Global Controller - Local Controller authentication?

If you are logged onto the GC and you click on anything (incidents for example), you are redirected to one of the local boxes and asked to log in again. Is this normal operation, or can we pass thru the authentication somehow?

I should provide some details. I kind of doubt that the general concept has changed (i.e. you should not have to re-auth to the local controller). You have to touch local controllers far too often in the current distributed MARS model for this to be acceptable IMHO. Perhaps someone running the GC in production can correct me on this? It either requires re-auth or it doesn't...which is it?
I can't seem to find the directory where I stored my POC data. My recollection is this:
when you clicked on an incident in the GC, you hit a page on the GC (NOT the LC) that gave you a security/session identifier [quite possibly by fetching it from the LC] and were then redirected to the LC. The redirect request to the LC contained this session identifier. I can't remember if the session identifier is in the URL, or a cookie, or in POST data. It doesn't really matter though...the key is that the request to the LC already has a valid session id.

Similar Messages

Rename PC - global controller

hi there,
need help please.
we have cloned server which act as Global controller. since we need to run those server together, we need to rename one of those.
the problem is, we can't just rename it like ordinary pc. we tried, but then the server can't be logged in.
how to rename this kind of server (PC)?
the server specification:
windows server 2008 enterprise SP2, 32 bit.
the server role is forest domain.
thanks in advance

Hello,
hopefully this doesn't mean Domain controller "we have cloned server which act as Global controller"???
A domain controller CAN NEVER be cloned and use just with renaming again!!!
Every machine in a Windows domain MUST have a unique SID, which requires that SYSPREP is used to clone/image machines for easier installation.
So if you have cloned a domain controller do NEVER start this one on the same network as the original installed machine and delete that server immediately.
YOU WILL RUN INTO MULTIPLE PROBLEMS working this way!!!
To have the recommended 2 DC/DNS/GC per domain install a second server, join it to the domain and then promote it to DC in an existing domain. Also make it DNS/GC during installation. Assure to use ONLY the existing DC/DNS server on the NIC as preferred
DNS server and NONE else. That can be changed later on after the new server has replicated from the existing DC.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Global vs local attributes

Hi Folks,
How does one go about making attributes - local and global ?
Regards,
Vinay

Hi Vinay,
Attribute is global or local will depend on at which level you are adding the attributes in your taxonomy mode. If you are adding your attribute at root then it will be global as it is applicable to whole tree beneath and if you are adding them at a particular node in a tree it will be applicable to all its descendents.
Note: However attribute that is global should be modeled as a field as it is appicable to all the records.
Hope this helps.
Regards,
Pooja

Local Radius Authentication - Fails

Hello all,
Access Point 1230AG (c1200-k9w7-mx.123-2.JA)
Client Adapter ABG (PCI)
I am new to Wireless Lan configuration with Aironet products (first project). I am configuring an Access Point for a small LAN and i can not get local radius authentication working. The password always fails if I try:
test aaa group radius xxxxx port 1812 new-code
although the password is matching..........
another thing is that in the configuration, it always defaults to 'nthash' mode. is this normal? in other words if i type:
radius-server local
user dgarnett password xxxx
when i do a 'show run' it displays as
user xxxx
I also get the following during a debug:
There is no RADIUS DB Some Radius attributes may not be stored
any help greatly appreciated
ap#test aaa group radius dgarnett 123456789 port 1812 new-code
Trying to authenticate with Servergroup radius
User rejected
ap#
Feb 19 20:57:44.535: RADIUS(00000000): Config NAS IP: 10.14.14.14
Feb 19 20:57:44.535: RADIUS(00000000): Config NAS IP: 10.14.14.14
Feb 19 20:57:44.535: RADIUS(00000000): sending
Feb 19 20:57:44.535: RADIUS(00000000): Send Access-Request to 10.14.14.14:1812 id 21645/14, len 64
Feb 19 20:57:44.535: RADIUS: authenticator 9C C4 E8 64 80 8B 64 8A - E7 5F 0A 64 14 2F 5D B6
Feb 19 20:57:44.536: RADIUS: User-Password [2] 18 *
Feb 19 20:57:44.536: RADIUS: User-Name [1] 10 "dgarnett"
Feb 19 20:57:44.536: RADIUS: Service-Type [6] 6 Login [1]
Feb 19 20:57:44.536: RADIUS: NAS-IP-Address [4] 6 10.14.14.14
Feb 19 20:57:44.536: RADIUS: Nas-Identifier [32] 4 "ap"
Feb 19 20:57:44.537: RADSRV: Client dgarnett password failed
Feb 19 20:57:44.537: RADIUS: Received from id 21645/14 10.14.14.14:1812, Access-Reject, len 88
Feb 19 20:57:44.538: RADIUS: authenticator 3C B3 9A 7F 61 27 3A A6 - 84 39 B6 DF 22 DF 45 26
Feb 19 20:57:44.538: RADIUS: State [24] 50
Feb 19 20:57:44.538: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]
Feb 19 20:57:44.539: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]
Feb 19 20:57:44.539: RADIUS: 6B 7C 18 EA F0 20 A4 E5 B1 28 0E BD 57 61 24 9A [k|??? ???(??Wa$?]
Feb 19 20:57:44.539: RADIUS: Message-Authenticato[80] 18 *
Feb 19 20:57:44.539: RADIUS(00000000): Received from id 21645/14
Feb 19 20:57:44.539: RADIUS(00000000): Unique id not in use
Feb 19 20:57:44.540: RADIUS/DECODE(00000000): There is no RADIUS DB Some Radius attributes may not be stored

Just as an update.......I set this up authenticating to an external (ACSNT) Radius server and it authenticates successfully. But still will not for the local dbase. My goal is to use the Corporate ACS as primary and the local as backup. I think my problem has to do with the Radius attributes 24 (State) and 80 (Message Auth). I also think that it points back to the NTHash stuff. Please advise as I am not new security practices and wireless, but I am new to Cisco Wireless networking.

Wireless local radius authentication

Greetings,
I have a AIR-AP1121G-A-K9, and I would like to authenticate users with a username and password on the AP using the local radius server.
I used the configuration at http://www.aironet.info/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml
and tried a couple other posted configuration, but are running into the same issue regardless of which method I am using.
show ver
Cisco IOS Software, C1100 Software (C1100-K9W7-M), Version 12.3(8)JED1, RELEASE
SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 27-Apr-10 12:52 by alnguyen
ROM: Bootstrap program is C1100 boot loader
BOOTLDR: C1100 Boot Loader (C1100-BOOT-M) Version 12.2(8)JA, EARLY DEPLOYMENT RE
LEASE SOFTWARE (fc1)
ORP_ROOFDECK uptime is 21 hours, 3 minutes
System returned to ROM by power-on
System image file is "flash:/c1100-k9w7-mx.123-8.JED1/c1100-k9w7-mx.123-8.JED1"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-AP1121G-A-K9     (PowerPCElvis) processor (revision A0) with 15138K/12
36K bytes of memory.
Processor board ID FOC08370K83
PowerPCElvis CPU at 197Mhz, revision number 0x0950
Last reset from power-on
1 FastEthernet interface
1 802.11 Radio(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:12:01:6B:86:46
Part Number                          : 73-7886-07
PCA Assembly Number                  : 800-21481-07
PCA Revision Number                  : A0
PCB Serial Number                    : XXX
Top Assembly Part Number             : 800-22053-04
Top Assembly Serial Number           : XXX
Top Revision Number                  : A0
Product/Model Number                 : AIR-AP1121G-A-K9
Configuration register is 0xF
show run
Current configuration : 4240 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname XXX
ip subnet-zero
ip domain name XXX!
ip ssh version 2
aaa new-model
aaa group server radius rad_eap
server 172.16.1.35 auth-port 1812 acct-port 1813
aaa group server radius rad_acct
server 172.16.1.35 auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 syslog
dot11 ssid YYY
   authentication open eap eap_methods
   authentication network-eap eap_methods
   guest-mode
bridge irb
interface Dot11Radio0
no ip address
ip helper-address 172.16.1.1
no ip route-cache
encryption key 1 size 128bit 7 66061D688B874859701297485642 transmit-key
encryption mode wep mandatory
broadcast-key change 300
ssid YYY
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
channel 2437
station-role root
rts threshold 2312
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 172.16.1.35 255.255.255.0
ip helper-address 172.16.1.1
no ip route-cache
ip default-gateway 172.16.1.1
ip http server
ip http authentication local
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server local
no authentication eapfast
no authentication mac
nas 172.16.1.35 key 7 VVV
group YYY
    ssid YYY
    block count 3 time 30
    reauthentication time 300
user zzz nthash 7 0225540F2A2429741C162F3C2636455854560E72760A6A667B315E37
5553010B7A group YYY
radius-server attribute 32 include-in-access-req format %h
radius-server host 172.16.1.35 auth-port 1812 acct-port 1813 key 7 VVV
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
access-class 10 in
line vty 5 15
end
Debug Output:
331: AAA/ACCT(00000000): add node, session 4
*Mar 1 21:37:37.331: AAA/ACCT/NET(00000004): add, count 1
*Mar 1 21:37:37.331: dot11_auth_add_client_entry: Create new client 0023.6c85.3
2cd for application 0x1
*Mar 1 21:37:37.331: dot11_auth_initialize_client: 0023.6c85.32cd is added to t
he client list for application 0x1
*Mar 1 21:37:37.331: dot11_auth_add_client_entry: req->auth_type 4
*Mar 1 21:37:37.331: dot11_auth_add_client_entry: auth_methods_inprocess: 2
*Mar 1 21:37:37.331: dot11_auth_add_client_entry: eap list name: eap_methods
*Mar 1 21:37:37.331: dot11_run_auth_methods: Start auth method EAP or LEAP
*Mar 1 21:37:37.331: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 1 21:37:37.331: dot11_auth_dot1x_send_id_req_to_client: Sending identity r
equest to 0023.6c85.32cd
*Mar 1 21:37:37.332: EAPOL pak dump tx
*Mar 1 21:37:37.332: EAPOL Version: 0x1 type: 0x0 length: 0x0036
*Mar 1 21:37:37.332: EAP code: 0x1 id: 0x1 length: 0x0036 type: 0x1
00ECBA00: 01000036 01010036 01006E65 74776F72 ...6...6..networ
00ECBA10: 6B69643D 4F52505F 5075626C 69632C6E kid=YYY,n
00ECBA20: 61736964 3D4F5250 5F524F4F 46444543 asid=YYY
00ECBA30: 4B2C706F 72746964 3D30               K,portid=0
*Mar 1 21:37:37.333: dot11_auth_send_msg: sending data to requestor status 1
*Mar 1 21:37:37.333: dot11_auth_send_msg: Sending EAPOL to requestor
*Mar 1 21:37:37.333: dot11_auth_dot1x_send_id_req_to_client: Client 0023.6c85.3
2cd timer started for 30 seconds
*Mar 1 21:38:07.333: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,TI
MEOUT) for 0023.6c85.32cd
*Mar 1 21:38:07.333: dot11_auth_dot1x_send_client_fail: Authentication failed f
or 0023.6c85.32cd
*Mar 1 21:38:07.333: dot11_auth_send_msg: sending data to requestor status 0
*Mar 1 21:38:07.333: dot11_auth_send_msg: client FAILED to authenticate 0023.6c
85.32cd, node_type 64 for application 0x1
*Mar 1 21:38:07.333: dot11_auth_delete_client_entry: 0023.6c85.32cd is deleted
for application 0x1
*Mar 1 21:38:07.334: %DOT11-7-AUTH_FAILED: Station 0023.6c85.32cd Authenticatio
n failed
*Mar 1 21:38:07.334: AAA/ACCT/HC(00000004): Update DOT11/00A83CE0
*Mar 1 21:38:07.335: AAA/ACCT/HC(00000004): DOT11/00A83CE0 [pre-sess] (rx/tx) b
ase 0/0 pre 6861/188 call 6861/188
*Mar 1 21:38:07.335: AAA/ACCT/HC(00000004): DOT11/00A83CE0 [pre-sess] (rx/tx) a
djusted, pre 6861/188 call 0/0
*Mar 1 21:38:07.335: AAA/ACCT/HC(00000004): Deregister DOT11/00A83CE0
*Mar 1 21:38:07.335: dot11_auth_client_abort: Received abort request for client
0023.6c85.32cd
*Mar 1 21:38:07.335: dot11_auth_client_abort: No client entry to abort: 0023.6c
85.32cd for application 0x1
*Mar 1 21:38:07.335: AAA/ACCT/EVENT/(00000004): CALL STOP
*Mar 1 21:38:07.335: AAA/ACCT/CALL STOP(00000004): Sending stop requests
*Mar 1 21:38:07.336: AAA/ACCT(00000004): Send all stops
*Mar 1 21:38:07.336: AAA/ACCT/NET(00000004): STOP
*Mar 1 21:38:07.336: AAA/ACCT/NET(00000004): Method list not found
*Mar 1 21:38:07.336: AAA/ACCT(00000004): del node, session 4
*Mar 1 21:38:07.336: AAA/ACCT/NET(00000004): free_rec, count 0
*Mar 1 21:38:07.336: AAA/ACCT/NET(00000004) reccnt 0, csr TRUE, osr 0
*Mar 1 21:38:07.337: AAA/ACCT/NET(00000004): Last rec in db, intf not enqueued
*Mar 1 21:41:34.645: AAA/BIND(00000005): Bind i/f
*Mar 1 21:41:34.645: AAA/ACCT/EVENT/(00000005): CALL START
*Mar 1 21:41:34.645: Getting session id for NET(00000005) : db=C4EBC0
*Mar 1 21:41:34.645: AAA/ACCT(00000000): add node, session 5
*Mar 1 21:41:34.646: AAA/ACCT/NET(00000005): add, count 1
*Mar 1 21:41:34.646: Getting session id for NONE(00000005) : db=C4EBC0
*Mar 1 21:41:34.646: AAA/AUTHEN/LOGIN (00000005): Pick method list 'Permanent L
ocal'
*Mar 1 21:41:39.002: AAA/AUTHOR (0x5): Pick method list 'default'
*Mar 1 21:41:39.002: AAA/AUTHOR/EXEC(00000005): processing AV cmd=
*Mar 1 21:41:39.003: AAA/AUTHOR/EXEC(00000005): processing AV priv-lvl=15
*Mar 1 21:41:39.003: AAA/AUTHOR/EXEC(00000005): Authorization successful
Any ideas how I can get simple username/password working on an autonomous AP with local radius server?
Thank you,

You could get a better idea of why the auth is being failed with the output of "show radius local-server statistics". You could also run "debug radius local-server client" and "debug radius local-server error".

Configuring a 1230 AP as a "Local Radius Authenticator"

Configuring a 1230 AP as a "Local Radius Authenticator"
CCO-URL: Configuring an Access Point as a Local Authenticator
http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080184a9b.html
this is the minimal config, i think:
AP# configure terminal
AP(config)# radius-server local
AP(config-radsrv)# nas 1.1.1.1 key 111
AP(config-radsrv)# group clerks
AP(config-radsrv-group)# vlan 2
AP(config-radsrv-group)# ssid batman
AP(config-radsrv-group)# reauthentication time 1800
AP(config-radsrv-group)# lockout count 2 time 600
AP(config-radsrv-group)# exit
AP(config-radsrv)# user jsmith password twain74 group clerks
AP(config-radsrv)# end
whereas 1.1.1.1 is the IP of the AP himself ?
is there a must for additional config commands like this:
radius-server host 1.1.1.1 auth-port 1812 acct-port 1813 key 111
aaa group server radius rad_eap
server 1.1.1.1 auth-port 1812 acct-port 1813
aaa group server radius rad_admin
server 1.1.1.1 auth-port 1812 acct-port 1813
all attempts didn't work
"station <MAC> authentication failed"
is there anything else nessecary ???

You seem to be missing the following commands;
authentication network-eap eap_methods
authentication key-management cckm optional
The following commands are useful for diagnosis;
Show radius local statistics
show interface dot11Radio 0 aaa client
Debug dot11 aaa dot1x state
Debug dot11 mgmt interface
Local authentication is designed as a fall-back service for when the primary RADIUS server fails. We not encourage the use of Local authentication as a replacement for a radius server.
* With an ACS you get Authentication, Authorization and Accounting. With Local authentication you only get Authentication.
* ACS scales, supports external user-databases, supports multiple authentication types, supports database backup and replication, etc, etc... Local authentication supports a maximum of 50 users, internal static configuration only, and LEAP only.
Following is an IOS configuration, that I have tested, and works on an AP1200 (should work on an 1100 too, I just havent tested it);
· This configuration enables a single AP to do local authentication. No WDS is included for fast roaming.
· This configuration can be cut-and-pasted into an AP that has been write-erased (blank config), and it will configure all the parameters to allow a client to LEAP authenticate to it (even if no Ethernet cable is connected to it)
· Replace usernames/passwords with your own usernames/passwords
· Replace ip-addresseswith the APs IP address
· I added DHCP configuration so you can connect to a stand-alone AP with your DHCP-enabled laptop (with a profile that matches the test APs SSID and LEAP settings).
conf t
host loc-auth-ap-name
enable secret cisco
no ip domain-lookup
line vty 0 4
password cisco
exec-timeout 0 0
login
int bvi 1
ip address 10.11.12.13 255.255.255.0
Interface dot11 0
no ssid tsunami
encryption mode ciphers ckip-cmic
ssid test-loc-auth
authentication network-eap eap_methods
authentication key-management cckm optional
ip dhcp excluded-address 10.11.12.13
ip dhcp pool temp
network 10.11.12.0 255.255.255.0
interface BVI1
ip address 10.11.12.13 255.255.255.0
no ip route-cache
aaa new-model
aaa group server radius rad_eap
! add a real AAA server (with auth-port 1645) before
! the following statement if you are configuring a
! fallback authentication service instead of a
! standalone service
server 10.11.12.13 auth-port 1812 acct-port 1646
aaa authentication login eap_methods group rad_eap
! add a real AAA server (with auth-port 1645) before
! the following statement if you are configuring a
! fallback authentication service instead of a
! standalone service
radius-server host 10.11.12.13 auth-port 1812 acct-port 1646 key 0 l0cal-key-secret
radius-server deadtime 10
dot11 holdoff-time 1
ip radius source-interface BVI1
radius-server local
nas 10.11.12.13 key 0 l0cal-key-secret
user testuser password 0 testuser-key-secret
exit
exit
wri

Listener security-Local OS Authentication-Win2k

Hi all,
On a Win2k server, the present setup of LISTENER shows that the "security" is "ON: Local OS Authentication". Note that there is no password authentication set for the listener.
I believe that because of this, a non-administrator user cannot make changes to the listener parameters or execute commands like "show rules" or "save_config" etc.
Is there a way to change this local OS authentication security for the listener? If yes, how?
Thanks for your help.

this is a 10g only.
you can't disable it.
Metalink note 260986.1
why do you wish to do it?

Local Web Authentication Started after Central Web Authentication

Hi everyone,
We have a DMZ based anchor WLC for a guest WLAN. I have this WLAN configured for central web authentication using ISE 1.2, this works correctly and can login using the guest portal.
However, after logging when browsing to a website everything is redirected to the local web authentication page and the policy manager state for the client goes in to a WEBAUTH_REQD state. I currently don't have any layer 3 security configured for this WLAN, so from my understanding it should just be using the central authentication provided by ISE.
Thanks for your help.
Mark

Hi Mark,
Thanks - that looks very similar to ours, though I'm doing the 3850 via the CLI as the web UI keeps dying when I click into things.
I've realsed that I unticked the Authentication servers box instead of the Accounting as I miss-read the WLC page, however while the LWA no-longer kicks in, I'm unable to pass anything except DNS traffic. The Anchor says that the client is in "Webauth" state so it looks like it's expecting something, but ISE says it's all ok and I can see the 3850 traffic going through the process flow.
If I attach an AP to the WLC directly and have the accounting box ticked, then it all works exactly as I'd expect - this is just, well, odd....
Warmest
Kev

Shall I use global or local variables for my program?

Hello,
1) I am using 2 while loops in parallele. One 50 ms timed and the other one 1000 ms. The 50 ms one gets data from a sensor. I want to display that data every 1000ms in the 1000 ms loop. I have used global variables to do that. Should I better use local variables?
2) This question deals with the VI I have attached
a) Shall I initialise the " Quitter programme " global variable in the main VI aswell ? Or is what I have done enough?
b)
I want the sequence to continue ( finishes the last sequence and goes back to the first one without any delay if possible ) until the user presses Quit. I am concerned about the " wait until " icon of the exterior main while loop ( set to be 250 ms at the moment ). This time, 250 ms, is the time it takes between the end of the last sequence and the beginning of the first sequence? Is that right? Once u start the first sequence, the while loop doesn’t do anything until the end of the last sequence ( my 3 sequences can take several minutes ) ?
Hope I am clear… lol
Don’t hesitate to ask any questions if not clear enough
thanks a lot,
David
Attachments:
Example1.zip ‏28 KB

Bonjour Marc. You will definitely have a race condition because you are writing to the global in a parallel loop. You could click the stop button in the quitter program, then before it is read in the main loop, the lower loop writes a false to it, and your click is lost. Why do you want a separate quitter program? You may have a good reason but it isn't clear here. I would not use globals or locals for this, just put your stop button on the main vi. You already have one, so why do you want another one in another vi? If you must do it this way, eliminate both lower loops. They are not necessary. The global default is set to false, so when you run the vi, it is false. The button mechanical action is set to latch when released, so after clicking it will turn true until the main vi reads it, then it will automatically turn false. So you don't need the lower loops to keep writing false to it. If you just eliminate both lower loops, it will work fine. The only purpose I could see for the quitter vi is to have one button cause several vi's to stop. Instead of doing it this way, put one stop button in your main vi, create a reference (right click - create - reference), and wire this reference into all subvi's that the main calls. The subvi's must be changed to accept the reference and use it. This would be a much better method to close all vi's with one button.
You could also get rid of the sequence structure (it hides code and makes it more difficult to read). Just put all your code side by side. The error in/out wire will ensure that the execution order will be fixed, just like in your first sequence with the open file and write file functions. Just wire the error out of the write vi to the second write vi, and then the error out of the second write vi to the close vi. No sequence structure needed, and all your code is viewable on one screen.
- tbob
Inventor of the WORM Global

Global and Local Variable

Hi Gurus, I was unable to see where I can define local and global variables? I see that help.sap.com documentation but where do I create. All variables that I create, are global because, they are visible to all and they all can use it? Any help would be greatly appreciated.

As far as I know, Variables are re-usable objects that are not dependent upon InfoProvider. When I look at this link
http://help.sap.com/saphelp_nw04/helpdata/en/5c/8db07d555411d189660000e829fbbd/frameset.htm
it talks about Global and Local variable? Is this different than what we use in Query Designer?

CSM 3.1 local user authentication problem

Hi every one.i have strange problem with local user authentication.in our csm i have configured csm to auhenticate users using TACACS+ from our acs server which every thing is ok about this configurtion but also i have configured fall back authentication for user admin.here is the problem even when connection to ACS server is ok and server can send authentication requests to ACS we can authenticate with ACS and Local admin which i think this is wrong because using local admin is configured as fallback.so what do you think about this problem which CSM authenticates users with ACS and local database same time??

You probably need to go under the system context and create the interface and also allocate vlans to it in CSM before you configure the context itself.
I hope it helps.
PK

Making global symbols local

Hello everyone.
I have a problem that has to do with all types of ELF files, not only drivers:
If I load a kernel module (in my case a misc module that is referred by other modules) all global symbols of my module become global kernel symbols. As I do not want to become all symbols global kernel symbols I look for a possibility to change global symbols into local ones.
As the module is made from different object files I cannot just make all functions "static" in the C compiler; the symbols need to be global until the final "ld -r" step.
Example:
- "a.o" contains a symbols which are used by "b.o". Therefore the symbols must be global.
- The kernel module is made by "ld -r a.o b.o .... -o output.o".
- As the symbols should not be used outside "output.o" I want to change them to local symbols.
I thaught about writing a program that:
- Makes all global symbols local but "undefined" (extern) symbols and symbols I want to be global (e.g. _init).
- Modify relocations (relocations to local symbols may cause problems)
- Rearrange the symbol table (global symbols must follow local ones)
- Update the relocations again (due to new symbol table order)
Is there a program that can make global symbols local or do I have to write such a program myself ?
Thank you very much.
Martin D. J. Rosenau

Modify relocations (relocations to local symbols may cause problems)I found out that Sun variant of "ld" as well as "modload" accept relocations to local symbols.
This made writing the program very easy as the three other steps (making global symbols local, rearranging the symbol table and changing the symbol numbers in the relocation tables) are quite simple compared with modifying the relocations.

Change Location to Global from Local

Hi
I am using R12 and have this issue:
I need to change a location which is local to Global. I am unable to do do this using HR manager responsibility. It shows that field is protected against update.
Is there any wayout to achieve this? Can we also change a location from Global to Local?
Please help.
Regards
Sangeeta

Hi,
Please see these docs.
Is It Possible To Update the Address Style Field on the Location Screen (PERWSLOC) Once the Location Is Saved? [ID 549448.1]
Understanding Employee Address and Location Address within Oracle Human Resources (HRMS) [ID 469674.1]
Thanks,
Hussein

Domain Controller Authentication Fail Since Upgrade

When I boot my Mac Pro at the office, the network's domain controller prompts me for my domain login. Since upgrading to Yosemite, the domain controller rejects my credentials. However, I can go to "Connect To Server" and browser the entire network despite the domain controller not authenticating me as a user.
To summarize, since switching to Yosemite:
1. Can't login to the network when I submit my credentials
2. Can browse the network without my credentials
My theory is that the only reason #2 works is because #1 is working but Yosemite is just mistakenly telling me I wasn't authenticated.
So what's the problem you may ask if I can browse the network anyway? The problem is that I can't mount any of the network drives to my desktop because Yosemite doesn't think I'm authenticated to do such. If I can solve this authentication problem, then I should get my mounted network drives back.
Thanks in advance.

Hi,
TEST: Basic (Basc)
Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
(can be a misconfiguration)
Do you have any NIC conifgured to get dynamic IP on your DC which is having issue? If yes, please disable that NIC. Also, please provide me the result of the below
1) On your DC which is having issue, run "ipconfig /all"
2) Repadmin /showrepl
Thanks,
Umesh.S.K
Thanks, there is only 1 nic card. It is getting a dhcp address because this is an AZURE Hyper-v machine and I have set an IP reservation for it. I have no way to hardcode the IP because it gets shut off/on all the time
C:\Users\Administrator>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\GP2010-A
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 007c755c-f56c-4e51-a211-fd4431f63927
DSA invocationID: 007c755c-f56c-4e51-a211-fd4431f63927

Global Controller group usage

We have GC Gen1 and multiply LCs Gen 1.
I have a question about usage of groups and drop rules. I would like to use Global groups and add device/networks to these global groups and then use those groups in drop rules on the LC controllers. Problem is when I view the Global group on an LC it only shows the Device/networks local to that box. With that said the rule does not consider the other device/networks that are part of the global group. Is there a way that is can work? Why I would want to do this, well for example lets take some internal subnets that generate certain type of traffic to inside subnets at different locations. It is easier to add all inside subnets to the Global group and then write drop rule on LCs using the global group as the scr and dst.

Try this :
Modify the rule with a dummy action, click activate, wait for a couple of minutes, remove the dummy action and again click activate to cause the GC to synchronize the rule to the LC.

Global Controller - Local Controller authentication?

Similar Messages

Maybe you are looking for