ISE MAR in a Kiosk Environment

Similar Messages

• ISE MAR cache 2-node deployment

  I understand the Pros and Cons described in this document:
  http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116516-problemsolution-technology-00.html
  And I'm OK with getting people to reboot their machine while connected wirelessly to trigger host authentications on Windows machines.
  My issue is related to the 2-node ISE deployment (I'm running 1.2):
  It appears that MAR cache is not synchronized between the ISE nodes (Primary and Secondary).
  For example, a user reboots his machine, and host authentication is answered by the Primary ISE, and user authentication is subsequently succeeds.
  Subsequent user authentication requests, if they are answered by the Secondary ISE will fail, because Secondary ISE node does not have a corresponding host record in its MAR cache - only Primary ISE does.
  Can someone confirm if this behavior is expected?  If I can't get the Secondary ISE node to mirror MAR host entries, I'm going to have a LOT of failures, and a lot of user problems?  Is there even a workaround for this?

  Yes, it is called EAP-Chaining, and all the shortcomings of MAR are resolved by this.

• ISE MAR cache

  Does anybody know what's going to happen if one changes the MAR cache timeout/aging setting found under Identity Management > External Identity Sources > Active Directory > Advanced Settings? Are the current cache entries going to get cleared or are they going to stay? Is there a way to actually see these entries somewhere (per PSN), and can one selectively delete them?
  Depending on the answer to these questions, I have to make the aging timeout change during a maintenance window on the customer's infrastructure. Using ISE 1.2, patch 6.
  Oh, and another question: Are there any drawbacks (e.g. cache size or security issues, other constraints) that would suggest to not increase the default aging timeout to a value of a full week or even more?
  Thanks
  Toni

  Hi Toni,
  Machine Access Restriction for Active Directory User Authorization
  Cisco ISE contains a Machine Access Restriction (MAR) component that provides an additional means of controlling authorization for Microsoft Active Directory-authentication users. This form of authorization is based on the machine authentication of the computer used to access the Cisco ISE network. For every successful machine authentication, Cisco ISE caches the value that was received in the RADIUS Calling-Station-ID attribute (attribute 31) as evidence of a successful machine authentication.
  Cisco ISE retains each Calling-Station-ID attribute value in cache until the number of hours that was configured in the “Time to Live” parameter in the Active Directory Settings page expires. Once the parameter has expired, Cisco ISE deletes it from its cache.
  When a user authenticates from an end-user client, Cisco ISE searches the cache for a Calling-Station-ID value from successful machine authentications for the Calling-Station-ID value that was received in the user authentication request. If Cisco ISE finds a matching user-authentication Calling-Station-ID value in the cache, this affects how Cisco ISE assigns permissions for the user that requests authentication in the following ways:
  If the Calling-Station-ID value matches one found in the Cisco ISE cache, then the authorization profile for a successful authorization is assigned.
  If the Calling-Station-ID value is not found to match one in the Cisco ISE cache, then the authorization profile for a successful user authentication without machine authentication is assigned.
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_authz_polprfls.html
  HTH
  Sandy

• ISE 1.2 VM file system recommendation

  Hi,
  According to http://www.cisco.com/en/US/docs/security/ise/1.2/installation_guide/ise_vmware.html#wp1056074, tabl 4-1 discusses storage requirement for ISE 1.2 in VM environment.  It recommends VMFS.
  What are the implications when using NFS instead?  Is this just a recommendation or an actual requirement?
  At the moment, we use Netapp array which uses NFS for all vApps.  It will be difficult to justify a creation an additional FC HBA just for this one vApp.  Please explain.
  TIA,
  Byung

  If you refer to
  http://www.cisco.com/en/US/docs/security/ise/1.2/installation_guide/ise_vmware.html
  It says :
  Storage
  •File System—VMFS
  We recommend that you use VMFS for storage. Other storage protocols are not tested and might result in some file system errors.
  •Internal Storage—SCSI/SAS
  •External Storage—iSCSI/SAN
  We do not recommend the use of NFS storage.

• Web Redirection Problem on Cisco ISE 1.2 and WLC 7.5

  Hello,
  We are at initial phase of deploying ISE 1.2 in our environment for Wireless Guest Users.
  I have configured ISE and WLC to talk to each other which is working fine. An SSID with MAC-Filtering is also configured on WLC and ACL only allowing ISE and DNS traffice.
  I have configured proper authentication and authorization policies on ISE. Now, when I try to connect my device (laptop and android mobile), I see my device gets associated with the SSID (Demo) and gets the right IP Address from DHCP and right VLAN from WLC. The log process on ISE is as follows.
  11001
  Received RADIUS Access-Request
  11017
  RADIUS created a new session
  11027
  Detected Host Lookup UseCase (Service-Type = Call Check (10))
  15049
  Evaluating Policy Group
  15008
  Evaluating Service Selection Policy
  15048
  Queried PIP
  15048
  Queried PIP
  15004
  Matched rule
  15041
  Evaluating Identity Policy
  15006
  Matched Default Rule
  15013
  Selected Identity Source - Internal Endpoints
  24210
  Looking up User in Internal Users IDStore - B8:B4:2E:A6:7D:75
  24216
  The user is not found in the internal users identity store
  24209
  Looking up Endpoint in Internal Endpoints IDStore - B8:B4:2E:A6:7D:75
  24211
  Found Endpoint in Internal Endpoints IDStore
  22037
  Authentication Passed
  15036
  Evaluating Authorization Policy
  15048
  Queried PIP
  15048
  Queried PIP
  15048
  Queried PIP
  15004
  Matched rule - Guest Redirection
  15016
  Selected Authorization Profile - Test_Profile
  11002
  Returned RADIUS Access-Accept
  I also see a redirect url in the detailed authentication logs. But the problem is that when I open my browser on my device, it doesn't get redirected to the guest portal url. Now since I can't get there, I can't continue with the rest of the process of authentication, COA and final ACL for internet access.
  Can some one please either guide me the correct steps that I need to follow, if I have mis configured something or advise if this is a bug.
  Thanks in advance.
  Jay

  The ACL is definitely used to define what traffic is re-directed to ISE and what traffic is not redirected. Having the permit-all statement at the end will break redirection. If you are using flex-connect then you will need to use flex-connect ACLs and apply those to the flex-connect APs. The links below should give you an idea of what needs to be done:
  http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113606-byod-flexconnect-dg-000.html
  http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116087-configure-cwa-wlc-ise-00.html
  Thank you for rating helpful posts! 

• ISE and 3750E IOS

  Hello group,
                  I am facing a strange problem with my ISE deployment.
  In test environment I have used ISE from version 1.0 to the latest. Currenty what I have is 1.1.1 wit latest patch.
  I have configured dot1x and central web authentication for WIRED guest with ISE. In the test environment I am using WS-C3750G-48PS with C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE6, RELEASE SOFTWARE (fc1) IOS.
  Everything is working as expected. To give a brief,
  dot1x is working perfect with active directory authentication.
  if an end station is not having a dot1x capability, it will fail back to webauth.
  In webauth, both guest and domain users can login, according to the identity group, domain user will have normal access and guest will have internet only access.
  In any case if the dot1x is failing, the user will be redirected to webauth, then again the same authorization is given as per the user role.
  All this configuration works great with the test environment. But when I move on to production, where I have the only change in the access switch, things will get weird.
  I have WS-C3750E-48PD switch stacks in production. There is no ipservice image for 3750E, . There are only ipbase and univeral image for 3750E and universal is not supporting dot1x configurations in interface so I am using ipbase image. And I tried from 12.2.55(SE6) to 15.0.3-SE(ED) images and copied the configurations from my test environment to this production and things are going weird.
  Sometimes I will get the webauth working. But then everything will just stop working, I wont get a redirection page to ise, nothing. If I give a switch reboot, the things will again work good for sometime then again goes for a toe. The most weird is that I won't get a clue in  my ISE box, no authentication logs nothing.
  Can anybody help me out.
     My switch config (general ) is attached here.

  Hi,
  Can you run a debug radius authentication on the switch and compare the failed vs. success sessions. How may switches do you have in the stack? Based on your configuraiton you are using local webauth and not central webauthentication.
  I would suggest moving away from local webauthentication and have seen that you can not serve as many connections since it done locally on the switch (there is a number of 16 but i can not find it.
  Also are you users using IE, or are they using mozilla, have you tested the behavior between the browsers to see if one works over the other (i know the smartscreen settings in IE can cause some issues).
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• HTTP Error 403 - Forbidden on Cisco ISE and SCEP RA

  Dear Experts,
  We are in process of deploying ISE 1.2 in our environment for BYOD.
  The initial step of this process is to configure ISE as an SCEP Proxy and it requires certain configuration on the local CA. We have done all the required configurations on the local CA server.
  Now, when we try to connect ISE with the local CA using SCEP RA Profiles, it gives "HTTP Error 403 - Forbidden". The URL we are using is http://ipaddress/certsrv/mscep/mscep.dll.
  It seems that the local CA is not letting the ISE access the mscep.dll file. Now I dont understand how to allow ISE to access this file or the url. Please advise if there is any step by step process guide. Although, I have followed the ones from Cisco but it doesn't state how to give ISE the required rights for accessing mscep.dll.
  Thanks in advance.
  Jay

  Jay,
  You should use this URL:
  https://ipaddress/certsrv/mscep
  If you try to get the cert from an http address, you will get an error.  You should be using https.  Also, the mscep.dll should not be part of the URL.
  You can test this connectivity from any browser by putting that URL in the sddress bar.  You should see a page similar to this:
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• ISE Not Authenticating Against RSA SecurID

  In the process of integrating ISE 1.2 into our environment with the eventual intent to replace ACS 5.x and having a challenge adding an RSA SecurID server as an external identity source.
  In ACS, we would create an internal user but configure the password to be handled externally and uses PAP or whatever to communicate with RSA.
  I don't see this option in ISE, only to use the RSA SecurID as a direct Identity Source, the problem is that if I try to authenticate to ISE using a device such as an iPhone, which is using MS-CHAPv2 by default, it produces an error in the authentication logs that the device is using a protocol not supported by the identity source.
  So what is the proper way to configure ISE to allow users to authenticate with a one-time-password against RSA SecurID?

  check the following link for Integrating Cisco ISE with RSA SecurID Server
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1080334

• WEB Login on ISE

  Hi all,
  I have an issue with my ISE's. I currently have 2 VM's set up in a ressiliant pair. I am able to SSH to both of them fine but when I try and load the web login it gives me page can't be displayed. I have checked all firewalls to make sure port 443 is open. I have proved connectivity by telneting to the ISE's on port 443 but still the page will not show.
  Any ideas?
  Cheers
  Anthony

  Hi Aevans,
  Can you please let us know which version of ISE is deployed in your environment.
  Can you please login to CLI and check the services of Primary ISE. The command to be used is
  "show application status ise"
  For example :
  node1-poda/admin# show application status ise
  If services are not running please use "application start ise" to start the services.
  node1-poda/admin# application start ise

• Ise and windows CA cert issues during tls

  Hi All,
  We are having some issues when doing eap-tls during onboarding. The setup is to have a single ssid network. Clients initially gets connected via peap and after onboarding it is eap-tls. The environment is a 2 tier CA hirearchy having a root-ca (offline) and intermediate CA (this is the AD domain enterprise CA and scep server). ISE cert was signed by the intermediate CA for https and eap. Also imported the certificate chain from the intermediate CA to ISE cert store (converted from .p7b to .der). It also has the scep RA certificate and scep communication between ise and scep server looks ok.
  The issue is during the onboarding process (tested with windows xp) after the redirection to guest poral, windows SPW wizard starts and prompts to confirm the user certificate. This keeps on prompting after 'ok' is clicked and does not proceed further. The 'view certificate' shows the following error " The issuer of this ccertficate is not found". ISE shows the following errors in authentication details (jpg attached). Windows SPW logs shows that it keep on retrying authentication.
  The issuer of the client cert which is the intermediate CA cert is already in the ISE certificate store. Therefore shouldn't that client get this issuer CA details from ISE and ISE should be able to authenticate client during onboarding to start the tls connection? Do we have to import seperate certs for root-ca, Intermediate ca in ise store instead of the chain?
  Does anybody had this issue with ISE in a hirearchical CA environment?
  Thanks in advance.

  Review this link
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_troubleshooting.html#wp1044440

• ISE VM install question related to Disk Space on VMDK

  Hi all, and thanks in advance for any help/advice you can offer.
  We recently licensed for 10 ISE VM instances in our environment. We are trying to install the 3945 OVA file and it is forcing us to allocate 600GB for the appliance in the VMDK.  Per the install guide, however, the PSN only requires 200GB of disk space. This install will be for a PSN persona eventually, once its built and added to a deployment. So do we have to burn 400Gb for this? I am being told by the VM team that once the 600GB is allocated in the VMDK, it will not be able to be changed later to 200GB. I am told it can expand, but there is no option to shrink the disk size to 200GB. Almost seems as though the OVA should have been made to require a 200GB partition, then you could expand that to 300GB for Admin persona's and more for Monitoring persona's. As it stands, without the option to shrink the drive size, we are wasting 400GB unless I am missing something. Thus I am asking for your help!
  Install guide where VM disk sizing is specified is located at:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/installation_guide/b_ise_InstallationGuide13/b_ise_InstallationGuide12_chapter_011.html#ID-1417-000000d9
  Thank you,
  Jeff

  Hello Prasad,
  I am not sure what database are will be using in your system.
  Check SAPnotes # 799639 "Hardware Requirements" and  # 956921-  IDES ERP 2005 ECC 6.0.
  Here are databse approximations :
  The database sizes are:
    ORACLE: 200 GB
    MaxDB:  180 GB
    MSSQL:  150 GB
    DB2-UDB 150 GB
    DB2 on iSeries 240 GB
  I can't comment on RAM size as i am not aware number of users, functionalities you will be using etc.
  for this you can create a project under http://service.sap.com/sizing. You will get a close approximation.
  This is a easy self guided procedure and its good, you can get a close hardware approximation thought this quick sizer tool.
  Regarding processor its up to you. You can call vendors and check according to your budget.
  Best Regards
  NIraj

• Best Practise for rebooting ISE Nodes?

  Hello Community,
  I administer an ISE installation with two nodes (I am not an ISE Specialist, my job is just to manage the user/mac-adresses... but now I have to move my ISE Nodes from one VMWare Cluster to another VMWare Cluster.
  (Both VMWare environments are connected to our enterprise network, but are different environments. vMotion not possible)
  I would shutdown ISE02, move it to our new VMWare environment and start it again.
  Than I would do this with our ISE01 Node...
  Are there any best practises for doing this? (Shutdown application first, stopl replikation etc)?
  Can I really simply reboot an ISE Node - or have I consider something bevor I doing this? After I doing this?
  Any tasks after reboot?
  Thank you for any answer!
  ISE01    
  Administration, Monitoring, Policy Service    
  PRI(A), SEC(M)
  ISE02    
  Administration, Monitoring, Policy Service    
  SEC(A), PRI(M)

  There is a lot to consider here.  If changing environments means changing IP Address and IP Scopes, then your policies, profiles, and dACLs would also have to change among other things.  If this is the case, create a new ISE VM in the new environment using the built in evaluation license and recreate the deployment from the old environment using the addressing scheme of the new environment.  Then spin-up a new Secondary node and register it on the Primary.  Once this is done, you can re-host the license from your old environment onto your new environment.  You can use this tool to re-host:
  https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=3999
  If IP Addressing is to remain the same, it gets simpler. 
  First, and always, perform a configuration and operational backup.
  If downtime is not an issue, or if you have a maintenance window of an hour or so: Simply shut down both nodes.  Transfer them to the New Environment and turn them on, Primary Node first, of course.
  If downtime is an issue, shut down the Secondary Node and transfer it to the New Environment.  Start the Secondary Node and when it is up, shut down the Primary Node.  Once services on the primary node have stopped, promote the Secondary Node to Primary Node.
  Transfer the OLD Primary Node to the New Environment and turn it on.  It should assume the role of Secondary Node.  If it does not, assign that role through the GUI.
  Remember, the correct way to shut down an ISE node is:
  application stop ise
  halt
  By using these commands, the risk of database corruption decreases by about 90% (Remember to always backup).
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• Drive Letters in ise

  I know that existing network drive letters don't appear in the PowerShell ISE.  Is there any workaround for this?  
  Example:  
  My login script includes a couple of mapped drives.  
  F: \\main\home\
  U: \\main\data
  W: \\main\warehouse 
  With the normal powershell command line, these drives are accessible. 
  But in the ISE, they don't show up at all with Get-PSDrive. 
  With NET USE the drive letters are there, but are shown as "unavailable"
  PS>net use
  New connections will be remembered.
  Status       Local     Remote                    Network
  Unavailable  F:  \\192.168.219.55\larryk   Microsoft Windows Network
  Unavailable  U:  \\192.168.219.55\main     Microsoft Windows Network
  Unavailable  W:  \\192.168.219.55\warehouse Microsoft Windows Network
  Unavailable  X:        \\192.168.219.55\main\it\newsletters\gwk Microsoft Windows Network
  The command completed successfully.
  Unless I'm not correct, this makes it tough to write a PowerShell script that works both in the ISE and at the regular PS command line.   Or, what am I missing?   
  -- L 

  Hi, Bill...  
  I'm using PowerShell to query a database and then write the results to a  shared network folder on a Linux server which is mapped to a drive letter.  I'm using the ISE... (I *love* the ISE), and it just would be a lot easier if  had those
  mapped drives available.  I'm thinking that the workaround is to execute test-path to test whether the path is usable. If the test-path returns false, then map a temporary drive.  But it seems like a bit of a kludge, and I wasn't sure if there was
  some best practice that I was missing.  
  I'm also curious to know why the drives are visible, but inaccessible, in the ISE.  
  Does the ISE actually create a separate environment different from, or "on top of" the normal PS command line environment? 
  And, why doesn't the ISE session inherit the mapped drives?  
  --- L

• Error While Querying DB Link from Oracle 10g to Postgres 8.2

  Hi,
  I have installed unixodbc 2.3.1, postgres odbc driver (psqlodbc-07.03) and dg4odbc 11.2
  On querying : select sysdate from dual@dblink_postgresql, the following error occurs:
  ORA-28500: connection from ORACLE to a non-Oracle system returned this message:
  [unixODBC][Driver Manager]Can't open lib '/oracle/psqlodbc/lib/libpsqlodbc.a' : file not found {01000}
  ORA-02063: preceding 2 lines from DBLINK_POSTGRES
  Similar error appears in the trace file as well.
  [unixODBC][Driver Manager]Can't open lib '/oracle/psqlodbc/lib/libpsqlodbc.a'
  $ isql -v postgresql postgres postgres@2012
  [01000][unixODBC][Driver Manager]Can't open lib '/oracle/psqlodbc/lib/libpsqlodbc.a' : file not found
  [ISQL]ERROR: Could not SQLConnect
  However the file is present in the location and has no permission related problems.
  $ pwd
  /oracle/psqlodbc/lib
  $ ls -lrt
  total 2952
  -rwxr-xr-x 1 oracle oinstall 663 Mar 25 15:28 psqlodbc.la
  -rw-r--r-- 1 oracle oinstall 731419 Mar 25 15:28 libpsqlodbc.a
  -rw-r--r-- 1 oracle oinstall 12215 Mar 25 22:11 win_md5.o
  -rw-r--r-- 1 oracle oinstall 18100 Mar 25 22:11 options.o
  -rw-r--r-- 1 oracle oinstall 13196 Mar 25 22:11 misc.o
  -rw-r--r-- 1 oracle oinstall 4234 Mar 25 22:11 lobj.o
  -rw-r--r-- 1 oracle oinstall 122442 Mar 25 22:11 info.o
  -rw-r--r-- 1 oracle oinstall 26464 Mar 25 22:11 execute.o
  -rw-r--r-- 1 oracle oinstall 22070 Mar 25 22:11 environ.o
  -rw-r--r-- 1 oracle oinstall 8633 Mar 25 22:11 drvconn.o
  -rw-r--r-- 1 oracle oinstall 83758 Mar 25 22:11 convert.o
  -rw-r--r-- 1 oracle oinstall 62529 Mar 25 22:11 connection.o
  -rw-r--r-- 1 oracle oinstall 5685 Mar 25 22:11 columninfo.o
  -rw-r--r-- 1 oracle oinstall 19724 Mar 25 22:11 bind.o
  -rw-r--r-- 1 oracle oinstall 3768 Mar 25 22:11 tuplelist.o
  -rw-r--r-- 1 oracle oinstall 2816 Mar 25 22:11 tuple.o
  -rw-r--r-- 1 oracle oinstall 36770 Mar 25 22:11 statement.o
  -rw-r--r-- 1 oracle oinstall 10490 Mar 25 22:11 socket.o
  -rw-r--r-- 1 oracle oinstall 74140 Mar 25 22:11 results.o
  -rw-r--r-- 1 oracle oinstall 22686 Mar 25 22:11 qresult.o
  -rw-r--r-- 1 oracle oinstall 1977 Mar 25 22:11 psqlodbc.o
  -rw-r--r-- 1 oracle oinstall 25893 Mar 25 22:11 pgtypes.o
  -rw-r--r-- 1 oracle oinstall 706 Mar 25 22:11 pgapi30.o
  -rw-r--r-- 1 oracle oinstall 34071 Mar 25 22:11 parse.o
  -rw-r--r-- 1 oracle oinstall 706 Mar 25 22:11 odbcapi30.o
  -rw-r--r-- 1 oracle oinstall 41540 Mar 25 22:11 odbcapi.o
  -rw-r--r-- 1 oracle oinstall 11601 Mar 25 22:11 multibyte.o
  -rw-r--r-- 1 oracle oinstall 706 Mar 25 22:11 info30.o
  -rw-r--r-- 1 oracle oinstall 5972 Mar 25 22:11 gpps.o
  -rw-r--r-- 1 oracle oinstall 37546 Mar 25 22:11 dlg_specific.o
  My odbc.ini and init4dg4odbc looks like below:
  $ pg odbc.ini
  [postgresql]
  Description = Test to Postgres
  Driver = /oracle/psqlodbc/lib/libpsqlodbc.a
  Trace = Yes
  TraceFile = postgres.log
  Database = postgres
  Servername = TCLDSAPORTUAT
  UserName = postgres
  Password = postgres@2012
  Port = 5432
  Protocol = TCP
  ReadOnly = Yes
  RowVersioning = No
  ShowSystemTables = No
  ShowOidColumn = No
  FakeOidIndex = No
  $ pg initdg4odbc.ora
  # This is a sample agent init file that contains the HS parameters that are
  # needed for the Database Gateway for ODBC
  # HS init parameters
  HS_FDS_CONNECT_INFO = postgresql
  HS_FDS_TRACE_LEVEL = DEBUG
  HS_FDS_SHAREABLE_NAME = /oracle/unixodbc64/lib/libodbc.so
  # ODBC specific environment variables
  set ODBCINI=/oracle/unixodbc64/etc/odbc.ini
  # Environment variables required for the non-Oracle system
  #set <envvar>=<value>
  I found similar threads in the forum but could not find solution for this problem.
  Please help to resolve this issue.
  Thanks,
  Akanksha
  Edited by: 996208 on Mar 26, 2013 5:35 AM

  Hi Mike,
  I used the truss option for diagnosis, the output is really long and shows the same error at the end of execution:
  $truss isql -v postgresql postgres postgres@2012
  getuidx(4) = 207
  getuidx(2) = 207
  getuidx(1) = 207
  getgidx(4) = 203
  getgidx(2) = 203
  getgidx(1) = 203
  kload("/usr/lib/nls/loc/en_US__64", 17301632, "/oracle/unixodbc64/lib") = 648518346072918576
  getuidx(4) = 207
  getuidx(2) = 207
  getuidx(1) = 207
  getgidx(4) = 203
  getgidx(2) = 203
  getgidx(1) = 203
  kload("/usr/lib/nls/loc/en_US__64", 17301632, "/oracle/unixodbc64/lib") = 648518346072918576
  access("/usr/lib/nls/msg/en_US/execerr.cat", 0) = 0
  _getpid()                                       = 27262980
  kopen("/usr/lib/nls/msg/en_US/execerr.cat", O_RDONLY) = 3
  kioctl(3, 22528, 0x0000000000000000, 0x0000000000000000) Err#25 ENOTTY
  kfcntl(3, F_SETFD, 0x0000000000000001) = 0
  kioctl(3, 22528, 0x0000000000000000, 0x0000000000000000) Err#25 ENOTTY
  kread(3, "\0\001 ù\001\001 I S O 8".., 4096) = 4096
  lseek(3, 0, 1) = 4096
  lseek(3, 0, 1) = 4096
  lseek(3, 0, 1) = 4096
  _getpid()                                       = 27262980
  lseek(3, 0, 1) = 4096
  _getpid()                                       = 27262980
  lseek(3, 0, 1) = 4096
  _getpid()                                       = 27262980
  lseek(3, 0, 1) = 4096
  lseek(3, 4639, 0) = 4639
  kread(3, "\t 0 5 0 9 - 1 9 4 E x".., 4096) = 1686
  getuidx(4) = 207
  getuidx(2) = 207
  getuidx(1) = 207
  getgidx(4) = 203
  getgidx(2) = 203
  getgidx(1) = 203
  kload("/usr/lib/nls/loc/en_US__64", 17301632, "/oracle/unixodbc64/lib") = 648518346072918576
  getuidx(4) = 207
  getuidx(2) = 207
  getuidx(1) = 207
  getgidx(4) = 203
  getgidx(2) = 203
  getgidx(1) = 203
  kload("/usr/lib/nls/loc/en_US__64", 17301632, "/oracle/unixodbc64/lib") = 648518346072918576
  getuidx(4) = 207
  getuidx(2) = 207
  getuidx(1) = 207
  getgidx(4) = 203
  getgidx(2) = 203
  getgidx(1) = 203
  kload("/usr/lib/nls/loc/en_US__64", 17301632, "/oracle/unixodbc64/lib") = 648518346072918576
  getuidx(4) = 207
  getuidx(2) = 207
  getuidx(1) = 207
  getgidx(4) = 203
  getgidx(2) = 203
  getgidx(1) = 203
  kload("/usr/lib/nls/loc/en_US__64", 17301632, "/oracle/unixodbc64/lib") = 648518346072918576
  getuidx(4) = 207
  getuidx(2) = 207
  getuidx(1) = 207
  getgidx(4) = 203
  getgidx(2) = 203
  getgidx(1) = 203
  kload("/usr/lib/nls/loc/en_US__64", 17301632, "/oracle/unixodbc64/lib") = 648518346072918576
  getuidx(4) = 207
  getuidx(2) = 207
  getuidx(1) = 207
  getgidx(4) = 203
  getgidx(2) = 203
  getgidx(1) = 203
  kload("/usr/lib/nls/loc/en_US__64", 17301632, "/oracle/unixodbc64/lib") = 648518346072918576
  kioctl(1, 22528, 0x0000000000000000, 0x0000000000000000) = 0
  [01000][unixODBC][Driver Manager]Can't open lib '/oracle/psqlodbc/lib/psqlodbc.o' : file not found
  kwrite(1, " [ 0 1 0 0 0 ] [ u n i x".., 99)     = 99
  [ISQL]ERROR: Could not SQLConnect
  kwrite(2, " [ I S Q L ] E R R O R :".., 34) = 34
  kfcntl(1, F_GETFL, 0x0000000010DF0051) = 67110914
  kfcntl(2, F_GETFL, 0x0000000010DF0051) = 67110914
  _exit(1)
  Do I need to install postgres software also?
  While installing postgres odbc driver in /oracle/psqlodbc only two folders were created viz. lib and share
  In lib folder two files were created viz. psqlodbc.la and libpsqlodbc.a
  And everybody on the net seems to refer psqlodbc.so in the "Driver = " parameter
  Today, I extracted the libpsqlodbc.a by using ar -X 64 -xv libpsqlodbc.a again, still no file with .so has been created.
  $ ls -lrt
  total 2952
  -rwxr-xr-x 1 oracle oinstall 663 Mar 25 15:28 psqlodbc.la
  -rwxr-xr-x 1 oracle oinstall 731419 Mar 28 13:51 libpsqlodbc.a
  -rw-r--r-- 1 oracle oinstall 12215 Apr 01 13:50 win_md5.o
  -rw-r--r-- 1 oracle oinstall 3768 Apr 01 13:50 tuplelist.o
  -rw-r--r-- 1 oracle oinstall 2816 Apr 01 13:50 tuple.o
  -rw-r--r-- 1 oracle oinstall 36770 Apr 01 13:50 statement.o
  -rw-r--r-- 1 oracle oinstall 10490 Apr 01 13:50 socket.o
  -rw-r--r-- 1 oracle oinstall 74140 Apr 01 13:50 results.o
  -rw-r--r-- 1 oracle oinstall 22686 Apr 01 13:50 qresult.o
  -rw-r--r-- 1 oracle oinstall 1977 Apr 01 13:50 psqlodbc.o
  -rw-r--r-- 1 oracle oinstall 25893 Apr 01 13:50 pgtypes.o
  -rw-r--r-- 1 oracle oinstall 706 Apr 01 13:50 pgapi30.o
  -rw-r--r-- 1 oracle oinstall 34071 Apr 01 13:50 parse.o
  -rw-r--r-- 1 oracle oinstall 18100 Apr 01 13:50 options.o
  -rw-r--r-- 1 oracle oinstall 706 Apr 01 13:50 odbcapi30.o
  -rw-r--r-- 1 oracle oinstall 41540 Apr 01 13:50 odbcapi.o
  -rw-r--r-- 1 oracle oinstall 11601 Apr 01 13:50 multibyte.o
  -rw-r--r-- 1 oracle oinstall 13196 Apr 01 13:50 misc.o
  -rw-r--r-- 1 oracle oinstall 4234 Apr 01 13:50 lobj.o
  -rw-r--r-- 1 oracle oinstall 706 Apr 01 13:50 info30.o
  -rw-r--r-- 1 oracle oinstall 122442 Apr 01 13:50 info.o
  -rw-r--r-- 1 oracle oinstall 5972 Apr 01 13:50 gpps.o
  -rw-r--r-- 1 oracle oinstall 26464 Apr 01 13:50 execute.o
  -rw-r--r-- 1 oracle oinstall 22070 Apr 01 13:50 environ.o
  -rw-r--r-- 1 oracle oinstall 8633 Apr 01 13:50 drvconn.o
  -rw-r--r-- 1 oracle oinstall 37546 Apr 01 13:50 dlg_specific.o
  -rw-r--r-- 1 oracle oinstall 83758 Apr 01 13:50 convert.o
  -rw-r--r-- 1 oracle oinstall 62529 Apr 01 13:50 connection.o
  -rw-r--r-- 1 oracle oinstall 5685 Apr 01 13:50 columninfo.o
  -rw-r--r-- 1 oracle oinstall 19724 Apr 01 13:50 bind.o
  Thanks,
  Akanksha

• Home network and FTP giving diffrent drive letters

  I have my iTunes library on a home server and I have it synced to that drive letter (i.e. X:). When I am remote, which is often in my job, I ftp in and get a different drive letter (i.e. T:). When I attempt to do anything it is telling me it can’t the file. But, when I try to use the T: drive it wants to erase and re-sync to that drive. These drives are mapped and cannot have the same letter. Is there a way around this? I am more familiar with Microsoft Zune software, which you can sync from several drives and it only will sync what is different.

  Hi, Bill...  
  I'm using PowerShell to query a database and then write the results to a  shared network folder on a Linux server which is mapped to a drive letter.  I'm using the ISE... (I *love* the ISE), and it just would be a lot easier if  had those
  mapped drives available.  I'm thinking that the workaround is to execute test-path to test whether the path is usable. If the test-path returns false, then map a temporary drive.  But it seems like a bit of a kludge, and I wasn't sure if there was
  some best practice that I was missing.  
  I'm also curious to know why the drives are visible, but inaccessible, in the ISE.  
  Does the ISE actually create a separate environment different from, or "on top of" the normal PS command line environment? 
  And, why doesn't the ISE session inherit the mapped drives?  
  --- L