Enabling ACL on 8510 MSR

Similar Messages

• Can't enable ACLs on a RAID volume

  Hi all,
  I have OSX 10.4.11 running on an Xserve G5 ppc. There are 2 Xserve RAID volumes attached by fibre channel.
  I've been having issues recently with permissions: some users are creating or modifying files/folders and other users in the same group are then unable to access them. Viewing the permissions shows that group access is set to 'None'. I can correct this in the 'Sharing' section of WGM but that doesn't resolve the underlying issue.
  I want to use ACLs to control access to data on the 2 RAID volumes, one of which also contains the users' network accounts. Unfortunately the 'Enable Access Control Lists' tick box is greyed out so I cannot activate them. On the other RAID volume all three tick boxes are available.
  Why might this be?
  John.

  Found the answer. The volume was not correctly formatted. I copied the data, reformatted the volume, copied back the data and enabled ACLs.

• How do I enable ACL on an external unit in Mavericks?

  I have an external hard disk via FW 800 on a Mac Mini Server running Mavericks. I can not enter any settings in the ACL because every time I get an error message saying that I can not enter anything in the ACL because the ACL is not enabled on the unit.
  How do I enable ACL on an external drive in Mavericks?
  Regards
  Jonas Möller Nielsen

  The problem is solved.

• Enable ACL on XSAN without using OD. Is it possible?

  I've tried using fsaclctl - but no results. How to enable ACL on XSAN?

  Are you using xSAN 2 or 1.4? With v2, you can stop the volume and open it's settings, checking ACL's. Oddly, I'm curious to why ACL's would make your permissions management easier. It generally in my experience has made it far more difficult to deal with permissions from different macs when enabled since there are additional "layers" of users above those assigned by XSAN directly.
  If you have any OSX Server product running on the XSAN, you can start up a Directory Service on it. Just make sure all your XSAN clients and controllers have that machine's IP or Servername (xserve1.local) designated in the the app found in Applications/Utilities/Directory Utility. While it isn't maybe best practice to have the Metadata controller doubling as an OD server, it isn't really a huge deal if your SAN is small. Any performance hits on the SAN would be minimal compared to the huge task of keeping up with all your mac's users and settings all the time.
  Making your own simple OD server would work as long as your XSAN isn't part of a larger network. My company has Active Directory for the main LAN and the addition of a simple but separate OD for xSAN users has caused many problems when those same macs write to the LAN volumes.

• Enabling ACLs on existing sharepoint

  Howdy - I've read through a lot of the other posts on ACLs but this particular topic didn't seem to be covered there.
  I have a handful of "Shares" on a volume that currently does not have ACLs enabled, and like most people, I've been constantly resetting the file permissions so that people in various groups (HS Faculty, Yearbook, etc) are able to read, write, etc.
  I'd like to try using ACLs on there in the hopes that these shares become a little easier to manage, BUT the volume (an XRAID) also has users home directories on it, and I am concerned that enabling ACLs on the volume could somehow screw things up there.
  If I enable ACLs, I can use them just on my "share points" and not on my home directories, right? ACLs are activated on a per-folder level, correct?
  System is an XServe G5 (2x 2Ghz) with 2GB RAM, running OS X Server 10.4.2 - connected to single channel of XRAID with 1.09TB (RAID 0+1).
  If anyone has suggestions for me (besides re-reading Gerrit's ACL Tips posts, which I will do anyway), I'd appreciate it.
  G5 iMac   Mac OS X (10.4.4)  

  ACLs are enabled at the volume level, but only applied to the folders you choose. For example, we use a volume (Data) that contains multiple folders (Homes, Shared, and Web). We use ACLs only in the Shared directory and continue to rely on POSIX for the others. It works fine.
  One caveat: we don't use XRAID.

• Enable ACLs on existing volume- have you done this?

  I'm considering enabling ACLs on an existing (in use) SAN volume. I'm still running xsan 1.4.2. The MDCs are on 10.5.5 and soon the clients will be as well.
  Have any of you enabled ACLs 'after the fact', and if so, did you have any problems?
  I'm using local users right now, and I want to move to OD users and get away from the umask nonsense.

  Do you see a n "Old Firefox Data" folder on the desktop in case Firefox got reset?
  Do you have more than one profile folders present if you check that?
  You can use this button to go to the current Firefox profile folder:
  *Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
  Go one level up to the Mozilla\Firefox\Profiles\ folder in case a new profile got created.
  *http://kb.mozillazine.org/Recovering_a_missing_profile

• Oracle 11g XE not working with oracle BI publisher 10g after enabling ACL

  Hello,
  I previously work with oracle 10gXE and Oracle BI publisher 10g and it work fine. now i install oracle 11g XE and try to configure it with oracle Bi Publlisher, it show this error
  "ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1324 ORA-12570: TNS:packet reader failure" after runing the ACL package to neable network service.
  on the database.
  Please can any body tell be why this is not working. Tanx.

  You'll need to add the apex engine owner to the ACL (Access Control List). Depending on your version of apex the user name varies. i.e. 4.0 is APEX_040000
  See Joel's blog for info about the ACL and APEX.
  [http://joelkallman.blogspot.com/2010/10/application-express-network-acls-and.html]

• Catalyst 8510 MSR as PE?

  Hi there
  In order to prolong the life of some of our old Cat8510MSR, I was wondering whether the could be used for PEs in a MPLS network.
  The switch is equiped with ATM router module (not the enhanced) and standard RAM config.
  We are going to replace these switches with 7600s, but until this happens, it could be quite good to reuse these switches in the smaller parts of the network.

  Hi,
  According to:
  http://www.cisco.com/en/US/customer/products/hw/switches/ps718/products_configuration_guide_chapter09186a008047b9d3.html#wp1066738
  you required the Enhanced ATM ROuter Module to support MPLS on the 8510MSR.
  Hope that helps - pls rate the post if it does.
  Paresh

• Enable/disable ACLs for a volume

  where is the option enable/disable ACLs for a volume in leopard server 10.5x?
  I searched in Server Admin and there Volumes … but I cant find this option which is described in this forum ?!

  Hi
  By default Access Control Lists (ACLs) are enabled on Leopard Server (10.5). The situation was different on Tiger Server (10.4) as you had to enable ACLs for each mounted volume.
  To disable ACLs on Leopard Server you have to use the command line:
  sudo fsaclctl -p path -d disable
  to disable and to enable:
  sudo fsaclctl -p path -d enable
  As with 10.4 you its a good idea to restart the server after disabling or enabling ACLs, otherwise ACLs won't take. Strictly speaking this should only be true of the Boot volume although in my view its worth doing it for any other mounted volume you are going to be using for sharing.
  To display ACL status for all mounted volumes issue this command:
  fsaclctl -a
  for a specific volume its:
  fsaclctl -p path
  where path is the name of the volume - you can drag drop the desired volume into the terminal window to show its full path. For example you could have:
  fsaclctl -p /
  / is terminal shorthand for the boot volume. Regardless of how you do it you should see something like this:
  Access control lists are supported on /Volumes/Data HD
  Tony

• IpSec VPN and NAT don't work togheter on HP MSR 20 20

  Hi People,
  I'm getting several issues, let me explain:
  I have a Router HP MSR with 2 ethernet interfaces, Eth 0/0 - WAN (186.177.159.98) and Eth 0/1 LAN (192.168.100.0 /24). I have configured a VPN site to site thru the internet, and it works really well. The other site has the subnet 10.10.10.0 and i can reache the network thru the VPN Ipsec. The issue is that the network 192.168.100.0 /24 needs to reach internet with the same public address, so I have set a basic NT configuration, when I put the nat configuration into Eth 0/0 all network 192.168.100.0 can go to internet, but the VPN goes down, when I remove the NAT from Eth 0/0 the VPN goes Up, but the network 192.168.100.0 Can't go to internet.
  I'm missing something but i don't know what it is !!!!, See below the configuration.
  Can anyone help me qith that, I need to send te traffic with target 10.10.10.0 thru the VPN, and all other traffic to internet, Basically I need that NAT and VPN work fine at same time.
  Note: I just have only One public Ip address.
  version 5.20, Release 2207P41, Standard
  sysname HP
  nat address-group 1 186.177.159.93 186.177.159.93
  domain default enable system
  dns proxy enable
  telnet server enable
  dar p2p signature-file cfa0:/p2p_default.mtd
  port-security enable
  acl number 2001
  rule 0 permit source 192.168.100.0 0.0.0.255
  rule 5 deny
  acl number 3000
  rule 0 permit ip source 192.168.100.0 0.0.0.255 destination 10.10.10.0 0.0.0.255
  vlan 1
  domain system
  access-limit disable
  state active
  idle-cut disable
  self-service-url disable
  ike proposal 1
  encryption-algorithm 3des-cbc
  dh group2
  ike proposal 10
  encryption-algorithm 3des-cbc
  dh group2
  ike peer vpn-test
  proposal 1
  pre-shared-key cipher wrWR2LZofLx6g26QyYjqBQ==
  remote-address <Public Ip from VPN Peer>
  local-address 186.177.159.93
  nat traversal
  ipsec proposal vpn-test
  esp authentication-algorithm sha1
  esp encryption-algorithm 3des
  ipsec policy vpntest 30 isakmp
  connection-name vpntest.30
  security acl 3000
  pfs dh-group2
  ike-peer vpn-test
  proposal vpn-test
  dhcp server ip-pool vlan1 extended
  network mask 255.255.255.0
  user-group system
  group-attribute allow-guest
  local-user admin
  password cipher .]@USE=B,53Q=^Q`MAF4<1!!
  authorization-attribute level 3
  service-type telnet
  service-type web
  cwmp
  undo cwmp enable
  interface Aux0
  async mode flow
  link-protocol ppp
  interface Cellular0/0
  async mode protocol
  link-protocol ppp
  interface Ethernet0/0
  port link-mode route
  nat outbound 2001 address-group 1
  nat server 1 protocol tcp global current-interface 3389 inside 192.168.100.20 3389
  ip address dhcp-alloc
  ipsec policy vpntest
  interface Ethernet0/1
  port link-mode route
  ip address 192.168.100.1 255.255.255.0
  interface NULL0
  interface Vlan-interface1
  undo dhcp select server global-pool
  dhcp server apply ip-pool vlan1

  ewaller wrote:
  What is under the switches tab?
  Oh -- By the way, that picture is over the size limit defined in the forum rules in tems of pixels, but the file size is okay.  I'll let it slide.  Watch the bumping as well.
  If you want to post the switches tab, upload it to someplace like http://img3.imageshack.us/, copy the thumbnail (which has the link to the original)  back here, and you are golden.
  I had a bear of a time getting the microphone working on my HP DV4, but it does work.  I'll look at the set up when I get home tonight [USA-PDT].
  Sorry for the picture and the "bumping"... I have asked in irc in arch and alsa channels and no luck yet... one guy from alsa said I had to wait for the alsa-driver-1.0.24 package (currently I have alsa-driver-1.0.23) but it is weird because the microphone worked some months ago...
  So here is what it is under the switches tab

• Problem with ACL in CSS-to-CSS redundancy configuration

  I have two CSSes - first is master, second is backup. When I enable ACL on master CSS, it can't see more the backup CSS. My first rule is to allow all traffic between both CSSes. I have CSS 11050 with 4.10 Build 10.
  Here is a part of my config:
  --- begin ---------------------------------------------------
  !************************* INTERFACE *************************
  interface e8
  bridge vlan 254
  description "css1 <-> css2 (net 192.168.254.0/30)"
  !************************** CIRCUIT **************************
  circuit VLAN254
  ip address 192.168.254.1 255.255.255.252
  redundancy-protocol
  !**************************** NQL ****************************
  nql n_csw_to_csw
  ip address 192.168.254.1 255.255.255.255
  ip address 192.168.254.2 255.255.255.255
  !**************************** ACL ****************************
  acl 1
  clause 1 bypass any nql n_csw_to_csw destination nql n_csw_to_csw
  apply circuit-(VLAN254)
  --- end ---------------------------------------------------
  Where is the problem? Is it a bug in my current version or an error in my configuration?
  Thanks
  Thomas Kukol

  at first step read http://www.cisco.com/warp/customer/117/css_packet_trace.html
  and trace your unworking configuration
  if you give flow option 0xffffff you should see why ACL didn't pass app traffic..
  second idea is to use normaln acls w/o nql....
  with permit keyword...
  share expirience here again 8-)

• Photoshop files & ACLs?

  I am going out of my mind here trying to figure this out. First my needs. I have two users on a 10.4 machine that need to be able to create, save and edit Photoshop files (their own and each others) in the same folder. Until now, the only way I could figure it out was to create a second volume and "ignore" ownership on that volume. I know that I could go into the "file info" permissions everytime one of us creates a new file and modify the permissions to allow the other to edit the file but what a pain that is.
  I thought my answer would lie in enabling and using Access Control Lists (ACLs) so I used Tinkertool system to enable ACL support on my main volume and then grant full access with inheritance enabled to both users. This works great for any file (MS Word, Excel, etc.) but not photoshop files. The Word, Excel and any other file created by one user correctly inherits the permissions from it's parent folder's ACL settings but not the Photoshop files. They don't seem to inherit them at all.
  I can go into Tinkertool System and propagate the settings and the files seem to pick up the settings but when one users tries to edit another's photoshop files, it shows up as a locked file. I can use the "get info" dialog to confirm that the file does possess the ACL settings but it is almost as though Photoshop CS & CS2 don't recognize the ACL properties of the file.
  In summary, my two issues are:
  1. Photoshop files are not automatically inheriting the ACL permissions.
  2. Even after manually propagating the ACL permissions to a photoshop file, it shows up as being locked (from within photoshop, not the finder) when the non-owner user tries to edit it.
  Does anyone have any ideas as to what is going on here.
  Thanks,
  Troy

  Troy,
  I'm suspecting that we are using ACL differently. On tiger, you have to enable them specifically. The e flag on ls will show ACL's and from your post - you don't seem to have ACL installed.
  Please have a look at the first page of this article. It describes ACL's and shows you how to manipulate them:
  http://arstechnica.com/reviews/os/macosx-10.4.ars/8
  You can accomplish what you need with traditional groups - if you want that - simply post the id for each user and I'll send back steps to make a group for this folder. (Or someone else here might just guess and propose something)
  Also - have you contacted Adobe to see if the version of Photoshop you are using even supports ACL? I honestly don't know what layer of command they use to access the disks - it's not unlikely that their application might not support reading the meta data if it accesses the files directly. It's unlikely (but not impossible) that they used high level API from Apple that would enable them to simply work with ACL out of the box.

• Can't connect to router / Error says router uses ACLs which it doesn't

  Hi!
  I'm having troubles connecting my MacBook (10.4.10) to my WLAN-Router (Siemens Gigaset SE551).
  I switched from WEP to WPA encryption today and all windows machines work just fine, however my MacBook refuses to connect.
  The dialog says:
  "The selected network uses an Access Control List to restrict access and this computer is not in the list.".
  This is wrong. MAC Filtering is not enabled and the MacBook connects flawlessly using Bootcamp.
  I already tried to clean up my network settings (no default entries, etc.) and updated the routers firmware. Nothing works.
  Any ideas?
  bye
  PhilPhil
  MacBook Mac OS X (10.4.10) Airport, Siemens Gigaset, SE551, WPA, MAC, ACL
  MacBook   Mac OS X (10.4.10)  

  It works under Bootcamp, so the router settings can't be the problem, right?
  Well, no, Macs & Routers don't exactly agree on "standards", and most likely everybody's Router was tested or fixed to work with Windows® "standards"!
  Yet I don't "think' that were the problem is yet. Most referemces to SSIDs are kept either in Keychain, or...
  /Users/nnnn/Library/Preferences/com.apple.internetconnect.plist
  /Library/Preferences/SystemConfiguration/preferences.plist
  /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist
  With cross references used between them too!
  Crazy Idea®... maybe try enabling ACL on the Router as a test with the mac's MAC in it?

• WGM no longer able to create ACL

  I have created some users and wanted to adjust ACL settings - but when I try to drag&drop a user into the ACL list, it just does not work.
  Has anyone an idea where I can look ?
  I even have removed all created users (maybe I had made a mistake there), but still the same. I'm not able to create a ACL.

  I have solved the problem by myself:
  ACL were not enabled, or better said, they were disabled for unknown reason.
  I enabled it by opening WGM, tab "Sharing", "All", click at the volume and enabling "Enable disk quotas on this volume" and "Enable ACL on this volume".
  But I ask me, why they were disabled ? Have I just missed to enable them overall (I try to configure two servers and so may have really mixed up things) ? I thought that both (quotas and ACL) are enabled by default, aren't ?
  I tried to created some users via the WGM and got some error messages, may this be affiliated with ?
  Can anyone explain the different permissions in my previous post of the /Users directories ? Here I'm quite sure that I haven't changed them, at least not without knowledge.
  I look forward to any hints on this ghost issue

• XSAN, ACLs and new OD users.

  I have xSAN FS with enabled ACLs and OD.
  If i create ACL for existing folders and assign groupe(A) permissions to it. Rules work perfect. But only for usesr in this group (A) which was added before ACL was assigned.
  If i create new OD user and add it into group A after ACLs was configured. User have no group permisions to this folder.
  Anybody meet this issue?

  So do you want to have this new server running alongside the old one - or set up the new server for a subset of users and then decommission the SL server? If alongside, is it for redundancy or to provide a sperate set of services for a subset of users?
  If alongside for redundancy, thne it makse sense to let it use the existing OD.
  If it's for one of the other purposes, you'll need to:
  1. Set the new server up in islation from the old one (this allows you to create a new OD master)
  2. Configure services
  3. If you need to copy/move user data from the SL server, you'll have to take services on the SL server offline for the time it takes to copy/move.