Problems with clients on a 1220 AP with LEAP auth
I am having some problems with all clients on one access point that have this state:
0018.de99.bafe 0.0.0.0 4500-radio TN1AP01OFF self EAP-Assoc
Here is the config:
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
hostname xx
logging buffered informational
aaa new-model
aaa group server radius rad_eap
server 10.1.50.160 auth-port 1645 acct-port 1646
aaa authentication login default group tacacs+ local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication enable default group tacacs+ enable
aaa authorization console
aaa authorization exec default group tacacs+ local
aaa session-id common
enable secret 5
username imperbalene privilege 15 secret 5
clock timezone CST -6
clock summer-time CST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
ip subnet-zero
ip domain name accuridecorp.com
no dot11 igmp snooping-helper
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode wep mandatory
ssid accuwireless
authentication open eap eap_methods
authentication network-eap eap_methods
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
rts threshold 2339
rts retries 32
power local 100
packet retries 32
channel 2462
fragment-threshold 2338
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
description bvi1
ip address 10.150.0.101 255.255.0.0
no ip route-cache
ip default-gateway 10.150.0.1
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/iv
ip http authentication aaa
ip radius source-interface BVI1
logging trap debugging
logging 10.1.50.5
snmp-server community diff133>>// RO
no snmp-server enable traps tty
snmp-server host 10.1.50.5 diff133>>//
tacacs-server host 10.1.50.160 key
radius-server host 10.1.50.160 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server key 7
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
radius-server vsa send authentication
I have a Cisco ACS server on the backend authenticating just fine, but it seems either the clients are misconfigured or there is something in the AP that needs to be changed.
What is the behavior you're seeing?
1.) The client shows up in the association table on the AP, so WLAN configs must match.
2.) ACS shows a passed authentication? So the clients have an appropriate IP address and are able to pass traffic...
Can you ping the GW of the network?
Similar Messages
-
2014 .3 is much too buggy and full of error messages. Creating problems as I am on a timeline with my client and I don't have time to fool around with all the problems.
You didn't mention what error(s) you've encountered? A workaround for the most commonly hit problem is here Re: error in Muse : Object UID:U6875 has two (or more) owners: U3633 and U3165
If you have a copy of your .muse file that has not been saved using 2014.3, you can downgrade by uninstalling Muse and then choose Previous Version in the Filters drop down in the Apps panel of the Creative Cloud desktop app. There will be a popup next to Muse where you can select a prior version to install. -
Exchange Server 2010 SP3 - Rollup 8 - Issue - Problems with client connections - MS Outlook 2013
Exchange Server 2010 SP3 - Rollup 8 - Issue - Problems with client connections - MS Outlook 2013
Detected Problems:
- Access denied for attached mailbox (department mailbox)
- Access denied for delete or move messages on own mailbox
- Can't send new messages with error (Error: [0x80004005-00000000-00000000])
Solution:
- Rollback to Exchange 2010 SP3 - Rollup 7
- You can rollback to Exchange 2010 SP3 - RollUp 7 in 30 min
Algunos de los destinatarios no recibieron su mensaje.
Asunto: Hola
Enviado el: 11/12/2014 8:35
No se puede localizar a los destinatarios siguientes:
'[email protected]' en 11/12/2014 8:35
Este mensaje no se pudo enviar. Inténtelo de nuevo más tarde, o póngase en contacto con el administrador de red.
Error: [0x80004005-00000000-00000000].See the following forum thread:
https://social.technet.microsoft.com/Forums/en-US/1be9b816-b0ab-40ea-a43a-446239f8eae3/outlook-client-issues-following-exchange-2010-rollup-8 -
Having problem with client side Authentication.
Hi,
I am haveing a problem enabling client side authentication with SSL on
weblogic 5.1.
I have set up the .properties files as explained, however it appears
my client is not sending a certificate back to the server. The same
client however works perfectly (using the same keystore file) with a
sample ClassFileSErver webserver from the jsse distribution. (the
client is a very slightly modified version of
SSLSocketClientWithClientAuth sample that comes with Jsse)
Below I've included a section of the debug dump from the interactions.
The only other difference I can see is the cipher suites offered by
the servers.
Weblogic offers type 0 or 9, and agrees on type 9
(SSL_RSA_WITH_DES_CBC_SHA), whereas ClassFileServer offer type 0 or 5
and settles on type 5 (SSL_RSA_WITH_RC4_128_SHA).
I am using the same keystore for both examples. Both servers request
an RSA client cert.... I'm out of ideas.
Any help would be greatfully received.
Cheers,
Keith
Debug dump information
=====================================
1/Weblogic server.
*** CertificateRequest
Cert Types: RSA,
Cert Authorities:
<CN=K H, OU=itsmobile, O=itsmobile, L=Dublin, ST=Dublin, C=ie>
<[email protected], CN=Demo Certificate Authority,
OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US>
<CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification,
ST=FOR TESTING PURPOSES ONLY, C=ZA>
[read] MD5 and SHA1 hashes: len = 427
0000: 0D 00 01 A7 01 01 01 A3 00 67 30 65 31 0B 30 09
.........g0e1.0.
0010: 06 03 55 04 06 13 02 69 65 31 0F 30 0D 06 03 55
..U....ie1.0...U
0020: 04 08 13 06 44 75 62 6C 69 6E 31 0F 30 0D 06 03
....Dublin1.0...
0030: 55 04 07 13 06 44 75 62 6C 69 6E 31 12 30 10 06
U....Dublin1.0..
0040: 03 55 04 0A 13 09 69 74 73 6D 6F 62 69 6C 65 31
.U....itsmobile1
0050: 12 30 10 06 03 55 04 0B 13 09 69 74 73 6D 6F 62
.0...U....itsmob
0060: 69 6C 65 31 0C 30 0A 06 03 55 04 03 13 03 4B 20
ile1.0...U....K
0070: 48 00 AC 30 81 A9 31 0B 30 09 06 03 55 04 06 13
H..0..1.0...U...
0080: 02 55 53 31 13 30 11 06 03 55 04 08 13 0A 43 61
.US1.0...U....Ca
0090: 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04
lifornia1.0...U.
00A0: 07 13 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F ...San
Francisco
00B0: 31 15 30 13 06 03 55 04 0A 13 0C 42 45 41 20 57
1.0...U....BEA W
00C0: 65 62 4C 6F 67 69 63 31 11 30 0F 06 03 55 04 0B
ebLogic1.0...U..
00D0: 13 08 53 65 63 75 72 69 74 79 31 23 30 21 06 03
..Security1#0!..
00E0: 55 04 03 13 1A 44 65 6D 6F 20 43 65 72 74 69 66 U....Demo
Certif
00F0: 69 63 61 74 65 20 41 75 74 68 6F 72 69 74 79 31 icate
Authority1
0100: 1E 30 1C 06 09 2A 86 48 86 F7 0D 01 09 01 16 0F
.0...*.H........
0110: 73 75 70 70 6F 72 74 40 62 65 61 2E 63 6F 6D 00
[email protected].
0120: 8A 30 81 87 31 0B 30 09 06 03 55 04 06 13 02 5A
.0..1.0...U....Z
0130: 41 31 22 30 20 06 03 55 04 08 13 19 46 4F 52 20 A1"0
..U....FOR
0140: 54 45 53 54 49 4E 47 20 50 55 52 50 4F 53 45 53 TESTING
PURPOSES
0150: 20 4F 4E 4C 59 31 1D 30 1B 06 03 55 04 0A 13 14
ONLY1.0...U....
0160: 54 68 61 77 74 65 20 43 65 72 74 69 66 69 63 61 Thawte
Certifica
0170: 74 69 6F 6E 31 17 30 15 06 03 55 04 0B 13 0E 54
tion1.0...U....T
0180: 45 53 54 20 54 45 53 54 20 54 45 53 54 31 1C 30 EST TEST
TEST1.0
0190: 1A 06 03 55 04 03 13 13 54 68 61 77 74 65 20 54
...U....Thawte T
01A0: 65 73 74 20 43 41 20 52 6F 6F 74 est CA Root
main, READ: SSL v3.0 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
main, SEND SSL v3.0 ALERT: warning, description = no_certificate
main, WRITE: SSL v3.0 Alert, length = 2
And below is a sample when I used the ClassFileServer.
This time the client (same src) returned a certificate.
2/ClassFileSErver (from Sun Jsse distribution)
*** CertificateRequest
Cert Types: DSS, RSA,
Cert Authorities:
<CN=K H, OU=itsmobile, O=itsmobile, L=Dublin, ST=Dublin, C=ie>
[read] MD5 and SHA1 hashes: len = 114
0000: 0D 00 00 6E 02 02 01 00 69 00 67 30 65 31 0B 30
...n....i.g0e1.0
0010: 09 06 03 55 04 06 13 02 69 65 31 0F 30 0D 06 03
...U....ie1.0...
0020: 55 04 08 13 06 44 75 62 6C 69 6E 31 0F 30 0D 06
U....Dublin1.0..
0030: 03 55 04 07 13 06 44 75 62 6C 69 6E 31 12 30 10
.U....Dublin1.0.
0040: 06 03 55 04 0A 13 09 69 74 73 6D 6F 62 69 6C 65
..U....itsmobile
0050: 31 12 30 10 06 03 55 04 0B 13 09 69 74 73 6D 6F
1.0...U....itsmo
0060: 62 69 6C 65 31 0C 30 0A 06 03 55 04 03 13 03 4B
bile1.0...U....K
0070: 20 48 H
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
matching client alias : rsakey
*** Certificate chainMatt,
Did you read this article:
https://wiki.sdn.sap.com/wiki/display/BSP/Using%20Proxies
This explains how to properly setup the HTTPURLLOC table.
In your case you should have entries that look something like this:
40 HTTP * <internal host name> <https port>
50 HTTPS * <external host name> <https port>
In addition you need to run the report to determine if the proxy configuration is setup properly. The URL should be run with the
https://<externalhostname>/sap/bc/bsp/sap/system_test/test_proxy.htm
Take care,
Stephen -
Problems with client site assignment
Hello,
previously I did not have problems with clients on my test computers, both have WinXP SP3. I am testing migration scenarios. One computer is virtual, one is real computer. After successful migration to Win7, I decided to make another test and changed state
of computers back to with WinXP installed, rejoined to domain, removed from SCCM, discovered again. And I pushed agent installation. Now both computers have problems, I see following in the LocationServices.log: "Failed to verify message. Sending MP [SCCMserver]
not in cached MPlist".
But agent was installed on both, has status Yes in the console, but Software Center is not installed.
Please help.Hi,
I did not find errors in the end of ccmsetup.log:
File C:\WINDOWS\ccmsetup\{4D87A80B-6971-43EF-A59F-8088D214378A}\client.msi installation succeeded.
Successfully deleted the ccmsetup service
A Fallback Status Point has not been specified. Message with STATEID='400' will not be sent.
Deleted file C:\WINDOWS\ccmsetup\ccmsetup.xml
CcmSetup is exiting with return code 0
But across the log some errors:
MSI: Action 16:10:48: SmsGenerateFailureMIF.
MSI: Action 16:10:51: CcmRegisterEndpointRollback. In the event of a failed installation, this action rolls back the changes from CcmRegisterEndpoint. -
Problem with Client Side Validator - e.getFacesMessage is not a function
(JDeveloper 11g, TP2 and TP3)
I have created a custom validator that does server side validation as well as client side validation. It gets invoked - an alert is fired to prove that - but when validation fails, instead of the red box and error message that I was hoping for, I get a JavaScript error:
e.getFacesMessage is not a function (all-11-otn2.js (line 27600))
The getClientScript() method in the validator looks like this:
public String getClientScript(FacesContext facesContext,
UIComponent uIComponent) {
return "function GreaterThanValidator(p1)\n" +
"{ this.greaterThanItem=p1; \n" +
"}\n" +
"GreaterThanValidator.prototype.validate = function(value){" +
"alert('value= '+value); " +
" if (!(value=='X')){ " +
" return new ValidatorException('Value must not be X '" +
" +' (current value = '+value+')');}"+
} Can someone tell me what I am doing wrong here? Like I said, the validation is performed, the alert is shown. Then when I raise the ValidatorException, the error occurs.
thanks for any suggestions.
Lucas
Message was edited by:
Lucas Jellema
Message was edited by:
Lucas Jellema
Message was edited by:
Lucas JellemaLucas,
I assume that this post is related to the previous
Display client side validation error message with the pretty box
I forwarded this internally and am waiting for a hint. Will update this post accordingly (or someone else will do directly)
Frank -
WPA2 on 1220-B with MS IAS (2003 server)
All -
I have a Win2003 server running IAS. I have a 1220-B AP running 12.3(8)JA2.
I am trying to create two VLANs/SSIDs; one for guest mode - fully open without encryption, and one for secure mode WPA2.
The two segments will be firewalled using an ASA-5510.
I have followed the guidelines provided in the WPA2 sample configuration (though AES is not available to me in the encryption Cipher settings - only TKIP), and the using VLANs on wireless access points.
However - the clients (Intel Pro Set 3945 ABG running 10.1.0.3 client) are not able to associate to the secured segment as expected - even when using the AP's local radius server (to eliminate IAS as a source of problems).
Anyone have any suggestions - or known working configs they would care to share?Scott -
The radio units for use in production include the G radio module. The test environment does not (my bad!). I'll have to see about taking one of the upgraded units out of production to further test WPA2. This concerns me though because we have a cache of 350 PCMCIA adapters - and this suggests that they will never be able to do WPA2 because they cannot associate as G devices. I've got to come up with a workable solution for basic B devices (both Cisco and non) and our newer A/B/G devices.
I've used both the ProSet Utilities and WZC to attempt this on the test environment laptop.
Authentication will be testing/proven in two sequences.
The first sequence for authentication will be against the AP's local user database using LEAP.
The second sequence (and ultimately final) will require authentication against the Win2003 IAS AD domain due to multiple APs in the production environment, likely using PEAP.
If I can successfully go directly to the second sequence, that would be nice, but I'm concerned about the simplicity of troubleshooting - in the event something is wrong with the IAS configuration.
For the record, I'm a router/switch head - with only moderate skills with wireless, and virtually no experience with Win 2003 Server. I may need some hand-holding . -
Who can shed some light on my ongoing connection problem.
After upgrading my iPad Air with IOS 7.06, I could no longer connect to the internet.
I have 2 MacBooks Air, 1 ipad mini and one iPhone 4S running on the same network, and they are all connected to the net and function well.
So I cleaned up the ipad completely, installed the latest firmware and reinstalled my apps : no connection.
I tried all things of resets and forgets. No result.
I have been fondling with my Airport Extreme 5 , but that did not help much.
This morning I went to a neighbor , hooked my ipad air on his network, typed the password and the thing all worked fine.
I have tried to connect the ipad air as an ethernet client, but that did not work. „Not enough power“ was the statement
Ideas anyone ?Yes I tried this manyfold. But did not work. Reading on, I took Tesserac's advice. Shut down router and computer.
Start router after 15 minutes and wait another 10 minutes before starting the computer.
Et voila.... everything is back in working order,
Regards form Curacao, Dutch Caribean.
Pete van Linden -
Oracle OCI CLIENT 11g is not connecting with PHP & Apache on Fedora
Dear all... we are facing following issue... similar to other but not able to resolve ...
Warning: oci_connect() [function.oci-connect]: OCIEnvNlsCreate() failed. There is something wrong with your system - please check that LD_LIBRARY_PATH includes the directory with Oracle Instant Client libraries in /var/www/html/waseem2.php on line 2
our PHPinfo(); is showing following the OCI8 Extenstion Enabled
PHP Version 5.2.9
System Linux localhost.localdomain 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov 18 12:19:59 EST 2008 i686
Build Date Apr 17 2009 03:29:46
Configure Command './configure' '--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-libdir=lib' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--disable-debug' '--with-pic' '--disable-rpath' '--without-pear' '--with-bz2' '--with-curl' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--enable-gd-native-ttf' '--with-t1lib=/usr' '--without-gdbm' '--with-gettext' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--enable-wddx' '--with-kerberos' '--enable-ucd-snmp-hack' '--enable-shmop' '--enable-calendar' '--without-mime-magic' '--without-sqlite' '--with-libxml-dir=/usr' '--enable-xml' '--with-system-tzdata' '--with-apxs2=/usr/sbin/apxs' '--without-mysql' '--without-gd' '--disable-dom' '--disable-dba' '--without-unixODBC' '--disable-pdo' '--disable-xmlreader' '--disable-xmlwriter' '--disable-json' '--without-pspell'
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /etc
Loaded Configuration File /etc/php.ini
Scan this dir for additional .ini files /etc/php.d
additional .ini files parsed /etc/php.d/dbase.ini, /etc/php.d/json.ini, /etc/php.d/ldap.ini, /etc/php.d/mbstring.ini, /etc/php.d/mysql.ini, /etc/php.d/mysqli.ini, /etc/php.d/pdo.ini, /etc/php.d/pdo_mysql.ini, /etc/php.d/pdo_sqlite.ini, /etc/php.d/zip.ini
PHP API 20041225
PHP Extension 20060613
Zend Extension 220060519
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
IPv6 Support enabled
Registered PHP Streams php, file, data, http, ftp, compress.bzip2, compress.zlib, https, ftps, zip
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, convert.iconv.*, bzip2.*, zlib.*
Zend logo This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
PHP Credits
Configuration
PHP Core
Directive Local Value Master Value
allow_call_time_pass_reference Off Off
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors On On
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log no value no value
error_prepend_string no value no value
error_reporting 6143 6143
expose_php On On
extension_dir /usr/lib/php/modules /usr/lib/php/modules
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors On On
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .:/usr/share/pear:/usr/share/php .:/usr/share/pear:/usr/share/php
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.force_extra_parameters no value no value
max_execution_time 30 30
max_input_nesting_level 64 64
max_input_time 60 60
memory_limit 32M 32M
open_basedir no value no value
output_buffering 4096 4096
output_handler no value no value
post_max_size 8M 8M
precision 14 14
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv Off Off
register_globals Off Off
register_long_arrays Off Off
report_memleaks On On
report_zend_debug On On
safe_mode Off Off
safe_mode_exec_dir no value no value
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 2M 2M
upload_tmp_dir no value no value
user_dir no value no value
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.ze1_compatibility_mode Off Off
apache2handler
Apache Version Apache/2.2.11 (Fedora)
Apache API Version 20051115
Server Administrator root@localhost
Hostname:Port localhost.localdomain:0
User/Group apache(48)/48
Max Requests Per Child: 4000 - Keep Alive: off - Max Per Connection: 100
Timeouts Connection: 120 - Keep-Alive: 15
Virtual Server No
Server Root /etc/httpd
Loaded Modules core prefork http_core mod_so mod_auth_basic mod_auth_digest mod_authn_file mod_authn_alias mod_authn_anon mod_authn_dbm mod_authn_default mod_authz_host mod_authz_user mod_authz_owner mod_authz_groupfile mod_authz_dbm mod_authz_default util_ldap mod_authnz_ldap mod_include mod_log_config mod_logio mod_env mod_ext_filter mod_mime_magic mod_expires mod_deflate mod_headers mod_usertrack mod_setenvif mod_mime mod_dav mod_status mod_autoindex mod_info mod_dav_fs mod_vhost_alias mod_negotiation mod_dir mod_actions mod_speling mod_userdir mod_alias mod_rewrite mod_proxy mod_proxy_balancer mod_proxy_ftp mod_proxy_http mod_proxy_connect mod_cache mod_suexec mod_disk_cache mod_file_cache mod_mem_cache mod_cgi mod_perl mod_php5 mod_proxy_ajp mod_python mod_ssl
Directive Local Value Master Value
engine 1 1
last_modified 0 0
xbithack 0 0
Apache Environment
Variable Value
LD_LIBRARY_PATH /home/zubair/instantclient_11_1_
HTTP_HOST localhost
HTTP_USER_AGENT Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc10 Firefox/3.0.4
HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE en-us,en;q=0.5
HTTP_ACCEPT_ENCODING gzip,deflate
HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_KEEP_ALIVE 300
HTTP_CONNECTION keep-alive
HTTP_COOKIE PHPSESSID=he50pdhvtihu74lhmjnvggfr42
PATH /sbin:/usr/sbin:/bin:/usr/bin
SERVER_SIGNATURE <address>Apache/2.2.11 (Fedora) Server at localhost Port 80</address>
SERVER_SOFTWARE Apache/2.2.11 (Fedora)
SERVER_NAME localhost
SERVER_ADDR 127.0.0.1
SERVER_PORT 80
REMOTE_ADDR 127.0.0.1
DOCUMENT_ROOT /var/www/html
SERVER_ADMIN root@localhost
SCRIPT_FILENAME /var/www/html/waseem.php
REMOTE_PORT 39529
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.1
REQUEST_METHOD GET
QUERY_STRING no value
REQUEST_URI /waseem.php
SCRIPT_NAME /waseem.php
HTTP Headers Information
HTTP Request Headers
HTTP Request GET /waseem.php HTTP/1.1
Host localhost
User-Agent Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc10 Firefox/3.0.4
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
Cookie PHPSESSID=he50pdhvtihu74lhmjnvggfr42
HTTP Response Headers
X-Powered-By PHP/5.2.9
Connection close
Transfer-Encoding chunked
Content-Type text/html; charset=UTF-8
bz2
BZip2 Support Enabled
Stream Wrapper support compress.bz2://
Stream Filter support bzip2.decompress, bzip2.compress
BZip2 Version 1.0.5, 10-Dec-2007
calendar
Calendar support enabled
ctype
ctype functions enabled
curl
cURL support enabled
cURL Information libcurl/7.18.2 NSS/3.12.1.1 zlib/1.2.3 libidn/0.6.14 libssh2/0.18
date
date/time support enabled
"Olson" Timezone Database Version 0.system
Timezone Database internal
Default timezone Asia/Karachi
Directive Local Value Master Value
date.default_latitude 31.7667 31.7667
date.default_longitude 35.2333 35.2333
date.sunrise_zenith 90.583333 90.583333
date.sunset_zenith 90.583333 90.583333
date.timezone no value no value
exif
EXIF Support enabled
EXIF Version 1.4 $Id: exif.c,v 1.173.2.5.2.27 2008/12/31 11:17:37 sebastian Exp $
Supported EXIF Version 0220
Supported filetypes JPEG,TIFF
filter
Input Validation and Filtering enabled
Revision $Revision: 1.52.2.45 $
Directive Local Value Master Value
filter.default unsafe_raw unsafe_raw
filter.default_flags no value no value
ftp
FTP support enabled
gettext
GetText Support enabled
gmp
gmp support enabled
GMP version 4.2.2
hash
hash support enabled
Hashing Engines md2 md4 md5 sha1 sha256 sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru gost adler32 crc32 crc32b haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5
iconv
iconv support enabled
iconv implementation glibc
iconv library version 2.9
Directive Local Value Master Value
iconv.input_encoding ISO-8859-1 ISO-8859-1
iconv.internal_encoding ISO-8859-1 ISO-8859-1
iconv.output_encoding ISO-8859-1 ISO-8859-1
json
json support enabled
json version 1.2.1
ldap
LDAP Support enabled
RCS Version $Id: ldap.c,v 1.161.2.3.2.14 2008/12/31 11:17:39 sebastian Exp $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20412
SASL Support Enabled
libxml
libXML support active
libXML Version 2.7.3
libXML streams enabled
mbstring
Multibyte Support enabled
Multibyte string engine libmbfl
Multibyte (japanese) regex support enabled
Multibyte regex (oniguruma) version 4.4.4
Multibyte regex (oniguruma) backtrack check On
mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.
Directive Local Value Master Value
mbstring.detect_order no value no value
mbstring.encoding_translation Off Off
mbstring.func_overload 0 0
mbstring.http_input pass pass
mbstring.http_output pass pass
mbstring.internal_encoding no value no value
mbstring.language neutral neutral
mbstring.strict_detection Off Off
mbstring.substitute_character no value no value
mysql
MySQL Support enabled
Active Persistent Links 0
Active Links 0
Client API version 5.0.84
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_INCLUDE -I/usr/include/mysql
MYSQL_LIBS -L/usr/lib/mysql -lmysqlclient
Directive Local Value Master Value
mysql.allow_persistent On On
mysql.connect_timeout 60 60
mysql.default_host no value no value
mysql.default_password no value no value
mysql.default_port no value no value
mysql.default_socket no value no value
mysql.default_user no value no value
mysql.max_links Unlimited Unlimited
mysql.max_persistent Unlimited Unlimited
mysql.trace_mode Off Off
mysqli
MysqlI Support enabled
Client API library version 5.0.84
Client API header version 5.0.77
MYSQLI_SOCKET /var/lib/mysql/mysql.sock
Directive Local Value Master Value
mysqli.default_host no value no value
mysqli.default_port 3306 3306
mysqli.default_pw no value no value
mysqli.default_socket no value no value
mysqli.default_user no value no value
mysqli.max_links Unlimited Unlimited
mysqli.reconnect Off Off
oci8
OCI8 Support enabled
Version 1.3.5
Revision $Revision: 1.269.2.16.2.38.2.32 $
Active Persistent Connections 0
Active Connections 0
Oracle Instant Client Version 11.1
Temporary Lob support enabled
Collections support enabled
Directive Local Value Master Value
oci8.connection_class no value no value
oci8.default_prefetch 100 100
oci8.events Off Off
oci8.max_persistent -1 -1
oci8.old_oci_close_semantics Off Off
oci8.persistent_timeout -1 -1
oci8.ping_interval 60 60
oci8.privileged_connect Off Off
oci8.statement_cache_size 20 20
openssl
OpenSSL support enabled
OpenSSL Version OpenSSL 0.9.8g 19 Oct 2007
pcre
PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 7.8 2008-09-05
Directive Local Value Master Value
pcre.backtrack_limit 100000 100000
pcre.recursion_limit 100000 100000
PDO
PDO support enabled
PDO drivers mysql, sqlite
pdo_mysql
PDO Driver for MySQL, client library version 5.0.84
pdo_sqlite
PDO Driver for SQLite 3.x enabled
PECL Module version 1.0.1 $Id: pdo_sqlite.c,v 1.10.2.6.2.4 2008/12/31 11:17:42 sebastian Exp $
SQLite Library 3.5.9
posix
Revision $Revision: 1.70.2.3.2.22 $
Reflection
Reflection enabled
Version $Id: php_reflection.c,v 1.164.2.33.2.55 2008/12/31 11:17:42 sebastian Exp $
session
Session Support enabled
Registered save handlers files user
Registered serializer handlers php php_binary wddx
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php/session /var/lib/php/session
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0
shmop
shmop support enabled
SimpleXML
Simplexml support enabled
Revision $Revision: 1.151.2.22.2.46 $
Schema support enabled
sockets
Sockets Support enabled
SPL
SPL support enabled
Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilterIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RegexIterator, RuntimeException, SimpleXMLIterator, SplFileInfo, SplFileObject, SplObjectStorage, SplTempFileObject, UnderflowException, UnexpectedValueException
standard
Regex Library Bundled library enabled
Dynamic Library Support enabled
Path to sendmail /usr/sbin/sendmail -t -i
Directive Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
safe_mode_allowed_env_vars PHP_ PHP_
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags a=href,area=href,frame=src,input=src,form=fakeentry a=href,area=href,frame=src,input=src,form=fakeentry
user_agent no value no value
sysvmsg
sysvmsg support enabled
Revision $Revision: 1.20.2.3.2.8 $
tokenizer
Tokenizer Support enabled
wddx
WDDX Support enabled
WDDX Session Serializer enabled
xml
XML Support active
XML Namespace Support active
libxml2 Version 2.7.3
zip
Zip enabled
Extension Version $Id: php_zip.c,v 1.1.2.49 2009/02/05 19:53:22 pajoye Exp $
Zip version 1.8.11
Libzip version 0.9.0
zlib
ZLib Support enabled
Stream Wrapper support compress.zlib://
Stream Filter support zlib.inflate, zlib.deflate
Compiled Version 1.2.3
Linked Version 1.2.3
Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level -1 -1
zlib.output_handler no value no value
Additional Modules
Module Name
dbase
sysvsem
sysvshm
Environment
Variable Value
TERM xterm
LD_LIBRARY_PATH /home/zubair/instantclient_11_1/
PATH /sbin:/usr/sbin:/bin:/usr/bin
PWD /
LANG C
SHLVL 2
ORACLE_HOME /home/zubair/instantclient_11_1/
_ /usr/sbin/httpd
PHP Variables
Variable Value
_REQUEST["PHPSESSID"] he50pdhvtihu74lhmjnvggfr42
_COOKIE["PHPSESSID"] he50pdhvtihu74lhmjnvggfr42
SERVER["LDLIBRARY_PATH"] /home/zubair/instantclient_11_1
_SERVER["HTTP_HOST"] localhost
_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc10 Firefox/3.0.4
_SERVER["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
_SERVER["HTTP_ACCEPT_LANGUAGE"] en-us,en;q=0.5
_SERVER["HTTP_ACCEPT_ENCODING"] gzip,deflate
_SERVER["HTTP_ACCEPT_CHARSET"] ISO-8859-1,utf-8;q=0.7,*;q=0.7
_SERVER["HTTP_KEEP_ALIVE"] 300
_SERVER["HTTP_CONNECTION"] keep-alive
_SERVER["HTTP_COOKIE"] PHPSESSID=he50pdhvtihu74lhmjnvggfr42
_SERVER["PATH"] /sbin:/usr/sbin:/bin:/usr/bin
_SERVER["SERVER_SIGNATURE"] <address>Apache/2.2.11 (Fedora) Server at localhost Port 80</address>
_SERVER["SERVER_SOFTWARE"] Apache/2.2.11 (Fedora)
_SERVER["SERVER_NAME"] localhost
_SERVER["SERVER_ADDR"] 127.0.0.1
_SERVER["SERVER_PORT"] 80
_SERVER["REMOTE_ADDR"] 127.0.0.1
_SERVER["DOCUMENT_ROOT"] /var/www/html
_SERVER["SERVER_ADMIN"] root@localhost
_SERVER["SCRIPT_FILENAME"] /var/www/html/waseem.php
_SERVER["REMOTE_PORT"] 39529
_SERVER["GATEWAY_INTERFACE"] CGI/1.1
_SERVER["SERVER_PROTOCOL"] HTTP/1.1
_SERVER["REQUEST_METHOD"] GET
_SERVER["QUERY_STRING"] no value
_SERVER["REQUEST_URI"] /waseem.php
_SERVER["SCRIPT_NAME"] /waseem.php
_SERVER["PHP_SELF"] /waseem.php
_SERVER["REQUEST_TIME"] 1253301146
_ENV["TERM"] xterm
_ENV["LD_LIBRARY_PATH"] /home/zubair/instantclient_11_1/
_ENV["PATH"] /sbin:/usr/sbin:/bin:/usr/bin
_ENV["PWD"] /
_ENV["LANG"] C
_ENV["SHLVL"] 2
_ENV["ORACLE_HOME"] /home/zubair/instantclient_11_1/
_ENV["_"] /usr/sbin/httpd
PHP License
This program is free software; you can redistribute it and/or modify it under the terms of the PHP License as published by the PHP Group and included in the distribution in the file: LICENSE
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
If you did not receive a copy of the PHP license, or have any questions about PHP licensing, please contact [email protected].
Have a nice day!
Fatal error: Call to undefined function odbc_connect() in /var/www/html/waseem.php on line 20
------------------------------------------------------------------------------------------Is the problem with oci_connect or odbc_connect?
The phpinfo() output shows '--without-unixODBC' which may be a root cause. There is no 'odbc' section shown in the phpinfo() output so I wouldn't expect odbc calls to work.
But if the issue is with OCI8, then make sure that Oracle environment variables and LD_LIBRARY_PATH are set BEFORE starting Apache.
More information on OCI8 and PHP is in http://www.oracle.com/technology/tech/php/underground-php-oracle-manual.html
Also see http://wiki.oracle.com/page/PHP+Oracle+FAQ
The PHP forum on OTN is http://www.oracle.com/technology/forums/php.html -
How to invalidate the client part of a HTTPS Session with client auth
Hi to everybody here,
I'm having an issue with HTTPS and client authentication related with how SSLHandshake works and the behavior of the client browser. I hope you can help.
I'm setting up a web application that ask for a valid session in order to allow access to the application. If the user has no valid session, he's redirected to the login form, and if the auth process is ok, the user gets a session and is redirected again to the secured pages.
We are in the way to create a new login service with client certificates, so the user identificates himself with a certificate valid on the application server.
We have an application server with a secure listener in port 8443. It's configured to request client certificates so we can access to the certificate and validate it and create a session for the user automatically. The user just type his pin code in the browser, no passwords at all. This process is working and sessions are created. The problem comes up when we are trying to log the user out.
We invalidate the session using a logout.jsp, but if the user goes to the secured pages again, we have observed that the authentication takes place automatically and the user can see the secured pages, so he thinks the logout.jsp doesn't work.
My questions are: can we access to delete or modify the client browser ssl part in order to reset the https connection established against our application server? Are there any other ways to avoid this behavior?
Thanks in advance.
Miss.An enduser presents a certificate from a CAC for authentication to our website.
They pick the Cert off the inserted CAC and submit it. Get logged into the application successfully.
The user removes the card form the reader and the SSO session times out.
In the same browser the user clicks log in with CAC and is not prompted for the cert this time the browser just goes ahead and presents the cached cert even though the card is no longer in the reader. The user logs in successfully.
The desired behavior would be to prompt the user for for a cert again obviously.
I am wondering how to turn this off as well. -
Need help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 8.2(1)
Need urgent help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 - 8.2(1).
The following is the Layout:
There are two Leased Lines for Internet access - 1.1.1.1 & 2.2.2.2, the latter being the Standard Default route, the former one is for backup.
I have been able to configure Client to Site IPSec VPN
1) With access from Outside to only the Internal Network (172.16.0.0/24) behind the asa
2) With Split tunnel with simultaneous assess to internal LAN and Outside Internet.
But I have not been able to make tradiotional Hairpinng model work in this scenario.
I followed every possible sugestions made in this regard in many Discussion Topics but still no luck. Can someone please help me out here???
Following is the Running-Conf with Normal Client to Site IPSec VPN configured with No internat Access:
LIMITATION: Can't Boot into any other ios image for some unavoidable reason, must use 8.2(1)
running-conf --- Working normal Client to Site VPN without internet access/split tunnel
ASA Version 8.2(1)
hostname ciscoasa
domain-name cisco.campus.com
enable password xxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
names
interface GigabitEthernet0/0
nameif internet1-outside
security-level 0
ip address 1.1.1.1 255.255.255.240
interface GigabitEthernet0/1
nameif internet2-outside
security-level 0
ip address 2.2.2.2 255.255.255.224
interface GigabitEthernet0/2
nameif dmz-interface
security-level 0
ip address 10.0.1.1 255.255.255.0
interface GigabitEthernet0/3
nameif campus-lan
security-level 0
ip address 172.16.0.1 255.255.0.0
interface Management0/0
nameif CSC-MGMT
security-level 100
ip address 10.0.0.4 255.255.255.0
boot system disk0:/asa821-k8.bin
boot system disk0:/asa843-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.campus.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network cmps-lan
object-group network csc-ip
object-group network www-inside
object-group network www-outside
object-group service tcp-80
object-group service udp-53
object-group service https
object-group service pop3
object-group service smtp
object-group service tcp80
object-group service http-s
object-group service pop3-110
object-group service smtp25
object-group service udp53
object-group service ssh
object-group service tcp-port
object-group service udp-port
object-group service ftp
object-group service ftp-data
object-group network csc1-ip
object-group service all-tcp-udp
access-list INTERNET1-IN extended permit ip host 1.2.2.2 host 2.2.2.3
access-list CSC-OUT extended permit ip host 10.0.0.5 any
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq www
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq https
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ssh
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ftp
access-list CAMPUS-LAN extended permit udp 172.16.0.0 255.255.0.0 any eq domain
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq smtp
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq pop3
access-list CAMPUS-LAN extended permit ip any any
access-list csc-acl remark scan web and mail traffic
access-list csc-acl extended permit tcp any any eq smtp
access-list csc-acl extended permit tcp any any eq pop3
access-list csc-acl remark scan web and mail traffic
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 993
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq imap4
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 465
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq www
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq https
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq smtp
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq pop3
access-list INTERNET2-IN extended permit ip any host 1.1.1.2
access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list DNS-inspect extended permit tcp any any eq domain
access-list DNS-inspect extended permit udp any any eq domain
access-list capin extended permit ip host 172.16.1.234 any
access-list capin extended permit ip host 172.16.1.52 any
access-list capin extended permit ip any host 172.16.1.52
access-list capin extended permit ip host 172.16.0.82 host 172.16.0.61
access-list capin extended permit ip host 172.16.0.61 host 172.16.0.82
access-list capout extended permit ip host 2.2.2.2 any
access-list capout extended permit ip any host 2.2.2.2
access-list campus-lan_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.150.0 255.255.255.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu internet1-outside 1500
mtu internet2-outside 1500
mtu dmz-interface 1500
mtu campus-lan 1500
mtu CSC-MGMT 1500
ip local pool vpnpool1 192.168.150.2-192.168.150.250 mask 255.255.255.0
ip verify reverse-path interface internet2-outside
ip verify reverse-path interface dmz-interface
ip verify reverse-path interface campus-lan
ip verify reverse-path interface CSC-MGMT
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (internet1-outside) 1 interface
global (internet2-outside) 1 interface
nat (campus-lan) 0 access-list campus-lan_nat0_outbound
nat (campus-lan) 1 0.0.0.0 0.0.0.0
nat (CSC-MGMT) 1 10.0.0.5 255.255.255.255
static (CSC-MGMT,internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255
access-group INTERNET2-IN in interface internet1-outside
access-group INTERNET1-IN in interface internet2-outside
access-group CAMPUS-LAN in interface campus-lan
access-group CSC-OUT in interface CSC-MGMT
route internet2-outside 0.0.0.0 0.0.0.0 2.2.2.5 1
route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 10.0.0.2 255.255.255.255 CSC-MGMT
http 10.0.0.8 255.255.255.255 CSC-MGMT
http 1.2.2.2 255.255.255.255 internet2-outside
http 1.2.2.2 255.255.255.255 internet1-outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map internet2-outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map internet2-outside_map interface internet2-outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as
quit
crypto isakmp enable internet2-outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash md5
group 2
lifetime 86400
telnet 10.0.0.2 255.255.255.255 CSC-MGMT
telnet 10.0.0.8 255.255.255.255 CSC-MGMT
telnet timeout 5
ssh 1.2.3.3 255.255.255.240 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet2-outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy VPN_TG_1 internal
group-policy VPN_TG_1 attributes
vpn-tunnel-protocol IPSec
username ssochelpdesk password xxxxxxxxxxxxxx encrypted privilege 15
username administrator password xxxxxxxxxxxxxx encrypted privilege 15
username vpnuser1 password xxxxxxxxxxxxxx encrypted privilege 0
username vpnuser1 attributes
vpn-group-policy VPN_TG_1
tunnel-group VPN_TG_1 type remote-access
tunnel-group VPN_TG_1 general-attributes
address-pool vpnpool1
default-group-policy VPN_TG_1
tunnel-group VPN_TG_1 ipsec-attributes
pre-shared-key *
class-map cmap-DNS
match access-list DNS-inspect
class-map csc-class
match access-list csc-acl
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class csc-class
csc fail-open
class cmap-DNS
inspect dns preset_dns_map
service-policy global_policy global
prompt hostname context
Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y
: end
Neither Adding dynamic NAT for 192.168.150.0/24 on outside interface works, nor does the sysopt connection permit-vpn works
Please tell what needs to be done here, to hairpin all the traffic to internet comming from VPN Clients.
That is I need clients conected via VPN tunnel, when connected to internet, should have their IP's NAT'ted against the internet2-outside interface address 2.2.2.2, as it happens for the Campus Clients (172.16.0.0/16)
I'm not much conversant with everything involved in here, therefore please be elaborative in your replies. Please let me know if you need any more information regarding this setup to answer my query.
Thanks & Regards
maxsHi Jouni,
Thanks again for your help, got it working. Actually the problem was ASA needed some time after configuring to work properly ( ?????? ). I configured and tested several times within a short period, during the day and was not working initially, GUI packet tracer was showing some problems (IPSEC Spoof detected) and also there was this left out dns. Its working fine now.
But my problem is not solved fully here.
Does hairpinning model allow access to the campus LAN behind ASA also?. Coz the setup is working now as i needed, and I can access Internet with the NAT'ed ip address (outside-interface). So far so good. But now I cannot access the Campus LAN behind the asa.
Here the packet tracer output for the traffic:
packet-tracer output
asa# packet-tracer input internet2-outside tcp 192.168.150.1 56482 172.16.1.249 22
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.0.0 campus-lan
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.150.1 255.255.255.255 internet2-outside
Phase: 5
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group internnet1-in in interface internet2-outside
access-list internnet1-in extended permit ip 192.168.150.0 255.255.255.0 any
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: CP-PUNT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Phase: 10
Type: NAT
Subtype:
Result: DROP
Config:
nat (internet2-outside) 1 192.168.150.0 255.255.255.0
match ip internet2-outside 192.168.150.0 255.255.255.0 campus-lan any
dynamic translation to pool 1 (No matching global)
translate_hits = 14, untranslate_hits = 0
Additional Information:
Result:
input-interface: internet2-outside
input-status: up
input-line-status: up
output-interface: internet2-outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
The problem here as you can see is the Rule for dynamic nat that I added to make hairpin work at first place
dynamic nat
asa(config)#nat (internet2-outside) 1 192.168.150.0 255.255.255.0
Is it possible to access both
1)LAN behind ASA
2)INTERNET via HAIRPINNING
simultaneously via a single tunnel-group?
If it can be done, how do I do it. What changes do I need to make here to get simultaneous access to my LAN also?
Thanks & Regards
Abhijit -
Mavericks; is Apple never going to do something about its many problems? I've about had it with Mac.
Mavericks:
Is Apple never going to do something about Mavericks many problems? I've about had it with Mac and when today's Mavericks update appeared, I declined.
I updated to Mavericks 6 months ago on my new Macbook Pro and have had nothing but trouble ever since -- despite numerous trips to the Genius Bar. They all act as though It's only my machine yet I'm reading literally hundreds of similar complaints on the Internet. To start:
1) My machine now "runs" very slow (as in 1980).
2) Search and Spotlight yield jumbled information.
3) MAIL and CCONTACTS are near useless with a spinning beachball the norm.
My Apple store had my machine for 5 days with no loaner! They did a manual rebuild and shrugged their sholders when it still didn't work after all that.
I have the distinct impression that Time Machine is at the bottom of some of my problems. I've used it to migrate data from my last three machines and I'm seeing some odd stuff from my other machines. In particular, I used an exact Macbook Pro loaned by a client after my last Mac crashed (I was backed up) and I'm seeing their grayed out login ID autoentered when I try to update Imovie and so I cannot log into my apple account.
I've used Mac since 1995 when the first SE came out and I'm very tech oriented. I can only wonder how frustrated the lay used might be. Any thoughts out there?Supply information about your Mac (guessing is no use)
Download and run Etrecheck, post the output here -
Hello,
Within the past two months our WSUS Server started throwing error 13002, "Client computers are installing updates with a higher than 25 percent failure rate. This is not normal." We currently have 252 computers with errors in WSUS,
and 33 updates with errors. We have never had issues up until two months ago. If you keep rebooting the machine, and keep running updates, they eventually all install. I believe I will see the machines with errors go away as the weekly scheduled
WSUS install runs over and over, and the machines reboot.
- We run IE8 in our environment and sometimes IE9.
- We have 300 clients, all running Windows 7 SP1 x64.
- Our WSUS server is running on Server 2008 R2. The WSUS build number is 3.2.7600.262.
- We created an alternate WSUS 4.0 server on Server 2012, and redownloaded all updates. We put one client on it and it is showing errors on 3 updates, KB890830, KB931125, and KB2917500.
- Clients are throwing errors 800F0902, 80242016, and 80070005.
- I've noticed something with the C:\Windows\SoftwareDistribution\Download folder on the clients. When an update runs and fails, there is a "Install" folder created inside this folder. If you try to open it after the failure you get
"Access Denied" If you reboot the machine, the install folder goes away. (I assume this is a temp folder created to run updates). I've checked the permissions on this folder on various machines and all seems normal. I think
this is the root of the problem, and why we need to keep rebooting to get all of the updates to run.
- I tried deleting the Software Distribution folder on a client after stopping the update service, then restarting the update service. The folder redownloads but the client still throws errors.
- I've gone through our Group Policies looking for anything that can cause this and found nothing. We've created a test OU blocking inheritance, and only applying a WSUS policy in it to make it get the updates internally. I then rebuilt multiple
machines using Dell KACE, and still had failures.
- We run SEP 11 and 12 on our clients. I've tried removing the AV, making sure the firewall was off, etc. It still throws errors.
- I've spoken with our network team, and installed wireshark on a few clients looking for network errors and found nothing.
- I've tried various Dell KACE scripted installs on test machines (erasing and rebuilding the machines from scratch), after which I run Windows Updates from WSUS. They have thrown errors.
- I've rebuilt a machine using Dell KACE, undomained it, then ran updates externally from WSUS going to Microsoft's site, and I'm still getting errors.
- I've tried removing all software from the Dell KACE build to where it is just installing the OS and I'm still getting errors.
- I tried taking a plain Windows 7 x64 DVD and installing that on a test machine, then without domaining it and without installing any other software, running updates from Microsofts update site. This seems to work, althrough it does throw some errors
but I believe those are related to having to reboot your machine in order to complete the updates (I can't remember that error code at the moment).
Has anyone else been experiencing this? Any suggestions as to how I can fix this?Hi,
Error 800f0902
Please try the method in this thread:
Error
Code: 800f0902
Error 80242016
If you receive Windows Update error 80242016 while checking for updates, it might be caused by a connection interruption between your computer and the Windows Update servers.
80070005
Usually means access denied
Since it worked perfectly for a while, did you make any change on the server? Any applications new installed on clients? -
Creating client stubs for web services with callback operations
Hi,
I have created a simple web service in Workshop to simulate an asynchronous communication.
When I test it within workshop everything is fine but how do I generate the necessary
stubs to create a java client that will support the callback operation ? The only
doucmentation I have found suggests using <clientgen> with the "generateAsyncMethods"
attribute but <clientgen> does not support that attrbiute until version 8.1, I'm
using 7.0. Has anybody run into the same problem ?
thanks in advance,
MikeThis example doesn't use any callback operation though. Is there any sample that
shows how to implement a client for a web service with a callback operation ?
Mike.
"Raj Alagumalai" <[email protected]> wrote:
Hello Mike,
Please refer to the attached sample on writing a Java client for a
conversational web service.
Regards
Raj Alagumalai
WebLogic Workshop Support
"Mike" <[email protected]> wrote in message
news:[email protected]...
Hi,
I have created a simple web service in Workshop to simulate anasynchronous communication.
When I test it within workshop everything is fine but how do I generatethe necessary
stubs to create a java client that will support the callback operation?
The only
doucmentation I have found suggests using <clientgen> with the"generateAsyncMethods"
attribute but <clientgen> does not support that attrbiute until version8.1, I'm
using 7.0. Has anybody run into the same problem ?
thanks in advance,
Mikebegin 666 register2.zip
M4$L#! H``````.M&-"T````````````````'````:6UA9V5S+U!+`P0*````
M``#K1C0M````````````````# ```&IA=F%?8VQI96YT+U!+`P0*``````#K
M1C0M````````````````% ```&IA=F%?8VQI96YT+V-L87-S97,O4$L#! H`
M`````.M&-"T````````````````+````:G-P7V-L:65N="]02P,$"@``````
MZT8T+0````````````````@```!M87IE9V5N+U!+`P0*``````#I1%\M````
M````````````"0```')E9VES=&5R+U!+`P04````" !F:S<MKE+WC%,!```9
M`P``$@```')E9VES=&5R+V)U:6QD+GAM;(5304[#,!"\(_4/B\4U\0>22JA"
MX@`"]<(1.?:V=7'L:.T458B_8R=.2TM%;UGO[,YXQJDZ<EN4`:QHL6:$:^T#
M4B&-1AL8*%R)WH2:"6,8-,*CTE2SDLUG-[,;@"K.=TAA#VAWFIQMXUC-8L'X
M! F"UC@Q#'L4=FB5KYET;:<-'K&W10&+\1"66<QBT +2".]!V^ @;' LT4/4
M$_4[VD-1S/_R30R9("D680-:Q=:PMQP6I4,V'Q$9@P;392!]QQOS3,B _X^;
M9+\B>6?+K: K(W=?T:[R[>G]\>7YX9M[I!T2-[KAG]BD2DO,6D^653S-'R_6
M?D0O8,SG5&T&;,5.2/ D<X:3)FVEZ17&/$XM+]/ `14!X6SYU#I82+BZX.L9
MS[T-R]X&G>*Q+G</+X"/\?U^$"KZ%7!(O>FU45<S-RCLE&:5IR_Y<D87#1W_
MAEC]`%!+`P04````" !F:S<M.$,VJ88```#^````%0```')E9VES=&5R+T-O
M;G1A8W0N:F%V86V.00K#, P$[P;_0<?VX@_DV"?D!8H1J5K'%K):FH3\/8&F
MAX+WN+,#*QB?.!*(EL\<E$:N1MJ!=][):T@<(2:L%6XE&T8#GB311-DJ//"-
M@4OH21D3+S@D\F[U#HZ<<F_*>81J2F1="T6VN0FJH5&3+"S-7NXE_XPC?Y/S
M_^4*Z^;=]N4[4$L#!!0````(`&9K-RWB.$D(@ ```+P````4````<F5G:7-T
M97(O4&5R<V]N+FIA=F%USCT.PC ,AN$]4N[@$99<(",70.H)W,@*IDD<.>&W
MZMU;! ,,?.NC3WHKA@DC056Y/YQ2Y-9)/5AC3;V,B0.$A*W!D;1)`<XU4:;2
M&YSQBH[%#:2,B9\X)K)FM@:V?;Y#5RX1"F;R/W"0TC%T.,D_N8E._I7Q9>^(
MW1[FQ9IE!5!+`P04````" `W2U\MK.Q^UNL&``"6$@``% ```')E9VES=&5R
M+W)E861M92YH=&ULK5AA;]LV$/T\`_X/1+:B&Y!82;IA0.H:R(H`W=!A09LM
M^U"@H"4Z8D.1*DG9\8;]][T[2K*<*.NP]4/D6"2/[]X=[QX]+V-E%M/)O%2R
MH,^HHU'XYXVZT2$J_])H9>/L@US+,W&MEJ_=C<[%M?.WH70UO1%OE5_K7(DT
M55QZ=[<5%W>RJHV"Q:PS.0]Q:Y2(VUJ].(CJ+F9Y" <8*$\.\3BEQS-Z?(M'
MC3^C\5@:E]]^;%R$K3^GDR]6SL:CE:RTV9Z)WY0OI)6'XMQK:0[%*V76*NH<
M;X*TX2@HKU?/L:J2_D;;(Z-6\4P<UW=X]Q=M+/X4;##H/]29./GN^,ES00.G
M]P:>M0/UH3#ZWM@IC^QP?GIX#\V)JGA&8S!B0/H1\W1$/)V)\+&17O&$><8#
MQ&36A6OIBBV'[V3QF2(&VR=L\73QHXW>%4T>M;-X?4JO:SRN2AW +\T6A:J<
M#='+J((HW49$)W*O\%5(\1,PB#QMLG(>;WH8&\ ("<9L.OG1BEIZ!*XQTA\*
M'4?M:@OW9![%1L<2QG)GU\H'2?BD&9H4TA;=JDI:7<,N)5#NJMHU&&-DQ' 0
M35 %3(M8JJ&)IR'MMY) **XPV#J"^>'^Y&ZL9B9_.G_3<E @\-M=$(AWY6%Y
M'N,B+;E1H!;?@-29V3RK$\DCP10@78H0X9HTSJKD@ZQK@WPG"@!*1B'S7(4Q
MB+'TKKDIZ?UT,AQ@T#/!/B8'.%9V*V[T6MD>_G0R%CV&M9;:R"728>5=E7#L
M:+Q2(8K?M-H(EUC^94UC^%[+&R5 $*C(;[6]F4YH>+Y<L&N<EO-LN<"IL+<)
M($X@(T0@X:(D1@98CD*M<KT"TQ2"E08@Y$B4VL*XX(PQ1G$^"[=JG<V-)+[(
MOJ/@,D0>.A1;UTPGT@0GK$*6T @"AJ*2T[;MKGD7(Y\\?TC(CH&!LZ+U-9V^
MMTU=.Q\15$\N4_&#SRD?D!%26%FA;%[8M?;.5MCP8#'/9'M2!Z]W!Q6'ROE"
M>3H$OB'J^V-[R)NOP(;;$)2J`< E7/>-.FN3L#%I:Z/YR#/6Z]?O7_WR\P4'
M1>WV%&N)^DON=H:"BK3M#Q?GO" #6X9RZ/OC8]3T3:F\Z@>),()SL%3R0!3:
M(T+.;^E,;DJ=<\;NSM E3C+RLYI.-)U0G >$M)A1462D'6*@E<0&D':@$'4$
MU(O+\ZM7,S&8`$N%,DAVCR!S<;E^_99K2"XMCC!1154#B,8\R@*?ZVRI[0SX
ME$025?(6+#1><4Y,)P.WPCZ0,>1TWO\9>C]C%#N2-H$7H]@_%+<GST[>'S_[
M#)"S+D^0=B]QV) .H<U!<J5O>_@N"/BRT::8W54FI?G]&3BER*>0>UW'=)RH
M9N,DIQS9KXL/JB%.>W"F*\>S^=)SM]S;X][749#L2)[J+N%,AGCH$AW'V7YD
MS(-?HS8Z]I6E[S =^,[$)CQ]I,<\VEQ+%51O%\)@.E%WM:>"7W"^[II=T57;
MSJ0NU'\G9*0?/>;])SL4][$6%:KP0U9F:)14N2NJ+:'KS5S.J3/!8P/1UU;Q
MU#,*A2IO`MG;>!VIINUUAJ$4^?\L]#G@'R/A@1ZXWXSN=>=AY_K]Z,WERS[(
MU'BH];BVLX_RQ8J,MD!M15-T2]H&J]IV_%A/'6_(X'#7L(CPL1W/]\2=5Q\;
M5(N 6NEB^4_.M4Q0K@Z[*?"--51&R@L^U5E9:/VKUIK4Q&?+@4UX+ ?N"S"B
M,C6T1]5=ZSG8#9HKP$Z\M=*NCC0O;;Z73QLGJ&I!'B,*7Y?01TSR!I+M&_Y/
M4K,/NPK1BB N$6FA*&24_YT9:(S94L:,/D/Y&"ND1%)Y#\S(H$31UVMM"X))
MB%]KV]QEOUI]=X@,HR2*Z'-F2_RPH,$U"CH#]:%O*O#7/HWL-5I?+E%ZJ1=2
MIU#0<[email protected]=<1WM8%1RVV6PJ+0%BLH5E*^))(+%O6^@>/XE2UU;I [&-0E>
MO6DL1VRTI';:[6I/GI',\>D>1J(W-%6;$:R,DB9CV]2=1X49-PM69;GSU-:)
M1:JR?!N O"R]6KTX^')/7^ZI2KG \B2=Y=*M57=7<?SS`=3 SP/YH'87O?9:
MV=Y]*,U](F#6:@A:"ZF*Y*\*$4IE<(_/J>"=35L12C-VN7#&MZ>O6K>SU"I#
MMFDWS ;])O2C7(@SWU+.-Z[!]FW2)<M/6LM/WK6+WW6FWPU-]Z-L^MVHZ:2-
M!AM=X<9)1X7V8?')DY<+OC4GG</L[76K\>5@<6]Y4O@/%-+04C)R08I#(*@-
M[MFJ$K:IEB@G9*.&%(&T9CN@A%PE79$2;R8N)&K7;B&?+FK/:Y?WY41"P*]6
M$*/8&\5O.NDJF(-QGM4[E+E6.6;=KQA9^VO4WU!+`P04````" !T9E<MGYQ.
MU\X.``#G2@``' ```')E9VES=&5R+U)E9VES=&5R0VQI96YT+FIA=F'M'&MS
MVS;R>V;R'U!]:&A7IFSW;2>Y\2.]N.,VGMB]SMW-38:B((DQ1; $:5G7R7^_
MW05 `22H1^M+D[MBVD0B@<7N8M\+)8_BVVC"6<$GB2QY<?SXT>-'R2P71<G>
M1G=1F(CPM!J/><%'KWDTHAF-]Q=97I779<&C6>>45R_N8YZ7B<@:+XM9$K[F
M,U'RKAE5F:3A>51RPFTP8'DA[A<L3B,IN611P5DJ8G@_8DG&RBEG<SY,Q22)
MP[=S&>+L!.;EBM*P!NZ;!:@H/ESQ0HKLS<4L3X^W67$MHESAN;O[^!';91=J
M*:*E9BC$692-Z&$LLCMX'B'A;$KL,Z2%!.!<9$]*EBS!G(FLC.*2C:(R8K(L
MJKBL"MYG0QY'E43JGP!+DC2MX"7 S28$!U^),1N*<LJN7YU<L9&(JQG/RD&:
M`/I12BCAF[W75V>,9[$8`4OSJ(AF'";(/I."(,TY&W' $78!?&9LG@#(<96F
M"_9+%:7).(%U&:P"*B7.QJV)5GUD0YZ*.5$WJ'DKBDDH<IY511+.Y_-0,>NX
M\_W]X?[^87B__T4H@>6AS<;PNHR*\F5#%+<!@"Q.LHK7,);G^31_?C--)$OP
M"!F_CT!"B+$1B@>3O+A+8B0U`=8"U5&)Y$LCEV8"P5*"/.$9L!_%=[A@/_/A
M)8H8NX9YO B?#O+G.-?L?<TYZ]V<GK-KVKAG1+Y>][,H;N54Y/7Q*HJ:<(@&
MC604QUQZ<&1W2=10MK&H,E0S`O/SB].]BQ^_`_D9#EPM"-]&1<C8#5+__<EK
M-DZ 1["A&)91DBE*)4]Y7$LG;MW['M2=7>&&/98FV2T#E7#8^D2R&RY+]K>$
MS]FK.WP('ZY0K1F[&->0;")@VZF0R%ZT$B"D?9KRT^M+/#7\Z ""^4<$9UJ6
M^=%@0(L0P-'7^_L'`TELEP-BR\!8S1;Y<VD8#A*>5\,43D;IO9EY1KQ__.A7
M%"X&8["K_E;G<[Y4,'T$8O@6^"6)K;P@NB(V`W8Z[Y4RPJH:&&#,21M1&9O,
M&59Z18],78]%.:@(Z#TQ*:N!P!:EB$6Z)W,>@X+'#;[email protected]_1,&EY! ,%IH"!
MY9B*$5BI:BAK8&-1-!&!@P7=+$A6I1%6FFTSA8361E]6.>JV5 9-P#FRES<W
M5VBI6%+62Z<1\LK"N.:28LQ3"^9S!.5@,% ?/)Z!S=X04/K\C&5@`H]]D]$I
MF+GN//7G4(B4@S69O3FSK!!9,1#;9VP<I5)Y/YRM+)&B["?PC4FY,'RF8\B+
M) .6P&ZS'/XN!;M>`"ZS4,!AHXV?<'B<H-.NX=Q%:87J#6O,["0+V4D*C(1W
M"?@:KM<@P%ETB\POFB9-`4/K2%*9HR^S* *!D&"/>"T!!?\%MD4B05[03#5X
M#J3<X7P@"+&F0"/84>]^U7-A0.P!=D2CY_ 7!RX&0UA=`%7P=M]Z91A/)%XK
M@R2R'\#HM[B.PPV$@)81T G[@>EP7P7XJ!46!35G=W8<N/,IV,> ?>)!8V<Y
MRR(8Q_)00SKQ- MZ;_RCMW.\?BT\/F![<)@@022UFZXZA%63K5=]KO>:BAE7
ME@.,5Y*-!<K7R:90OE@%Y713*%]J"FPHFZ[]2F,P![_[V^GX>A64C>GX1M-A
M0]ET[;>PEM\G&\UWI=<W*>B]R,#\D=Z!)0;%RZK9D!='+?!EL7 ?-,0<AU%L
M4K@0%&IT"5%$T 2%PU+T"\!@`B$41+"2PY> P#07O7._0AX13UE@Y2O E9VU
M&/)[13?8[CVIHAB/W:QCBLWPN%'XMAWHIA%I8.-#P'?J5Z!;8/(F]-)1,K(
M;7 BA,)&B+K?Z@#&C%T4:9WT4+32D^C2')?0TZXK9#_4/J74\0WF/5&*Q[UH
M08[<Q$DJ7QDVYPW<!\DXL"3D&1B\]4>+:S[Q>^:=]FP/`!Q>!P.I6Y/!.-ZU
M'W'P1!OOY1,%*V2,JZ+ J-_AGV9SG_789WZHGM'+E8#%4R'@KR@3>')*P@1)
M:^@5K@:!VPK526KB2@G:@'IAR1E&% G)$$1"D9=(-'.R7"<JR')77IZ#N'SZ
MZ?+[4["9FXG/_XST9,(K/K]+;)9G%QSL0*98P-EL(C:M[^T3`PUO'9&/[HWY
M^\[V>^\L45WK) M>5D56HZ8!(PGJDR^H'U<9(80Q`$$%@3;%'W@$WA#W8]<Z
M)5.YK8[^ZYDU5-*(1';4?G2YIQ6 J]3U3H#G(,B7:KX&'C2+*@:]N!VDX\G$
M[!,5GF\9UZHW(&0L#B' P:":0R*P+E1I+3P#MJY?ACOV[=T@!0EVX&MO^? ?
M2>X"LJ31U;>-R<M$QGL>D/JO3>3$2O\B4VY<2LJZLU4+`KTN]Q]A_MN/$)F7
M(_-^A*0[:.1 *]9A6-X.4WSB2-!?BJV@8["\!72LKSWHR>=U@(1<[1" ]N'_
M@)46"O1-`,4NA<BQ1%=P+(0$%81PJ2JL46!OA7ZPF2J_\=%.OP:)%@3S:)-I
MH^C$(L5Y.@3716O -KL3MSC7S>K&DX-4]05>5,FZ,KQ20Z*O/D]R9-'X&&
M6(FY>9UT)_C+3TX@L=2=NZA(HF'*J4XR%>G(E$*4P0::J"9B%YUT[&&#LV('
MHST6$EU&$NO.KHBM6*0-],TBY]*!\/KJK+VZF_"++"D3\'?_YB.+^$HNNR>U
M0^[C1]0FLQT>OU0JX'H7!=JJX!GO<T)5WRR%H METFSC]4'UHE-<A%,=Z%W+
M4.!G:H\YBF:.%<D1F3U#2(@E4\@^(#6^O[\WF;$#G=)LBP((%N?10M:MB[HO
M@D$/3=#%XWH)<<?'%E5QQ)+7LB>S+'71'$M^-A>6$_;,-3!8=.I8'O0.]O?9
M"5.>$[W;R1U@P^G3"?YY@$-_V-/_'SC6:'/,3K?"[! P.[4P.ZTQ.SW%/P]Q
MZ ][^O_#E9AMH"L;H>B#\Q#X=BHGBBED!U3#<5L8L5-&I0+W'$P1B!,)/*.Z
M/"B#ZB ZQLG4Y8VY=G*BBW,4?3#\S4*MMG)*=<94A "1=W4&WNC]$,41'U-O
MQW2DKL\O^W6;TVEU@2K$D(IA25DW$)JZ6/"\X%)UT,!G$A+41" ]:J#J,<Z0
MXP%#RB8;FIU6:E N.YR.3C+GRP7%SE6.R!$35>LL*+$E`<1-`,:."M1%3MEP
MF\\8G=&)#;D#N\H2<* LB@N!C6$\"T^2934M;(*U@U52XX"5JH.(6H]V<QQ5
M*39[`/R0-]Q;E"U6%6<:[email protected]^U(5#)&(5Q#,18==.(-D@'VM,OR65U;5<_1
MGUL%_3-A=V=)O+NF,EO9G%)C(SCSU!DN,L "=L+@!%EL]=I(:I54VEVEJ>ZP
M-5MN+=#6`?;]_;=UY8E&YPF,EZ<_%?1^9Q/S+ZC$OI 4Q[I2Z0;A[XNB`'4&
MP<4^L&)E*Q)?4UJU$&H8T[_RTIB>[MYEES NNW46IS'^;W?V&IF^:>90L-K-
MCL& 2O4D6'5<CM82X@F*:$K515T&TP:S9:2[;(DU>.9^DR!A\=2JBZRO6L58
MH#DX:K_ X3O)%6TC,_Q/<RV^.OGL?2^F&3L7Z$\](8_OX>EV&[8TW8Q==@U$
MH(EO.DGM+$(P"8P,OE*@OKG;$F%4N& RP:>=T"GRXY.%2JO .,!6I/LMPWG$
MWJ*;(#RT)\ &+(I')_0RF7%"$*1U5,6J+$?(SD65CK"6#F9_(L2(\4Q4DRFB
M,:G ]V4E[T9:^::,H[G[NZB8G"(TL.C88<_BM!J!N1/H)E"#C2<;8JL9-^^$
MJ_TG:#^:)1:@6]>7:?KLXHI%HQ$$`))]1I0/D#J<#,3A715T+ET%Q]WEBIVF
M%5W.Z7QQH9,@<H;JX-6%$; 6D $5$TH^T*O1\8"W'H)=4C?0@.=''GN_!(Z7
M3H#M8"+BMB?7K!TE!:=<:U%#!]Z_JHJVCW>!V[!&@E/[1,5D36 OQ1S3L;Y#
M0B=<0YJ)7>I6$E"C`]$G$%2@(FAW@[&SB:,AINYWHTR,`%XJ@'@;Q6 .IR_2
M.T[1*7S!JP,JGMG^2&\\0:^AI7;7.FJ-=6QAKN*!`T]*=:.A6_4:\L+V*/)Y
M`JI'(5]TJ^]6@964DN(J5^5#=BTZH1LO85L"K0]93#:!6(]89NIVGS%772 '
M_A?N94N6B;DVS>=4_^PPLHU(#:9;<5Q %R$N138)`!RZSYN$BG,[82G4K8U@
MITL\5HZ>7]0ZG8\;) )2;A"Y$:(/YF<NL'K&FP;@B;1Z(?I"SW#AEMHP!VH'
MY2YT79CH"'+<N9TOL,EFA[;6QM*Z_1F1;()+FQ8"0U#G'F^WWJOL=1HI_98@
MV72OD%(?^$/J1 IV=_9%'2T6`PH\.V$/P5[=;BW\K6L(9GB"(S-T9!C6IQ;D
M?5L?NN1%K3WS7O7JZ.KA\'3V<! W@@;KVY<6S%A!CR^NXQ2AF\IP36FGGN'8
M\#($C@Z:_$^'X 9N/8 H6#W<(EA=<5O)#/_3W)MAUN/A#,&D80C>ASCGRV0G
MK/</EH9SRS-\GW(Y^4/ETFZ>Y=L)U$J1_GS+_&O#JW1F/)RT-MH$:T2VV^E\
MUZB1L[PJL+0D5:3JJ8RJ^+8[S=CTUPZ-JGXGO+4-$;MNBI4OU9BMY H<D;06
M=AJA]^S&+-H";_;]45@#EY /SU5]\1!ZW;X4:L9_2Z]13_Y4[:U5NXG('Z?2
M@$30Z()]E!H-^']X2OWEEO'GRKOF9CR<*D^V<M$/*(IM-^*&F;;+62^+.'Q7
M<]J[?-C1Z@?MG[[:TC]M^-,',QY.J+WV^4_G]/'%G18A'W?<:1'RX>GUUP^A
MU^\I[K08^6?<^3'&G>X!?KQQITO'AZ?4WVP9=Z[\;: 9#Z?*DZU<]'N,.VV7
M\_\3=W[0_NG;+439^U-5,QY.?'DVNE8]6RVZ?=.\Y\4LR>@*XRKC'CM=7OL?
MW=!W!M5-"J1FZY;55K\LP[%">#HU#,>*=3B,4BUYM:%"J<4^`MIW_)NC0^IP
M;*E2.-90N%ZUEK2O5"L<6Z@6C@Y"W_D>;J,-^K<4*J-/EVUL&G^.$7G C_
M@0?SJR*\,1GH?YSAG__"RS-R^>..)23WGT0Q"N+>:E3O'$ZI>2']9.2X_5N[
MXQH_^.\_4$L#!!0````(`&9K-RUF6MH]#$ !`->*`0`;````<F5G:7-T97(O
M4F5G:7-T97)097)S;VXN:F%RY/T%3&!=EC6 X@Z%.T7A[N[N[N[N[EZXN[M;
M0>'N[N[N[@Z%O*KJ_N>?[OFZ>OZ9Y"4O#T((R3DWP+YK[[776?M>60E@$"B
M7Q\-RL14`/_I`_+GEY20(A^5F+0PC>Q_+*OYIV4@/[]L[$W^L +F[RML;(VL
MG>S-M/*NG]:"?]/*UU<7/ZP&N<O5AM9&]@8&ADJNMD:.?QA*]&VVIJ8VEH
M9/^G2Z#_Q27^ZZ[:?]J%^A>[7.EI:>G_L ?S7^YQI67\PS[</^YSL-&S_<.?
M1_GO-QO86#O__&OU',ULK/]P)<;_QRO]^W_]KSO3Q4C?TL;$S. /RV#_\S)S
ME_]\Q7^^UU'^>:FMO8VKV=]O(60`B)^?_YV[3\#&VE'/P)':P%+/P:%"<5-A
MS1"9"V^9L+6R2LL[%,)2PT(/#1.AOGY*.5RYFK=:HEP(!U8"ZIBRM2D=12*8
MI^N:;S.C@UWZ%'AB"<-O)2J*FVT7=]_5&M$Y-49$YR(Z/OTV\W(C_?7V,IXG
M1Q\FN^"*<X)D.ER,3D&?.J29]"#.CT6!UG:C3V.'IAA".MUUM8\#49ONNO+I
M47(LQ&>S3^FZEOB@P'NCJQX9]8H/:E&.L<IT*PBH_6(>>U A)K/=P,=,PZBU
MQARE/4U#+5,Q)U'SLO*KX'HMEXA?R[XU[:IJN7+*L8)U_STUXN?/S<,KQR=0
MTU%JC3MC+ O)F2MY[9K$-\=7<B<?T+'^\>51*C VTTR<B"[1ANU*,S@$(J8P
M,Y(_%IE.P&./%7ZXL)R.RY*T$&9.G>I]<8+F4RFX^')7!LA#D4F#Z=S\F>UM
MY0:G>$\JBK+:>;SR.RB.(8<)<D'8O'#%GJ9=8>#QL7E_K<0&AAM+)!)KZ@`T
MNJB![%A,2D;*+KKL%%+[QO[ ^:IT) &<FOVC??<<C62A'1)ND1UF+Q1RU,S0
M<!\H#83AP>NP!#=Q<]8NF*@QJ,R;5(SG&LF2M '_UPUSJ_DR:]9$X?%Z9A:6
MBBM=8-Q".V@),&[I7:<,I9A09G^".[Q&<Y3,-(OD]0K=<$</_P`**.'=`Q<0
MJ(NQZ4\V[*/[)V4:-1WJ-!KW,VFUUAJCUD:[email protected]*BRQG
M:4BD>+;LQJK7NZ."DX>D[L],%$<B0%;TE+[>M'<"N9.![TV7'*J3RS,=0Y:^
MVKDR>X^YG/HY6\@5%_Z9WL<2>L= 9(XO&0D'T*VFH]$7_./1Y_RCCV:M>T<2
M9_PVU3 WT0!0<Z2T8F[GG)7QIKB%L')1^!QV@D/?37\0X1M^=09YKKH#":P;
M9M 1/&U*B,XRHIE (.N3+Y<[P5B9=C5G$N<2.7'#-ZB>4T]X85AAN/[YO47P
M! 5?F=()7WP]QXLMBQVAL$/BA I_MWK./>$%:T5EI_2>]+ZQX#UJ2##>/;VI
MBE5&;VTE.%7J`B]QLY?!<;DNQ00XIQW2$82W"!(;VM<2Z0C&MY)X2JHV.*OD
M[M),I]\B-^$[F5!A(_0SN*@I1V#GE =N>"#/- >)!+.X4O3UFI=F7+ONPH7)
M+KVX,08/!]FZ2=)]K;49>BTU#T-=\-0<CE,Q67[P&X#WULK'D)%/E]%'J,95
MB,PS`931&[:S(X>#);E#F8]4P2NL@-<0!_V:P.8A>*SWQOTT)/?:]K7B )
MW*X[]*)76R<1VY-P\]G2H<I+2OXKK,IU`/0S\N,51_G$,T\TRSNPK 0XQ.@5
MM?0J, ``/P0`P/_-$O^<@['_D"7,]9SUQE6T;%:9D;VT`3Z"H7GJG--&G&LI
MRY5<)&9SCZ;TM=;T>H.Z<PQ7C(EC,866G?Q?']<EQ,.P1T=NKN$!Q9!OKJYN
MLGHERAH[-U?\O9[:X,D"S$?T^N5U4^7H&/ -Y>J"V)(U&7J+NV!@7GKS>[>W
M'VUO$!("Z&2V6H%=IR\[JSB[,94Y0^8T`S:266]F;+L-#D#YI0,S//@Q*XG"
M.=.@W-I9,H8?[1#;'1Q(82>S>Q7]%,&>%-&C5:ENHR4J%?P4WB?\/_5%.UA8
M^AM\_X3N`\9C@@CLUZW[='YM2^LK8\.SVJ5[5?-Q<P2!#5MIY3>;4698T>^I
MEX/DC -CX',["QFQ6+IMYPYP:734+8;<C;$MS[I+-LY:3W>O[E'1'A#X4<4&
M7GB8)=XT5G>E7)XHX]7^F3F\N6O^JQJ))X0/EQ9Z/(P'5T""+?:*Q\OCE:)8
M+[\`<"PS-+XF;@""A,)0*ZGG#P):+<X#1 )V$XD#R'T]8I#P/A54P;9Z%SYL
M`#8)[K;9P/#1%3@)1#I%$TO&,)!A0J8T!Y@#@*-2P(">;U@M"O[.9D<?Y'%!
M&X:YA)<K]=I3-)Z:O+3D!K>W<%!]S+/A.GEV+]@1-D(,$^98US;3AL4UD0_C
M-G(_"A6ZB4:))<.)Z*S[TX+W.4PG+XA<48X6`6SD$.^@QNK"'#(.=2LWK6!B
M*(N>T[_)A=A9$;J=O S-Y^($6'^^>W]ZTK.,C0+J7<]+(</Y2,NU,P8BP/&;
MQB")87#I)]> SG9@:-"+K="D9F))39*--9FUEB JBDG:;2!-)E(@>YC9C-D%
MH_N&8IWP5=8%N2?U/7;8-HS/*E36.L@=\BP%#/!&RJGUKE7JD:<!J.>B#<E2
MS<T0*H*L+,U+5C%+:]57F.D"2*7/NAAHO@F+B7<*!Z4J\$?L_H=,K*51)^GU
M?7,Q`FRJRV'?^<T%7!P6@XV>RU@[SH^CFH_0O)41'^^T"\6N2/.I'-:4[Z53
MV%%R%X40))^*,C<=5ZY@5FRG)R;?=W*%7?8BM!$*W!OT-D_9.96&$#.3M[14
M6V,IYBK5S_CSG\6_.3Q0%TC)A5(Y#DW#17]H-E@80B2$7>W ONHD<)V_(F8X
MM.F6T?_0!\,!):@#\D9U#.>,HWG]NL(7T#<_'%.N9I=)R;86E%O<U%6VA8T2
M*!VJ2(2E>BD>1I/$JF#;)B'_0B8%0^2$0"+IT)A5MZO(E1/:'E:V#I[N
M:RD[PX'%B=U\+T7D>IH>G"^2G[BW8/I)Q"I3+>YPXDS;[-QG=X.:Q7P`ID)5
MA>$J'0&54BMCAV17*3=W83A@A01I?):2/AZRQ<)6T[VLZ/'*U:?\'F./&R/2
M, C7@X<7-Z@_\LU\@_JIL;!>*$_<_#+K,<^QWI!!MD5F/3Q!7#HQKA+\$=\Q
ML53\>*(=<P867/.0?"PF^>,#X%?F*7M;9J7]2;N_P?_GS///_ 3_7V<>@9\\
MU^!O)"53^50%207^HX+7.93O2P=H(KFYJQ$@KE*.>JBNG#81+V ]>@]0^+!U
M2RO=3GZ%U[+RC[D.BWN!R>V,+&_98T!RI=<I!\YB'T49$^9PWHA2*_N+L74/
MDX,)&^.+L_?[Q[?@(7X4Z];I\$7!N] C%P,`DK4ZSYE(S S$ZQ8L?.G]/$Q_
M:_SBU( GNQ"6'LF@5%))X92(,'2DW)9JS&+"" :>7L(>PI,@-!(A4\I2AE Z
M-__0[KX$7;&05CM42(1#0LFKN[8`:$3JF^9DPK9AZ;;]`><VJNV:`!?"-HIM
M+H3+\"=>WFW=JN+:4HNJVO)\!]JIZ=D-EY3A!BT:99*#-E&U)$E1I>'D!Y
M'8U371<?DWC?\0I((]*\Z#*]9TU&_/2DW( \^O/&X#SQ=E]L9G3DJ@_!,%U7
MR="@/3PE+.5Z.3;K4H3E$(LD3*4]:8%HLB"FZ;S((T-]+59$^O&9ZZEE63/"
M@L@D,"I_QZ%#9>UX-RFX*AC(0S 21@O)ZKDJ`!7_LM(%/D"UCAIMP&5 +U6$
MF,TR<W$/3O8"]/7<7(@*UYZ]ND)'F$@*/8DN3)UEQ-YAI9JSSTK?.DP+//"%
MR37$B!ELH\LRYR=)15!&Y6$`6SUE5BW%/*+RT1V1O8Z1L[7U?4'WMOG/@-A!
M9X6EQ<9T:KKY4&0/+<1 KUXAR>I(P7JI1J^>O2I:Z,CC,U!9%-EB18<4V92/
M4FF3,=6ZR$UHXS[74*AA`3E3PBK4\)Z,SLP%S\%'L2IMPYW8$7QC+-<$#IS@
MTR30XSD-;=KI#CY"E(W3+])J3"-KZY4Z[!$?DW>2ZDH2BG5>1V7/BR ,A!%@
M$?3<ZQYL.NF6:!H(B-+Y@"GY?-8;_KDN=]T?SM&]"A><\RD@D<?H!B-^,M73
MK]P1,-LP5L%X)%@J7EY(>AE\]EP,5L+ TS# 7ZM$V*#%K,P15+P'3Z&4XGI+
M0M/$OM?_^Y(S7UDEN$[MQR;M<]*PBV3'(--7!F.U:O;4V"<<16]A4EY'W]"G
M;G]<.X6NC0\EMP2K#J.P?F7OO#I*-KKJ5>YO#2TM09>Z4\RIBE7KE0+MP(.3
MMJ_0MMI":,6[J$[!5>92LIUYQB9R7(:9*@9WR%BS3.[DWL*59^8(LDF0,OF(
M,Y;-PE#TZ_T)^GE/$4=@++" Y6B/+8,P7+&6,FNN*\BS,)'DI>/#9(Z %K.)
M/.O1FC.P*WSY#J:?J_C$'\HB9X5F`8-&+#+%ZBIE(W+@H$M>DR7JZW*&0O%U
M)(*TAF?0,%TJF_LH;D-5#O)4#KZJ'"!];R@\;91"("HS56;8YV<9$M:N2>2P
M4N7]`OO5,87^\2;KL.9F\QSNF1[*<&/,T;MF%18FX7X&7(P)]@M6NFSX^MW#
MAH ,155R5NGTE">2"_H.XB;BBLU6,J?R3,0+\K3 75UJ$R]GL2=89>N#2->H
MH-;##CF]-WIDE"DDQJ&2&9S^!TP!!]G,+B%.%X)(RQ)=AM>GYM(X3#'FW.78
M-2'GVN7J,!'XU?(PDVUM1=M98EU\<%1(G'Z*J+CLCA'[)2'ELM&-%"U-IO#$
M< !E/QXSZBD_M-A@B;J5KP91%\K@(2E.G[*"BWVDKB_HIW=-G0(:8VA;M_"7
M\U84"56&^,R/HLZT[&.CE<*]JP6\L(=Q\U>E\[\.6&/>,P+MSPY9I/?Q[92'
M7!)DR:S)M/D^2>\$]C6.=:_R!,\C7S-MU,^JJC!&WL\NT?I'WB:&7YP1).0T
MBI!5YL.PR(K!M@>]/'\^V0,OB661M>"*2$_(TD .706Y-(G0CULK5HG=?6_;
M]>ZQ\_G2[\4#6UE,P,@^0H&K-\L81FPWEHHJLQ/#L,X9RC7A.$HXDG&\,&9Z
M4>3;+*!;!#%D$T,G!<HE8/3*H;3K59;)0WKR:>C:[6X;07I+YH726S)0VBJ[
MIE_7'!+J<%R#&WI;^A2[YH6B*);+/^/9L'O61TB\GH0F)&"KYQ[>_*BE2B-P
M`_$2NG:).5#S&+#AT60<(;=>7@^5HXVCO=52V_U3Q^#08])X7IL/5(=8):8.
M*HXZPMFDLR)Y<JFBL?RPG6)94JFBD;P=&_F[$?F[)'E>/CZ-0BQ#B61WO/OL
M@BR1%3Q4"/11PP_929Y?Q4>4R1N$"@P`0 'V3[07[]\5GU_<]US52F97&/X]
MJL\'?7^4C?&0L.W.79@$9>9.T,FE($#ANQ#IRE*Z8?=&_<)IP-W<Q\:RUBKK
M5@$\?)G@*Q[D:::)<9:;L8JD@XF)![3SEF</XI40KYXPXI=21 2Y,1(]UF"Z
M?45$(> O4"M4E[J3JS\@H[C]MZ:*Z5Z7?->5+1:W8 YI\WME(U(O-P1STY^0
M,!%<AER[GI:,-.6&Q8[,54)./ROT<#RM?IAF0D#:;/)_\84&9=0=F:\">SDD
M2X04R/:9VB8Y!\B4T/1WL8:F]4/VEF 3!CIO:/R8L&C,?1QM#H59N=2X_ 37
MU:-KC^0XBW"M67,MZ+>[>,X,\][D`?+FEF>:P+@5\(,:.Q OX]@+,F-:T -&
M4G+\O.*\(N5IT5"2;ZB:0G]$87AMV=*Y9),IO6EL`&86E"FZ%!S-AEB\7[LV
M5"/LW'3%T^'8"42E3V4%7F]6+^0Y,J("-X[0[ZQ]6YP$Z$Y8[C,AQ3'U$A<Q
MY/K&2V4UH/YPD:JT: *UW0$H!;#_^Z+VH^44!\<Y+'NQ3F=&+[@I3B6M^ET%
M(5'LC_/;8AK"/-]-UL>#ZV^J8<GQ?.+(,8\S;>P4D@V%R]-149VYR&@.^8
MC#E)=/+^+[E&YWQ\U(@)Y*@M]/MA0G/G8G=X\Z\!T7W]1*:8+VIWF_<BM:G)
MZ:<@/%THJ8@LA)Z6FRO\?.\-WPE'=8XSTX J_&MR-38,#2C.5$J%:D7F\]2"
MVG695QE02RZ<D=3.TRL6.FPE"@@=/@D32I88T^J'29EU^')%>P27MFAA0&*\
M9<7%1*+#<LK2%R9Y2YN<5I]SJF-*)$Z7J%F;PV8%Z;7'FMF,'XK9*<79``LR
M9Y%TX:\6=Z^A%%C4O0K*$B23Z)O:F45]ZWH7P3EB8-J\TU'Z,#/6EGA<UF1I
M?YQIQ%WPG/6<3\:]\*!:3R9J->M,MNKL5&LSZR@[$-#7ECA-562)?*R)1),!
MV5SS2*PP*7&C&D\F^@&U(D/PIH!Y"2'DQ17"B:.]_:G*J<J'U8FC$#!&L3 .
M2V\C=;1Y>6QHFH! L .ZU3R+J>A$`SG+H'/]-B&ZI8RO5A4C.\SB)99<J#"^
M0NC6#UV;:>PJ$I0%;!&?!G+MSB,GLNHXDRC]!.-BFS]FX*8`6]!OGG:B/#\;
M"M6P^E&E_SU;:'(,$9C^B[WF))C%9)8MV:RW4E&D/3RTVFIU^01$>6:V$HY?
M<'*\B(;^7#,/S5NW-.QZS$UUFJ+?=R?%I%XZ$1/J%%"HVBI)$+2GAYL%KWY;
MQO)!+S7*<D'MJT%'%[PS1(]4`PV:UH2QE!N2"7WH)Y#+S*3DUEK$*KZF(9%-
MF(X:Z85)^-7[ERK#56WSU6Z?516UB\JK,.1*^G4-\Q>T<!6,"QJFL^/=CAY&
M$O(<@KB@LBH5)#+C\,<:9>6=ST20Y"&0&XGRHL4#>:J$D%A!<P%;?+"@FMB@
M@?;01NM)EJDE8V9VG1]9,O*?N*RLLW\<2JM%?)+35@XMF,IP>+SXMLDE2TZQ
M5LG+**Z)9--(SU\QR03X2 Y0;[X8L/K=MU;=&WM+XICSQTSVTZW.K_R&,K_]
M)?8GN<;$^1.Y)O^+_/8/^O$_*8'K"FN.OY7 ;Q26S\@(2]YJ2X'"@E94=?-Y
M2I2RE'7J<]-5!1+LHQ<MZ2BYO;A;3SDVF?]:"!P<'G_.W&QG>3[<+/;A[4?G
MEMH1TC05HB'NEPS])0.FC()MB/=T@2+9A'?&$;):[> @78J[SO=Y[&RRT!&\
M`R,M]DVFI<2_N $OQJMV!8NM=>7Y$0&SH!PQ?3]AS?H:M=SZH-*@5"<!:C%=
MWE+84P!$=>F>#H7(-/F #7J2I*&GK$:1_$L('+ZG1OC\N;E_Y?B&?/I!K7%O
M;'%1)>,DKEV>\&;Y[T*@!G14(_I&GH4KX<7GBGIC,9<([%PZ489SG<42',$B
MF?/-]6],_)E'-8[\WP/]YJA M&);_*<HP%^_.79\6^U7W[L[I7#);&-AJQE;
M86IM0'6,.<^0B]&D7"QW.RRCH)*42I;(RGR<&&DER^@:1M;NX87RUP_J,^S#
M'O3]FG5T7SEWN697AFTW%-><#%GD;4<>J/%$&LB KIQCFR L3$SM*OV%85=&
M^X9N^!Z&A9>>PO7$YNO>+G>W,Q028@:Y"K1R\T["B=+BRM)2589\EHJ&ULHW
M5B8*1;VM761K@^4N$K(V/P>HF>D)VRSNO:0*H>*3%2$7"E6R]<H8+Z5NTS7:
M:%X^X";P7JP)\6I-V]N%Q5.A\B0=AP4KBWZJBIJA%CD:MXL6AUD'(UFKYQOW
M_DIV/T0@$WUB-)Y1QSO/B<+D[(:OWH13^/' 1^ "/,@ODD?1/SHR[[$9S\F,
M@>^@O/!;/^W3`8,6FSGAGMU)Z,!)H(GFSIH4,*:O"DDX.Z*9.UNBJ3?(K!*)
MZ.BCN<<;Q72"R^8(^U4D+ [LLH<^R*W [Y/6?!$)> U+TL'G)S85B8&5D)$5
M#>>\%6*,EG@Y8GO8X8S5I*S'+,S*Q8DL5LZ?<RC((J%'E:@0*N4IYL*2^?G]
MMD";2+]?GB1OSNF7`(@D=R(E;X. $5VXD#^W.=.!*5,A4MI)</\H2(PYM]H7
MV.\&MOO /1:UP$58Z^$:54E =/ ,8&H!< X88PTP")23#^@(QJL"?%2T+""C
M^.*ULGCE3KJ/)2YW?*[Y@(>X(GU!<\?=)7\A<S<Q'!<I/X_4=@60;$234O^\
MW!01I[8R*2W^F.KTI-;(&*&6G(VQ0F!Z$M4R&S/=ZPW 8WONLU?#LU?ST4?E
M.E;\BA!8XPW'T9+)S9S(O=Y)+/\>E,N]@X-QD7L9#JQIM7.BIVFQLZ+'.=V'
M%&S7'GK*O;&[email protected]^E\=DOAU2/W'F3A.A+H&>3QE*ET^)8]F/X!^"MYP M5
MR>X#`P#(_%$3)/OO)H^_"81Z-JO,\&]M`,^?P'U,SQD3SXW5E%LOTHJ$IG/[
M6UA[@V#]^8;KQB7QF>)J#L&>+UL)B(2BC(KY7O& XDCW=EL)-G=CS7&QSRZ[
M`37'`OQ$(]DH4P"3U!)I*?!1!R52[(>9:CUAQO@;9SFX3W#>((JS^<30;Y"]
M60/0,B>@!Y&H];I[5:6$D%^3^_Q"C3GU^$CW5(?,OA3LJ]>[email protected];7M2WI+
MSCSY1^<R<OK &8#*JVT9Z 'K.XW9'&AB^>'Y'&Z3[ PN8:YN$1X!'&1W3Z;V
M">:LGGOYS)PZ;X^V0B>C.^HX:W_&]2_N;AZG'4L53U:7-$%-DQOMI7ULO)31
M:V),(CF YQXA]9UE#7+HP6 ]#,*/TI(^?VM_:T\0^J@B`R\L]A-O'JN#0 T7
MZB(:M_&LEFP^1JI:%XY(@<I@5[4\[]:1,5DH:G=.O^I7W3-3&>1^:W4I*C"*
M)4*,2 ZDD\;.2\$`=D,;'WV#T!3)L@TMU:YA@PZ L@T%">]701WP]+D,8P6P
M3_)TK0556:S'B2(T)EV=,E?\-!-;G>8@>0!_5 HHV$/=Z(@5SKTR\Z%4H.$^
MFQK7MG_@+M1Y=0W9G3-6D>TBBU^9JOU"A-E[J.M)D4979M'7*10/O8^YKN&3
MO?*]'<J[>NVK&1W)0+WF;=W+YQ7G=!CMP!>F+HX$$"D0I(HX;#37E,M'#C!"
M"=+WQI4"^ -4:+=SYM&=(82<_=9S'FX?3/:"XJZY15)B<9).8].\T*YOX+I.
M`Y![+KS]S!;AM/O.1S/XX<].\VO&ZOQ"94JGXXGH_F2#%7(3$D7R3VX^0FD<
M`78-30JH_.>\R)T8GU,)35+FTK[L$Y<F]T8NXPMW+%^0!&Y&;%8)P3?$X^R(
M3Q(H&(BJS9]%Y[%;K7QF-#^]N J\\ Z3Q6E3^ 1RS@NK<H2;BNH3YB@5NB-:
MLN@G;"G7G4WQ.-N%R^E2MJ7+,=5]S<E.U"&K;*&^1W(MS/1:0N6.'/Q")=10
M;)#H0S8S'&^VUU@`QND/ILETXR%P+9O/DP?V'4*>"[KZT@DGJ\PT=&+TCOC;
MZA:*N8X0<^YT"-%"JR?2#-7?E,+/T1^:+.:&$(EAU\R?7G42UAE](&G8M*65
MFE_T@:1 @>N O"WJPIP(=>Z@S3\A()J0$%02]RO5[5VE!V?MW)3W2"@BIQ')
M)UK*1E:S+Y+(-'@799C,A 5\& M97BD0B:4>>',7'2MQ%73Q"<TO3 #%P(J[
MV_BOQW)L*L:Y="SC<&%6$+H(K^+4.QB+97'4.N4[?7!\.+?+,Q";]K>D^>'F
MT1H8.P?U7Q5-R9Z:"I[GQQX0AY^;!ER<9"5DE1USL;.I6GB!-<N `:=NH^W)
M3/EIVZUVAJY^??<RTXHMB6MI/?$G]:)2DTJXT/R$7QBG4%A@T>L/X654)O_"
M4!7DV _8V S%L+?_X?,K&T%P:=NQ_*0R@ A_HC(T_\UL] ^BX;$"L@K\1R3E
M6!4UT"D"BB!^R6@]L*N@GZDAJ+]]("A02;<1AJZMBS$#0]-.;)\F\71&&H<P
M3T%8F2)W28&O*#)/P4C9JURIXR1<S3=#@1J-[S_&/=;?7A:_MYJ\OYYV$QCF
M0+FL'?67X[\(WK72^<9;JW/O"\-*A[N.PR(4U\I%\K'$,DCRO[+V8>D1]THB
M$Q-("@M%A,JNJT;/(@ZD9ALAZB$Z]88KX#,FS:7VI;1-].GJBU<12C;9P=DA
M'!))WMQ]#0A'I+YN3B9JZY9N.Q:&W(BS%>I91=R(O:H,>11LH_GB0[LTNSS'
MM+0\/\V&?G1D=HGZI0YB"/(HS2R0L9P%.566_A]40ZL*N[^KAI[_I!I*,J,C
MVVX9_H-JZ-8C3U!#EZMFKAC+`<M5A+Y@&,Z<%Q\JM2TZQ"@Q*'#(7Q@;PZR.
M60<S@Y>MX29UP,3614^8@9,Q]XVN7[X7J 934:H>#G+H*O$>RA;T3D^(U[J\
MC.P<:[email protected]'XFXF*K0P%034@.(^6DD#H9$>;C&0['Z)2_V8AB]U)(D
M]:Z+J\Q9FJ<<6X%2@@[D[('+HM:HWP&[/R?_2$/L>ID(+$7D,_4`=8X"K=6>
M8VBS&!:V(J!31Y(B0'EGC&>X/NU:#8Q.^W<E%F&CN%EB&*6HP=V:O$"RK5YL
M6H4BQAK^CQ"VY1W\JZ!Y=4TV=+70;PA5#&R^H7.E-!IX#@5!MGW#:"ZRV;0]
MXK4CR[&7V'W+2 ^U62'EGSU]J0'[R8Q7G,I3@7C6'+F_]5$J+8(@4X76G39,
MR1D1XAFBM^#M"'SB[F'ZI-WG1.SH>6QNZU&%2^,Z%>3\B7WJN!L0^V[+H.$.
M,EXFU7-@ST$SG]W+?=FSMLBSC_%8>%A@%9J\9@Z=23HBXHIIKWPZQ3J-7$G<
MCM60W*G_LZ<?EJ2U^Q71ZH3$_/T6!=@M4[Q-BN?H'H<FFBS];P%1[QDGQ#LH
M'4;.]\@7^;H=G&<KR=?K@T*-#+:)%B6\XE7T,='1W3/:R];*R0DVV6J*.56V
M"F\N=\/OP,3T7<CT>T[XY3$S4T*5N91\>/Z[J5R>H:;L_Y$0-<:)5MB$:HZ[
MF,CQQI,L"HX4J(H+L$$M!%F:CB%4.^L6N8R/K@4]=@?FBU*,317%K*REV2"6
MFN1C95&,XJVGHKYD"MSZ1JK6J%A-J3'BZ*ZU+:3Z9J&$(5SH`29^R+L/IPI+
M(S^ISYR))W4L/=6.$WX?*]9.E=!.#==.E6E?J9;OM XCE1.J33NF=O2WW"/4
M!I7&0H-7!>P63YGIA'97-MKO7,6Y*401[4R]>!64P48G/2W\E&:.Z0NM(1?.
M=?>P*2%C416=50H\[4G1^'D',1GFG.5*!&AA)J(%8[KWKBZRB9>SUA-5[?$L
M.B0YQ'@Y_'3H"8&1/:_?,$.ET"WDK3;[email protected] 3GF'^PZI2[1H&(*<Z2
MOY:@.?VL9:DZ;!!^M1SJ<$M;_K>$B(0*B=,[^DM"/*%?%E(N<["R0U$>USM'
M]'7:DLD+=]PBVMNBKVC8:LIO70?$-UX+/IQ.U9%O:^6_`U''V<9'-$:K$6W(
M84895K*/86\G\(C6W#.8_YI]+IO-NS-X)&ZJ.+4DD)\EG.,)QF:EP"KHB7/]
MUN<0^B/T$&%3B#/;=9JS[>U6509A<VN=U5\*E,'5&BS=I-HHUWXX\RT`\4Z=
MK!\V89N8O'1V439_4X+J_8O3$]A)K8AM>.4AL] .7/</R/P4_,=CG/VFSJTF
M7)<U7%&[31G_VV/2R*B;D<$E=O^O9-@N18$*K&>2C5)ZWQFHTOA3&=:S/H^W
M(].Z0(XQ`CZCT!N3YIJ01?KD6WKR-M]R"+WAL77X<G,.B+WR9<_+D$X?X_ V
M_I80-],;/>%ZUA?<#.]4QKJ8PL<"!7MF?:3$&TB@!/EMJSD#,,G1G"DV-<Z\
M?M+AHE@J+D$QGP%.!'4*E(.JV=;1UM6#PL=MCZ^:-LO8(S^*M]-WOET;3>6B
M='LGY\LW2Q;29XH7Y<O72Q:29XHGY>H%.W(%..SD]0H[!%CC!REB8V^-&;
MU<:(:/(VK@>[OX/]JDM%3\$W'& ``/%_E!"I_Y_JTM_UQ%]4^?WSEX_M+9I$
MAN2&VYI*."C*ZQE\@557NS G:"#_)-/44$$H0J-!BH?-032Q6*1^NXP*#/A3
M?QW2#0>722X1H,6UE94U7RI6+ 5([D\0DM4@&>2?#82\L(48(" )@"@0`92G
MK)T>G-DY>+J[2;9@7@C]<+&JULVM-#*V88H,T:]C7H[8HV+N!@D'3$75>-5"
M2!4$:;'Q=L5W\P2^JJE\//"PDFAVG2["V^IJ`D*6\(,M\']PXO'+G]^ZT+^:
M8IL>\G_OQIH#RN2%ZBR2% $Z=S9YE"I>#]J@,6&F-^VT:E]?!0;/C\>R8-'*
M&@.!'83B[+QH.-[Z% V7PQ,?UE<#.#@F8@LO9&O^(,9*-.,*8RDY/AXY'@GR
M0X65L$LHQ)5?E9PT3;HXA#9>UY99(F2-!2M=JCTX2/$03OR[\];KO&IIP:QE
MVEMSQ8!9DI6.EF-+!MD9!7#>6V&O* EW#:MW0&' 63O1M"'$GCH"ZE"@$ZDI
M3U^<I;4GPQ) : Z2EDG,R!SW;9X$F/][\L;T<8Z+^PR6HTR')[>_R]2*CB[C
MI0;D5X.[^]G!25;BG$YP$Y^[*,:@ZD69^8O\D+Z TD=V)FKCH<7P,$/XSW-)
M6Y5@L"5&9W,Y'9?HFN1;;C7R0@2$\D6FDK(RIC[\XU'+(=DZOKD%V48WXYZ,
MZ<W$*6(/.)H[D,((QKD>IV%@SZL=B(P^1LZ8[!'<(T$E;</]RDLTY?B]Y'*W
M\*G9;"''4?4+YU/6Y@T_G,MK:?B[^+?4P(59X_JJ,!2$2 AUIH(#-C@DY\='
M0L*?&I%%' 7%I@")Y'?$NX<<F0[:122,R?H9S:.*U?T+Y11M#%\TK]WD(Q(#
M;0'-C=\S`<(ML\$<-$J&S%]#<Y399?IH^1FPV:K?9#AFB\T;+D:#7V:J[N1;
M9O9;+H8/VZB<WA:EGJ^,2JVTQ56,ARM7;YY7;FC2OJ7?Y!;-$;8G)-655F+=
M/&/28S@T=)#@6HI)S$J8C5 NHTTE@1U?SJB&4NRDDQT/7\E_`*B /PZ6MQ[#
M^WXA1QD+<YR>@C?RIY@<JZA+7^5&A5WBS^L8B/5KWF7.;E?R-_938-Y6V0.6
M"X.@T0@W`>9NLUPR^P);254IH$T,[4$.`L:'"[M!CWH_MONN^81ZT(2M#;A6
MI:=TR+3-.%1S0C-RPF=E:#SS%:8*XG1Y[9)#7FXG1Z>?+Q][`QO7VMG2?AYJ
M^%,']2));O*AW,Y**\?=6W<DAYR@:LF TA9%9NN^[1E;1KAEU!HE)59WL[>'
MW6Z'?EFZTDFE;E*97&7X8 :*D$E"R5B>;;^#A+UX(L_#@<?0X(NPA9.]BS0V
M-43!\/$JG98S<HI)R8\W\T[#U8[%!HEYR]C]!Z#O:9-"11R/:>]B\4)!K8^8
M#V/[<GII2"@Q"-($2DOEU5NSSUB;0Y)YP&3U&:0F(ORVV_.F&;9DQ[3XS %P
M<W5IX4CY,79XM>EQZ\6T'B5K5@,?HCJC6;(LD^NU9=_&C Q3$H50@>ZL=4;O
M5T6DC)I744*4DRAVK%2$3?M:\+>D07-BK\)L6U%LI9>B@5^U\R8[QHK?GS_]
MSGS$FGQ9/QDYXN<_,7+6?Y?Y_H]#\N\94/3WCW^CYI%Q.A(]LN@#V?D3Q_1,
M"A2Y7TM2XMGGK*8CX;5$M0@W+B?Y2!SBCS6]RK_B'^&W7 @(71:ADP5$M&=P
M'3YR3[:>>WIU^GP)19I#%B4UB>47$E8:2(JPPN" F1%T`>JV7;MYI7X,ZH'U
M3 _6&PJT<$^J6HD6H-N1FL0Y/7CZBN=EUOKP%(97NL !4TK,!Q.8=!ZVJJL+
MT5F!!4?FY,0T.$0XB[([X1A5HVYS?Q\Z@;-^?L.13[,S-V8JK3AG](5>[J*]
MBZ6_'J<PV?B!)<L`\H/1? @/F@@<`R.H5TG8@/4#[;1_P\$3LU]6,R-J^PMR
MT*Z353P/##8WO8=^CD.O,U5ZCAGNQ-&F:,ZE!$MX$8BHWO24XN*1&<L&(.$Y
M[%DJ*@Q;V;$J9?_1"\Q\3 ZT++ZB11O^]>CA,2_ _A&IK$CB'">4! -">5
MX%P):C6=0+0Q@EK%=>A>-@C1QE*^RA))H> I"+//;QN&Q6<)$1- `(!PH#^5
M,9;_63!_U;/(."V+55KDH$O@YT^71HCJ\];)3E(8E#]T<2TMZ_1:DPH9-#(I
M,<2B+,0_?A!RP$)'R%XE?GMTVW"86M:GR]3UDRKD#$@,B/*X8EY*`R=J6N 2
MI]]S_0+Y.<:D?+__9 =E85,7UKJT>Q0IPV3YN8O,W5'15(.\^\)BO*VDY.";
MK#"Y`KT1$%LODT39D%'VMZ0][BBP4UMW*#,]2P`Q%%5]N#46#7MMH6T:\@YB
M=\96UR"))+P&F^M"IFJP&\_['?O$PZ=K;X8Y?N]$+:ID=#J[&G+SC>4BE[)O
M0,;ZW-KAXYO>JKL-CW[F/E\GA6F_U0](M1S:"7!C[$\=6[*G2F-2OU_%Z6H-
M6PH4.84Y:0T.%1SO%=D,U9JC3^D4\T;4!4:M^Y0W`4.,MT<K26[A1X2+4N6>
M""M($8M'G]M+2I)\@H0YFQ(9/=-<LE^?N>>[R!FPC H>).C,I@G-$03D]]2U
M9.TY;<=U[6M*:3_RL!.ATY1_2J4>?P`0R74ZV#SBL[9(#/ 1/R=M:/KAXV<B
M12OS3*+T^@[T*_!.V]7I"3\#3PG\)Q3_E8%:Q.AG?*V,_AYJ>2,'6QMK!Z._
M(==+854:20Y9J[B1;'>H4!,*-2&\JPYT@ ,_$)Z6'%(4@&F:I'A_"BYU8NYX
M#C,2M^?3D 0NX[0^(]V+X8X(QJ.9R%SNO=[#<JWQI+K)=Z^)Z.SLCB\A:I0C
M1SV"X,B:";1D2,P(_0FJQ49 2K%$^:)"L:C'$0%J& Y3AIH]1I JA)I&1Z,.
MCUE:>Q8-^R=L+L')%$6CM'5Z'&[CU';E.^CJ]>KS;5^%@D0'JF!<4O%*B''I
M`A;.N":FZO547[T+4_8G@+DL$.F_-1 A?/2+/5M+7 >DO49[MJU==)987+9$
MZ>V74N6Q3F6?II5JN%6$AE7<FJ"L4S+<E?MX;8Q\MJTN)1&4FQH--!:86V?W
M;[-0R<#N- B)0BQVE&A0.G#X*LY'\X)\]V6 =BM9N^+LTB&8ST**]L6\;AX]
MB1ZJ<KOE*Q],Z!D8,,'JL@4H) R#Y+.4^3BUGG:W%*5H4^$6D#!&RUM[O![L
M4%6]U@5ZBUF;Y01M7G*(3[2>,-?YH5EXNA?URXC/C]4.S8J;;V:'D1D/>:;F
M^YI^:$Y4%JH>B@7GBI2+I#?!E7C$BZFUX43KVU+R0$4:HO6?K=O&<WO0M9*I
M8VCN0/H@`$439@7)'F97(2HB%FQ/T,]PB!@-PV+!EE9)(ST*R?(@ILC#9Q1?
M@(%\3CB./W^M@5=RT0V9ZA9^5=GA`K+Q0C0+.Y0F'. *#8G6ML[![''L364E
MT'X#VOYJ=,;P-3H:(2SP],X&1QYG6A5\GRZ5'\?DM>866<1V(W^9&+/ZPY#]
M'FQ;ENH-=@0O:%8GUS),:A)^5R2#*P"9G9]4%7I!^@C,5*:+OKF%G_A;G%8C
M7:33BSCX3+[.30OF\<6PHPPQU-<;CH(M!#4Q,YQ,&8;0M,E1J3"-N1/F7(.[
MSUU/-+]N_I"4U,K\GQD/#_1/68_BOW_S_\ITB4J7-K.T\&]C!6^?BKV75JP=
M5B/EDK[YO_$:0(!8"GCREMC+L]R+GNER4!6>?$RP6==62($)FJ.PN5RV>[@T
M:(P?'( Q;COW,078=^GR,TV-#05@?IYAS>O`U&8JP*4!<YL<''=PFDF/WT
M!72M"EG[K,>[M3U[%T0AI>I+$L*GX>^$Q.S8U0%QON& : C;/;1$II*4*#MQ
M#,+]2G$#R5$"Y$NK_GX@>+!5@"Q]>0=#WP<ES:(2=-2N-G8(&GN8CN*8<]YA
M-HR `GF+=[DNW3/A/%N:Q@/Y#DN\'%TAX, LL/#&FR6+PT0(@.^KMGMD?RRG
M*S2EFO<BMD.KX!/:8@[:6NTR:C)888 W%RT<#!P(B_?B,NI_41(T'!$L8DV5
M).YX6S#?IH]F588V3J/_U&$5'2'6K@PM$&8K:67E\XAOO#$2D"FA9VH:0Y;(
MSQ#N3ZD&;] ,/Z!HT4096=>_SQ-E7!,`.><A,IA@*S9%(FWPG@Y&AS]!2=@%
M5(==L>&[_*JSHPQ%$GX9\[ (-:(_.X0R<8;+;80P52YZSV*UL(:QD[!_@HR[
M:UC)G#,E-[+=^JK,_6*+78+D"WT'H0$M0!0_0[D3IUF7;@[/J%?RU/D2)FO!
MZLSY_K460%4"1SS1<Z*J52#JQ$-7<< R)GT2'-:S)[=^(T^8`[!2)BQ5,E1>
MYC6/!'1<]0;P"&J,'';WZS=]XH%W\4=<V@.%SPJ<FM81/0Q@$8XTHXBHH',C
M(DU@'++^:E9T":.#U$FAQSBK`>:SM)<%!W?[7V[50\7\$NBR/+J\]0\=WPQL
M!Z= U9JZ@F63IWJM=TK75%%U-4YI<K4@T%9D$>C9OBWE@!:L4C^4LO(8V@8+
M"[1#B:#.7<E.&:PV-&1QOGUGT'/MZ4#_;-$&&)= ?A"V>$]?ZU)!+F_FO*L=
M^S'6/HX[?@:_;D3TODL%0E F<N@*N?ZI1>O\\=R]\[M]F#<NU;%C^(A$QV?'
M=(MR#EEUJ>\D]&V2VGQ8;3<$!]H*P)XBSR592D5&9N&1U^"_H)6;1Y8']+.F
MC('_J:[0_;>A]0^*K84"D@JZ=Q2DI:H*?)]%TWQ>T*FRN@:H12)$&B90G"^(
ME1T27%7+LI0+"\A9N\_ IW-P&H:NA-*7"H8WN<P.DUH@:KI"*>.)92^:20^N
MRZS.]_<W%'[T+AKZBR]D>OS\X@.$18;XFXG3D6:09AB(15A7>/3T5 SZJ2C?
M'T$,I/F5>]HBB"5%;'7./O7=)*IV)$V'M"*B!NSU0M1!V-/?J"9T$:@B1H\B
M?(.@Y?HJ`O1<'4$*`PD*22QPR^]N;&[IKF?N;F^.Q\T6/T);!=(;VV3$7FG<
M4ILFMX,W%8U'SQ*K.618/("^$F^4Q?#-B.M[)0K,O)U5)8KB3G$=$*[>SUO5
M+&CT$?CK,XKVU%R&-?7)08VZO9- O411.5H3NY&&D'7K*:3#,'[(0ULNFW2C
M$8T+TCKELKM+L^8%\: FU67<Z;#(2ED1)N9V7R#I,6/!HI1+8*M[5NY[F?7)
M!5.0[#>3)#SL1E0V`05Y%K<RQ2$[COQ]F#Q2MYOU_?AF$<VNA@'W!P"5D@!*
M&@>72EW#A?""&3'Z^ET51X=Y]S$;N\5]YM[ )>\Q026.#OT5E0@EA3491,#/
M1)\VBVBMY:3;ATJ3I#S0\1MA>JL%:7W]%PN7"[$IB3="+V]5XTX*7ISD2Z7)
MJZTU0"^2+=(XA$Y(W[-*'O4[8-]6NNG*203)5EM&#[';Y>LDJM/PBILK+(+>
M!1V<1I%1GS"[QQ1PE5YBMM<VU NTTNN$W<L8]?;,-ZXT9*0UB#@F!YVF3;7F
MU]&\4G&1:1$I0876\*<!S$?L!TL+P@TLW+21X>@=S\(**&6.B'7*()8;C"2>
MA/U@1;I%;/OM8[=?NV]*<\#;H2IW@[[*]:'<Y>KP098[$KO0D[+WR=FPPCF!
M/>\N&[(B2$Z9FIF)(=>JT2!3#4X?]SGM,P5_<B$C-9"B/(7*ZM)CQ;B;<)'H
M;GR*6J*HU,!6!C692L9$QC1T;#9'1^Q0N0+V+ACY^*Y<+%?UJ<FP">B6!,QL
ML!401CECTTZBJ:GW\R!5['LVQ@M<DO=W7'1W<S:N$:;9>*Q"S1G(3W70S8V&
MR_K(=-BK^T;*EN6:&.[Z&5*V@]-);K9[SYGCMFWJG;/-[&(M/S2+QV@%(8^X
ME C;W"M$[X2"WGW81#TT3 1SB,UM"2J5<F,,)GY@6ZSR2&R\$.&S:UBE1&.T
M=4FY9 10>F1RAR9>!O#L8NPHY96@JIQ_ZA_SDWWGL*9F/=] *1G_9M1)OW]P
MZ&%L%UN)M.[(`+$+,['-N0Y//;6*UW>4*0S!E8U0Z_\0PDK4I](O! 3%-<V;
MYQ2RL6)F4K=X;YWWWNPR_92RX!Z])+J5O15'LR*T]15S.2AA77!/C=<]IH"G
MWZ3#,?T3MK=?4,X>O)CV`(K.#=!VD!G/VB.8O'F.%?1-Y5=)27A3'+(`N@@$
M';.82ENG'J%<1FQN'&NLI9[M=0!,O$HIG9CN4]:O6(+M89->Z](\\&1W0"/E
MP9V@;5CY]YBER@$<HJI-LC(UT[FZA"Y#W:>?VV+FAX3T'L3O5&CFY61:;C@6
M6OT(D&2FJR,'SIC32/U%--)8IA#7NZIAZZQWGD[?M9Z0M!TQZG8^2QM$S3S[
MUE3Q'ASE;Z6/_C@0]G3 N4PY]?%'PF)56]VY]>U&H7]*B<!(*, O7,5#8FF/
M@'&#[6_3Q(8"=6@0EQ*N36H2T/82R-*4N$1=JMUCYE_N@ U@D7MLF;&\XT$^
MJA-W$+;U*&9B@_.HJTY2H"INM#T@PNSQ^9(&:S7+7\?<$.B\PM'6?@[*_B&H
M(+&(RCW4(7BH(%<]`8_!E>X-2;2$49$PK("L3B&'M-'\?(/[*W,C,$Y%:_PD
M1+0P?R)%M/^/F?L7,^K_^WS0IY@/V^WDD52*5:O:2B@HRNLU:H%5U^IP)P@@
M_SC3=$@A3$*C0:J'31<QK[X&RTFQ%JE/U?QRAQD>D_M$\YSL[)R^!.B2*3_9
M._*!(+!8I&2('L*V)Z !>0E^T `O3)U&]_7HUKZ,[0M"@2]W9D\TK.NT>;LM
MZS;0`>.>_1C^!_5V1 -
RMI security with client authentication
Hy,
I'm trying to set a secure RMI application using JSSE and SSL.
I have succeeded in writing an application with client and server authentication using both an RMISSLServerSocketFactory and RMISSLClientSocketFactory and passing those factories to the server while exporting the remote object.
The problem is I had to set both server public and private keys and client public and private keys in the custom Socket Factories. This implies that those keys are on the server disk which is problematic for the client private key.
Is there a way of giving the client private key only when the Client want to contact the server and not when exporting the remote object?
(I tried to do that using -Djava.net.ssl.keyStore and -Djava.net.ssl.trustStore properties but it doesn't seem to work).
Thank you for your helpEven when I haven't wrote RMI over SSL code, I've done that using standard SSL client authentication between a client and a server.
In that context, I got the SSLSocketFactory by using a SSLContext initialized with the proper TrustManager and KeyManager classes.
But I guess you can start by specifying from the command line the system properties related to keystores and truststores:
-Djavax.net.ssl.keyStore=<your keystore pathname>
-Djavax.net.ssl.keyStorePassword=<your keystore password>
-Djavax.net.ssl.trustStore=<your truststore pathname>
-Djavax.net.ssl.trustStorePassword=<your truststore password>
You can also see the RMISSLClientSocketFactory and RMISSLServerSocketFactory provided in the /samples/rmi folder of the JSSE 1.0.3_01 distribution.
The client factory version uses the default socket factory provided by JSSE, so it can be configured from the properties above.
Hope this helps.
Maybe you are looking for
-
I use Mozilla Firefox almost exclusively. Yesterday morning I logged onto my HughesNet WebMail as usual and it downloaded, I could move items to inbox folders but I could not open any mail. Not in the inbox, the sent box, spam or trash. I do not use
-
Hi I have a problem here that i need to be solved. I am using SDK to update the SO in a UDF field. Something like confirmation of the particular item in a text format after checking. But i keep getting this error <i>Violation of PRIMARY KEY constrain
-
COPA -Credit Memo without reference to a Billing Document
Hi - When we create a credit memo without reference to a billing document ( Manully entering a value in condition type), Data flows to COPA as -ve irrespective of +/- sign ticked in KE4I. This creates inconsistancy if we chose +/- for some discount
-
Import for Trading Material Pricing Procedure
Hi Everybody. My client have a scenario that, they want to make import for a trading materials,(Pricing control is Standard Price) The customs duties like CVD, ECess & Addnl Duty will be Non Modvat. Since it is a Non modvat it will add to the Materia
-
My Photoshop CS6 Preferences are frequently gone (lost) [Windows 7]
My Photoshop CS6 preferences are frequently deleted and I have to go thru the entire preferences menu to set them again. What causes the pereferenes to disappear? I am not doing any particular clean up. Is it possible to save the preferences in a fil