ORA-24247: network access denied by access control list (ACL) using FTP

Similar Messages

• ORA-24247: network access denied by access control list (ACL)error-UTL_HTTP

  I am getting following ACL error while executing following procedure:
  create or replace procedure sat_proc as
  http_req utl_http.req;
  http_resp utl_http.resp;
  BEGIN
  http_req := utl_http.begin_request('www.yahoo.com');
  http_resp := utl_http.get_response(http_req);
  utl_http.end_response(http_resp);
  END;
  exec sat_proc;
  ORA-29273: HTTP request failed
  ORA-06512: at "SYS.UTL_HTTP", line 1130
  ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at "TRANSDBA.SAT_PROC", line 5
  ORA-06512: at line 1
  I am able to execute successfully while executing above code as PL/SQL block:
  DECLARE
  http_req utl_http.req;
  http_resp utl_http.resp;
  BEGIN
  http_req := utl_http.begin_request('www.yahoo.com');
  http_resp := utl_http.get_response(http_req);
  utl_http.end_response(http_resp);
  END;
  PL/SQL procedure successfully completed.
  Could help me find why I am getting error while executing same code in a procedure? Is there any privilege missing?

  GRANT EXECUTE ON SYS.UTL_HTTP TO <your_user>;
  SQL> set time on
  17:21:01 SQL> set role none;
  Role set.
  17:21:23 SQL> @utl_http.sql
  17:21:34 SQL> DECLARE
  17:21:34   2  http_req utl_http.req;
  17:21:34   3  http_resp utl_http.resp;
  17:21:34   4  BEGIN
  17:21:34   5  http_req := utl_http.begin_request('www.yahoo.com');
  17:21:34   6  http_resp := utl_http.get_response(http_req);
  17:21:34   7  utl_http.end_response(http_resp);
  17:21:34   8  END;
  17:21:34   9  /
  PL/SQL procedure successfully completed.
  17:21:35 SQL> connect / as sysdba
  Connected.
  17:22:47 SQL> connect dbadmin/admindb
  Connected.
  17:23:06 SQL> @utl_http.sql
  17:23:22 SQL> DECLARE
  17:23:22   2  http_req utl_http.req;
  17:23:22   3  http_resp utl_http.resp;
  17:23:22   4  BEGIN
  17:23:22   5  http_req := utl_http.begin_request('www.yahoo.com');
  17:23:22   6  http_resp := utl_http.get_response(http_req);
  17:23:22   7  utl_http.end_response(http_resp);
  17:23:22   8  END;
  17:23:22   9  /
  PL/SQL procedure successfully completed.
  17:23:23 SQL> set role none;
  Role set.
  17:23:29 SQL> @utl_http.sql
  17:23:31 SQL> DECLARE
  17:23:31   2  http_req utl_http.req;
  17:23:31   3  http_resp utl_http.resp;
  17:23:31   4  BEGIN
  17:23:31   5  http_req := utl_http.begin_request('www.yahoo.com');
  17:23:31   6  http_resp := utl_http.get_response(http_req);
  17:23:31   7  utl_http.end_response(http_resp);
  17:23:31   8  END;
  17:23:31   9  /
  DECLARE
  ERROR at line 1:
  ORA-29273: HTTP request failed
  ORA-06512: at "SYS.UTL_HTTP", line 1130
  ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at line 5
  17:23:31 SQL> above is from test user
  Below is from SYSDBA account
  SQL> set time on
  17:20:53 SQL> revoke execute on sys.utl_http to dbadmin;
  revoke execute on sys.utl_http to dbadmin
  ERROR at line 1:
  ORA-00905: missing keyword
  17:22:03 SQL> revoke execute on sys.utl_http from dbadmin;
  revoke execute on sys.utl_http from dbadmin
  ERROR at line 1:
  ORA-04020: deadlock detected while trying to lock object
  ACLiLZU+w09hR7gQAB/AQAjcw==
  17:22:32 SQL> /
  Revoke succeeded.
  17:22:52 SQL> Edited by: sb92075 on Jun 10, 2010 5:24 PM

• ORA-24247: network access denied by access control list (ACL)

  Hi All,
  I am sending a mail thru OWB 11g ( and using database 11g) after successful or failure of process. My process is completing successfully but am not able to send mail. At the time of sending mail it is giving me error as below
  ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at "SYS.UTL_TCP", line 17
  ORA-06512: at "SYS.UTL_TCP", line 246
  ORA-06512: at "SYS.UTL_SMTP", line 115
  ORA-06512: at "SYS.UTL_SMTP", line 138
  ORA-06512: at line 8
  I have created ACL using the following code
  BEGIN
  dbms_network_acl_admin.create_acl(acl => 'oramail.xml',
  description => 'Network permissions for mail.oracle.com',
  principal => 'OWF_MGR', is_grant => TRUE, privilege => 'connect');
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'oramail.xml',
  principal => 'OWF_MGR',
  is_grant => true,
  privilege => 'resolve');
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl => 'oramail.xml',
  host => '141.146.46.30');
  END;
  commit;
  where 141.146.46.30 is my mail server IP. I am still not able to send mail by OWB. Please let me know if I have missed any steps in this.
  Thanks.

  For Oracle Warehouse Builder 11g running in 11g dB you need to set the ACL for the OWBSYS user. For example:
  EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_owb_cc.xml', 'ACL for Control Center', 'OWBSYS', TRUE, 'connect');
  For Oracle Warehouse Builder 10.2.0.4 running in 11g dB you need to set the ACL for the OWB repository owner. For example:
  EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_owb.xml', 'ACL for OWB', 'MY_OWB_REPO_OWNER', TRUE, 'connect');"

• APEX and ORA-24247: network access denied by access control list (ACL)

  Hi,
  I try to send email with APEX.
  I have enter the parameters of my mail server and activate the email on my application.
  I have follow the APEX installation guide and apply the script given in the "Granting Connect Privileges" section.
  When I try to send email or make a subscription, I don't receive any email and can see this error in the table "WWV_FLOW_MAIL_LOG"
  +"MAIL_TO","MAIL_FROM","MAIL_REPLYTO","MAIL_SUBJ","MAIL_CC","MAIL_BCC","MAIL_SEND_ERROR","LAST_UPDATED_BY","LAST_UPDATED_ON","SECURITY_GROUP_ID"+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",24/02/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  Do you see what is wrong in my configuration ?
  I use APEX 4.1, Oracle 11g.
  The script that I have apply is :
  DECLARE
  ACL_PATH  VARCHAR2(4000);
  ACL_ID    RAW(16);
  BEGIN
  -- Look for the ACL currently assigned to '*' and give APEX_040100
  -- the "connect" privilege if APEX_040100 does not have the privilege yet.
  SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
  WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
  -- Before checking the privilege, make sure that the ACL is valid
  -- (for example, does not contain stale references to dropped users).
  -- If it does, the following exception will be raised:
  --+
  -- ORA-44416: Invalid ACL: Unresolved principal 'APEX_040100'
  -- ORA-06512: at "XDB.DBMS_XDBZ", line ...
  --+
  SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
  FROM XDB.XDB$ACL A, PATH_VIEW P
  WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
  EQUALS_PATH(P.RES, ACL_PATH) = 1;
  DBMS_XDBZ.ValidateACL(ACL_ID);
  IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_040100',
  +'connect') IS NULL THEN+
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
  +'APEX_040100', TRUE, 'connect');+
  END IF;
  EXCEPTION
  -- When no ACL has been assigned to '*'.
  WHEN NO_DATA_FOUND THEN
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
  +'ACL that lets power users to connect to everywhere',+
  +'APEX_040100', TRUE, 'connect');+
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
  END;
  +/+
  COMMIT;
  Thanks for your help,

  Hi,
  You need to grant privilege to the user.
  i.e add principal
  You can use script :
  DECLARE
  ACL_ID   RAW(16);
  CNT      NUMBER;
  BEGIN
  -- Look for the object ID of the ACL currently assigned to ''*
  SELECT ACLID INTO ACL_ID FROM DBA_NETWORK_ACLS
  WHERE HOST = '' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;*
  -- If just some users referenced in the ACL are invalid, remove just those
  -- users in the ACL. Otherwise, drop the ACL completely.
  SELECT COUNT(PRINCIPAL) INTO CNT FROM XDS_ACE
  WHERE ACLID = ACL_ID AND
  EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL);
  IF (CNT > 0) THEN
  FOR R IN (SELECT PRINCIPAL FROM XDS_ACE
  WHERE ACLID = ACL_ID AND
  NOT EXISTS (SELECT NULL FROM ALL_USERS
  WHERE USERNAME = PRINCIPAL)) LOOP
  UPDATE XDB.XDB$ACL
  SET OBJECT_VALUE =
  DELETEXML(OBJECT_VALUE,
  *'/ACL/ACE[PRINCIPAL="'||R.PRINCIPAL||'"]')*
  WHERE OBJECT_ID = ACL_ID;
  END LOOP;
  ELSE
  DELETE FROM XDB.XDB$ACL WHERE OBJECT_ID = ACL_ID;
  END IF;
  END;
  REM commit the changes.
  COMMIT;
  Or you need to add privilege to specific user/schema using following script:
  BEGIN
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE (
  acl          => 'aclfilename.xml',
  principal    => 'databaseuser',
  is_grant     => TRUE,
  privilege    => 'connect',
  position     => null);
  COMMIT;
  END;
  Please execute this code after connect as sysdba user.
  Thanks & Regards,
  Jaydipsinh Raulji
  Web: [www.oracleapexconsultant.com|www.oracleapexconsultant.com]

• Another ORA-24247: network access denied by access control list (ACL)

  Hi
  We have just upgraded from 10g to 11g (DB version is 11.2.0.1.0), and i've have nothing but problems with ACL.
  I've tried:
  Creation code (as dba-user):
  begin
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(’netacl.xml’,
  ‘Allow usage to the UTL network packages’, ‘ACLTEST’, TRUE, ‘connect’);
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(’netacl.xml’ ,’ACLTEST’, TRUE, ‘resolve’);
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(’netacl.xml’,'*’);
  commit;
  end;
  Execution code (as ACLTEST):
  declare
  l_conn UTL_TCP.connection;
  v_file ftp.TStringTable;
  l_list ftp.t_string_table;
  begin
  l_conn := ftp.Logind('DOMAIN', 21, 'USERNAME', 'PASSWORD');
  ftp.logout(l_conn);
  end;
  Error stack
  ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at “SYS.UTL_TCP”, line 17
  ORA-06512: at “SYS.UTL_TCP”, line 246
  ORA-06512: at “COMMON.FTP”, line 784
  ORA-06512: at line 7
  i've tried to add the domain in the acl with full port range with no luck:
  begin
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(’netacl.xml’,'DOMAIN’,1,65000);
  commit;
  end;

  Hi;
  First what below query return
  SELECT acl,
  principal,
  privilege,
  is_grant,
  to_char(start_date) ,
  to_char(end_date)
  FROM dba_network_acl_privileges;
  Regard
  Helios

• HR User, REST example - network access denied by access control list (ACL)

  Hi,
  I am new to APEX and am running the 'Oracle Developer Days' vm. I'm logged into APEX as the default HR/oracle account and I've been following the 'Creating and Using a RESTful Web Service in Application Express 4.2' training video, however when I try to retrieve information by entering a dept no. and clicking submit I get:
  ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1130 ORA-24247: network access denied by access control list (ACL)
  I've seen the following thread:
  ORA-24247: network access denied by access control list (ACL)error-UTL_HTTP
  and I've tried running the command:
  GRANT EXECUTE ON SYS.UTL_HTTP TO HR;
  but I'm not getting anywhere, presumably the HR user does not have permissions to access 'http://localhost:8888/apex/hr/employee_test'
  Any help much appreciated, also if this is the wrong forum for this question please let me know.
  Many Thanks

  Hi,
  Thank you for the link; I executed the first block of code to 'grant connect privileges to any host for the APEX_040200 database user' that did not work so I changed the user to HR within the code and re-executed and that seems to have done the trick. I guess the HR user is now in the power_users list/group?
  Thanks again!

• ORA-24247: Netzwerkzugriff von Access Control-Liste (ACL) abgelehnt

  Hi,
  I am trying to send email in APEX but all the emails are in APEX mail queue with error status,
  ORA-24247: Netzwerkzugriff von Access Control-Liste (ACL) abgelehnt
  I already configured smtp server in manage instance. Please suggest me why the error is happening.
  Thanks & Regards,
  Sagarika

  Probably you need to add the SMTP server address to the ACL list. There are numerous resources showing how to do that. Google on "how to create acl in oracle" and you will get many links showing up. This one is explaining a how to quite good:
  http://www.oracleflash.com/36/Oracle-11g-Access-Control-List-for-External-Network-Services.html
  Denes Kubicek
  http://deneskubicek.blogspot.com/
  http://www.apress.com/9781430235125
  http://apex.oracle.com/pls/apex/f?p=31517:1
  http://www.amazon.de/Oracle-APEX-XE-Praxis/dp/3826655494
  -------------------------------------------------------------------

• Access control list (ACL)

  hi,
  I have upgraded from 8i to 11g. I am using a procedure to send email from forms10g.
  After the upgrade, I am getting error.
  ERROR at line 1:
  ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at "SYS.UTL_TCP", line 17
  ORA-06512: at "SYS.UTL_TCP", line 246
  ORA-06512: at "SYS.UTL_SMTP", line 115
  ORA-06512: at "SYS.UTL_SMTP", line 138
  ORA-06512: at "HYBRID.SEND_MAIL", line 12
  ORA-06512: at line 1
  I created the ACL, see below .
  begin
  dbms_network_acl_admin.create_acl (
  acl => 'utl_smtp.xml',
  description => 'Allow mail to be send',
  principal => 'username',
  is_grant => TRUE,
  privilege => 'connect'
  commit;
  end;
  begin
  dbms_network_acl_admin.add_privilege (
  acl => 'utl_smtp.xml',
  principal => 'username',
  is_grant => TRUE,
  privilege => 'resolve'
  commit;
  end;
  begin
  dbms_network_acl_admin.assign_acl(
  acl => 'utl_smtp.xml',
  host => 'smtp.abc.com'
  commit;
  end;
  When i execute send_mail procedure i get the above error.
  Exec send_mail('[email protected]','[email protected]','item Return','TEST MAIL') ;
  Please help

  Pl see if MOS Doc 557070.1 (ORA-24247 Trying To Send Email Using UTL_SMTP from 11gR1 (11.1.0.6) or higher) can help
  HTH
  Srini

• Query: Best practice SAN switch (network) access control rules?

  Dear SAN experts,
  Are there generic SAN (MDS) switch access control rules that should always be applied within the SAN environment?
  I have a specific interest in network-based access control rules/CLI-commands with respect to traffic flowing through the switch rather than switch management traffic (controls for traffic flowing to the switch).
  Presumably one would want to provide SAN switch demarcation between initiators and targets using VSAN, Zoning (and LUN Zoning for fine grained access control and defense in depth with storage device LUN masking), IP ACL, Read-Only Zone (or LUN).
  In a LAN environment controlled by a (gateway) firewall, there are (best practice) generic firewall access control rules that should be instantiated regardless of enterprise network IP range, TCP services, topology etc.
  For example, the blocking of malformed TCP flags or the blocking of inbound and outbound IP ranges outlined in RFC 3330 (and RFC 1918).
  These firewall access control rules can be deployed regardless of the IP range or TCP service traffic used within the enterprise. Of course there are firewall access control rules that should also be implemented as best practice that require specific IP addresses and ports that suit the network in which they are deployed. For example, rate limiting as a DoS preventative, may require knowledge of server IP and port number of the hosted service that is being DoS protected.
  So my question is, are there generic best practice SAN switch (network) access control rules that should also be instantiated?
  regards,
  Will.

  Hi William,
  That's a pretty wide net you're casting there, but i'll do my best to give you some insight in the matter.
  Speaking pure fibre channel, your only real way of controlling which nodes can access which other nodes is Zones.
  for zones there are a few best practices:
  * Default Zone: Don't use it. unless you're running Ficon.
  * Single Initiator zones: One host, many storage targets. Don't put 2 initiators in one zone or they'll try logging into each other which at best will give you a performance hit, at worst will bring down your systems.
  * Don't mix zoning types:  You can zone on wwn, on port, and Cisco NX-OS will give you a plethora of other options, like on device alias or LUN Zoning. Don't use different types of these in one zone.
  * Device alias zoning is definately recommended with Enhanced Zoning and Enhanced DA enabled, since it will make replacing hba's a heck of a lot less painful in your fabric.
  * LUN zoning is being deprecated, so avoid. You can achieve the same effect on any modern array by doing lun masking.
  * Read-Only exists, but again any modern array should be able to make a lun read-only.
  * QoS on Zoning: Isn't really an ACL method, more of a congestion control.
  VSANs are a way to separate your physical fabric into several logical fabrics.  There's one huge distinction here with VLANs, that is that as a rule of thumb, you should put things that you want to talk to each other in the same VSANs. There's no such concept as a broadcast domain the way it exists in Ethernet in FC, so VSANs don't serve as isolation for that. Routing on Fibre Channel (IVR or Inter-VSAN Routing) is possible, but quickly becomes a pain if you use it a lot/structurally. Keep IVR for exceptions, use VSANs for logical units of hosts and storage that belong to each other.  A good example would be to put each of 2 remote datacenters in their own VSAN, create a third VSAN for the ports on the array that provide replication between DC and use IVR to make management hosts have inband access to all arrays.
  When using IVR, maintain a manual and minimal topology. IVR tends to become very complex very fast and auto topology isn't helping this.
  Traditional IP acls (permit this proto to that dest on such a port and deny other combinations) are very rare on management interfaces, since they're usually connected to already separated segments. Same goes for Fibre Channel over IP links (that connect to ethernet interfaces in your storage switch).
  They are quite logical to use  and work just the same on an MDS as on a traditional Ethernetswitch when you want to use IP over FC (not to be confused with FC over IP). But then you'll logically use your switch as an L2/L3 device.
  I'm personally not an IP guy, but here's a quite good guide to setting up IP services in a FC fabric:
  http://www.cisco.com/en/US/partner/docs/switches/datacenter/mds9000/sw/4_1/configuration/guides/cli_4_1/ipsvc.html
  To protect your san from devices that are 'slow-draining' and can cause congestion, I highly recommend enabling slow-drain policy monitors, as described in this document:
  http://www.cisco.com/en/US/partner/docs/switches/datacenter/mds9000/sw/5_0/configuration/guides/int/nxos/intf.html#wp1743661
  That's a very brief summary of the most important access-control-related Best Practices that come to mind.  If any of this isn't clear to you or you require more detail, let me know. HTH!

• Designing a network with 6 base stations and an Access control lists

  I have 6 airport extreme (802.11n) base stations setup in my studio.
  I'm a little concerned about security as they're all setup individually (wireless mode: Create a wireless network) with the same Network names (mystudio) and WPA/WPA2 personal password so my roaming users don't have to keep entering passwords / experience dropouts etc
  i have lots of freelancers who are in and out of the studio and there isn't anyway for me to monitor who is currently connected to my wifi network.
  i'd like to setup a wireless network that only allows you to connect to the WIFI network only if your MAC address is on the access control list.
  is this possible with Apple Airport extreme base stations or would it be a better idea for me to invest in a 3rd party product?
  all the base station are connected to an Ethernet point and have static IP's assigned to them.
  whats the best way to deploy such a solution;should i keep the setting as they are and manually enter the mac address for 30 portable machines on each base station or is there a more pragmatic solution...
  any help / input would be much appreciated.
  Thank You

  When employing Access Control in a roaming network configuration, the MAC addresses would be required to be entered atr each of the base stations ... as there is no means (unfortunately) to have them "automatically" migrate amongst them.
  However, one important thing to note. Only wireless security, using WPA or WPA2, will actually secure the wireless network. MAC addresses can easily be spoofed. Someone, determined to do so, can still access your network ... even if secured by Access Control.

• HT3477 Why would a Guest network need an Access Control List?

  I have an Airport Extreme running software 7.6.4 and I have figured out today, to my dismay, that because I have an Access Control List active on my main network (with MAC addresses of my devices), the Guest Network feature, as implemented, becomes simply useless.
  Essentially any friend coming at my place, to whom I want to share my internet connection for a while (say, a couple of hours) with an easy password, either provides me with the MAC address of his device, or has no access at all. And if he has to give me the MAC, then I could just simply add him to the main network in the first place and, BTW, I need to give him also the (complicated) password of my main network.
  What is the purpose of a Guest Network then, if it is subject to the same access restrictions of the main one? I need to remove the access list on my main one, to offer quick and easy access to friends and family defeating the purpose of protecting my main network with MAC addresses and a separate guest network?
  I don't get it. This is a bug. It has to be. I see no logic in it, in the way it is implemented. Or it should have 2 separate access lists, for flexibility. But a *Guest* network, should be by definition open, or easy access (with password, sure, if necessary) - and in case it should have restricted access, it should be by time maybe, not by MAC address....!

  Why would a Guest Network need an Access Control List
  The short answer would be that it would not need an Access Control listing......if you used the default settings in Timed Access.
  Sorry, but I do not understand how you have constructed your Timed Access control list.
  Normally, you would use the default settings and leave the "main" (and "guest") networks set for Unlimited Access.....and then only list the devices that you want to limit separately, establishing "rules" and timeframes for each device that you want to control.
  When you do it the default way, a user would be able to connect to the Guest Network at any time, provided that he/she had the password for the guest network. No MAC Address needed at all.
  If you wanted to limit the time that the "guest" could connect to the guest network, you would have to set up a "rule" for the guest. I would not normally think of limiting the time that a guest could connect.....(unless the guest were one of the grandkids).
  It sounds to me as if you might have set the default network setting to No Access, and you have then set up each device with the times that they would be allowed to connect.
  If you did it this way, then the default No Access would also apply to the Guest Network....and any guest would have to then be set up by MAC Address with a rule set for the times that they were allowed to connect.
  Personally, I have changed the default rule for the "main" (and guest) networks from Unlimited Access to Everyday between 7:00 AM and 11:30 PM. So no one on either the main or guest network can connect before 7:00 AM or after 11:30 PM.
  Then, there are a few rules that I have for devices that connect to the guest network to further limit them to certain times each day. You could do this as well for devices that you want to control on the "main" network.

• Access Control Lists on USB drive connected to AirPort Extreme

  I have a Seagate 320GB drive mounted in a NexStar 2 IDE drive enclosure and connected via USB to my AirPort Extreme Base Station, running version 7.4.1 firmware upgrade.
  Every time I restart the computer or unmount the network drive, an access control list appears to be written to the drive when there should be none, according to Disk Utility. I can tell when there are problems with the drive because the desktop icon turns from bright blue to grey-blue. I have to unmount the drive from the base station and connect it directly to the computer via firewire in order for Disk Utility to examine it. Generally, Disk Utility will report "Incorrect number of Access Control Lists (It should be 0 instead of (whatever number found) )
  Does anyone know why these Access Control Lists are appearing? Is there any easy way to locate them and remove them, other than disconnecting it from the base station and connecting to the computer?
  This problem happens with several different drives, in various NexStar 2 and NexStar 3 enclosures.

  Same problem for me, exept that it happends after copying a file to the drive. It don't happend if I just mount and unmount the disc. The same for all discs I have tryed.
  2009-03-04 12:59:30 +0100: Disk Utility started.
  2009-03-04 12:59:43 +0100: Verifying volume “UltramaxB”
  Starting verification tool: 2009-03-04 12:59:43 +0100
  2009-03-04 12:59:43 +0100: Checking Journaled HFS Plus volume.
  2009-03-04 12:59:43 +0100: Checking Extents Overflow file.
  2009-03-04 12:59:43 +0100: Checking Catalog file.
  2009-03-04 12:59:43 +0100: Checking multi-linked files.
  2009-03-04 12:59:43 +0100: Checking Catalog hierarchy.
  2009-03-04 12:59:43 +0100: Checking Extended Attributes file.
  2009-03-04 12:59:43 +0100: Incorrect number of Access Control Lists
  2009-03-04 12:59:43 +0100: 2009-03-04 12:59:43 +0100: 2009-03-04 12:59:43 +0100: (It should be 5427 instead of 5430)
  2009-03-04 12:59:43 +0100: Checking volume bitmap.
  2009-03-04 12:59:44 +0100: Checking volume information.
  2009-03-04 12:59:44 +0100: 2009-03-04 12:59:44 +0100: The volume UltramaxB needs to be repaired.
  2009-03-04 12:59:44 +0100: Error: Filesystem verify or repair failed.2009-03-04 12:59:44 +0100:
  2009-03-04 12:59:44 +0100: Disk Utility stopped verifying “UltramaxB” because the following error was encountered:
  Filesystem verify or repair failed.
  2009-03-04 12:59:44 +0100:

• Problem while working with Access Control List assigned to Group

  Hi,
  We have a following scenario for which Access Control List is not Working.
  We have a group "Webi_Grp" who should acess only Webi Reports (can perform all operations related to Webi).
  Following Steps are performed but still no success...
  Pl. review and provide the solutions.
  1) Create a Group "Webi_Grp"
  2) Create user "user3"
  3) Assign User to a a group (Now user3 is part of Webi_Grp)
  4) Create Access Ctrl List (ACL) "Webi_ACL"
  5) Goto Included Rights section of "Webi_ACL" & select "YES" for all Webi Operations.
  6) User Security in ACL shows
             a) Administrator -> Full Control (Inherited)
             b) Everyone -> No Access
  7) Included Right for ACL has all Webi Rights as "GRANTED", all Deski Rights "DENY", & Few of the General Rights "GRANTED"
  8) Go  to Users & Group
  9) Select "Webi_Grp"
  10) User Security
  11) Add Principal
  12) Add "User3" and its Security as "Webi_ACL"
  13) Thus User Security in "Webi Grp" shows
            a) Administrators -> Full Control
            b) "user3" -> Webi_ACL
  14) Login With "user3", but still cant create any Webi Report
  Pl. let me know any further settings are required or not.
  Regards,
  Purav

  Hi James,
  Thanks for help.
  I have given ACL to Universe & now user can create Adhoc Query.
  But while I run this query it gives following error "You Donot Have Rights to Access Data in this Universe"
  When I check the rights status in ACL we have following rights granted for "System Universe"
  Create & Edit Query Based on Universe
  Data Access
  Edit Access Restrictions
  New List of Values
  etc... all other rights in this category are granted.
  Still problem persist.
  Could you let me know where else should I check for permissions / rights for data access.
  Regards,
  Purav

• Can't Add To Access Control List Airport Express

  We have both Airport Extreme (2) and Express Base Stations (3) to create a wireless network. On the Extremes I can click the Add button in Access Control in the Airport Admin Utility to add people to the list. On all the Express Base Staions I can edit or delete entries already on the list but can't add any new ones. I can export an Access Control List but not import one. The button is greyed out only the button works. I could add to the lists in the past and I'm not sure when it stopped working. The network structure and settings have not changed. Has anyone heard of this problem?
  Aiport Express   Mac OS X (10.4.8)  

  WDS is used on two Express units to relay the signal from the main base station but not on third one which is connected directly to the network via ethernet.
  On the internet connected Express the Airport Network setting is:
  Wireless Mode: Create a Wireless Network (Home Router)
  All base stations have the same name to allow roaming.
  Internet is connected using Ethernet.

• Macbook pro +   access control list

  Hi everyone,
  i hope someone can help me here.  I keep trying to sign on to my wireless network with my macbook pro and it keeps giving me the error "this network uses an access control list and you're not on the list".....so i go into my router with my desktop and turn off the access control list, and it works until i put my mac to sleep.  when it wakes up, the same error message comes up again.  This has happened for the last 2 months or so.
  I've tried adding the macbook pro to the access control list and turning off the access control list altogether....to no avail, i get the same error message no matter what i do.  The only solution that's worked is if i reset my router every single time i wake up the mac.
  I have an intel macbook pro circa 2007 running on os x tiger, my router is a netgear wireless G router.  i've scoured the internet for answers but can't find anything, here's to hoping someone can help me.  Thanks ahead.

  When you turn off access control do you restart your router.  Also take a look at this link, http://support.netgear.com/app/answers/detail/a_id/13112/~/securing-your-wireles s-network%3A-access-control-list