
  I've tried a different browser - login box continues to pop.
  I've made sure the web interface is activated in the AP
  I've tried a differnet computer
  I've tried disabling password-encryption service
  Reset the enable password
  I've successfully setup other 1240 APs but must have done something wrong on this one. Anyone know what I'm missing? Thanks.
  Solution: I was missing "ip http authentication local" in my config.

  Solution: I was missing "ip http authentication local" in my config.

• Changing default command mode to Privileged EXEC

  I am currently setting up a 2800 Series router, and prefer a username/password type authentication rather than a single enable password. To do this, I did:
  Router(config)# username <myuser> privilege 15 secret 0 <mypassword>
  Router(config)# username2 <myuser> privilege 15 secret 0 <mypassword>
  Router(config)# aaa new-model
  Router(config)# aaa authentication login default local
  This basically does what I want - when I connect to the router through console, it immediately asks me for a username and password. The thing is - as soon as I provide the right credentials, it takes me to USER EXEC mode (the default command mode). Is it possible to change that so that after entering the credentials, I go right into privileged exec mode?
  Bonus question: As it is now, I just have no enable password, so when I login with my credentials, I issue "enable" to enter privileged exec mode without it prompting for an additional password. Is it safe to do it this way - having no enable password but requiring a username and password for login?

  Hi,
  We do this all the time. It works the same way on telnet
  Line vty 0 4
  Priveledge level 15
  This way when we telnet in, it takes us right to priv. exec mode. Most people have the enable password the same as the telnet / console password anyway so IMHO its the same thing. If you are trying to be ultra secure, than make your enable password something different and do not use this little trick....But like I said...I use it all the time.
  Paul

• Need to run two commands in Runtime.getRuntime.exec()???

  I need to run two commands in the same shell , in the same exec function... is this possible? I tried to invoke
  ksh -e ... command1;command2
  but that did nothing

  I need to run two commands in the same shell , in the
  same exec function... is this possible? I tried to
  invoke
  ksh -e ... command1;command2
  but that did nothingI'm not all that familiar with that particular shell (ksh), but if it works from the command-line, I'd venture to guess that it would have worked there as well. My guess is it did "work" (executed the 2 commands) but that you may have misdiagnosed the real problem (current working directory assumption incorrect, etc).

• ASDM error - you do not have sufficient privileges to execute commands required to load asdm

  I am getting below error to log in via ASDM for ASA firewall.
  Please help.

  Hello Gurujaj,
  You are running AAA on your network and you are running authorization,
  The user you are using does not have the command authorization set to load the ASDM,
  The ones need it are:
  Commands required to log ASDM
  privilege show level 3 mode exec command logging
  privilege show level 3 mode exec command blocks
  Regards,
  Julio Carvajal

• ACS 5.3 Different password for privilege exec mode

  This is what I would like to do for our Core Routers. Not too familiar with ACS, so please excuse me if I don't provide you will all the details.
  Right now I have ACS 5.3 which is tide to Active Directory. When a user logs in they use there AD credentials to access the CLI and use that same password to access privileged exec mode.
  What I want to do is have users log in using their AD credentials like normal but have a unique password to access privileged exec mode, different for each user.
  So far this is what I have done:
  1) Created a test user (same as AD user name) in the Internal Identity Store
  Password Type: Internal Users
  normal password set differently that Enable Password (I think Enable Password will only be relevant)
  2) Created a rule under Access Policies > Device Admin - Commands > Identity
  - Created Rule with Current Condition Set    (TACACS+:Authen-Type match ASCII And (TACACS+:Action match Login AND TACACS+Service match Enable))
  - Identity Source: Internal Users
  When I enable the rule. I can login with my AD credentials, but when I try to access privilege exec mode the password that I created for the local user (regular and enable) does not work.
  Question: Do I need to create a shell profile with Maximum privilege value set to something under 15 for the authorization policy and apply it so it will try and use the internal user's enable password?
  Not to familiar with how this works. One of my co-workers said I needed to demote the users in order for my rule to work.

  Hey Tushar,
  That is our current setup. Right now each user logs in with their AD credentials to get into user exec mode and the same password to get into privileged exec mode. I would like to have a user login with their normal AD credentials to get into user exec mode and a different password (specific to each user, not locally on the device) to login to privileged exec mode. We are doing this for security reasons. Hopefully that clarifys what I'm trying to do.
  Thanks

• Privileged EXEC authenticatin bypassed on 1841 router

  I'm having a problem with our new 1841 routers bypassing the privileged Exec authentication on the initial login. (IOS 12.4(2)T and 12.3(11)T3 w/ACS Ver 3.2(2) Build 5)
  The following commands work in our other routers.
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec default group tacacs+ if-authenticated
  aaa authorization commands 15 default group tacacs+ if-authenticated
  aaa authorization network default group tacacs+ if-authenticated
  aaa accounting exec default start-stop group tacacs+
  aaa accounting commands 1 default start-stop group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+
  aaa accounting network default start-stop group tacacs+
  aaa accounting connection default start-stop group tacacs+
  aaa accounting system default start-stop group tacacs+
  Any ideas?

  Rick,
  I'm not allowed to post the full config but here is the AAA portion. But this is the portion from the 1841. We cut and pasted this from a working router. We are using (C1841-ENTBASE-M), Version 12.4(2)T, but we also had the same problem with 12.3(11)T3 and 12.3(14)T1.
  aaa new-model
  aaa authentication banner #WARNING#
  aaa authentication login default group tacacs+ local
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec default group tacacs+ if-authenticated
  aaa authorization commands 15 default group tacacs+ if-authenticated
  aaa authorization network default group tacacs+ if-authenticated
  aaa accounting exec default start-stop group tacacs+
  aaa accounting commands 1 default start-stop group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+
  aaa accounting network default start-stop group tacacs+
  aaa accounting connection default start-stop group tacacs+
  aaa accounting system default start-stop group tacacs+
  aaa session-id common
  tacacs-server host X.X.X.X
  tacacs-server key KEY
  Hope this provides enough information.
  Bryan

• What is the absolute client permission needed to receive Unix commands?

  The ARD error "This task is not authorized on (computerName)" is forcing me to allow almost all the privileges in the Remote Management section of client computer's Sharing System Preferences. I've already had to add:
  "open and quit applications"
  "change settings"
  "delete and replace items"
  "restart and shutdown" (see this Apple document's suggestion for Unix commands)
  "copy items"
  It makes no sense to my why 'Generate reports' must also be added, but clicking it off makes the error return. I'm just triggering a Unix command that goes something like "echo 1" and runs as root on the one test computer (and potentially dozens, so it wouldn't be pretty changing settings in that many) If it helps, the ARD host is 10.6.7 with ARD 3.4 (installed via the App Store a couple weeks ago) and the clients are 10.4.11 and 10.5.8.
  I'm preparing documentation for ARD and some clients installing our software will not warm to the idea of widening up the permissions footprint. Potentially dozens of computers will need to be retweaked, even if they wouldn't have to leave their seat.
  We also will need to deploy a pkg installer, so some of those may need to remain checked, but ...
  What is the absolute client permission needed to receive Unix commands?
  Thanks

  Have you tried sending it as User: Root
  To my knowledge with that setting you do not need any client permissions as a unix command used as Root overides any permission set. If this is something you need to do often I do know for a fact you can make the report task up use send as Root and tell it to save as template. After this you will be able use the templte to make things a bet quicker. I believe in oder to do this you must enable root user open Directory Utility in order to do this. Keep in mind root has full permissions and any command you enter with unix will be executed as such. This is a word around in the way that the normal client users do not need to have permissions enabled, also having root available at times is handy in stick situations.

• OS level command before message processing

  Hello
  I am getting the files from the SFTP server through the shell script and expecting to be processed by my File sender adapter.
  I have configured my File adapter which will poll the directory into which the shell script gets the file and it is scheduled at say 60 sec duration and i had configured OS level command before message processing.
  But when i monitored my communication channel and also my directory I found out that its not executing the OS level command. I tried dropping the dummy file into the directory. This time when checked in comm channel monitoring, it executes the OS  level command and gets the file from the SFTP server and adapter polls the SFTP file as well. But i don't want to use dummy file each time.
  Is there any way by which we can always make adapter to execute OS level command. I tried various options like Process Empty files etc etc but no luck.
  Thanks in advance.
  regards
  rajeev

  Rajeev
  How about placing a dummy file of 0 bytes, setting up the 'Handling of Empty Files = Don't create message', Processing mode = 'Test' and then writing a post operating command script as well, to move all the files to archive directory except the dummy file.
  Not a clean solution but just a thought.
  http://help.sap.com/saphelp_nw70/helpdata/en/e1/69a740aa053a13e10000000a155106/frameset.htm

• Java exec spawns command window

  Hello,
  I am using JRE 1.4.2 (Eclipse runtime environment). Whenever I execute the following command:
  System.getRuntime().exec("<some command>");
  I am getting a Command Window that pops up while the process executes and closes afterwords.
  Is there any way to prevent this command window from appearing. I have chained all Error and Output streams within the java program but no luck. I guess the only other solution is to not make the exec calls by making native calls from the java program, but that would be a huge undertaking.
  Thanks in advance.

  Yes, I think you are correct.
  When I do the same with say calc.exe or notepad.exe, I do not get this dos command prompt.
  The command that I am trying to execute here is PCLI.exe (for PVCS). Do you have an idea of how I can deal with this program so that I do not get that annoying comand prompt?

• OS level command to split the file

  Hi
  I am processing large file.. I am using OS level command to split the file file i have given the following command to split the file
  my file is /update/inbound/test/file.txt
  i have given the following command in OS level command option
  split -l 2000 /update/inbound/test/file.txt...
  but i didnt see any splited files under this directory
  How to write a command to split the file
  Regards
  Sowmya

  Hi,
  Have you tried with split /update/inbound/test/file.txt
  Split can take a second filename on the command line.
  Refer the exact syntax
  http://publib.boulder.ibm.com/infocenter/systems/index.jsp?topic=/com.ibm.aix.cmds/doc/aixcmds5/split.htm
  Before applying it check , that if it works with your FTP, as this is Linux based command.
  Thanks
  Swarup

• Is it possible to execute OS level commands through Oracle APEX?

  Hi,
  I would like to know if it is possible to execute OS level commands, say executing any command in command prompt using Oracle APEX.
  Thanks!

  Welcome to Oracle Forums!
  Please acquaint yourself with the FAQ and forum etiquette if you haven't already done so.
  Always state
  <ul>
  <li>Apex Version</li>
  <li>DB Version and edition</li>
  <li>Web server used.I.e. EPG, OHS, ApexListner Standalone or with J2EE container</li>
  <li>When asking about forms always state tabular form if it is a tabular form</li>
  <li>When asking about reports always state Classic / IR</li>
  <li>Always post code snippets enclosed in a pair of &#123;code&#125; tags as explained in FAQ</li>
  </ul>
  I would like to know if it is possible to execute OS level commands, say executing any command in command prompt using Oracle APEX.If by OS you are referring to the client side, then NO.
  Cheers,

• Authorization  needed at GRN level

  Hi friends,
  In my company we are using Release strategy for purchase order. Now authorization is  needed at GRN level before invoice is paid.
  Is that possible. kindly give us solution.
  Regards,
  Krishna

  Hello
  It is not possible to inrtodue release strategy similar to Invoice parking and then posting subsequently or based o the value of goods posting.  You can control authorization to transaction and the organzation levels means you can provide the transaction MIGO to user to perform gods recept for a perticular plant.
  GR based invoice verification will resolve your issue to some extent as during the invoice posting, you can GR details. But it is not possible to implement GR Parking and posting the material document.
  warm regards
  Ramakrishna

• Photoshop CC "Coluld not complete the levels command because of a program error"

  Hope somebody can help me resolve this issue. A month ago I began to use Creative Cloud as a trial mode. Two days ago I bought a Creative Cloud licesnce. Since that a message "Coluld not complete the levels command because of a program error" start to appear every time I use any command (Levels, HUE, etc.) and I can not work with Photoshop anymore.
  Thanks Edward

  Did it work well with trial?  It is same program as you bought.
  When you bought the licence did you just enter serial number into trial, or install another copy?  If the latter unistall the trial.

• Need a multi-level control break report displaying a cross-tab for each ...

  I need a multi-level control break report that displays a cross-tab report for each
  detail and subtotal. The individual cross-tabs are no problem. There are two issues:
  1) How to get many cross-tabs (thousands) to appear in one report.
  2) How to provide cross-tabs in-line on the multi-level subtotal lines.
  Here is a concrete example.
  Suppose the data base contains this table:
  road (
  id_number number, -- this is an artificial PK
  city varchar2,
  county varchar2,
  state varchar2,
  length number,
  owner varchar2, -- roads may be owned by cities, counties, states, and others
  surface_type varchar2 -- the surface type may be gravel, asphalt, concrete, and others
  The table is populated with several million records that include every
  length of road in a US city.
  It is OK to suppose that all the attributes in all the records are not null.
  Without the PK, there would be millions of duplicates,
  which should all contribute to the summed lengths.
  The report I need is like a control break report with a detail line for each
  city together with subtotals for each county and state and
  a grand total for the US at the end.
  However, each detail and total line needs to be a cross-tab report
  summing the length over the city, county, state or US
  (whichever is called for at that location)
  for each combination of owner and surface_type.
  so the report would have the following structure:
  a city cross-tab for the first city in county 1/state 1
  a city cross tab for the last city in county 1/state 1
  a cross-tab for count 1
  a city cross tab for the first city in county 2/state 1
  a city cross tab for the last city in county 2/state 1
  a cross tab for state 1
  a cross-tab for the US
  Any suggestions will be appreciated.
  This problem comes up because my client's legacy system,
  which is being replaced,
  already has such a report (in COBOL).
  Thanks!!!
  Steve
  PS, I know one ugly way to do it. Namely, make a variable for each
  possible combination of owner and surface. Then code an ordinary control
  break report. However, I am looking for something better.

  Hi Jenna_Fire,
  According to your description, you have a matrix contains total for each group on each level. Now your requirement is, when you click on any number (data field or total), it will go to the detail report which returns all the detail information of the people
  within the group scope. For example, if you click on the total of Active users in United States, it will return the detail information of Active users in New York and Texas. Right?
  In this scenario, we should set the parameter (@Country, @State, @City) allow multiple values in both main and detail report. And in Default Value (@Country, @State, @City), query out all distinct values. In the textbox which contains
  those total values, when set use these parameters to run the report, we only need to pass the parameters of parent groups. For example, if we click on the total of Active users in New York, we only need to pass Country, State, Status to detail report, and
  in the detail report, the City parameter will use all distinct values (Default Values) because we don't pass the City parameter. We have tested this case with sample data in our local environment. Here are steps and screenshots for your reference:
  1. Create parameter Country, State, City and Status in both main report and detail report. Set both Available Value and Default Value get values from query (Create a dataset for each parameter, use "select distinct [column] from [table]" as query). Set allow
  multiple values for parameter Country, State and City in both reports.
  2. In corresponding textbox, pass appropriate parameters in go to report Action.
  4. Filter data in detail report (in where clause or using filters).
  5. Save and preview. It looks like below:
  Reference:
  Using Parameters to Connect to Other Reports
  If you have any question, please feel free to ask.
  Best Regards,
  Simon Hou