Howto configure reverse-access authorization on ACS Win4.1

Similar Messages

• ACS 5.3 cannot create default network access authorization rule

  Hi, when I click 'Create...' under Access Policies > Default Network Access > Authorization, and then press the 'OK' button, it says 'Please configure at least 1 condition.' However I have no way to configure conditions as the 'Conditions' text is just bold text and not a link or any sort of configurable area. If I go to 'Customize' on the bottom right and add conditions to the right list box, I still have no options when I press Create. Also, the 'green light' next to Default Network Access is grey with a line through it. This is the most cryptic system I have ever used.. anyone have an idea? Thank you!

  Looks like you are using chrome amd it's not a supported browser.
  Supported Web Client/Browsers
  You can access ACS 5.3 administrative user interface using the following Web Client/Browsers:
  •Windows 7 32 bit
  •Windows XP Professional (Service Pack 2 and 3)
  •Windows Vista
  •Internet Explorer version 7.x
  •Internet Explorer version 8.x
  •Internet Explorer version 9.x
  •Mozilla Firefox version 3.x
  •Mozilla Firefox version 4.x
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/release/notes/acs_53_rn.html#wp222016
  Jatin Katyal
  - Do rate helpful posts -

• IOS XR Command authorization with ACS server

  We have a newly implemented ASR 9010 and are trying to figure out how to best configure it with TACACS, as it is slightly different than IOS.
  In ACS, we have two groups: Group 1 and Group 2
  Group 1 allows full access in the shell command authorization set.
  Group 2 allows limited access in the shell command set (basically just show commands).
  Both groups can login fine (aaa authentication login default group <groupname> local)
  Group 1 has full access to everything (group I am in). 
  Group 2 has NO access to anything (can't even perform show commands).
  Group 2 CAN access other IOS devices and can perform the various show commands.
  With regards to our authorization commands, we currently have it configured as:
  aaa authorization commands default group <groupname> local
  Why is it working for the one group, but not the other?  I've read how IOS XR uses task Ids and other various things that I'm unfamiliar with.  I'm mainly curious if I have to use those, if the authorized commands are configured in ACS.
  Thanks!
  Kyle

  dont have enough info to give you a full conclusive answer Kyle, but some suspicions.
  Task group not set right?
  Command groups not defined properly in tacacs for command author.
  if you only want show access, you can just use the task groups in XR with a read permission on any command for instance. no direct need to send every command down to tacacs (hate that slowness )
  More info here:
  https://supportforums.cisco.com/docs/DOC-15944
  xander

• Shell Command Authorization Sets ACS

  hi i followed this guide step by step http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml
  but still all my user  can use all the commands
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname R3
  boot-start-marker
  boot-end-marker
  aaa new-model
  aaa authentication login milista group tacacs+ local
  aaa authorization config-commands
  aaa authorization exec default group tacacs+ local
  aaa authorization commands 0 default group tacacs+ local
  aaa authorization commands 1 default group tacacs+ local
  aaa authorization commands 15 default group tacacs+ local
  aaa session-id common
  memory-size iomem 5
  ip cef
  no ip domain lookup
  ip auth-proxy max-nodata-conns 3
  ip admission max-nodata-conns 3
  multilink bundle-name authenticated
  username admin privilege 15 secret 5 $1$CS17$3oeNpzTvJAyZTvOUP2qyB1
  archive
  log config
  hidekeys
  interface FastEthernet0/0
  ip address 192.168.20.1 255.255.255.0
  duplex auto
  speed auto
  interface Serial0/0
  no ip address
  shutdown
  clock rate 2000000
  interface FastEthernet0/1
  no ip address
  shutdown
  duplex auto
  speed auto
  interface Serial0/1
  ip address 20.20.20.2 255.255.255.252
  clock rate 2000000
  interface Serial0/2
  no ip address
  shutdown
  clock rate 2000000
  interface Serial0/3
  no ip address
  shutdown
  clock rate 2000000
  router eigrp 1
  network 20.0.0.0
  network 192.168.20.0
  no auto-summary
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  tacacs-server host 192.168.20.2 key cisco
  control-plane
  line con 0
  exec-timeout 0 0
  logging synchronous
  login authentication milista
  line aux 0
  line vty 0 4
  end
  i copy the authorization commands from the cisco forum and follow  the steps but no thing all my users have full access to all commands
  heres my share profile
  name-------------admin jr
  Description---------for jr admin
  unmatched commands------- ()permit  (x)deny
  permint unmatched args()
  enable
  show -------------------------- permit version<cr>
  permit runnig-config<cr>
  then i add this profifle to group 2 and then i add my user to the group 2
  then i log in to the router enter with the user and i still can use ALL the commands i dont know what i am doign bad any idea?
  can you  give me  if you can a guide to setup authorization with ACS i cant find any good guide  jeremy from CBT gives a example but just for authentication i am lost  i am battling with this  prblem since wednesday without luck

  "you are testing with privilege level 15 or below 15. Because when you are using below 15 level user, first it will check local command authorization set. For example if you want to execute sh runn command with level 5 user, first it will check local command set. If the sh runn command exits in local command set then it will send request to ACS. If it is not in the command set, it won't send request to ACS. That's why you don't see debug. For 15 level users it will directly send request to ACS. Configure command set locally and try it should work.
  Correct me if I am wrong."
  Regards
  Vamsi

• AAA Authorization with ACS Shell-Sets

  Hi all,
  I am using a cisco 871 router running Version 12.4(11)T advanced IP Services.
  I am having trouble getting AAA Authorization to work correctly with ACS.
  I am able to set the users up on ACS fine and assign them shell and priv level 7.
  I then setup a Shell Auth Set, and enter in the commands show and configure.
  When I log in as a user, I get an exec with a priv level of 7 no problems, but I never seem to be able
  to access global config mode by typing in conf (or configure) terminal or t.
  If I type con? the only command there is connect, configure is never an option...
  The only way I can get this to work is by entering the command:
  privilege exec level 7 configure terminal
  I thought the whole purpose of the ACS Shell Set was to provide this information to the Router?
  This is most frustrating
  The ACS Server is set up with a Shell Command Authorization Set named Level_7
  It is assigned to the relevant groups and I even have the "Unmatched Commands" option selected to "Permit"
  The "Permit Unmatched Args" is also selected.
  See an excerpt of my IOS config below:
  aaa new-model
  aaa group server tacacs+ ACS
  server 10.90.0.11
  aaa authentication login default group ACS local
  aaa authorization exec default group ACS
  aaa authorization commands 7 default group ACS local
  tacacs-server host 10.90.0.11 key cisco
  privilege exec level 7 configure terminal
  privilege exec level 7 configure
  privilege exec level 7 show running-config
  privilege exec level 7 show
  Hope you can help me with this one..
  P.s I have tried it with the privilege commands on the router and removed from the router and just keep getting the same results!?

  Hi,
  So here it is,
  You are actually using two different options and trying to couple then together. What I would suggest you is either use Shell command authorization set feature or play with privilege level. Not both mixed together.
  Above scenario might work, if you move commands to privilege level 6 and give user privilege level 7. It might not sure. Give it a try and share the result.
  This is what I suggest the commands back to normal level.
  Below provided are steps to configure shell command authorization:
  Follow the following steps over the router:
  !--- is the desired username
  !--- is the desired password
  !--- we create a local username and password
  !--- in case we are not able to get authenticated via
  !--- our tacacs+ server. To provide a back door.
  username password privilege 15
  !--- To apply aaa model over the router
  aaa new-model
  !--- Following command is to specify our ACS
  !--- server location, where is the
  !--- ip-address of the ACS server. And
  !--- is the key that should be same over the ACS and the router.
  tacacs-server host key
  !--- To get users authentication via ACS, when they try to log-in
  !--- If our router is unable to contact to ACS, then we will use
  !--- our local username & password that we created above. This
  !--- prevents us from locking out.
  aaa authentication login default group tacacs+ local
  aaa authorization exec default group tacacs+ local
  aaa authorization config-commands
  aaa authorization commands 0 default group tacacs+ local
  aaa authorization commands 1 default group tacacs+ local
  aaa authorization commands 15 default group tacacs+ local
  !--- Following commands are for accounting the user's activity,
  !--- when user is logged into the device.
  aaa accounting exec default start-stop group tacacs+
  aaa accounting system default start-stop group tacacs+
  aaa accounting commands 0 default start-stop group tacacs+
  aaa accounting commands 1 default start-stop group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+
  Configuration on ACS
  [1] Goto 'Shared Profile Components' -> 'Shell Command Authorization Sets' -> 'Add'
  Provide any name to the set.
  provide the sufficent description (if required)
  (a) For Full Access administrative set.
  In Unmatched Commands, select 'Permit'
  (b) For Limited Access set.
  In Unmatched commands, select 'Deny'.
  And in the box above 'Add Command' box type in the main command, and in box below 'Permit unmatched Args'. Provide with the sub command allow.
  For example: If we want user to be only able to access the following commads:
  login
  logout
  exit
  enable
  disable
  show
  Then the configuration should be:
  ------------------------Permit unmatched Args--
  login permit
  logout permit
  exit permit
  enable permit
  disable permit
  configure permit terminal
  interface permit ethernet
  permit 0
  show permit running-config
  in above example, user will be allowed to run only above commands. If user tries to execute 'interface ethernet 1', user will get 'Command authorization failed'.
  [2] Press 'Submit'.
  [3] Goto the group on which we want to apply these command authorization set. Select 'Edit Settings'.
  (cont...)

• How to do .1x port based network access authentication through ACS

  How to do .1x port based network access authentication through ACS.

  Hi,
  802.1x can authenticate hosts either through the username/password or either via the MAC address of the clients (PC's, Printers etc.). This process is called Agentless Network Access which can be done through Mac Auth Bypass.
  In this process the 802.1x switchport would send the MAC address of the connected PC to the radius server for authentication. If the radius server has the MAC address in it's database, the authentication would be successful and the PC would be granted network access.
  To check the configuration on the ACS 4.x, you can go to http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/configuration/guide/noagent.html
  To check the configuration on an ACS 5.x, you can go to http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1053005
  Regards,
  Kush

• Authorization in ACS 5.2

  In ACS 5.2, when i add custom a shell profile to a rule in an authorization policy (used in a TACAS access service) it seems to be skipped.
  I can see the rule is hit because the hitcount number increases (it hits because of the group id), and when i set the shell profile to deny access (as test), access is actually rejected. So i know the rule is hit, but anything i put in my custom shell profile at the common tasks tab (like an auto command or default/maximum privilege level) is not used.
  The same goes for commands sets. When i add the set 'deny all commands' the user is still able to exceute all commands, although the rule is hit based on the group ID the user belongs to.
  I must be doing something wrong, but i can't find my mistake.

  @ Edward; Same here, no authorization logging.
  @ Nicolas; thanks for picking this up.
  First of all, these are my AAA lines in the test 2901, running IOS 15.0.
  aaa authentication login ACS-TAC group tacacs+ local
  aaa authorization exec ACS-TAC group tacacs+ local
  aaa authorization commands 0 ACS-TAC group tacacs+ local
  aaa authorization commands 1 ACS-TAC group tacacs+ local
  aaa authorization commands 15 ACS-TAC group tacacs+ local
  I created a new Access service, of which the Identity part is working fine.
  These rules are in the authorization policy:
  This is rule1:
  This is the Shell profile, just for test:
  The command set is easy, denyallcommands. I want to add a specific command set for our service desk, but not before i can get it to work.
  When i change the Shell profile of rule1 to DenyAccess i am not able to logon with the service desk account, so it looks like the authorization rule is actually used.

• Configure reverse proxy using Apache 2.2.15

  Dear Experts,
  I am in the process of configuring reverse proxy for my portal so that ppl outside the network can access my servers.
  We are on SUSE Linux 10 SP2, installed Apache 2.2.15 and started apache successfully.
  When i run command ps -ef | grep httpd, i get list of processes that are running.
  But when i open mozilla on the server where i installed apache and type http://myhost.domian.com:8080 it doesnt display any screen.
  I still assume that my apache is running. Please correct me on the above.
  Now i have configured my httpd.conf based on help.sap.com and various threads on sdn and it looks something like below
  ====================================================================================================
  ProxyPass /irj http://myhost.mydomian.com:50100/irj/
  ProxyPassReverse /irj http://myhost.mydomian.com:50100/irj/
  ProxyPreserveHost On
  #####################################r Reverse Proxy
  ProxyRequests off
  ProxyPreserveHost On
  <VirtualHost 172.XXX.XX.XX:80>
  #DocumentRoot Webserver doc root, eg "C:/.../htdocs"
  #ServerName <http:// Domain Name eg www.domainA.com >
  #ErrorLog logs/Domain.com-error_log
  #CustomLog logs/Domain.com-access_log common
  (Commented the above lines as i did not understand what i need them for.. please help on the above)
  RewriteEngine On
  RewriteLog logs/myhost_unsecured_rewrite.log
  RewriteLogLevel 9
  <Directory />
  Options None
  AllowOverride None
  </Directory>
  RewriteRule ^/(.*)$ http://myhost.mydomian.com:50100/$irj1/ NC,P
  ProxyPassReverse /irj http://myhost.mydomian.com:50100/
  </VirtualHost>
  With the above configuration will i be able to acheive my goal of using this server as my reverse proxy and also for redirecting the host name.
  Please help me on the above
  Thanks and regards
  Hunky

  If you search for "reverse proxy apache" you'll find quite lots of resources (blogs, articles) here on the SDN.
  You may start with
  FEATURED EVENTS
  Markus

• Command Authorization on ACS

  Hi Guys,
  its like I want to have only single user ID (Could be AD account or ACS local account) & want this user account should have level 1 access on some switches,routers & have rights to run specific commands on Core devices,firewall & should have level 15 on access devices.
  So I want to use only one user account & want to have different level of Access & specific command authorization through ACS.
  please help me on this.
  Thanks

  Hi ,
  The trick here is to give Priv 15 access to the user is question and then deploy command authorization , so that user can only execute some specific commands.
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/user/spc.htm#wp697557
  Pix command,
  username Test password cisco
  username Test privilege 15
  aaa-server TACACS protocol tacacs+
  aaa-server TACACS (outside) host 10.130.102.191 cisco timeout 10
  aaa authentication http console TACACS LOCAL
  aaa authentication ssh console TACACS LOCAL
  aaa authentication telnet console TACACS LOCAL
  aaa authentication enable console TACACS LOCAL
  aaa authorization command TACACS LOCAL <--------- NEEDED FOR COMMAND AUTHORIZATION ON PIX
  Regards,
  ~JG
  Please rate if that helps !

• I need helping!!! configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.

  I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
  I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
  I need to allow the following IP addresses to have RDP access to my server:
  66.237.238.193-66.237.238.222
  69.195.249.177-69.195.249.190
  69.65.80.240-69.65.80.249
  My external WAN server info is - 99.89.69.333
  The internal IP address of my server is - 192.168.6.2
  The other server shows up as 99.89.69.334 but is working fine.
  I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
  THE FOLLOWING IS MY CONFIGURATION FILE
  Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
  Also the bolded lines are the modifications I made but that arent working.
  ASA Version 7.2(4)
  hostname ciscoasa
  domain-name default.domain.invalid
  enable password DowJbZ7jrm5Nkm5B encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.6.254 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 99.89.69.233 255.255.255.248
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object-group network EMRMC
  network-object 10.1.2.0 255.255.255.0
  network-object 192.168.10.0 255.255.255.0
  network-object 192.168.11.0 255.255.255.0
  network-object 172.16.0.0 255.255.0.0
  network-object 192.168.9.0 255.255.255.0
  object-group service RDP tcp
  description RDP
  port-object eq 3389
  object-group service GMED tcp
  description GMED
  port-object eq 3390
  object-group service MarsAccess tcp
  description MarsAccess
  port-object range pcanywhere-data 5632
  object-group service MarsFTP tcp
  description MarsFTP
  port-object range ftp-data ftp
  object-group service MarsSupportAppls tcp
  description MarsSupportAppls
  port-object eq 1972
  object-group service MarsUpdatePort tcp
  description MarsUpdatePort
  port-object eq 7835
  object-group service NM1503 tcp
  description NM1503
  port-object eq 1503
  object-group service NM1720 tcp
  description NM1720
  port-object eq h323
  object-group service NM1731 tcp
  description NM1731
  port-object eq 1731
  object-group service NM389 tcp
  description NM389
  port-object eq ldap
  object-group service NM522 tcp
  description NM522
  port-object eq 522
  object-group service SSL tcp
  description SSL
  port-object eq https
  object-group service rdp tcp
  port-object eq 3389
  access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
  access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
  access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
  access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
  access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
  access-list outside_access_in extended permit tcp any interface outside eq 3389
  access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
  access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
  access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
  access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-524.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
  static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  http server enable
  http 192.168.6.0 255.255.255.0 inside
  http 0.0.0.0 0.0.0.0 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set peer 68.156.148.5
  crypto map outside_map 1 set transform-set ESP-3DES-MD5
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 1
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  tunnel-group 68.156.148.5 type ipsec-l2l
  tunnel-group 68.156.148.5 ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
  : end
  ciscoasa(config-network)#

  Unclear what did not work.  In your original post you include said some commands were added but don't work:
  static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
  and later you state you add another command that gets an error:
  static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
  You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
  The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface.  Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
  Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive?  Static PAT usually makes sense when you need to change the TCP port number.  In your example, you are not changing the TCP port 3389.

• I can't synchronize my iPod's with my iTunes software (Windows Vista Home Premium) due to problems with the access authorization / rights for this operation

  Hi there,
  I'd like to ask you something:
  I'm trying to synchronize all my iPod's (I have as many as 4 iPods: 2 iPod touch a 8 GB each and 2 iPod classic a 160 GB each) with my iTunes software (Version 11.3.1 which is installed on a Windows PC (Windows Vista Home Premium)). Unfortunately, the iTunes software refuses to run the command "synchronize with the iPod connected" regarding each and every iPod I have. iTunes just declares:
  Synchronizing is impossible because I wouldn't hold the access authorization / rights for this operation.
  I uploaded the songs at issue to my iTunes folder from CD's (all songs are in AAC format now).
  What is this access authorization, why was something like that invented and what can I do to get it?
  How do I have to proceed in detail?
  What would it cost?
  I am brand new here and have never ever made a post in any support community anywhere in the world in my life. Well, and I am not excessively knowledgeable about the particular computer or mac language but I know the very basics or can find out about them.
  Anyways - can you help me please?
  If you can't help me, who can do so?
  It would be nice if you could answer me as soon as possible!
  Thank you guys
  Prying Pedro

  Yes, others have experienced the problem, a simple search of the forums would have revealed that and the simple solution.
  Termporarily disable any security software on the computer.

• How to configure MS-Access 2010 DB details on weblogc using DBAdapter

  Hi Experts,
  Can any one help me how to configure MS-Access 2010 DB details on weblogic 11g using DBAdapters.
  If you provide step by step instuction, it is very usful to me.
  If you have any screen shots you can any one please send a file to my mail ID:[email protected]
  My Requirement:
  I need to fetch 3 columns data (product code/ serial numer and serial status) from MS-Access 2010 and store it on oracle 11g, for that I have wrote a web service code and I need to make it automation. I don't have any IDEA, how to make this web serevice as automation (automation means, when ever new record stored in MS-Access data I need to fetch newly created record from MS-Access 2010 and send it to Oracle 11g)
  Note: MS- Access 2010 present at vision system and Oracle 11g installed in linux server.
  Thanks,
  Phani

  Hi,
  I am also facing the same issue, not sure about what url to use. And also the login webservice doesn't work while I am testing using http://localhost:81/RTC/RTCService.asmx. It always throwing the following error
  " Unable to cast COM object of type 'RTCLib.RTCClientClass' to interface type 'RTCLib.IRTCClient'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{07829E45-9A34-408E-A011-BDDF13487CD1}' failed due to the following error: No such interface supported (Exception from HRESULT: 0x80004002 (E_NOINTERFACE))."
  Is the current owc_lcs.zip support MS Office Communication Server 2007?
  Please share the configuration step if anyone already integrated OCS 2007.
  Thanks,
  -Mukesh.
  Edited by: user9127933 on Feb 19, 2010 4:05 AM

• Configure Universal Access? what is it..

  I have iPhone attached, and in lower portion of pane on computer from summary/options is button 'Configure Universal Access'.
  What is this?
  I tried every search option in iTune help menu, and they don't bother listing it.
  I'm not going to experiment with unknowns, thanks'
  Also the iTunes welcome to Itunes page is up, and again nothing there in sync iPhone video.

  Philscbx wrote:
  Someone at http://forums.macrumors.com/showthread.php?t=725859&highlight=configureuniversalaccess found the altered term of it.
  Don't know how link got messed up, but this is corrected.
  http://www.apple.com/iphone/iphone-3gs/accessibility.html
  Its a bit more direct than a Google list / http://www.google.com/search?btnG=1&pws=0&q=iphoneconfigure+universalaccess
  Message was edited by: Philscbx

• How to configure to access internet on Solaris 10 SPARC

  Dear All,
  how to configure to access internet on Solaris 10 SPARC.
  Thanks and regards,
  Heng

  What you need is just an IP address on your network interface and configure dns in /etc/nsswitch.conf and /etc/resolv.conf.
  More details here : http://docs.oracle.com/cd/E23823_01/html/816-4554/index.html

• FTP_CONNECT: User ------- has no access authorization for computer -------.

  Hi, could anyone please help me resolve the following issue:
  When i run the code below, it comes back saying "could not connect to "host". When tried to run in debug or test the FM "ftp_connect" it says "user ..... has no access authorization for computer .....
  REPORT  ZALB_FTP_TEST.
  types: begin of t_ftp_data,
           line(132) type c,
         end of t_ftp_data.
  data: lv_ftp_user(64)                value 'branch'.     "change this
  data: lv_ftp_pwd(64)                 value 'careful'. "change this
  data: lv_ftp_host(50)                value '10.50.1.199'.     "change this
  data: lv_rfc_dest like rscat-rfcdest value 'SAPFTP'.
  data: lv_hdl    type i.
  data: lv_key    type i               value 26101957.
  data: lv_dstlen type i.
  data: lt_ftp_data type table of t_ftp_data.
  field-symbols: <ls_ftp_data> like line of lt_ftp_data.
  *describe field lv_ftp_pwd length lv_dstlen.
  lv_dstlen = strlen( lv_ftp_pwd ).
  call 'AB_RFC_X_SCRAMBLE_STRING'
    id 'SOURCE'      field lv_ftp_pwd
    id 'KEY'         field lv_key
    id 'SCR'         field 'X'
    id 'DESTINATION' field lv_ftp_pwd
    id 'DSTLEN'      field lv_dstlen.
  call function 'FTP_CONNECT'
    exporting
      user            = lv_ftp_user
      password        = lv_ftp_pwd
      host            = lv_ftp_host
      rfc_destination = lv_rfc_dest
    importing
      handle          = lv_hdl
    exceptions
      not_connected   = 1
      others          = 2.
  if sy-subrc ne 0.
    write:/ 'could not connect to', lv_ftp_host.
  else.
    write:/ 'connected successfully. session handle is', lv_hdl.
    call function 'FTP_CONNECT'
      exporting
        handle        = lv_hdl
        command       = 'dir'
      tables
        data          = lt_ftp_data
      exceptions
        tcpip_error   = 1
        command_error = 2
        data_error    = 3
        others        = 4.
    if sy-subrc ne 0.
      write:/ 'could not execute ftp command'.
    else.
      loop at lt_ftp_data assigning <ls_ftp_data>.
        write: / <ls_ftp_data>.
      endloop.
      call function 'FTP_DISCONNECT'
        exporting
          handle = lv_hdl
        exceptions
          others = 1.
      if sy-subrc ne 0.
        write:/ 'could not disconnect from ftp server'.
      else.
        write:/ 'disconnected from ftp server'.
      endif.
    endif.
  endif.
  Thanks in advance for the help.

  It doesn't work for me if I just maintain * entry.
  But it works after I maintained specific IP address into the table,
  ref notes:2072995 - User has no access authorization for computer
  Cause
  The message comes after the implementation of note '1605054 - Restriction in access to FTP Servers & usage of test reports' or upgrading to a
  support package that contains this note. This note was created to prevent malicious users from accessing remote FTP servers.
  Resolution
  1. Please ensure that all manual steps from note 1605054 are implemented in your system along with the code corrections
  2. Then please enter the allowed FTP servers into the table SAPFTP_SERVERS or enter ‘*’ to allow all FTP servers.