FMS Recording Authentication
Hi all,
I'm hoping an advanced FMS user/administrator (or Adobe)
might be able to offer some advice here. My environment is this:
- One server runs an administrative publishing system for
(e.g) joewebsite.com. Authors (authenticated users) are able to
post content to joewebsite.com. They are also able to record their
webcam/microphone to create podcasts and videocasts.
- A second server resides in another location (not LAN) and
runs FMS in a LAMP environment, to receive authors video/audio and
then move it to a web-accessible folder for user download (not
using a Flash Streaming server, just progressive download).
What I'd like to do is this: From the SWF recorder a web
request (i.e. not rtmp/e) is sent to the FMS server with a session
ID. The server checks to make sure that the session is valid as per
the publishing system. Assuming it's valid, the system tells the
FMS to allow that user's IP to connect to the FMS. The system then
sends back to the user's SWF the filename that should be used for
recording as per NetStream.publish(fileName, "record"), so that the
system can keep track of what file is used for which recording.
After the user is done recording (i.e. they hit the Stop button),
the SWF sends an "I'm done" to the server, and the file is moved
from its FMS location to the web-accessible folder.
The main thing is this: a non-firewall solution to allowing
only certain IPs to connect to the FMS. I've looking into the
Users.xml, but that unfortunately requires an FMS reboot. As the
system could be recording more than one stream at the same time,
this isn't a viable solution.
FWIW: I'm working on a Developer's license for FMS 3, and the
company I work for is pretty serious about buying an Interactive
Server license if I can get this thing working.
I appreciate any time and advice. I'm a big fan of reading
manuals and don't need my hand held, so if you could even just
point me in the right direction with a page number, I could figure
out the rest.
Regards,
N
Are you using Stream.flush API - if you are using that it migth cause some syncronisation issues if data and audio/video is mixed.
I did not get your usecase clearly - let me know if you using above API. I think it would be better to use second option if you can usedata and audio seperately but probably you can explain use case better so that we migth help you.
Similar Messages
-
FMS Recording - Seek Causes Synch Issues Audio/Data Recording
Hi,
I have recordings being generated by FMS 4.5. These recordings are a combination of data (for example, chat text that was typed into a chat window) and audio. The audio, as currently designed, comes on and off. Therefore, the record stream plays a audio stream, but that stream turns on and off by calling play(activeAudioStream) and play(false) once the audio has ended, over and over.
The recordings (as flv) play back fine, when not using the seek feature. When using the seek feature, I get obvious problems where playback will simply Stop, and not resume for a specified about of time. For example, if I start a recording at 60 seconds in, then at 120 seconds, playback stops and nothing happens for a long, seemingly random about of time. The stream is active, as when it does resume, the time value of the stream includes the long period of nothing happening.
This is very confusing, because the recording works fine from the beginning. I am fairly certain this has something to do with recording audio/video. A data only recording is fine. A recording with audio all the way through, even with data, is fine. But, having the recorded audio stream turn on and off seems to cause major problems. Any ideas? If the audio is not continuous, should I create data only and audio only recordings, and setup my playback to stream the audio based on data events indicating the start/end of an audio section?
Note this is being played back in an AS2 application.
Thanks.Are you using Stream.flush API - if you are using that it migth cause some syncronisation issues if data and audio/video is mixed.
I did not get your usecase clearly - let me know if you using above API. I think it would be better to use second option if you can usedata and audio seperately but probably you can explain use case better so that we migth help you. -
I have one license of Flash media streaming.
I require authentication to send streaming media encoder.
I know this is only possible with interactive server. is true?
which is the port for sending the live streaming? Media Encoder ---> FMS
which is the port for reading the stream? FMS ---> html flvPlayer
If the ports are separated can use 2 different ip.
- ip for sending
- ip for reception
sorry for my english
ThanksYes as of now any kind of authentication for encoder is possible only via SSAS or using Access/Auth plug-ins and both of this are not supported in Flash Media Streaming Server. However we at adobe are aware of this security aspect and are working to address this issue at the earliest. Hopefully we should have this addressed sooner than latter
I will surely keep you updated if i get to hear anything on this front.
Also to answer your question, you need not to use same port for publishing and subscribing - but ports which are used need to be configured - so basically you can publish using port 1935 and subscribe using port 80 , if both are configured. I am not sure about two IP's though -
I,m a newbie and one of my requirements is to Start the Record of the Stream as soon as the Game Starts. The Game gets the ID from JAVA and our client wants the stream record from JAVA.
Is it possible to Call Stream.record() from JAVA?Similarly JAVA chould be Able to Stop the Record after the game Finishes.
Any help on this is appreciated.
SriniThere must be java based RTMP SDK.. You should contact Adobe sales team directly..
-
I have an Audigy 2 ZS Platinum Pro sound card installed in my WindowsXP pc.
I have a Roland RD700SX stage piano and I wish to record my playing on my pc somehow.
This Audigy card has this external box with all kinds of inputs and outputs and I am at a loss on how to connect my piano to this.
My piano has /4" outs as well as XLR outs as well as MIDI . It also has USB which I currently connect to my pc so that I can play some midi files from my pc and they play on the keyboard.
But now I want to record myself and need to know if there is a way using this Audigy card.
Which input would I need to plug into first of all? Can I use the 2 rca in's? My /4" cables that I use to plug into my amp have /4" to rca adaptors. But looking at documentation, the rca's on the back say they're used for analog devices like vcr's and such. My keyboard is a digital keyboard as well as a stereo keyboard (left and right outs).
I don't think I want to use Midi connections do I? I want to record authentic recordings and make them into MP3 format.
Anyways, any advice would be appreciated.
PS: I do have 2 software programs that I'm not sure will help here, Cubasis and Audacity.
Is there any Creative software in this suite that I have that I would utilize?Rockitman3 wrote:
Thanks for the quick reply.
Unfortunately, most of what you said went way over my head.
I have /4" cables from my keyboard and I can plug an RCA adaptor on the other end. Do I plug these cables into the RCA left and rights on the Audigy box?
I do not plan on adding effects, mixing, etc. I just want to simply record my piano playing.
So if I open Cubasis, which SoundBlaster source do I pick, there's about 5 or 6 different ones.
I'm such a noob at this, and the Cubasis program is very hard to understand. Any detailed simple instructions would be appreciated.
There is a guide called "Music Creation Guide" either installed (you should find it under "Documentation on Start--Programs...Creative--Soundblaster--Audigy nn-->" or in hard disk or driver/software CD (which can be found @
- installation path; C:\Program Files\Creative\_your_card_model_\Music Creation Guide\
- path on original installation CD; \Audio\Setup\GuideBk\ (select language)
Drivers:
W/ Cubasis you should see listed something like
ASIO Multimedia (don't use)
ASIO DirectX (don't use)
Creative ASIO -->6-bit/48kHz (OK)
SB Audigy 2 Zs ASIO [nnnn] --> 6-bit/48kHz (OK)
SB Audigy 2 Zs ASIO 24/96 [nnnn] --> 24-bit/96kHz (OK) best quality
You also need to set the project samplerate to 48kHz or 96kHz and recording bit-depth to 6, 24 or 32 (depending on which of above mentioned mode you use).
As the CD and MP3 quality are 6-bit/44.kHz, you need to make a saplerate conversion from 48kHz to 44.kHz and dither from 32/24-bit to 6-bit if recording as 32/24-bit to get your project files exported to Wave or MP3 (many burning software can do these "on the fly"). I don't know the features of Cubasis but you can do this w/ software like Voxengo r8brain (freeware) when your data is still in wave format.
If you plan to record the piano only, just use Craeti've Media Source and record using 6-bit/44.kHz right away into wave or MP3 format (as you wish).
jutapaMessage Edited by jutapa on 09-26-2006 0:4 AM -
Hello guys, how are you? I'm developing an online meeting system with audio/video sharing, using Adobe Flex 4 and Flash Media Server 4. I'm using the RTMFP protocol to make the transmission of audio/video which increases considerably the performance. The trouble now is that i must record the audio/video transmitted, but i figured out that when using the RTMFP protocol the FMS doesn't operate in the channels. So, how could i make FMS record this channels?
Regards.Hi Fernando,
First, I would like to say that, you have to install FMS4 on you machine "developer version" and create a DEVELOPER ID from adobe site and that ID you will use for communication, and you have to create one more connection, that should be RTMP protocol not RTMFP becouse RTMFP protocol don't have permission to record the video and with RTMP protocol you can record video with FMS4.
Thanks -
Recorded FLV files contain corrupt timestamps
Howdy -
I'm running FMS 4.5.3 r2005 on standard AWS Linux box. I'm recording the streams using NetStream.publish("appendWithGap") from a small custom Flash app running on IE+Windows.
Usually, the generated .flv file is fine. However, I've found a number of cases where the .flv file generated was corrupt. By using ffprobe -show_packets I'm able to see that the presentation timestamp (PTS) of sequential packets occasionally remain the same. This happens for both audio and video at times. For example, consider the output of the command:
$ ffprobe -show_packets saved.flv | egrep -e '(pts=|codec)'
codec_type=video
pts=0
codec_type=video
pts=0
codec_type=video
pts=0
codec_type=video
pts=0
codec_type=video
pts=0
codec_type=video
pts=0
codec_type=video
pts=3912
codec_type=video
pts=3944
codec_type=video
pts=3944
codec_type=video
pts=3944
codec_type=video
pts=3944
codec_type=video
pts=3944
codec_type=video
pts=3944
codec_type=video
pts=3944
codec_type=video
pts=3944
I really don't know much about the internals of the FLV format, but I assume that invalid timestamps like these make for a non-playable (corrupt) video.
Any idea what may cause FMS to record such a video?
What kind of information would be helpful to debug this?
Obviously, my client expects every video recorded to be one that an be played back, and so these corrupt videos are alarming to say the least.
FYI, due to privacy restrictions I can't share the recorded video without a signed NDA. If it would help, I can provide the entire output of ffprobe.
Thanks,
BenFlvcheck has validated the format of file, and it is correct. The logs "Adding Silence message" indicates that audio message was expected and is not recieved after a particular time check, because of which video may appear stalled.
Flvcheck may claim the file is valid, but event after running flvcheck -s the video is corrupt. According to ffprobe, many of the timestamps are still the same. When I attempt to play the file in an flv player, the entire video is run through up front in sort of a fast-forward view, and then the audio plays out more or less normally.
This makes sense, as the video player is probably playing all these frames with the same timestamp sequentially, which makes for the fast-forward effect.
To debug this issue, a good starting point would be, validating the input to FMS. FMS records what is published to it.
Does FMS tinker with the video frame timestamps, or are they just passed through to the file system?
Since you are able to reproduce this issue, can you please enable livestream logging and check if input stream to FMS is different from what it is recording.
Unfortunately I can't regularly reproduce it - though it does happen on a somewhat regular basis (it was happening a couple times a week).
Is it safe to turn live stream logging on for a few days to see if I can catch this issue happening? Or, will live logging chew up resources and cause issues?
Thanks for the assistance!
-Ben -
Aaa authentication enable default group tacacs+ enable
I am implementing CSACS 4.0. First on the client, I will apply aaa authenticatio/ authorization under vty. The issure if I use the followin command
aaa authentication enable default group tacacs+ enable
what will happen if I login via console? Will I be required to enter any username/password?
Below is my configuration
aaa new-model
aaa authentication login authvty group TACACS + local
aaa authentication enable default group tacacs+ enable
aaa authorization commands 15 authvty TACACS+ local
TACACS-server host IP
Tacacs-server key key
Ip tacacs source-interface VLAN 3
aaa accounting send stop-record authentication failure
aaa accounting delay-start
aaa accounting exec authvty start-stop group tacacs+
aaa accounting commands 15 authvty start-stop group tacacs+
aaa accounting connection authvty start-stop group tacacs+
line vty 0 15
login authentication authvty
authorization commands 15 authvty
accounting connection authvty
accounting commands 15 authvty
accunting exec authvty
Any suggestion will be appreciated!It should work because this is a message.banner prompt everytime you try to login (console/vty). I have it configured on my router.
If you have banner motd, it will be displayed as well (see below). So I ahve to remove it to get only the aaa banner & prompt being displayed:
*** Username: cisco, Password: cisco (priv 15f - local) ****
Unauthorized use is prohibited.
Enter your name here: user1
Enter your password now:
Router#
The config more or less looks like:
aaa new-model
aaa authentication banner ^CUnauthorized use is prohibited.^C
aaa authentication password-prompt "Enter your password now:"
aaa authentication username-prompt "Enter your name here:"
aaa authentication login default group radius
aaa authentication login CONSOLE local
HTH
AK -
ACS 5.3 Configuring 802.1x
Trying to configure 802.1x with ACS 5.3, have some general doubts about how to make it, this is what I got for the moment:
ACS 5.3 = 192.168.240.28
AD = 192.168.251.97
Switch = 192.168.240.171
IOS device config
Already configured and running Device Administration using Tacacs, mising with Radius aaa commands:
aaa group server tacacs+ TACACS_PLUS
server 192.168.240.28
aaa group server radius RADIUS_1x
server 192.168.240.28 auth-port 1812 acct-port 1813
aaa authentication login default group TACACS_PLUS
aaa authentication login no_tacacs enable local
aaa authentication enable default group RADIUS_1x
aaa authentication dot1x default group RADIUS_1x
aaa authorization config-commands
aaa authorization exec no_tacacs local
aaa authorization commands 15 TACACS_PLUS group tacacs+
aaa authorization network default group RADIUS_1x
aaa authorization auth-proxy default group RADIUS_1x
aaa accounting send stop-record authentication failure
aaa accounting update newinfo
aaa accounting dot1x default start-stop group RADIUS_1x
aaa accounting exec default start-stop group TACACS_PLUS
aaa accounting network default start-stop group TACACS_PLUS
aaa accounting connection default start-stop group TACACS_PLUS
aaa accounting system default start-stop group RADIUS_1x
tacacs-server host 192.168.240.28 port 49 key 7 104D0617040717180F05
tacacs-server directed-request
radius-server attribute 8 include-in-access-req
radius-server host 192.168.240.28 auth-port 1812 acct-port 1813
radius-server timeout 20
radius-server key 7 094F410718151201080D
radius-server vsa send authentication
dot1x system-auth-control
errdisable detect cause security-violation shutdown vlan
errdisable recovery cause security-violation
interface GigabitEthernet0/24
switchport mode access
switchport voice vlan 7
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host
dot1x timeout quiet-period 15
spanning-tree portfast
spanning-tree bpduguard enable
ACS 5.3 Configuration until now
I have a document on how to configure this on ACS 4.2, but I have some problems trying to configure on ACS 5.3.
I'll appreciate a lot any ideas that could help me on this.
Regards,
Juan CarlosOk Carlos, I make it simple, just AD as condition and authorization profile, I tested with compliant client, and still receiving timeout, and Network Access Authorization still in 0, here is the debug:
001250: Jan 19 18:40:58.028 GDL: AAA/BIND(0000002F): Bind i/f
001251: Jan 19 18:40:58.237 GDL: %AUTHMGR-5-START: Starting 'dot1x' for client (f04d.a2a2.a028) on Interface Gi0/24 AuditSessionID C0A8F0AB0000001101B6C743
001252: Jan 19 18:41:00.007 GDL: %LINK-3-UPDOWN: Interface GigabitEthernet0/24, changed state to up
001253: Jan 19 18:41:01.014 GDL: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/24, changed state to up
001254: Jan 19 18:41:08.547 GDL: AAA/AUTHEN/8021X (0000002F): Pick method list 'default'
001255: Jan 19 18:41:08.547 GDL: RADIUS/ENCODE(0000002F):Orig. component type = Dot1X
001256: Jan 19 18:41:08.547 GDL: RADIUS(0000002F): Config NAS IP: 0.0.0.0
001257: Jan 19 18:41:08.547 GDL: RADIUS(0000002F): Config NAS IPv6: ::
001258: Jan 19 18:41:08.555 GDL: RADIUS/ENCODE(0000002F): acct_session_id: 37
001259: Jan 19 18:41:08.555 GDL: RADIUS(0000002F): sending
001260: Jan 19 18:41:08.555 GDL: RADIUS/ENCODE: Best Local IP-Address 192.168.240.171 for Radius-Server 192.168.240.28
001261: Jan 19 18:41:08.555 GDL: RADIUS(0000002F): Send Access-Request to 192.168.240.28:1812 id 1645/27, len 246
001262: Jan 19 18:41:08.555 GDL: RADIUS: authenticator 27 15 50 22 ED AB FC 34 - F1 24 56 87 30 6F 7D F9
001263: Jan 19 18:41:08.555 GDL: RADIUS: User-Name [1] 18 "juancarlos.arias"
001264: Jan 19 18:41:08.555 GDL: RADIUS: Service-Type [6] 6 Framed [2]
001265: Jan 19 18:41:08.555 GDL: RADIUS: Vendor, Cisco [26] 27
001266: Jan 19 18:41:08.555 GDL: RADIUS: Cisco AVpair [1] 21 "service-type=Framed"
001267: Jan 19 18:41:08.555 GDL: RADIUS: Framed-MTU [12] 6 1500
001268: Jan 19 18:41:08.555 GDL: RADIUS: Called-Station-Id [30] 19 "00-1C-0E-08-69-98"
001269: Jan 19 18:41:08.555 GDL: RADIUS: Calling-Station-Id [31] 19 "F0-4D-A2-A2-A0-28"
001270: Jan 19 18:41:08.555 GDL: RADIUS: EAP-Message [79] 23
001271: Jan 19 18:41:08.555 GDL: RADIUS: 02 01 00 15 01 6A 75 61 6E 63 61 72 6C 6F 73 2E 61 72 69 61 73 [ juancarlos.arias]
001272: Jan 19 18:41:08.555 GDL: RADIUS: Message-Authenticato[80] 18
001273: Jan 19 18:41:08.555 GDL: RADIUS: E5 92 90 F9 39 F2 EA A9 E4 B2 C9 02 12 9D EA B0 [ 9]
001274: Jan 19 18:41:08.555 GDL: RADIUS: EAP-Key-Name [102] 2 *
001275: Jan 19 18:41:08.555 GDL: RADIUS: Vendor, Cisco [26] 49
001276: Jan 19 18:41:08.555 GDL: RADIUS: Cisco AVpair [1] 43 "audit-session-id=C0A8F0AB0000001101B6C743"
001277: Jan 19 18:41:08.555 GDL: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
001278: Jan 19 18:41:08.555 GDL: RADIUS: NAS-Port [5] 6 50024
001279: Jan 19 18:41:08.555 GDL: RADIUS: NAS-Port-Id [87] 21 "GigabitEthernet0/24"
001280: Jan 19 18:41:08.555 GDL: RADIUS: NAS-IP-Address [4] 6 192.168.240.171
001281: Jan 19 18:41:08.555 GDL: RADIUS(0000002F): Sending a IPv4 Radius Packet
001282: Jan 19 18:41:08.555 GDL: RADIUS(0000002F): Started 20 sec timeout
001283: Jan 19 18:41:26.507 GDL: RADIUS(0000002F): Request timed out
001284: Jan 19 18:41:26.507 GDL: RADIUS: Retransmit to (192.168.240.28:1812,1813) for id 1645/27
001285: Jan 19 18:41:26.507 GDL: RADIUS(0000002F): Started 20 sec timeout
Complete Report:
aaa group server tacacs+ TACACS_PLUS
server 192.168.240.28
aaa group server radius RADIUS_1x
server 192.168.240.28 auth-port 1812 acct-port 1813
aaa authentication login default group TACACS_PLUS
aaa authentication login no_tacacs enable local
aaa authentication enable default group RADIUS_1x
aaa authentication dot1x default group RADIUS_1x
aaa authorization config-commands
aaa authorization exec no_tacacs local
aaa authorization commands 15 TACACS_PLUS group tacacs+
aaa authorization network default group RADIUS_1x
aaa authorization auth-proxy default group RADIUS_1x
aaa accounting send stop-record authentication failure
aaa accounting update newinfo
aaa accounting dot1x default start-stop group RADIUS_1x
aaa accounting exec default start-stop group TACACS_PLUS
aaa accounting network default start-stop group TACACS_PLUS
aaa accounting connection default start-stop group TACACS_PLUS
aaa accounting system default start-stop group RADIUS_1x
dot1x system-auth-control
interface GigabitEthernet0/24
switchport mode access
switchport voice vlan 7
authentication port-control auto
authentication violation protect
dot1x pae authenticator
dot1x timeout quiet-period 15
spanning-tree portfast
spanning-tree bpduguard enable
tacacs-server host 192.168.240.28 key 7 104D0617040717180F05
tacacs-server directed-request
radius-server attribute 8 include-in-access-req
radius-server host 192.168.240.28 auth-port 1812 acct-port 1813 key 7 15110402053A2E372B32
radius-server timeout 20
radius-server key 7 0110090A5A1B031C224D
radius-server vsa send authentication
The compliant client should have access to Vlan 60. -
Audio/video sync with h.264 - players affected
Hi there,
I've been trying to do a sound mix in Audition CC and have been sent a video reference (h.264/AAC). I noticed the audio going out of sync with the video and so checked the file in a few players (PotPlayer, VLC, Quicktime). I found video was also lagging behind the audio with all these players so I was about to contact the person who sent me the clip but decided to do one more test. Weirdly, in Window Media Player the video stays in sync all the way through!
I understand this means that my problem's more to do with my system than Audition, but I find this problem occurs sometimes in Premiere with other source clips too and instead of tweaking it to work temporarily as usual I really want to get to the bottom of it.
I tried using AME to encode to different codecs and have tried uncompressed video and audio. This makes no difference, and I imagine that's because all my Adobe software is using a dodgy codec to read the video, could this be the case?
Has anyone else had an issue like this? And why is Windows Media Player suddenly the only thing immune to this problem?
Here's the mediainfo for the clip in question, thanks for any help!
Format : MPEG-4
Format profile : QuickTime
Codec ID : qt
File size : 144 MiB
Duration : 24mn 38s
Overall bit rate : 817 Kbps
Encoded date : UTC 2014-01-22 15:04:01
Tagged date : UTC 2014-01-23 19:33:59
Writing library : Apple QuickTime
©TSC : 2500
©TSZ : 100
Video
ID : 1
Format : AVC
Format/Info : Advanced Video Codec
Format profile : [email protected]
Format settings, CABAC : No
Format settings, ReFrames : 2 frames
Codec ID : avc1
Codec ID/Info : Advanced Video Coding
Duration : 24mn 38s
Bit rate : 683 Kbps
Width : 854 pixels
Height : 480 pixels
Display aspect ratio : 16:9
Frame rate mode : Constant
Frame rate : 25.000 fps
Color space : YUV
Chroma subsampling : 4:2:0
Bit depth : 8 bits
Scan type : Progressive
Bits/(Pixel*Frame) : 0.067
Stream size : 120 MiB (84%)
Language : English
Encoded date : UTC 2014-01-22 15:04:00
Tagged date : UTC 2014-01-22 15:04:06
Color primaries : BT.709
Transfer characteristics : BT.709
Matrix coefficients : BT.709
Audio
ID : 2
Format : AAC
Format/Info : Advanced Audio Codec
Format profile : LC
Codec ID : 40
Duration : 24mn 38s
Bit rate mode : Constant
Bit rate : 128 Kbps
Channel(s) : 2 channels
Channel positions : Front: L R
Sampling rate : 48.0 KHz
Compression mode : Lossy
Stream size : 21.7 MiB (15%)
Language : English
Encoded date : UTC 2014-01-22 15:04:00
Tagged date : UTC 2014-01-22 15:04:06
Other
ID : 3
Type : Time code
Format : QuickTime TC
Duration : 24mn 38s
Time code of first frame : 00:00:00:00
Time code settings : Striped
Language : English
Encoded date : UTC 2014-01-22 15:04:00
Tagged date : UTC 2014-01-22 15:04:06Hi,
When encoding live in H264 with the FP 11 then playing it live on another client (through FMS r) the video sometimes (1/3 of times) has major skips or jerks. It's almost as if the video goes back to some older keyframes and then returns to live. Same experience with non-h264 produces smooth video.
If the server (FMS ) records the video, the replay looks smooth, which is strange because I would have assumed the FP was not encoding well with H264.
Has anyone had this issue? please reply
Thank you. -
Accounting on ACS 3.3, doesn't seem to be working.
Hi Guys,
I have following 6 lines configured on our Cisco gears, switches, router & ASA.
However our ACS 3.3 ver does not seems to be capturing commands used by CLI users.
1
2
3
4
5
6
aaa authentication login default group tacacs+ local
aaa authentication login VTYLogin group tacacs+ local
aaa authentication login CONLogin group tacacs+ local
aaa authentication enable default enable
aaa authorization exec default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
These 13 lines of configuration I have on our ASA 8.2
1
2
3
5
6
7
8
9
10
11
12
13
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host x.x.x.19
timeout 30
key cxxxxxxxr
aaa-server RADIUS (inside) host x.x.x.20
key cxxxxxxxr
aaa-server SDI protocol sdi
aaa-server SDI (inside) host x.x.x.64
aaa authentication ssh console RADIUS LOCAL
aaa authentication http console RADIUS
aaa authentication telnet console RADIUS LOCAL
aaa authentication secure-http-client
These 15 lines of configuration, I have used before at other organisation that I have worked at.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
aaa authentication login default line
aaa authentication login VTYLogin group tacacs+ line
aaa authentication login CONLogin group tacacs+ line
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 4 default group tacacs+
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
Your input is highly appreciated and rated.Hi Javier,
Thank you very much for taking the time to reply to my post.
I tried below both lines as well, and then I still I don't see any used commands are being recorded in ACS server.
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 15 default start-stop group tacacs+
To be more precious, I copied all below lines as well and switch did accepted them without any issue, and yet I don't see used commands are being recorded in the ACS.
aaa authentication login default line
aaa authentication login VTYLogin group tacacs+ line
aaa authentication login CONLogin group tacacs+ line
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 4 default group tacacs+
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
Thanks
Rizwan Rafeek. -
Configure ras dial up internet
I have an AS5300
Cisco Internetwork Operating System Software
IOS (tm) 5300 Software (C5300-I-M), Version 12.2(16), RELEASE SOFTWARE (fc3)
This is a machine that I inherited which allows users to dial a number which comes in to the Cisco via a PRI and gives them an IP address, allowing them internet access.
the problem I am having is that users can dial via their PC modem and they get an IP address assigned to them from the Cisco. But they have no internet connectivity at all. They are not even able to ping the Cisco.
I am pretty new to Cisco in general, so any kind of information would be useful, including debug methods and commands. Pointer to sample configurations would help out a lot as well. Below is my config
Current configuration : 8406 bytes
version 12.2
service nagle
service timestamps debug uptime
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname ras4.rb
logging queue-limit 100
aaa new-model
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization network default none
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group tacacs+
enable secret 5..............
spe 1/0 2/9
firmware location flash:mica-modem-pw_2_6_2_0.bin
resource-pool disable
clock summer-time BST recurring
no modem fast-answer
modem country mica united-kingdom
modem recovery action none
ip subnet-zero
no ip source-route
ip domain-name ipbill.com
ip name-server 217.73.64.5
async-bootp dns-server 217.73.64.5 217.73.64.6
isdn switch-type primary-net5
modemcap entry mica_28800:MSC=&FS29=0
controller E1 0
clock source line primary
pri-group timeslots 1-31
controller E1 1
clock source line secondary 1
pri-group timeslots 1-31
controller E1 2
clock source line secondary 2
pri-group timeslots 1-31
controller E1 3
clock source line secondary 3
pri-group timeslots 1-31
controller E1 4
clock source line secondary 4
controller E1 5
clock source line secondary 5
controller E1 6
clock source line secondary 6
controller E1 7
clock source line secondary 7
interface Loopback1
description Modem Pool-1 Default Gateway.
ip address 217.73.71.254 255.255.255.0
interface Ethernet0
description Temporary Management IP Address
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
keepalive 3
shutdown
no cdp enable
interface Serial0
no ip address
no ip mroute-cache
shutdown
no fair-queue
clockrate 2015232
no cdp enable
interface Serial1
no ip address
shutdown
no fair-queue
clockrate 2015232
no cdp enable
interface Serial2
no ip address
shutdown
no fair-queue
clockrate 2015232
no cdp enable
interface Serial3
no ip address
shutdown
no fair-queue
clockrate 2015232
no cdp enable
interface Serial0:15
no ip address
ip access-group 100 in
ip access-group 101 out
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip policy route-map REDIRECT_2_PROXY
no logging event link-status
dialer rotary-group 1
dialer-group 1
autodetect encapsulation ppp v120 lapb-ta
isdn switch-type primary-net5
isdn incoming-voice modem 64
isdn negotiate-bchan
no fair-queue
down-when-looped
no cdp enable
interface Serial1:15
no ip address
ip access-group 100 in
ip access-group 101 out
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip policy route-map REDIRECT_2_PROXY
no logging event link-status
dialer rotary-group 1
dialer-group 1
autodetect encapsulation ppp v120 lapb-ta
isdn switch-type primary-net5
isdn incoming-voice modem 64
isdn negotiate-bchan
no fair-queue
down-when-looped
no cdp enable
interface Serial2:15
no ip address
ip access-group 100 in
ip access-group 101 out
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip policy route-map REDIRECT_2_PROXY
no logging event link-status
dialer rotary-group 1
dialer-group 1
autodetect encapsulation ppp v120 lapb-ta
isdn switch-type primary-net5
isdn incoming-voice modem 64
isdn negotiate-bchan
no fair-queue
down-when-looped
no cdp enable
interface Serial3:15
no ip address
ip access-group 100 in
ip access-group 101 out
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip policy route-map REDIRECT_2_PROXY
no logging event link-status
dialer rotary-group 1
dialer-group 1
autodetect encapsulation ppp v120 lapb-ta
isdn switch-type primary-net5
isdn incoming-voice modem 64
isdn negotiate-bchan
no fair-queue
down-when-looped
no cdp enable
interface FastEthernet0
description Main LAN Connectivity
ip address 217.73.64.57 255.255.255.0
ip access-group 105 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip policy route-map REDIRECT_2_PROXY
keepalive 3
duplex auto
speed auto
no cdp enable
interface Group-Async1
ip unnumbered Loopback1
ip access-group 100 in
ip access-group 101 out
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
no logging event link-status
dialer in-band
dialer rotary-group 1
dialer-group 1
autodetect encapsulation ppp lapb-ta
async mode dedicated
peer default ip address pool Pool-1
no fair-queue
group-range 1 240
interface Dialer1
ip unnumbered Loopback1
ip access-group 100 in
ip access-group 101 out
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
no ip mroute-cache
ip policy route-map REDIRECT_2_PROXY
no logging event link-status
dialer in-band
dialer idle-timeout 900
dialer-group 1
autodetect encapsulation ppp lapb-ta
peer default ip address pool Pool-1
no fair-queue
no cdp enable
ppp multilink
hold-queue 25 in
ip local pool Pool-1 217.73.71.1 217.73.71.253
ip classless
ip route 0.0.0.0 0.0.0.0 217.73.64.9
ip route 217.73.71.254 255.255.255.255 217.73.64.9
no ip http server
map-class dialer 56k
dialer isdn speed 56
access-list 90 remark Allow SNMP Access from WATCHER Only.
access-list 90 permit 217.73.64.38
access-list 90 deny any log
access-list 99 permit 217.73.64.94
access-list 99 remark Allow Privilaged IPz Only.
access-list 99 permit 213.123.206.128
access-list 99 permit 217.73.64.38
access-list 99 deny any log
access-list 100 remark Allowed Dialup Ranges and virus stoppers
access-list 100 deny ip host 217.73.71.254 any log
access-list 100 permit ip 217.73.71.0 0.0.0.255 any
access-list 100 deny tcp any eq 4444 any
access-list 100 deny tcp any eq 69 any
access-list 100 deny tcp any eq 135 any
access-list 100 deny ip any any
access-list 101 remark Deny All RFC1918 Addresses.
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 permit ip any any
access-list 177 permit icmp any any
dialer-list 1 protocol ip permit
no cdp run
route-map REDIRECT_2_PROXY permit 10
match ip address 100
set ip next-hop 217.73.64.9
line con 0
exec-timeout 9 0
transport output none
line 1 240
no flush-at-activation
modem Dialin
modem autoconfigure type mica_28800
transport input all
autoselect during-login
autoselect ppp
line aux 0
line vty 0 4
exec-timeout 9 0
transport input telnet
ntp clock-period 17180112
ntp peer 217.73.64.5
ntp peer 217.73.64.6
endOk, i managed to get it to work. When setting up the pptp adapter on my windows xp I checked the box 'Negotiate multi-link for single link connections'.
However I still don't understand how this makes the connection work. I am not using multi link.
Could this be anything to do with the fact that I am not doing any form of authentication and authorization? It is a open RAS where any one can connect so long as they dial the right number. -
[Maybe solved] Repeated prompts for username and password on HTTP(S)
I'm new to IOS but I'm taking ICND 1 and ICND 2 to catch up. I've gone as far as configuring a 3560 switch from "scratch" in a test environment, and am in part one of ICND 2.
Setting this switch up for HTTP administration, I've been prompted repeatedly for my username and password both when using a browser directly and when using Cisco Network Assistant (currently 5.5). This is different from the production switches I'm working with, that will prompt me once only and let me work. At first I suspected this was because I'm trying to use SSL and an in-house certitficate authority to sign the switch's certificate, but this is happening in plain HTTP as well. If I'm persistent enough, I eventually get the pages or configuration screens I want.
The difference between the production 3560s and my testing one, is the test one uses IOS 12.2(53), the current version. The production ones use 12.2(25)SEE3 through 12.2(35)SE5 and probably everything in between. I'm also experimenting with the releases that includes the web-based device manager on my test switch, but the behaviour is similar whether the image has the web-based manager or not.In an update to this problem, I've reverted the switch I've been testing back to 12.2(35)SE5, which is what the majority of my production 3560s use. It appears to behave in the same fashion: Repeatedly asking for credentials over HTTP(S).
While my non-production switch has a local user database set up, my production switches use two ACS servers. The relevant bits of the running config are:
aaa new-model
aaa group server tacacs+ mcbhtacacs
server 10.1.2.221
server 10.1.2.222
aaa group server radius mcbhradius
server 10.1.2.221 auth-port 1645 acct-port 1646
server 10.1.2.222 auth-port 1645 acct-port 1646
aaa authentication login default group mcbhtacacs local
aaa authentication login LOCALAUTH local
aaa authorization exec default group mcbhtacacs
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group mcbhtacacs
aaa accounting commands 1 default start-stop group mcbhtacacs
aaa accounting commands 15 default start-stop group mcbhtacacs
aaa accounting system default start-stop group mcbhtacacs
aaa session-id common
tacacs-server host 10.1.2.221 key 7 [censored]
tacacs-server host 10.1.2.222 key 7 [censored]
tacacs-server directed-request
radius-server host 10.1.2.221 auth-port 1645 acct-port 1646 key 7 [censored]
radius-server host 10.1.2.222 auth-port 1645 acct-port 1646 key 7 [censored]
radius-server source-ports 1645-1646
Another switch that does work without repeated prompting has these relevant bits:
aaa new-model
aaa group server tacacs+ mcbhtacacs
server 10.1.2.221
server 10.1.2.222
aaa group server radius mcbhradius
server 10.1.2.221 auth-port 1645 acct-port 1646
server 10.1.2.222 auth-port 1645 acct-port 1646
aaa authentication login default group mcbhtacacs local
aaa authentication login LOCALAUTH local
aaa authorization exec default group mcbhtacacs local
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group mcbhtacacs
aaa accounting commands 1 default start-stop group mcbhtacacs
aaa accounting commands 15 default start-stop group mcbhtacacs
aaa accounting system default start-stop group mcbhtacacs
aaa session-id common
tacacs-server host 10.1.2.221 key 7 [censored]
tacacs-server host 10.1.2.222 key 7 [censored[
tacacs-server directed-request
radius-server host 10.1.2.221 auth-port 1645 acct-port 1646 key 7 [censored]
radius-server host 10.1.2.222 auth-port 1645 acct-port 1646 key 7 [censored]
radius-server source-ports 1645-1646
10.1.2.221 and 10.1.2.222 are the ACS servers, running ACS 4.1 and are linked to a pair of Active Directory domain controllers.
Aside from host names, these two switches appear to have an identical AAA configuration. So why would the first switch repeatedly ask for credentials over HTTP when the second switch with the same software does not? -
ASR 1002 PPPoE/A Virtual-Access subinterface problem
Hi Guys,
i try to configure a BRAS solution for PPPoE/A termination.
When try to connect a client i receive the following error:
*May 3 00:51:25.043: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up
*May 3 00:51:25.046: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access4, changed state to up
*May 3 00:51:25.093: %FMANRP_ESS-4-FULLVAI: Session creation failed due to Full Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and RADIUS features support Virtual-Access sub-interfaces. swidb= 0x40A8D2CC, ifnum= 29
*May 3 00:51:25.098: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to down
The problem is related to Virtual-Access subinterface, usually, on standard IOS, i work on full mode
In the Cisco DOC i found this:
"If the subinterface is not configured, the following error message is displayed when creating a session with one of the RADIUS attributes:
*Mar 13 22:04:03.358: %FMANRP_ESS-4-FULLVAI: Session creation failed due to Full
Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and
RADIUS features support Virtual-Access sub-interfaces. swidb= 0x7FA35A42F218, ifnum= 30
To enhance the scalability of per-user configurations, in many cases, different Cisco AV-pairs are available to place the subscriber interface in a Virtual Routing and Forwarding (VRF) instance or to apply a policy map to the session. For example, use the ip:vrf-id and ip:ip-unnumbered VSAs to reconfigure a user's VRF. For information about enhancing scalability see, "Enhancing the Scalability of Per-User Configurations" section."
Ok i try to pass in radreply the following attribute :
test Cisco-AVPair += ip:vrf-id=RACC_ULL
test Cisco-AVPair += ip:ip-unnumbered=Loopback 199
Nothing don't work same error ....
If remove a "ip-unnumbered" attribute the Virtual-Access coming up but no ip address is assigned
Any ideas ?
Many thx
show ver
Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.1(3)S2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Mon 12-Dec-11 15:15 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2011 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
ASR-01-BS uptime is 6 days, 18 hours, 6 minutes
Uptime for this control processor is 6 days, 18 hours, 8 minutes
System returned to ROM by reload at 22:08:16 UTC Sat Mar 31 2012
System image file is "bootflash:asr1000rp1-adventerprisek9.03.04.02.S.151-3.S2.bin"
Last reload reason: PowerOn
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco ASR1002 (2RU) processor with 1700062K/6147K bytes of memory.
4 Gigabit Ethernet interfaces
1 ATM interface
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7757823K bytes of eUSB flash at bootflash:.
Configuration register is 0x2102
show run
aaa new-model
aaa group server radius AAA_RACC_ULL
server-private xx.xx.xx.xx auth-port 1812 acct-port 1813 key xxxxxxx
server-private xx.xx.xx.xx auth-port 1812 acct-port 1813 key xxxxxxx
ip vrf forwarding RACC_ULL
aaa authentication login local_auth local
aaa authentication ppp default group AAA_RACC_ULL
aaa authorization network default group AAA_RACC_ULL
aaa accounting send stop-record authentication failure
aaa accounting update newinfo periodic 60
aaa accounting network default start-stop group AAA_RACC_ULL
aaa accounting connection default start-stop group AAA_RACC_ULL
aaa accounting resource default start-stop group AAA_RACC_ULL
aaa session-id common
aaa policy interface-config allow-subinterface
ip vrf RACC_ULL
description *** VRF Raccolta TEST ***
rd 1:1
vpdn enable
no virtual-template snmp
bba-group pppoe xDSL_PPPoE_ADSL
virtual-template 199
vendor-tag circuit-id service
sessions auto cleanup
interface Loopback199
description *** GW RACCOLTA IP ADSL ***
ip vrf forwarding RACC_ULL
ip address 10.0.0.1 255.255.255.255
interface GigabitEthernet0/0/0
description *** ***
no ip address
no ip proxy-arp
load-interval 30
negotiation auto
interface GigabitEthernet0/0/3.20
description *** DOWNLINK TO DSLAM VLAN ADSL ***
encapsulation dot1Q 20
ip vrf forwarding RACC_ULL
no ip proxy-arp
pppoe enable group xDSL_PPPoE_ADSL
interface Virtual-Template199
description *** PPPoE AUTH ADSL ***
mtu 1488
ip unnumbered Loopback199
peer default ip address pool DYNAMIC_ADSL
ppp authentication chap pap callin
ip local pool DYNAMIC_ADSL 192.168.20.2 192.168.20.254
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route vrf RACC_ULL 0.0.0.0 0.0.0.0 192.168.254.1
ip radius source-interface GigabitEthernet0/0/0.999 vrf RACC_ULL
radius-server vsa send accounting
radius-server vsa send authenticationHi Manuel,
thanks for your answer.
Below the other attribute send from radius to ASR
Framed-MTU := 1488
MS-Primary-DNS-Server := 62.97.32.21
MS-Secondary-DNS-Server := 62.97.33.21
Framed-Protocol := PPP
Service-Type := Framed-User
Framed-Compression := Van-Jacobsen-TCP-IP
If possible i prefer to work using only virtual-template mode without per-user VRF.
I try con configure VT using ip vrf forwarding RACC_ULL and ip unnumbered ( in the same VRF domain ) without success. -
Hello,
I have lots of AP1121G, that authenticating users on a radius server (Radiator).
I need to make accounting of octets in and out per user, but i have some problems with this.
In general, the accounting is working fine, but the APs dont send some attributes that i need (Acct-Input-Octets, Acct-Output-Octets), included in Accounting-Request (stop) Packets (http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a00802091b1.html).
Someone can help me to find the problem?
I have a theory, but i don't know if is right: This attributes can't be sent because the IP Address is assigned to clients by a third DHCP Server (router cisco) and not by the Radius server. Could be by this?
How can i solve the problem?
The Radius part of configuration of my APs:
aaa new-model
aaa authentication login default local
aaa authentication login eap_methods group radius
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization network default group radius
aaa accounting send stop-record authentication failure
aaa accounting update periodic 5
aaa accounting auth-proxy default start-stop group radius
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting connection default start-stop group radius
aaa accounting system default start-stop group radius
aaa accounting resource default start-stop group radius
aaa nas port extended
aaa session-id unique
ssid MySSID
vlan 150
authentication open eap eap_methods
accounting default
ip radius source-interface BVI1
radius-server host 172.1.0.1 auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxxxxxxxxxxxx
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
radius-server vsa send authentication
Thanks in advance!
Nuno.Willw69,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com in both the "free product support" and "paid product support"
drop down boxes.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/
Maybe you are looking for
-
I just found out that my 6 year old just charged 900 to my account while play Pet Hotel in my ipad. Does anyone know who to call to get the charges reversed?
-
Flash 10, Windows 7 and all browsers = crash of the browser HELP
I have Win 7 Ultimate edition, did a clean install last night. I have tried Flash with IE8 32 & 64 versions, Fire Fox and Safari all with similar results. I am trying to complete Flash Based learning lessons for work to give you an idea of what I am
-
Date and Timezone problem...
Hello, Please, can sombody explain me the following program long l = System.currentTimeMillis(); for (int i = 0; i < 25; i++ ){ l = l - 86400000; System.out.println(i+":"+new Date(l)); Output: 0:Tue A
-
Qosmio F60 - No additional touchpad and Fn function after Win 8 upgrade
I recently installed Windows 8 on my Qosmio F60 and now I have some issues, I think it might be driver related but not sure which drivers in particular. 1. The touchpad still works for moving the pointer but swiping along the right edge doesn't scrol
-
Hi iMacers question 1 - My imac hasgone slightly darker in the bottom left hand corner, take it some sort of LED problem in screen. Can it be fixed? Question 2 - My Mac seems to be running a slower please give some advice how to speed it up. I have t