H323-remote-address in START radius packet

Hi,
I do have Cisco 3945 running as ip-to-ip sip device (IOS 15.1)
I would like to have all sip calls accounted in remote billingg server i already bought.
Here is a snippet from my config:
aaa new-model
aaa group server radius biling
server 77.77.77.77 auth-port 1812 acct-port 1813
aaa accounting send stop-record authentication failure
aaa accounting connection h323 start-stop group biling
voice class aaa 1
accounting template mybiling
gw-accounting aaa
radius-server host 77.77.77.77auth-port 1812 acct-port 1813 key 7 093126371BA2312
radius-server vsa send accounting
radius-server vsa send authentication
call accounting-template voice mybiling flash:mybiling.cdr
dial-peer voice 1 voip
voice-class aaa 1
Radius START and STOP are produced by CUBE, but unfortunately START message hasn't got h323-remote-address.
Aforementioned vsa is incorporated in STOP message.
What is more, of course h323-remote-address is included in mybiling.cdr file
Is there any way to force Cisco to send h323-remote-address in START message?
This is important because billing system have to set concurrent call limitation & make active calls visible.
Thanks in advance,
Maciej

Hi ,
Try using:
aaa accounting delay-start
Regards,
~JG
Do rate helpful posts

Similar Messages

RADIUS packet-id not incrementing, called-station-id missing

I am running v1.3.5.58 on an SG300-20. I am attempting to use a Network Access Control (NAC) solution, which involves a RADIUS proxy. It is getting confused by two odd behaviors of the SG300 when attempting EAP-PEAP-MSCHAPv2 authentication.
1. The SG300 does not properly increment the "Packet Identifier" bits as it progresses through the RADIUS negotiation. The packet identifier is always 0x00.
2. The SG300 does not properly set the "Called-Station-ID" Attribute-Value-Pair (AVP). Instead, it is left blank.
Although freeradius is able to find away around these problems, the NAC RADIUS proxy cannot. Have I done something in the config to cause this to happen (see below)? Is this a known bug? Does it have a workaround? Will our hero save defeat the villain and save the day? ;-)
config-file-header
ausoff-sw-test1
v1.3.5.58 / R750_NIK_1_35_647_358
CLI v1.0
set system mode switch
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
spanning-tree priority 40960
port jumbo-frame
vlan database
vlan 2-3,12,14,16,99,600,1000,1010
exit
voice vlan id 1010
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
dot1x system-auth-control
dot1x traps authentication failure 802.1x
dot1x traps authentication success 802.1x
hostname ausoff-sw-test1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
encrypted radius-server key C1TbrSasKDSDdUoOG2XrohFMsM5tVmu+3QyTwkiVKMI=
encrypted radius-server host 172.18.14.114 key C1TbrSasKDSDdUoOG2XrohFMsM5tVmu+3QyTwkiVKMI= priority 1 usage dot1.x
radius-server host 172.18.58.58 usage dot1.x
radius-server timeout 10
logging host 172.18.58.50
aaa accounting dot1x start-stop group radius
enable password level 15 encrypted
username nac password encrypted *** privilege 15
username admin password encrypted *** privilege 15
username cisco password encrypted *** privilege 15
username readonly password encrypted ***
ip ssh server
ip ssh password-auth
snmp-server server
snmp-server engineID local 800000090308cc68423f4d
snmp-server location "***"
snmp-server contact "***"
snmp-server community *** rw 172.18.58.58 view DefaultSuper
snmp-server community *** rw 172.18.14.105 view DefaultSuper
snmp-server host 172.18.58.58 traps version 2c nac
snmp-server host 172.18.58.58 version 3 auth nac
snmp-server group nac v3 auth notify DefaultSuper read DefaultSuper write DefaultSuper
snmp-server group SNMPSuperuser v3 auth notify DefaultSuper read DefaultSuper write DefaultSuper
encrypted snmp-server user nac nac v3 auth sha ***
encrypted snmp-server user ManageEngines SNMPSuperuser v3 auth sha ***
ip http timeout-policy 1800
clock timezone " " -6
sntp anycast client enable ipv4
sntp broadcast client enable ipv4
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 0.pool.ntp.org poll
sntp server 1.pool.ntp.org poll
ip domain name blah.net
ip name-server 172.18.19.232
ip domain timeout 2
ip domain retry 1
ip telnet server
interface vlan 2
name NACRegistration
interface vlan 3
name NACIsolation
interface vlan 12
name Users
interface vlan 14
name Dev
interface vlan 16
name LAN
interface vlan 99
name Mgmt
ip address 172.18.58.61 255.255.255.128
interface vlan 600
name "Core Test"
dot1x guest-vlan
interface vlan 1000
name Guest
interface vlan 1010
name Voice
interface gigabitethernet1
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet2
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet3
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet4
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet5
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet6
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet7
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet8
dot1x host-mode multi-sessions
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
switchport access vlan 600
interface gigabitethernet9
dot1x host-mode single-host
dot1x violation-mode protect trap 10
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet10
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet11
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet12
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet13
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet14
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet15
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet16
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet17
dot1x host-mode multi-sessions
no snmp trap link-status
port monitor GigabitEthernet 20
spanning-tree disable
spanning-tree bpduguard enable
switchport mode general
switchport general acceptable-frame-type untagged-only
switchport forbidden default-vlan
interface gigabitethernet18
dot1x host-mode multi-sessions
dot1x guest-vlan enable
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree disable
spanning-tree bpduguard enable
switchport mode access
interface gigabitethernet19
switchport trunk native vlan 600
interface gigabitethernet20
spanning-tree link-type point-to-point
switchport trunk allowed vlan add 2-3,12,14,16,99,600,1000,1010
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
exit
ip default-gateway 172.18.58.1

Thank you for your response, Tom. I have performed packet captures associated with this issue, and they show that the Called-Station-ID AVP is not sent with the RADIUS packets, from the SG300. There is not an issue with capitalization, the value is simply not provided at all. Here is an example of a tcpdump decode of such a packet. Please note the missing attribute:
15:48:01.843296 IP (tos 0x0, ttl 64, id 59875, offset 0, flags [none], proto UDP (17), length 142)
    172.18.58.61.49205 > 172.18.58.58.1812: [udp sum ok] RADIUS, length: 114
        Access Request (1), id: 0x00, Authenticator: 390000003f2000009e3f0000eb670000
          NAS IP Address Attribute (4), length: 6, Value: 172.18.58.61
            0x0000: ac12 3a3d
          NAS Port Type Attribute (61), length: 6, Value: Ethernet
            0x0000: 0000 000f
          NAS Port Attribute (5), length: 6, Value: 57
            0x0000: 0000 0039
          Username Attribute (1), length: 12, Value: SSO\dalewl
            0x0000: 5353 4f5c 6461 6c65 776c
          Accounting Session ID Attribute (44), length: 10, Value: 050000DF
            0x0000: 3035 3030 3030 4446
          Calling Station Attribute (31), length: 19, Value: E0-DB-55-B3-1D-5C
            0x0000: 4530 2d44 422d 3535 2d42 332d 3144 2d35
            0x0010: 43
          EAP Message Attribute (79), length: 17, Value: ..
            0x0000: 0201 000f 0153 534f 5c64 616c 6577 6c
          Message Authentication Attribute (80), length: 18, Value: ......R..1...EU.
            0x0000: bed3 b19e c70f 52e0 ec31 afcb d545 55ad

ASA 5505 - L2TP over IPsec - Remote Address shows outside interface address

Using an ASA 5505 for firewall and VPN. We've enabled L2TP over IPsec to allow Windows clients to connect without third party software.
The devices complete the connection and authenticate fine, but then are unable to hit any internal resources. Split tunneling seems to be working, as they can still hit outside resources. Packet tracer shows tcp flowing freely between VPN clients (192.168.102.0/24) and internal resources (192.168.100.0/24). Even the NAT translation looks good in packet tracer.
I pulled up the session details for one of the VPN clients in the ASDM and under the IPsecOverNatT details, it is showing the VPN client's remote address correctly, but displays the local address as the address assigned to the outside interface (which the client is using to connect.) This seems to be the problem, as viewing detailed connection logs shows the internal resources trying to send packets back to the outside interface rather than the VPN client's assigned internal addresses. Details:
Crypto map tag: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 65535, local addr: [OUTSIDE INTERFACE ADDRESS]
local ident (addr/mask/prot/port): ([OUTSIDE INTERFACE ADDRESS]/255.255.255.255/17/1701)
remote ident (addr/mask/prot/port): ([VPN CLIENT ADDRESS]/255.255.255.255/17/0)
current_peer: [VPN CLIENT ADDRESS], username: vpnuser
dynamic allocated peer ip: 192.168.102.1 [This is what I think it should be showing for local ident]
dynamic allocated peer ip(ipv6): 0.0.0.0
#pkts encaps: 16, #pkts encrypt: 16, #pkts digest: 16
#pkts decaps: 18, #pkts decrypt: 18, #pkts verify: 18
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 16, #pkts comp failed: 0, #pkts decomp failed: 0
#post-frag successes: 0, #post-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#pkts no sa (send): 0, #pkts invalid sa (rcv): 0
#pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0
#pkts invalid prot (rcv): 0, #pkts verify failed: 0
#pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 0
#pkts invalid pad (rcv): 0,
#pkts invalid ip version (rcv): 0,
#pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0
#pkts replay failed (rcv): 0
#pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0
#pkts internal err (send): 0, #pkts internal err (rcv): 0
local crypto endpt.: [OUTSIDE INTERFACE ADDRESS]/4500, remote crypto endpt.: [VPN CLIENT ADDRESS]/8248
path mtu 1500, ipsec overhead 82(52), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: 05BFAE20
current inbound spi : CF85B895
inbound esp sas:
spi: 0xCF85B895 (3481647253)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Transport, NAT-T-Encaps, IKEv1, }
slot: 0, conn_id: 77824, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (kB/sec): (4373998/3591)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x000FFFFD
outbound esp sas:
spi: 0x05BFAE20 (96448032)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Transport, NAT-T-Encaps, IKEv1, }
slot: 0, conn_id: 77824, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (kB/sec): (4373999/3591)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Any ideas? The remote clients connect but when internal resources try to send traffic to the VPN clients, the packets are directed to the outside interface address instead of the local address assigned to the VPN client.

I have what I believe to be a similar issue. Site to site vpn is working well. That is site b can ping and send traffic to site A but Site A can not. Site B is a 3rd party vpn router. Site A is a Cisco 5505.
It appears that when the crypto map inserts the route into the routing table it shows the route via the outside IP of the outside interface and not the IP of Site B. in the crypto map I can see the proper ip address for the peer. I can't figure out why when it inserts the route that it uses the wrong ip address

Coherence::net::messaging::ConnectionException: could not establish a connection to one of the following addresses: {10.242.152.242/10.242.152.242:8088}; make sure the "remote-addresses" configuration element contains an address and port of a running TcpA

Hi
I have installed coheI have installed coherence server "fmw_12.1.3.0.0_coherence_Disk1_1of1.zip" along with Examples on windows machine and C++ client coherence-cpp-12.1.3.0.0b51709-windows-x86-vs2012.zip on the same machine.
I have built the "contacts" C++ Example successfully and while I execute this "contacts" using run I am facing TcpAcceptor error.
On my coherence server the TcpAcceptor is listening on port 8088, so I have modified the extend-cache-config.xml file with values "ip address of my windows machine" and port as "8088".
All the time I am getting below error,
coherence::net::messaging::ConnectionException: could not establish a connection to one of the following addresses: {10.242.152.242/10.242.152.242:8088}; make sure the "remote-addresses" configuration element contains an address and port of a running TcpAcceptor
 at class coherence::lang::TypedHandle<class coherence::component::net::extend::PofConnection> __thiscall coherence::component::util::TcpInitiator::openConne
ction(void)(TcpInitiator.cpp:307)
 at coherence::component::util::TcpInitiator::openConnection
 at coherence::component::util::Initiator::ensureConnection
 at coherence::component::net::extend::RemoteCacheService::openChannel
 at coherence::component::net::extend::RemoteService::doStart
 at coherence::component::net::extend::RemoteService::start
 at coherence::component::util::SafeService::startService
 at coherence::component::util::SafeService::restartService
 at coherence::component::util::SafeService::ensureRunningServiceInternal
 at coherence::component::util::SafeService::start
 at coherence::net::DefaultConfigurableCacheFactory::configureService
 at coherence::net::DefaultConfigurableCacheFactory::ensureService
 at coherence::net::DefaultConfigurableCacheFactory::ensureRemoteCache
 at coherence::net::DefaultConfigurableCacheFactory::configureCache
 at coherence::net::DefaultConfigurableCacheFactory::ensureCache
 at coherence::net::CacheFactory::getCache
 at unsigned __int64 coherence::lang::class_spec<class coherence::lang::Managed<class ContactId>,class coherence::lang::extends<class coherence::lang::Object,class coherence::lang::Void<class coherence::lang::Object> >,class coherence::lang::implements<void,void,void,void,void,void,void,void,void,void,void,void,void,void,void,void> >::sizeOf(bool)
 at _onexit
 at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
 at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
 at BaseThreadInitThunk
 at RtlInitializeExceptionChain
 at RtlInitializeExceptionChain
 on thread "main"
Caused by: coherence::net::messaging::ConnectionException: coherence::component::util::TcpInitiator::TcpConnection@029EAD78{Id=NULL, Open=1, LocalAddress=NULL,
RemoteAddress=10.242.152.242/10.242.152.242:8088}: socket disconnect
 at class coherence::lang::TypedHandle<class coherence::net::messaging::Response> __thiscall coherence::component::net::extend::AbstractPofRequest::Status::g
etResponse(void)(AbstractPofRequest.cpp:203)
 at coherence::component::net::extend::AbstractPofRequest::Status::getResponse
 at coherence::component::net::extend::AbstractPofRequest::Status::waitForResponse
 at coherence::component::util::Initiator::openConnection
 at coherence::component::net::extend::PofConnection::open
 at coherence::component::util::TcpInitiator::openConnection
 at coherence::component::util::Initiator::ensureConnection
 at coherence::component::net::extend::RemoteCacheService::openChannel
 at coherence::component::net::extend::RemoteService::doStart
 at coherence::component::net::extend::RemoteService::start
 at coherence::component::util::SafeService::startService
 at coherence::component::util::SafeService::restartService
 at coherence::component::util::SafeService::ensureRunningServiceInternal
 at coherence::component::util::SafeService::start
 at coherence::net::DefaultConfigurableCacheFactory::configureService
 at coherence::net::DefaultConfigurableCacheFactory::ensureService
 at coherence::net::DefaultConfigurableCacheFactory::ensureRemoteCache
 at coherence::net::DefaultConfigurableCacheFactory::configureCache
 at coherence::net::DefaultConfigurableCacheFactory::ensureCache
 at coherence::net::CacheFactory::getCache
 at unsigned __int64 coherence::lang::class_spec<class coherence::lang::Managed<class ContactId>,class coherence::lang::extends<class coherence::lang::Object
,class coherence::lang::Void<class coherence::lang::Object> >,class coherence::lang::implements<void,void,void,void,void,void,void,void,void,void,void,void,void
,void,void,void> >::sizeOf(bool)
 at _onexit
 at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
 at class coherence::util::Hashtable * coherence::lang::factory<class coherence::util::Hashtable>::create(void)
 at BaseThreadInitThunk
 at RtlInitializeExceptionChain
 at RtlInitializeExceptionChain
 on thread "main"
Caused by: coherence::io::IOException: socket disconnect
 at unsigned int __thiscall coherence::net::Socket::readInternal(unsigned char *,unsigned int)(Socket.cpp:333)
 at coherence::net::Socket::readInternal
 at coherence::net::Socket::SocketInput::read
 at coherence::io::BufferedInputStream::fillBuffer
 at coherence::io::BufferedInputStream::read
 at coherence::component::util::TcpInitiator::readMessageLength
 at coherence::component::util::TcpInitiator::TcpConnection::TcpReader::onNotify
 at coherence::component::util::Daemon::run
 at coherence::lang::Thread::run
 on thread "ExtendTcpCacheService:coherence::component::util::TcpInitiator:coherence::component::util::TcpInitiator::TcpConnection::TcpReader"

We are facing same issue. Could you please provide us any working .Net sample code for the version 12.1.2.0.
<ssl>
 <protocol>Tls</protocol>
 <local-certificates>
 <certificate>
 <url>c:\Cert\</url>
 <password>password</password>
 <flags>DefaultKeySet</flags>
 </certificate>
 </local-certificates>
 </ssl>
thanks
Bala

Coherence*Extend remote-addresses

We're trying to use multiple addresses for our Coherence*Extend clients to provide load-balancing and redundancy. To accomplish this, we've configured our clients with multiple socket-address entries:
<remote-addresses>
<socket-address>
<address>proxyHost1</address>
<port>9099</port>
</socket-address>
<socket-address>
<address>proxyHost2</address>
<port>9099</port>
</socket-address>
<socket-address>
<address>proxyHost3</address>
<port>9099</port>
</socket-address>
</remote-addresses>
This works fine for failure situations, however, in our testing it appears that the client will connect to the nodes in a round-robin method starting with the last defined host. So, with the above configuration every client will connect to proxyHost3, and only connect to proxyHost2 if host3's connection failed. We could maintain a separate configuration file across all of our nodes shuffling the order, however this could be problematic and would not be preferred.
Is there a better way to effectively distribute the client connections across our pool of proxies?
Thanks,
-Allen

Hi Allen,
The Coherence*Extend TCP/IP client randomizes the list of socket addresses before attempting the initial connect, so I'm not sure why you always see your clients connect to the last address in the list. I ran a quick test using both the Java and .NET client, but could not reproduce what you are seeing. Are you sure that the proxyHostX host names resolve to different IP addresses on the test client machine?
Regards,
Jason

Manually start RADIUS, Authentication and groups for Cisco ASAs

I am testing moving a 10.7 server to 10.8.
We have used RADIUS to authenticate VPN traffic on our Cisco ASAs in the past. In the past Server Admin allowed for our ASAs to be added manually to the list of devices using the service. With Server Admin being removed and the limited funtionality of automated addition of Airports to the system I have no GUI method to get our ASAs into the service. The ability to tell RADIUS which groups are using the service is no longer available in the GUI as well.
I have found the clients file in /etc/raddb and added our ASAs to the clients list. I believe I have done this correctly in accordance with the instructions on the freeRADIUS website.
I need help with:
1- I was hoping someone knows how to manually tell RADIUS which groups are permitted to use the service.
2- Can anyone tell me how to turn on RADIUS? radiusconfig -start appears to only tell the system to keep it on after a restart if i understand the manual page.
Thanks

With David's suggestion I was able to get RADIUS running. The following assumes that you are comfortable with Terminal and would be able to back up any files you edit. Here is what I did to our fresh installation of 10.8 Server:
In Terminal enter "sudo radiusd -Xx" which tries to turn RADIUS on and runs it with full logging of activity in the window. The last line after this entry should be something similar to "Ready to process records." In our new installtion there were errors relating to "instantiating" sql and the ready message never came.
In Terminal enter "sudo pico /etc/raddb/radiusd.conf" and authenticate as needed. Scroll down in the file to the section where there are "instantiate" items. I commented out the SQL setup, by putting a # before the line that says "sql". Save the file by pressing Control-O, press return to save in the default location, and press Control-X to get out of the editor. I redid step number 1 twice and eventually RADIUS was running. Removing SQL from RADIUS will assure that problems will arise if you plan to use Server.app to add AirPorts to the network in the future. OS X Server adds its clients in an SQL database according to the programming notes in the .conf files. I will only be using our Cisco ASAs so SQL is not relevant to our setup.
Testing the running RADIUS server was easy as well. In Terminal enter "sudo pico /etc/raddb/users" and authenticate as needed. This file contains details for users if you wanted to add them manually to the RADIUS server. For testing purposes I removed the # before a line referring to a user "steve." I had to get RADIUS restarted to take up the new information about Steve. I killed the process using Activity Monitor and reran step number 1.
In Terminal I opened a new tab and entered "sudo radtest steve testing localhost 0 testing123 -t". You should get back a positive authentication message. Switching back to the original tab will show the output of the RADIUS server.
Reverse the entry in step 3 by adding back the # to comment out the line about steve in the users file.
RADIUS is now running and authenticating against its own users file.
Now we need to add our ASAs to the RADIUS server so it knows that it can authenticate for them. In Terminal enter "sudo pico /etc/raddb/clients.conf". We added lines for our ASAs, following the samples in the code. The information in the lines we added included a generic name for each ASA or device needing RADIUS type authentication, its IP address, and the shared secret for device authentication.
Following David's advice from above I created the RADIUS sacl by entering in Terminal "sudo dseditgroup -q -o create -u <admin user> -P <admin password> -n . com.apple.access_radius". This created the sacl for the service. Editing of the associated users and groups permitted to use the service was able to be done in Server. Be sure to select from the View menu "Show system accounts". Selecting "Groups" from the left margin of the Server window will show all of the SACLs along with any groups you have created. The RADIUS sacl can then have groups and users added to it.
To ensure that RADIUS is running and stays running enter the following in Terminal. First, "sudo radiusd.conf" will start RADIUS without logging in the Terminal window. Then, "sudo radiusconfig -start" to tell the system to keep it running and also run after a reboot.
I made no changes to our ASA settings and found that I was able to authenticate the "Steve" user from the RADIUS test in the ASA. I was also able to authenticate a user which had been added to the "Users" in Server. It appears that the ASA will be permitted to authenticate Open Directory users without additional setup.
I now need to set up our user groups to match those we use in our 10.7 server and add them to the RADIUS SACL and we should be set.
Once I have everything running properly, I will add a post here to close this discussion.
If anyone can shorten this procedure please let us know what you suggest.
-Erich

Coherence Extend: is remote address a JVM/System property?

Hello,
I want to pass remote address and port as a JVM argument (not really being part of the cache configuration of the extend clients), is it possible?
<remote-addresses>
<socket-address>
<address>192.168.0.2</address>
<port>9099</port>
</socket-address>
<socket-address>
<address>192.168.0.3</address>
<port>9099</port>
</socket-address>
</remote-addresses>
is it possible to Dynamically inject the Address into the cache configuration file?
<socket-address>
*<address>{IPAddress}</address>*
<port>9099</port>
</socket-address>
</remote-addresses>
Thanks
Prab

Hi Prab,
You do it like this:
<socket-address>
<address system-property="my.extend.address"></address>
<port system-property="my.extend.port"></port>
</socket-address>You then specify the properties when you start up
-Dmy.extend.address=192.168.0.2 -Dmy.extend.port=9099JK

Add new remote address book

I am trying to add a new ldap address book in communications express
Can somebody help me with a sample to start with this.
The below is a sun document explaining basic steps for reference:
Currently I have personal address book and corporate directory shown in the drop down list. When we select the corporate directory all users for that hosted domain is listed correctly. And in PAB all contacts entered in outlook contacts is listed. Now we want to add new book that will point the root of ldap to list all users accross all hosted domian.
I hope this is possible. Thanks in advance
SUN DOC:
Corporate Address Book
For corporate and remote address books a corresponding xxx instance should exist in the personalstore.properties file. The value of db.xxx.urlmatch in personalstore.properties file should be assigned the value of bookremoteurl attribute present in defaultps.xml file.
To add a new remote address book, you need to add the following items:
Steps
Add a new book node in defaultps.xml file
Add a new xxx instance in personalstore.properties file.
Create a directory under WEB-INF/config to store the db_config.properties and xlate files.
Note �
The xlate files contains the field mappings between an LDAP schema and address book XML schema for a contact or group

I forgot to include the following details:
We are having V250 server with Solaris 9/04 SPARC with Java Entpr 2005Q1. Thanks in advance

Log on to remote server and start database -error while installing CI in HA

Hello All,
We are installing ECC 6.0 with High Availability using HP-UX. We have completed installation in ASCS and Database Instance. Now when were trying to install in Central Instance, we encountered an error at Start Instance which informed us to Log on to remote server and start database. However the database is already running in DB node. Please find the log below.
TRACE 2011-06-10 16:31:45.825 [syuxctask.cpp:1382]
 CSyTaskImpl::start(bool)
A child process has been started. Pid = 25742
INFO 2011-06-10 16:31:45.835
 CJSlibModule::writeInfo_impl()
Output of /usr/sap/PE2/SYS/exe/run/startsap all DVEBMGS01 DBMCI001 is written to the logfile start_PE2_DVEBMGS01.log.
WARNING 2011-06-10 16:31:46.345
 CJSlibModule::writeWarning_impl()
Execution of the command "/usr/sap/PE2/SYS/exe/run/startsap all DVEBMGS01 DBMCI001" finished with return code 6. Output:
Database PE2 must be started on remote server
Log on to remote server and start database
WARNING[E] 2011-06-10 16:31:46.355
 CJSlibModule::writeError_impl()
CJS-20022 Could not start instance 'DVEBMGS01' of SAP system PE2.
TRACE 2011-06-10 16:31:46.355 [iaxxejsbas.hpp:408]
 handleException<ESAPinstJSError>()
Converting exception into JS Exception EJSException.
TRACE 2011-06-10 16:31:46.355
Function setMessageIdOfExceptionMessage: ind-rel.ind-os.ind-db.webas.startInstanceFailed
WARNING[E] 2011-06-10 16:31:46.355
 CJSlibModule::writeError_impl()
CJS-20022 Could not start instance 'DVEBMGS01' of SAP system PE2.
TRACE 2011-06-10 16:31:46.355 [iaxxejsbas.hpp:483]
 EJS_Base::dispatchFunctionCall()
JS Callback has thrown unknown exception. Rethrowing.
TRACE 2011-06-10 16:31:46.405 [syuxctask.cpp:1382]
 CSyTaskImpl::start(bool)
A child process has been started. Pid = 25793
ERROR 2011-06-10 16:31:46.525 [sixxcstepexecute.cpp:950]
FCO-00011 The step start with step key |NW_ABAP_CI|ind|ind|ind|ind|0|0|NW_CI_Instance|ind|ind|ind|ind|10|0|NW_CI_Instance_Start|ind|ind|ind|ind|2|0|start was executed with status ERROR .
TRACE 2011-06-10 16:31:46.555 [iaxxgenimp.cpp:752]
 CGuiEngineImp::showMessageBox
<html> <head> </head> <body> An error occurred while processing option SAP ERP 6.0 EHP4 Ready - Support Release 1 > SAP Application Server ABAP > Oracle > High-Availability System > Central Instance . You can now: <ul> <li> Choose Retry to repeat the current step. </li> <li> Choose View Log to get more information about the error. </li> <li> Stop the option and continue with it later. </li> </ul> Log files are written to /tmp/sapinst_instdir/ERPEhP4/AS-ABAP/ORA/HA/CI. </body></html>
TRACE 2011-06-10 16:31:46.555 [iaxxgenimp.cpp:1255]
 CGuiEngineImp::acceptAnswerForBlockingRequest
Waiting for an answer from GUI
Kindly let us know how to rectify the error and prroceed further with the instalaltion.
Thanks
Rishi

Dear Guys,
we didnt change the date and time but i m very sure it is same trans.log file.
for your kind information please note SID and Nodes details
Sid (PE2)
DB Node : DBMDB001
CI Node : DBMCI001
also i am attaching starting part of the file.
4 ETW000 R3trans version 6.14 (release 701 - 26.01.09 - 12:46:00).
4 ETW000 unicode enabled version
4 ETW000 ===============================================
4 ETW000
4 ETW000 date&time : 07.11.2010 - 03:44:06
4 ETW000 control file: <no ctrlfile>
4 ETW000 R3trans was called as follows: R3trans -d
4 ETW000 trace at level 2 opened for a given file pointer
4 ETW000 [dev trc ,00000] Sun Nov 7 03:44:06 2010 295 0.000295
4 ETW000 [dev trc ,00000] db_con_init called 22 0.000317
4 ETW000 [dev trc ,00000] create_con (con_name=R/3) 116 0.000433
4 ETW000 [dev trc ,00000] Loading DB library '/usr/sap/PC1/SYS/exe/run/dboraslib.so' ...
4 ETW000 64 0.000497
4 ETW000 [dev trc ,00000] load shared library (/usr/sap/PC1/SYS/exe/run/dboraslib.so), hdl 0
4 ETW000 32161 0.032658
4 ETW000 [dev trc ,00000] Library '/usr/sap/PC1/SYS/exe/run/dboraslib.so' loaded
4 ETW000 39 0.032697
4 ETW000 [dev trc ,00000] function DbSlExpFuns loaded from library
/usr/sap/PC1/SYS/exe/run/dboraslib.so
4 ETW000 111 0.032808
4 ETW000 [dev trc ,00000] Version of '/usr/sap/PC1/SYS/exe/run/dboraslib.so' is "700.08",
patchlevel (0.25)
4 ETW000 265 0.033073
4 ETW000 [dev trc ,00000] function dsql_db_init loaded from library
/usr/sap/PC1/SYS/exe/run/dboraslib.so
4 ETW000 41 0.033114
4 ETW000 [dev trc ,00000] function dbdd_exp_funs loaded from library
/usr/sap/PC1/SYS/exe/run/dboraslib.so
4 ETW000 82 0.033196
4 ETW000 [dev trc ,00000] New connection 0 created 52 0.033248
4 ETW000 [dev trc ,00000] 0: name = R/3, con_id = -000000001 state = DISCONNECTED, perm = YES,
reco = NO , timeout = 000, con_max = 255, con_opt = 255, occ = NO
4 ETW000 41 0.033289
4 ETW000 [dev trc ,00000] db_con_connect (con_name=R/3) 84 0.033373
4 ETW000 [dev trc ,00000] find_con_by_name found the following connection for reuse:
4 ETW000 31 0.033404
4 ETW000 [dev trc ,00000] 0: name = R/3, con_id = 000000000 state = DISCONNECTED, perm = YES,
reco = NO , timeout = 000, con_max = 255, con_opt = 255, occ = NO
4 ETW000 37 0.033441
4 ETW000 [dev trc ,00000] Oracle Client Version: '10.2.0.4.0' 601 0.034042
4 ETW000 [dev trc ,00000] -->oci_initialize (con_hdl=0) 25 0.034067
4 ETW000 [dev trc ,00000] Client character set UTF16 -> UTF8 35674 0.069741
4 ETW000 [dev trc ,00000] Client NLS setting (OCINlsGetInfo): 'AMERICAN_AMERICA.UTF8'
4 ETW000 57 0.069798
4 ETW000 [dev trc ,00000] Logon as OPS$-user to get SAPSR3's password 55 0.069853
4 ETW000 [dev trc ,00000] Connecting as /@PC1 on connection 0 (nls_hdl 0) ... (dbsl 700
151208)
4 ETW000 34 0.069887
4 ETW000 [dev trc ,00000] Nls CharacterSet NationalCharSet C
EnvHp ErrHp ErrHpBatch
4 ETW000 52 0.069939
4 ETW000 [dev trc ,00000] 0 UTF8 0
0x6000000001052910 0x600000000105a3c0 0x600000000106ab38
4 ETW000 58 0.069997
4 ETW000 [dev trc ,00000] Allocating service context handle for con_hdl=0 40 0.070037
4 ETW000 [dev trc ,00000] Allocating server context handle 27 0.070064
4 ETW000 [dev trc ,00000] Attaching to DB Server PC1
(con_hdl=0,svchp=0x600000000106aa68,srvhp=0x600000000106de78)
4 ETW000 63 0.070127
4 ETW000 [dev trc ,00000] Assigning server context 0x600000000106de78 to service context
0x600000000106aa68
4 ETW000 60612 0.130739
4 ETW000 [dev trc ,00000] Allocating user session handle 97 0.130836
4 ETW000 [dev trc ,00000] Starting user session: OCISessionBegin(con_hdl=0,
usr='/',svchp=0x600000000106aa68, srvhp=0x600000000106de78, usrhp=0x60000000010fc940)
4 ETW000 64 0.130900
4 ETW000 [dev trc ,00000] Assigning user session 0x60000000010fc940 to service context
0x600000000106aa68
4 ETW000 9302 0.140202
4 ETW000 [dev trc ,00000] -->oci_prepare_stmt(con_hdl=0, len=53, stmth_p=0x6000000001077608)
4 ETW000 198 0.140400
4 ETW000 [dev trc ,00000] BEGIN DBMS_APPLICATION_INFO.SET_MODULE(:A0,:A1); END;
4 ETW000 38 0.140438
4 ETW000 [dev trc ,00000] CbApplInfoGet() failed! Ignore, but uninstall callback to avoid more
erroneous calls
4 ETW000 291 0.140729
4 ETW000 [dev trc ,00000] -->oci_prepare_stmt(con_hdl=0, len=54, stmth_p=0x6000000001078660)
4 ETW000 33 0.140762
4 ETW000 [dev trc ,00000] BEGIN DBMS_APPLICATION_INFO.SET_CLIENT_INFO(:A0); END;
4 ETW000 35 0.140797
4 ETW000 [dev trc ,00000] -->oci_prepare_stmt(con_hdl=0, len=0, stmth_p=0x6000000001078660)
4 ETW000 937 0.141734
4 ETW000 [dev trc ,00000] SELECT SID FROM V$MYSTAT WHERE ROWNUM<2
4 ETW000 36 0.141770
4 ETW000 [dev trc ,00000] Connected to session 297. 639 0.142409
4 ETW000 [dev trc ,00000] Now '/@PC1' is connected: con_hdl=0, nls_hdl=0, session_id=297.
4 ETW000 38 0.142447
4 ETW000 [dev trc ,00000] -->oci_prepare_stmt(con_hdl=0, len=0, stmth_p=0x6000000001078660)
4 ETW000 37 0.142484
4 ETW000 [dev trc ,00000] ALTER SESSION SET NLS_SORT = BINARY
4 ETW000 36 0.142520
4 ETW000 [dev trc ,00000] -->oci_prepare_stmt(con_hdl=0, len=0, stmth_p=0x6000000001078660)
4 ETW000 327 0.142847
4 ETW000 [dev trc ,00000] SELECT USERID, PASSWD FROM SAPUSER WHERE USERID IN (:A0, :A1)
4 ETW000 36 0.142883
4 ETW000 [dev trc ,00000] Got SAPSR3's password from OPS$-user 728 0.143611
4 ETW000 [dev trc ,00000] Disconnecting from connection 0 ... 38 0.143649
4 ETW000 [dev trc ,00000] Rolling back transaction ... 31 0.143680
4 ETW000 [dev trc ,00000] Closing user session
(con_hdl=0,svchp=0x600000000106aa68,usrhp=0x60000000010fc940)
4 ETW000 210 0.143890
4 ETW000 [dev trc ,00000] Now I'm disconnected from ORACLE 721 0.144611
4 ETW000 [dev trc ,00000] Connecting as SAPSR3/<pwd>@PC1 on connection 0 (nls_hdl 0) ... (dbsl
700 151208)
4 ETW000 40 0.144651
4 ETW000 [dev trc ,00000] Nls CharacterSet NationalCharSet C
EnvHp ErrHp ErrHpBatch
4 ETW000 37 0.144688
4 ETW000 [dev trc ,00000] 0 UTF8 0
0x6000000001052910 0x600000000105a3c0 0x600000000106ab38
4 ETW000 37 0.144725
4 ETW000 [dev trc ,00000] Assigning username to user session: con_hdl=0,
usrhp=0x60000000010fc940
4 ETW000 35 0.144760
4 ETW000 [dev trc ,00000] Assigning password to user session: con_hdl=0,
usrhp=0x60000000010fc940
4 ETW000 40 0.144800
4 ETW000 [dev trc ,00000] Starting user session: OCISessionBegin(con_hdl=0, usr=SAPSR3/<pwd>,
svchp=0x600000000106aa68, srvhp=0x600000000106de78, usrhp=0x60000000010fc940)
4 ETW000 337 0.145137
4 ETW000 [dev trc ,00000] Assigning user session 0x60000000010fc940 to service context
0x600000000106aa68
4 ETW000 4085 0.149222
4 ETW000 [dev trc ,00000] -->oci_prepare_stmt(con_hdl=0, len=54, stmth_p=0x6000000001077608)
4 ETW000 63 0.149285
4 ETW000 [dev trc ,00000] BEGIN DBMS_APPLICATION_INFO.SET_CLIENT_INFO(:A0); END;
4 ETW000 37 0.149322
4 ETW000 [dev trc ,00000] -->oci_prepare_stmt(con_hdl=0, len=0, stmth_p=0x6000000001077608)
4 ETW000 585 0.149907
4 ETW000 [dev trc ,00000] SELECT SID FROM V$MYSTAT WHERE ROWNUM<2
4 ETW000 36 0.149943
4 ETW000 [dev trc ,00000] Connected to session 297. 350 0.150293
4 ETW000 [dev trc ,00000] Now 'SAPSR3/<pwd>@PC1' is connected: con_hdl=0, nls_hdl=0,
session_id=297.
4 ETW000 38 0.150331
4 ETW000 [dev trc ,00000] -->oci_prepare_stmt(con_hdl=0, len=0, stmth_p=0x6000000001077608)
4 ETW000 38 0.150369
4 ETW000 [dev trc ,00000] ALTER SESSION SET NLS_SORT = BINARY
4 ETW000 34 0.150403
4 ETW000 [dev trc ,00000] -->oci_prepare_stmt(con_hdl=0, len=0, stmth_p=0x6000000001077608)
4 ETW000 294 0.150697
4 ETW000 [dev trc ,00000] SELECT VALUE FROM V$NLS_PARAMETERS WHERE PARAMETER IN
('NLS_LANGUAGE', 'NLS_TERRITORY', 'NLS_CHARACTERSET') ORDER BY PARAM
4 ETW000 66 0.150763
4 ETW000 [dev trc ,00000] ETER
4 ETW000 34 0.150797
4 ETW000 [dev trc ,00000] Database NLS settings: AMERICAN_AMERICA.UTF8 329 0.151126
4 ETW000 [dev trc ,00000] -->oci_prepare_stmt(con_hdl=0, len=0, stmth_p=0x6000000001077608)
4 ETW000 856 0.151982
4 ETW000 [dev trc ,00000] SELECT UPPER(INSTANCE_NAME),HOST_NAME,VERSION,TO_CHAR
(STARTUP_TIME,'MON DD, YYYY, HH24:MI:SS') FROM V$INSTANCE
4 ETW000 36 0.152018
4 ETW000 [dev trc ,00000] DB instance PC1 is running on scmdb001 with ORACLE version
10.2.0.4.0 since NOV 07, 2010, 03:23:10
4 ETW000 349 0.152367
4 ETW000 [dev trc ,00000] -->oci_prepare_stmt(con_hdl=0, len=0, stmth_p=0x6000000001077608)
4 ETW000 38 0.152405
4 ETW000 [dev trc ,00000] SELECT SUBSTR(NAME,1,3), TO_CHAR(CREATED,'YYYYMMDDHHMMSS')
FROM V$DATABASE

Can I check remote address connecting to a ServerSocket before accepting?

I have a ServerSocket for which I'd like to implement an IP filter, using an allow or deny list to control which IP addresses can connect. After accepting the connection, I check the remote address on the Socket that is created, and apply the filter. However, if I close the connection to a denied address, the client sees that the connection was accpeted, but then it throws a SocketException when it tries to write to it.
That accomplishes the purpose of the filter, but it doesn't seem like good behavior from the client's perspective. I'd like to implement a ServerSocket that doesn't even accept the connection if the remote address is not permitted. Is there any way to do that?

Why not write a connection accepted/refused message
to the client and then carry on (or close the
socket/streams at both ends)?I'm not sure I understand your suggestion. When ServerSocket.accept() returns by providing a Socket object, that is the first time the server code can determine the IP address of the client and apply an IP filter. However, the connection has already been established at this point, so it's not possible to make an accept/refuse decision for the connection based on the client IP address. By the time the server code sees the IP address, the connection has already been accepted, and the only recourse is to close the connection from the server (by calling close() on the Socket object that was returned), and the client will then throw an exception with the message saying that the software closed the connection.
Legitimate users trying to connect may interpret this as a software problem, if they don't know any better. Intruders will discover from this behavior that the port is open through the firewall, and may conclude that IP filtering is being applied, and if they have some idea of what IP addresses are allowed, they could easily spoof them. Or they could keep trying, hoping to catch the server when the IP filtering is turned off.
It would be better to mimic the filtering behavior of a firewall, whereby the connection is not established. Then the client would report that it could not establish the connection, and the user would be more likely to look into whether the port is open or IP filtering is occurring, rather than thinking there is a software problem. And the intruder would conclude that the port is not open and go somewhere else.
I would need a different implementation of ServerSocket to do this. I checked jakarta commons net, but that only provides client side utilities. I'm currently untangling the source code of java.net.ServerSocket to see how difficult it will be to override the accept() method to provide filtering behavior. This seems like a useful thing, and I thought perhaps someone had already done so. Or perhaps someone can tell me why this is not a good idea.
Message was edited by:
MidnightJava

Sapscript, check address, variable starting vertical position Solved

Hello all,
On the check that we are creating for Accounts Payable payments, vendors that have all four name fields populated are causing the last line of the address on the check to be too close to the MICR line.
I want the address to start printing conditionally at line 55, 56, or 57, depending upon the number of name fields that are populated. Does anyone have a suggestion on a way to accomplish this? Currently the address starts printing in line 57.
This is the address command as it currently exists.
ADDRESS PARAGRAPH AS
NAME       &REGUH-ZNME1&, &REGUH-ZNME2&, &REGUH-ZNME3&, &REGUH-ZNME4&,
STREET      &REGUH-ZSTRA&
POBOX       &REGUH-ZPFAC& CODE
POSTCODE    &REGUH-ZPSTL&
REGION      &REGUH-ZREGI&
CITY        &REGUH-ZORT1&
COUNTRY     &REGUH-ZLAND&
FROMCOUNTRY &T001-LAND1&
ENDADDRESS
All answers greatly appreciated.
Thanks
Bruce
Solved!
This is how I sold my problem.
1. Move the address window up two lines.
2. Add the following code before the address command. This code could possibly print one or two blank lines before the address command is executed.
/:   IF &REGUH-ZNME3& = ' ' AND &REGUH-ZNME4& = '
/:   ELSEIF &REGUH-ZNME4& = ' '
/:   ENDIF
Bruce
Message was edited by: Bruce Tjosvold
Message was edited by: Bruce Tjosvold
Message was edited by: Bruce Tjosvold

andre.ramaciotti wrote:And I'm not sure if you should put that & after exec awesome. It works fine here without it.
No & after entries in .xinitrc . You've commented out the awesome entry.

When creating a remote address in a pot or other objects you cannot use a / for a address??? my ladders addresses contain such ////// symbols for some addresses???

when creating a remote address in a pot or other objects you cannot use a / for a address??? my ladders addresses contain such ////// symbols for some addresses???

On the AB object, "f" is a float and cannot address individual bits.
Otherwise, you would replace the "/" with an "_".
Forshock - Consult.Develop.Solve.

Client socket binding to the same local/remote addresses

Hi all,
My Java program binds client socket to local address, local port, remote address and remote port. after that from different thread the program creates new socket and bind it to the same address as the first one. The question is: is there possibility that the second socket will be copy as the first one (with the same input/output streams) so that two threads in fact use the same TCP connection.
(Operating system is HP).
Thank you,
Kate

I have no need to store streams, my problem that each connection has it's own messages numbers(the application implements some protocol over TCP). so if a message number 1 was sent by some connection, and when different thread wants to send a message to the same remote host, it tries to pick up existing connection, but because of a bug creates the new one, which sends the message with number 1 also. And I see that there are situation whent the first thread receives response to the message number 1 althougth it was response to the message number 1 that the second thread has sent. So my question is if there is any possibility of this absurd situation?

ACS Remote-Address IP adress logged wrongly

I'm running ACS acs-5.4.0.46-B.221 and I found suspicious log entries. The issue is that IP address logged in logfile has reverted all octets.
Logged Remote-Address=Z.Y.X.W instead of Logged Remote-Address=W.X.Y.Z. Is it known bug or not? These supiscious entries are there for one day only.
Thanks
Zdenek

If you are going to change the ip scheme of whole network then go like this
--Change the IP of the AD where agent is installed.
--Uninstall the agent from the AD
--Assign the ip to the acs via CLI
--Delete the old agent from the ACS network configuration and add the new one with new ip.
--Install the agent on the AD again and enter the new ip address of the ACS during installation.
--Go to ACS external user database >> windows database > select the new remote agent.
Refresh the agent in the network confguration.
HTH
Jatin
Do rate helpful posts-

Coherence Extend remote address port in TCP Connection

Hi,
From the log below, I see remote address port is picked some random port(48552). (currently i disabled the firewall), If i enable the firewall it could be an issue, is there any way i can specify the remote ports that tcp connection use?
2011-02-24 13:18:18.076/1280.207 Oracle Coherence GE 3.6.0.1 <D6> (thread=Proxy:ExtendTcpProxyService:TcpAcceptor, member=13): Opened: TcpConnection(Id=0x0000012E56A3CA1B0A1F96B688F7EEBCEDA2AA9397203393CF480379B3963D86, Open=true, LocalAddress=10.31.150.182:9099, RemoteAddress=10.31.150.182:48552)
One more question,
I have two proxy servers, is it possible to configure the client to make two connection (redundant) one for first proxy and another for second proxy. is it make sense?
Thanks
Prab
Edited by: 833796 on Feb 24, 2011 2:35 AM

Hi Prab
The random port is what normally is called an ephemeral port for the client and is usually not a problem for firewalls since this is expected behavior. If you want to control the client port you can do this by adding the <local-address> to the tcp-initiator element.
As for the second question, it doesn't quite work to do as you suggest. The proxy contains state for the client, as this is not replicable between the proxies one cannot continue where the other one left off.
Thanks
/Charlie

H323-remote-address in START radius packet

Similar Messages

Maybe you are looking for