Howto configure reverse-access authorization on ACS Win4.1
Hi,
I have some routers with modem-stuff and like to make reverse-access authorization.
Router-Cfg:
aaa authorization reverse-access default group tacacs+
worked under CSU with service=raccess {}
But I get errors when I try this under ACS Win 4.1.
Router-Message
% Authorization failed.
ACS-Message:
11/06/2007 16:28:14 Author failed xuseridx Shelluser-Grp 10.1.2.YYY (Default) .. Service denied service=raccess tty34 10.1.2.ZZZ .. .. .. .. .. others ..
Anybody who has an idea if and how this is possible?
Kind Regards,
Chris
Thanks Jeff,
I already got your detailed information from your colleague at Cisco (Markus K.)
And it works.
Maybe you can also help me for:
Security / AAA / Restrict User to specific NAS if only default NAS profile is configured
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=AAA&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.2cbe7e71
Similar Messages
-
ACS 5.3 cannot create default network access authorization rule
Hi, when I click 'Create...' under Access Policies > Default Network Access > Authorization, and then press the 'OK' button, it says 'Please configure at least 1 condition.' However I have no way to configure conditions as the 'Conditions' text is just bold text and not a link or any sort of configurable area. If I go to 'Customize' on the bottom right and add conditions to the right list box, I still have no options when I press Create. Also, the 'green light' next to Default Network Access is grey with a line through it. This is the most cryptic system I have ever used.. anyone have an idea? Thank you!
Looks like you are using chrome amd it's not a supported browser.
Supported Web Client/Browsers
You can access ACS 5.3 administrative user interface using the following Web Client/Browsers:
•Windows 7 32 bit
•Windows XP Professional (Service Pack 2 and 3)
•Windows Vista
•Internet Explorer version 7.x
•Internet Explorer version 8.x
•Internet Explorer version 9.x
•Mozilla Firefox version 3.x
•Mozilla Firefox version 4.x
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/release/notes/acs_53_rn.html#wp222016
Jatin Katyal
- Do rate helpful posts - -
IOS XR Command authorization with ACS server
We have a newly implemented ASR 9010 and are trying to figure out how to best configure it with TACACS, as it is slightly different than IOS.
In ACS, we have two groups: Group 1 and Group 2
Group 1 allows full access in the shell command authorization set.
Group 2 allows limited access in the shell command set (basically just show commands).
Both groups can login fine (aaa authentication login default group <groupname> local)
Group 1 has full access to everything (group I am in).
Group 2 has NO access to anything (can't even perform show commands).
Group 2 CAN access other IOS devices and can perform the various show commands.
With regards to our authorization commands, we currently have it configured as:
aaa authorization commands default group <groupname> local
Why is it working for the one group, but not the other? I've read how IOS XR uses task Ids and other various things that I'm unfamiliar with. I'm mainly curious if I have to use those, if the authorized commands are configured in ACS.
Thanks!
Kyledont have enough info to give you a full conclusive answer Kyle, but some suspicions.
Task group not set right?
Command groups not defined properly in tacacs for command author.
if you only want show access, you can just use the task groups in XR with a read permission on any command for instance. no direct need to send every command down to tacacs (hate that slowness )
More info here:
https://supportforums.cisco.com/docs/DOC-15944
xander -
Shell Command Authorization Sets ACS
hi i followed this guide step by step http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml
but still all my user can use all the commands
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R3
boot-start-marker
boot-end-marker
aaa new-model
aaa authentication login milista group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa session-id common
memory-size iomem 5
ip cef
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
multilink bundle-name authenticated
username admin privilege 15 secret 5 $1$CS17$3oeNpzTvJAyZTvOUP2qyB1
archive
log config
hidekeys
interface FastEthernet0/0
ip address 192.168.20.1 255.255.255.0
duplex auto
speed auto
interface Serial0/0
no ip address
shutdown
clock rate 2000000
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface Serial0/1
ip address 20.20.20.2 255.255.255.252
clock rate 2000000
interface Serial0/2
no ip address
shutdown
clock rate 2000000
interface Serial0/3
no ip address
shutdown
clock rate 2000000
router eigrp 1
network 20.0.0.0
network 192.168.20.0
no auto-summary
ip forward-protocol nd
no ip http server
no ip http secure-server
tacacs-server host 192.168.20.2 key cisco
control-plane
line con 0
exec-timeout 0 0
logging synchronous
login authentication milista
line aux 0
line vty 0 4
end
i copy the authorization commands from the cisco forum and follow the steps but no thing all my users have full access to all commands
heres my share profile
name-------------admin jr
Description---------for jr admin
unmatched commands------- ()permit (x)deny
permint unmatched args()
enable
show -------------------------- permit version<cr>
permit runnig-config<cr>
then i add this profifle to group 2 and then i add my user to the group 2
then i log in to the router enter with the user and i still can use ALL the commands i dont know what i am doign bad any idea?
can you give me if you can a guide to setup authorization with ACS i cant find any good guide jeremy from CBT gives a example but just for authentication i am lost i am battling with this prblem since wednesday without luck"you are testing with privilege level 15 or below 15. Because when you are using below 15 level user, first it will check local command authorization set. For example if you want to execute sh runn command with level 5 user, first it will check local command set. If the sh runn command exits in local command set then it will send request to ACS. If it is not in the command set, it won't send request to ACS. That's why you don't see debug. For 15 level users it will directly send request to ACS. Configure command set locally and try it should work.
Correct me if I am wrong."
Regards
Vamsi -
AAA Authorization with ACS Shell-Sets
Hi all,
I am using a cisco 871 router running Version 12.4(11)T advanced IP Services.
I am having trouble getting AAA Authorization to work correctly with ACS.
I am able to set the users up on ACS fine and assign them shell and priv level 7.
I then setup a Shell Auth Set, and enter in the commands show and configure.
When I log in as a user, I get an exec with a priv level of 7 no problems, but I never seem to be able
to access global config mode by typing in conf (or configure) terminal or t.
If I type con? the only command there is connect, configure is never an option...
The only way I can get this to work is by entering the command:
privilege exec level 7 configure terminal
I thought the whole purpose of the ACS Shell Set was to provide this information to the Router?
This is most frustrating
The ACS Server is set up with a Shell Command Authorization Set named Level_7
It is assigned to the relevant groups and I even have the "Unmatched Commands" option selected to "Permit"
The "Permit Unmatched Args" is also selected.
See an excerpt of my IOS config below:
aaa new-model
aaa group server tacacs+ ACS
server 10.90.0.11
aaa authentication login default group ACS local
aaa authorization exec default group ACS
aaa authorization commands 7 default group ACS local
tacacs-server host 10.90.0.11 key cisco
privilege exec level 7 configure terminal
privilege exec level 7 configure
privilege exec level 7 show running-config
privilege exec level 7 show
Hope you can help me with this one..
P.s I have tried it with the privilege commands on the router and removed from the router and just keep getting the same results!?Hi,
So here it is,
You are actually using two different options and trying to couple then together. What I would suggest you is either use Shell command authorization set feature or play with privilege level. Not both mixed together.
Above scenario might work, if you move commands to privilege level 6 and give user privilege level 7. It might not sure. Give it a try and share the result.
This is what I suggest the commands back to normal level.
Below provided are steps to configure shell command authorization:
Follow the following steps over the router:
!--- is the desired username
!--- is the desired password
!--- we create a local username and password
!--- in case we are not able to get authenticated via
!--- our tacacs+ server. To provide a back door.
username password privilege 15
!--- To apply aaa model over the router
aaa new-model
!--- Following command is to specify our ACS
!--- server location, where is the
!--- ip-address of the ACS server. And
!--- is the key that should be same over the ACS and the router.
tacacs-server host key
!--- To get users authentication via ACS, when they try to log-in
!--- If our router is unable to contact to ACS, then we will use
!--- our local username & password that we created above. This
!--- prevents us from locking out.
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization config-commands
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
!--- Following commands are for accounting the user's activity,
!--- when user is logged into the device.
aaa accounting exec default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
Configuration on ACS
[1] Goto 'Shared Profile Components' -> 'Shell Command Authorization Sets' -> 'Add'
Provide any name to the set.
provide the sufficent description (if required)
(a) For Full Access administrative set.
In Unmatched Commands, select 'Permit'
(b) For Limited Access set.
In Unmatched commands, select 'Deny'.
And in the box above 'Add Command' box type in the main command, and in box below 'Permit unmatched Args'. Provide with the sub command allow.
For example: If we want user to be only able to access the following commads:
login
logout
exit
enable
disable
show
Then the configuration should be:
------------------------Permit unmatched Args--
login permit
logout permit
exit permit
enable permit
disable permit
configure permit terminal
interface permit ethernet
permit 0
show permit running-config
in above example, user will be allowed to run only above commands. If user tries to execute 'interface ethernet 1', user will get 'Command authorization failed'.
[2] Press 'Submit'.
[3] Goto the group on which we want to apply these command authorization set. Select 'Edit Settings'.
(cont...) -
How to do .1x port based network access authentication through ACS
How to do .1x port based network access authentication through ACS.
Hi,
802.1x can authenticate hosts either through the username/password or either via the MAC address of the clients (PC's, Printers etc.). This process is called Agentless Network Access which can be done through Mac Auth Bypass.
In this process the 802.1x switchport would send the MAC address of the connected PC to the radius server for authentication. If the radius server has the MAC address in it's database, the authentication would be successful and the PC would be granted network access.
To check the configuration on the ACS 4.x, you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/noagent.html
To check the configuration on an ACS 5.x, you can go to http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1053005
Regards,
Kush -
Authorization in ACS 5.2
In ACS 5.2, when i add custom a shell profile to a rule in an authorization policy (used in a TACAS access service) it seems to be skipped.
I can see the rule is hit because the hitcount number increases (it hits because of the group id), and when i set the shell profile to deny access (as test), access is actually rejected. So i know the rule is hit, but anything i put in my custom shell profile at the common tasks tab (like an auto command or default/maximum privilege level) is not used.
The same goes for commands sets. When i add the set 'deny all commands' the user is still able to exceute all commands, although the rule is hit based on the group ID the user belongs to.
I must be doing something wrong, but i can't find my mistake.@ Edward; Same here, no authorization logging.
@ Nicolas; thanks for picking this up.
First of all, these are my AAA lines in the test 2901, running IOS 15.0.
aaa authentication login ACS-TAC group tacacs+ local
aaa authorization exec ACS-TAC group tacacs+ local
aaa authorization commands 0 ACS-TAC group tacacs+ local
aaa authorization commands 1 ACS-TAC group tacacs+ local
aaa authorization commands 15 ACS-TAC group tacacs+ local
I created a new Access service, of which the Identity part is working fine.
These rules are in the authorization policy:
This is rule1:
This is the Shell profile, just for test:
The command set is easy, denyallcommands. I want to add a specific command set for our service desk, but not before i can get it to work.
When i change the Shell profile of rule1 to DenyAccess i am not able to logon with the service desk account, so it looks like the authorization rule is actually used. -
Configure reverse proxy using Apache 2.2.15
Dear Experts,
I am in the process of configuring reverse proxy for my portal so that ppl outside the network can access my servers.
We are on SUSE Linux 10 SP2, installed Apache 2.2.15 and started apache successfully.
When i run command ps -ef | grep httpd, i get list of processes that are running.
But when i open mozilla on the server where i installed apache and type http://myhost.domian.com:8080 it doesnt display any screen.
I still assume that my apache is running. Please correct me on the above.
Now i have configured my httpd.conf based on help.sap.com and various threads on sdn and it looks something like below
====================================================================================================
ProxyPass /irj http://myhost.mydomian.com:50100/irj/
ProxyPassReverse /irj http://myhost.mydomian.com:50100/irj/
ProxyPreserveHost On
#####################################r Reverse Proxy
ProxyRequests off
ProxyPreserveHost On
<VirtualHost 172.XXX.XX.XX:80>
#DocumentRoot Webserver doc root, eg "C:/.../htdocs"
#ServerName <http:// Domain Name eg www.domainA.com >
#ErrorLog logs/Domain.com-error_log
#CustomLog logs/Domain.com-access_log common
(Commented the above lines as i did not understand what i need them for.. please help on the above)
RewriteEngine On
RewriteLog logs/myhost_unsecured_rewrite.log
RewriteLogLevel 9
<Directory />
Options None
AllowOverride None
</Directory>
RewriteRule ^/(.*)$ http://myhost.mydomian.com:50100/$irj1/ NC,P
ProxyPassReverse /irj http://myhost.mydomian.com:50100/
</VirtualHost>
With the above configuration will i be able to acheive my goal of using this server as my reverse proxy and also for redirecting the host name.
Please help me on the above
Thanks and regards
HunkyIf you search for "reverse proxy apache" you'll find quite lots of resources (blogs, articles) here on the SDN.
You may start with
FEATURED EVENTS
Markus -
Hi Guys,
its like I want to have only single user ID (Could be AD account or ACS local account) & want this user account should have level 1 access on some switches,routers & have rights to run specific commands on Core devices,firewall & should have level 15 on access devices.
So I want to use only one user account & want to have different level of Access & specific command authorization through ACS.
please help me on this.
ThanksHi ,
The trick here is to give Priv 15 access to the user is question and then deploy command authorization , so that user can only execute some specific commands.
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/user/spc.htm#wp697557
Pix command,
username Test password cisco
username Test privilege 15
aaa-server TACACS protocol tacacs+
aaa-server TACACS (outside) host 10.130.102.191 cisco timeout 10
aaa authentication http console TACACS LOCAL
aaa authentication ssh console TACACS LOCAL
aaa authentication telnet console TACACS LOCAL
aaa authentication enable console TACACS LOCAL
aaa authorization command TACACS LOCAL <--------- NEEDED FOR COMMAND AUTHORIZATION ON PIX
Regards,
~JG
Please rate if that helps ! -
I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
I need to allow the following IP addresses to have RDP access to my server:
66.237.238.193-66.237.238.222
69.195.249.177-69.195.249.190
69.65.80.240-69.65.80.249
My external WAN server info is - 99.89.69.333
The internal IP address of my server is - 192.168.6.2
The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
THE FOLLOWING IS MY CONFIGURATION FILE
Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
Also the bolded lines are the modifications I made but that arent working.
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password DowJbZ7jrm5Nkm5B encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.6.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 99.89.69.233 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network EMRMC
network-object 10.1.2.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 172.16.0.0 255.255.0.0
network-object 192.168.9.0 255.255.255.0
object-group service RDP tcp
description RDP
port-object eq 3389
object-group service GMED tcp
description GMED
port-object eq 3390
object-group service MarsAccess tcp
description MarsAccess
port-object range pcanywhere-data 5632
object-group service MarsFTP tcp
description MarsFTP
port-object range ftp-data ftp
object-group service MarsSupportAppls tcp
description MarsSupportAppls
port-object eq 1972
object-group service MarsUpdatePort tcp
description MarsUpdatePort
port-object eq 7835
object-group service NM1503 tcp
description NM1503
port-object eq 1503
object-group service NM1720 tcp
description NM1720
port-object eq h323
object-group service NM1731 tcp
description NM1731
port-object eq 1731
object-group service NM389 tcp
description NM389
port-object eq ldap
object-group service NM522 tcp
description NM522
port-object eq 522
object-group service SSL tcp
description SSL
port-object eq https
object-group service rdp tcp
port-object eq 3389
access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.6.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 68.156.148.5
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
tunnel-group 68.156.148.5 type ipsec-l2l
tunnel-group 68.156.148.5 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
: end
ciscoasa(config-network)#Unclear what did not work. In your original post you include said some commands were added but don't work:
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
and later you state you add another command that gets an error:
static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface. Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive? Static PAT usually makes sense when you need to change the TCP port number. In your example, you are not changing the TCP port 3389. -
Hi there,
I'd like to ask you something:
I'm trying to synchronize all my iPod's (I have as many as 4 iPods: 2 iPod touch a 8 GB each and 2 iPod classic a 160 GB each) with my iTunes software (Version 11.3.1 which is installed on a Windows PC (Windows Vista Home Premium)). Unfortunately, the iTunes software refuses to run the command "synchronize with the iPod connected" regarding each and every iPod I have. iTunes just declares:
Synchronizing is impossible because I wouldn't hold the access authorization / rights for this operation.
I uploaded the songs at issue to my iTunes folder from CD's (all songs are in AAC format now).
What is this access authorization, why was something like that invented and what can I do to get it?
How do I have to proceed in detail?
What would it cost?
I am brand new here and have never ever made a post in any support community anywhere in the world in my life. Well, and I am not excessively knowledgeable about the particular computer or mac language but I know the very basics or can find out about them.
Anyways - can you help me please?
If you can't help me, who can do so?
It would be nice if you could answer me as soon as possible!
Thank you guys
Prying PedroYes, others have experienced the problem, a simple search of the forums would have revealed that and the simple solution.
Termporarily disable any security software on the computer. -
How to configure MS-Access 2010 DB details on weblogc using DBAdapter
Hi Experts,
Can any one help me how to configure MS-Access 2010 DB details on weblogic 11g using DBAdapters.
If you provide step by step instuction, it is very usful to me.
If you have any screen shots you can any one please send a file to my mail ID:[email protected]
My Requirement:
I need to fetch 3 columns data (product code/ serial numer and serial status) from MS-Access 2010 and store it on oracle 11g, for that I have wrote a web service code and I need to make it automation. I don't have any IDEA, how to make this web serevice as automation (automation means, when ever new record stored in MS-Access data I need to fetch newly created record from MS-Access 2010 and send it to Oracle 11g)
Note: MS- Access 2010 present at vision system and Oracle 11g installed in linux server.
Thanks,
PhaniHi,
I am also facing the same issue, not sure about what url to use. And also the login webservice doesn't work while I am testing using http://localhost:81/RTC/RTCService.asmx. It always throwing the following error
" Unable to cast COM object of type 'RTCLib.RTCClientClass' to interface type 'RTCLib.IRTCClient'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{07829E45-9A34-408E-A011-BDDF13487CD1}' failed due to the following error: No such interface supported (Exception from HRESULT: 0x80004002 (E_NOINTERFACE))."
Is the current owc_lcs.zip support MS Office Communication Server 2007?
Please share the configuration step if anyone already integrated OCS 2007.
Thanks,
-Mukesh.
Edited by: user9127933 on Feb 19, 2010 4:05 AM -
Configure Universal Access? what is it..
I have iPhone attached, and in lower portion of pane on computer from summary/options is button 'Configure Universal Access'.
What is this?
I tried every search option in iTune help menu, and they don't bother listing it.
I'm not going to experiment with unknowns, thanks'
Also the iTunes welcome to Itunes page is up, and again nothing there in sync iPhone video.Philscbx wrote:
Someone at http://forums.macrumors.com/showthread.php?t=725859&highlight=configureuniversalaccess found the altered term of it.
Don't know how link got messed up, but this is corrected.
http://www.apple.com/iphone/iphone-3gs/accessibility.html
Its a bit more direct than a Google list / http://www.google.com/search?btnG=1&pws=0&q=iphoneconfigure+universalaccess
Message was edited by: Philscbx -
How to configure to access internet on Solaris 10 SPARC
Dear All,
how to configure to access internet on Solaris 10 SPARC.
Thanks and regards,
HengWhat you need is just an IP address on your network interface and configure dns in /etc/nsswitch.conf and /etc/resolv.conf.
More details here : http://docs.oracle.com/cd/E23823_01/html/816-4554/index.html -
FTP_CONNECT: User ------- has no access authorization for computer -------.
Hi, could anyone please help me resolve the following issue:
When i run the code below, it comes back saying "could not connect to "host". When tried to run in debug or test the FM "ftp_connect" it says "user ..... has no access authorization for computer .....
REPORT ZALB_FTP_TEST.
types: begin of t_ftp_data,
line(132) type c,
end of t_ftp_data.
data: lv_ftp_user(64) value 'branch'. "change this
data: lv_ftp_pwd(64) value 'careful'. "change this
data: lv_ftp_host(50) value '10.50.1.199'. "change this
data: lv_rfc_dest like rscat-rfcdest value 'SAPFTP'.
data: lv_hdl type i.
data: lv_key type i value 26101957.
data: lv_dstlen type i.
data: lt_ftp_data type table of t_ftp_data.
field-symbols: <ls_ftp_data> like line of lt_ftp_data.
*describe field lv_ftp_pwd length lv_dstlen.
lv_dstlen = strlen( lv_ftp_pwd ).
call 'AB_RFC_X_SCRAMBLE_STRING'
id 'SOURCE' field lv_ftp_pwd
id 'KEY' field lv_key
id 'SCR' field 'X'
id 'DESTINATION' field lv_ftp_pwd
id 'DSTLEN' field lv_dstlen.
call function 'FTP_CONNECT'
exporting
user = lv_ftp_user
password = lv_ftp_pwd
host = lv_ftp_host
rfc_destination = lv_rfc_dest
importing
handle = lv_hdl
exceptions
not_connected = 1
others = 2.
if sy-subrc ne 0.
write:/ 'could not connect to', lv_ftp_host.
else.
write:/ 'connected successfully. session handle is', lv_hdl.
call function 'FTP_CONNECT'
exporting
handle = lv_hdl
command = 'dir'
tables
data = lt_ftp_data
exceptions
tcpip_error = 1
command_error = 2
data_error = 3
others = 4.
if sy-subrc ne 0.
write:/ 'could not execute ftp command'.
else.
loop at lt_ftp_data assigning <ls_ftp_data>.
write: / <ls_ftp_data>.
endloop.
call function 'FTP_DISCONNECT'
exporting
handle = lv_hdl
exceptions
others = 1.
if sy-subrc ne 0.
write:/ 'could not disconnect from ftp server'.
else.
write:/ 'disconnected from ftp server'.
endif.
endif.
endif.
Thanks in advance for the help.It doesn't work for me if I just maintain * entry.
But it works after I maintained specific IP address into the table,
ref notes:2072995 - User has no access authorization for computer
Cause
The message comes after the implementation of note '1605054 - Restriction in access to FTP Servers & usage of test reports' or upgrading to a
support package that contains this note. This note was created to prevent malicious users from accessing remote FTP servers.
Resolution
1. Please ensure that all manual steps from note 1605054 are implemented in your system along with the code corrections
2. Then please enter the allowed FTP servers into the table SAPFTP_SERVERS or enter ‘*’ to allow all FTP servers.
Maybe you are looking for
-
Recently I rebuilt my PC to handle after effects a little better. I am running CS3 on windows XP 64 bit, however once I start working on a project for less than 30 minutes my system locks up and brings up the blue screen of death. It gives me a "Page
-
Hi i have the table mtl_material_transactions of which the column transaction_date has the following values 1/1/2007 1/1/2007 1:01:50 PM 2/11/2011 3:39:38 PM i want to get another column Mon and YR Mon YR JAN 2007 FEB 2011 ETC i tried SELECT TO_CHAR(
-
FYI - Just purchased 16GB USB2 memory stick to boot my MacBook Air
FYI... Have used SuperDuper! 2.5 to clone my internal boot SSD to a 16GB USB2 memory stick. It was successful and a subsequent boot from this USB2 memory stick went smoothly without issues - although it was just a tad slow in booting compared to the
-
Hai All, I am facing some problem in while creating JCO destination. I have configured one SAP-ECC system in SLD and trying to create JCO destination but i am unable to see the created system in the dropdown where we select the R3 system. Thanks & Re
-
Response of USSD request in Arabic language
Hi All, I am facing one problem, I have got 1 USSD menu(USSR reuest) in ARABIC language, for that i have to respond back also in ARABIC digits, but I am unable to respond back in Arabic language, I can send the response in English but in that case se