Providing authentication for standard MDM we bservice.
Hi,
We are calling mdm web service from portal. Can any one tell me how to authenticate user when calling standard web service.
Regards,
Sandeep Reddy.
Hi Sandeep,
For a particular user to use a particular webservice say for eg Search Webservice.You need to provide that particular MDM user authentication to the webservice i the Visual Administrator configurations.
The MDM user must be defined in MDM Console with proper Roles and Authorizations.When you give this MDM user access to the Search Webservice for eg then this user can login and run the search webservice.
To know about the configuration required to work with MDM 5.5 Webservices then view the below link;
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/20e06073-f485-2910-adb1-9a197bf98994(MDM webservice webinar)
If you are working with MDM 7.1 then the features are little more advanced, you can view the below link to know more on MDM 7.1 webservice
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a04e6281-b9d4-2b10-f1b3-ee7884e720c3 (Webservice 7.1)
Hope It Helpes
Thanks & Regards
Simona Pinto
Similar Messages
-
Providing image for Standard Buttons on Application Forms
I've seen some postings on changing the standard buttons used in forms. Does anyone know if this has changed at all in Release 2? I want to put my own image for a button instead of the standard gray button and before doing the workarounds recommended, I want to know if this has been addressed in the new release.
Thanks.I am afraid, the new release does not include changes where you can replace buttons with images.
-
Translation for Standard BAPI error messages
Hi All,
We are calling a standard BAPI in our report program. This BAPI has return table of type BAPIRET2.
When i logon in Spanish Language, still the BAPI returns error messages in English.
Any pointers to get the messages from Standard BAPI's in Logon language.
Thanks,
Best regards,
PrashantHi,
Since these messages are Standard SAP Messages, i assume that SAP would maintain the translations for them.
If i go to message class & check translations for these standard messages, i dont see the translations.
Are we expected to manually maintain translations for Standard SAP Messages ?
I feel SAP would be providing translations for Standard SAP message.
Best regards,
Prashant -
Standard MDM iView for Creation of Record
Hi All,
We have requirement to create a record in MDM through Portal.
Are there any standard iViews available in Portal content of MDM, which can create or update a record in MDM repository?
In the Portal content we have found following two SCA
BPMDMAPPLI04_0.SCA
BPMDMTECHN04_0.SCA
We have deployed them on the portal server, we are able to see search and itemdetail iViews for standard repository.
But we are not able to see iViews for creation of record.
In one of the document it has been given that SP 04 extended (imporved) functionality offers Data Entry and Maintenance (CURD operations) can also be performed.
But availability of the iViews not mentioned anywhere.
Anyone has already implemented such kind of functionality or scenario?
Thanks and regards,
Shruti.Hi Mandar,
I have followed the same PDF also.
But I am not able to find out the SCA's which are mentioned in the above document for GP and CAF.
I tried searching on service market place also.
In portal Contenet of SP 04 i have found only two SCA's
BPMDMAPPLI04_0.SCA
BPMDMTECHN04_0.SCA
I am not able to find following SCA files.
H2G_GuidedProcedures.sda
H2G_SourceCode.zip
Can tell me how do i get those SCA's?
Thanks in Advance
Shruti.
Edited by: Shruti Shah on Mar 12, 2008 6:19 AM -
Best Practice : Creating Custom Renderer for Standard Component
I've been reading the docs and a few threads about Custom Renderers. The best practice seems to be to create a Custom Component where you need a Custom Renderer. Is this the case?
See [this post|http://forums.sun.com/thread.jspa?forumID=427&threadID=520422]
I've created several Custom Renderers to override the HTML provided by the Standard Components, however I can't see the benefit in also creating a Custom Component when the behaviour of the standard component is just fine.
Thanks,
Damian.It all depends on what you are trying to accomplish. Generally speaking if all you need is for the user interface output to be changed then a renderer will work just fine. A new component is usually made in order to provide some fundamental change in server side functionality not related to the user interface. - Ponderator
-
OLEDB provider VFPOLEDB for linked server returned message "Invalid path or file name"
Hello,
I'm hoping someone can shed some light on this. I'd researched this error for days, reading all the post in this forum, however none of them address my issue.
We use VFP 9 .dbf tables (free tables). I setup a linked server to query the tables. As first we were not able to view the tables in SQL Server Mgmt Studio (MSMS) until I sorted out the permissions. I can query the tables if I copy over
to the server so they are local tables. However, across the network I am continually getting the error above and the following error:
"Cannot initialize the data source object of OLE DB provider VFPOLEDB for linked server XXX."
Here are the steps I've performed...
Installed a 32 bit instance of SQL Server Express 2008 R2 using Windows Authentication on server 2 (the 64 bit instance could not see the VFP OLE DB provider, as we all know, because the provider is only 32 bit)
Installed the latest VFP OLE DB from http://www.microsoft.com/en-us/download/details.aspx?id=14839.
In the VFPOLEDB provider, I enabled Nested queries, Level zero only, Allow inprocess, and Supports 'Like' operator.
Setup a linked server using the following query:
EXEC master.dbo.sp_addlinkedserver
@server = N'LinkedAC',
@srvproduct = N'Visual FoxPro 9',
@provider = N'VFPOLEDB',
@datasrc = N'"\\server1\share\TIW\KOKAC"',
@provstr = N'VFPOLEDB.1'
At first I could not view the tables when expanding default>Tables, it failed due to a "catastrophic failure". That can't be good ;-). After digging around, I surmised it was because I'd set the SQL Instance to run as NT Authority\NetworkService.
I created a new user, LinkedVFP, and added to the SQL Instance (using Windows Authentication), mapped the user to the master database with the db_datareader role. I also added the LinkedVFP user to the network share. I was then able to browse
the tables in MSMS and query the data when local, but still not across the network.
I'm using Crystal Reports to try and query the data from my local workstation using SELECT * FROM OPENQUERY(mylinkedserver, 'select * from table1'). This produces the two errors I mentioned above.
To clarify, the VFP tables are on server 1 and the linked server is on server 2. I've read about service account delegation, but unclear if this is the issue. I went into our domain controller (neither server 1 or 2), AD User and Computers, and
for server 2 I enabled 'Trust this computer for delegation to any service (Kerberos only)'.
Can anyone shed some light on this for me?
Thanks!
Aaron McVannerHi Aaron,
Thank you for your question. I am trying to involve someone more familiar with this topic for a further look at this issue. Sometime delay might be expected from the job transferring. Your patience is greatly appreciated.
If you have any feedback on our support, please click
here.
Regards,
Elvis Long
TechNet Community Support -
How to get F4 help for Standard Text Key of a operation based on Order type
Hi Experts,
How to get F4 help for Standard Text Key (STK) of a operation based on Order type entered in selection screen. The F4 help should give the STK of related order type. At the same time the F4 help for Task Types based on Notification type. How to acheive the above two. Please provide the table names or any search help name if exists or Function modules...
Thanks in Advance.
Regads,
BujjiHi Guys,
Any help on this...
Regards,
Bujji
Edited by: Bujji on Dec 22, 2008 12:42 PM
Edited by: Bujji on Jan 5, 2009 2:00 PM -
ABAP API MDM vs Standard MDM !!!
Maybe the expression that I am using is not the best one and hope that someone can give me any clarifications.
What I am intending is to know:
1) If using ABAP API is the best way to implement MDM purposes or if hes an alternative to implement MDM using ABAP API?
2) In the proof of concept that I am implementing, I only use the principal components of MDM (Import, Data Manager, Syndicator and Console) in order to find the solution of our enterprise business.
3) Using ABAP API, I have to use programming method, implement by myself some functionalities in ABAP to connect and resolve my MDM purposes.
4) If am not using ABAP API (The way that I am proceeding right now) , I have to use the standard software component (enterprises services ) of the R3 Systems in order to connect MDM with client systems.
Thanks guy for your assistance. We just want to know the best way to proceed with MDM .The best method for implementing MDM depends on the requirements of each scenario. For example, if you have a program in R/3 that needs to pull some data from MDM for analysis then perhaps using the ABAP API would be the best route to take. If you need to transfer materials or vendors from MDM to various R/3 systems, perhaps using XI would be the best route to take. I would recommend looking at the <a href="https://websmp106.sap-ag.de/~sapidb/011000358700004656452006E">IT Scenario Configuration Guide</a> to get a better understanding of SAP's recommended practices given different scenarios
-
Need Seeburger BIC Mapping names for standard Msg types - EANCOM2002
Hi All,
I need Seeburger Bic Mapping names for standard Msg types.
<b>Orders
ORDRSP
DESADV
Note that they are in EANCOM2002 format.</b>
Kindly provide them asap.
Can anyone pls send the document to [email protected] if you have the Seeburger mapping names for EANCOM2002 and ANSIX12.
Thank You.
Regards
Seema.Hi Marcos,
>> IF they have been deployed in your system the names will be:
>> See_E2X_ORDERS_UN_D96A
>> See_X2E_ORDERS_UN_D96A
>> See_E2X_DESADV_UN_D96A
>> See_X2E_DESADV_UN_D96A
R u sure of we can use these mappings for EANCOM2002 format.??
R u sure EANCOM2002 is equavalent to UN D96A???
-Seema. -
Enhancement to add userdefined fields for standard definition in cj20n
Hi all
sub:enhancement to add userdefined fields in a user defined screen tab for standard definition in t-code cj20n
can anyone provide an idea how to write the logic for retriving the data from the standard table into the user defined screen added into the project definition using the t-code cj20n( project system module)
thanks
sirishaI think you may need to implement enhancement 'CNEX0007'
CMOD==> Enhancement==> Componet==> Get the Screen area.
Go to SE41 ==> Give the Screen program and number==> add your WBS tab there. The values will be available to screen
Hope this is helpful for your answer.
Cheers,
TM. -
Radius authentication for the browser-based webtop
Hiya all,
With help of the radius-authentication module for apache (http://www.freeradius.org/mod_auth_radius/) and web-authentication it is possible to use radius-authentication for the classic-webtop. Has anyone got Radius authentication working for the browser-basedwebtop?
SSGD version:
Sun Secure Global Desktop Software for Intel Solaris 10+ (4.30.915)
Architecture code: i3so0510
This host: SunOS sgd1.<removed> 5.10 Generic_118855-36 i86pc i386 i86pc
I have the radius-module running for authentication of a single directory with the apache-config-lines:
SetEnvIf Request_URI "\.(cab|jar|gif|der)$" sgd_noauth_ok
<LocationMatch "/secure">
Order Allow,Deny
Allow from env=sgd_noauth_ok
AuthName "Radius authentication for SGD"
Authtype Basic
AuthRadiusAuthoritative on
AuthRadiusCookieValid 540
AuthRadiusActive On
Require valid-user
Satisfy any
</LocationMatch>
When changing the line <LocationMatch "/secure"> to <LocationMatch "/sgd"> the browser asks for a authentication and then a 'Not Found' page is being displayed.
When using the config-lines from http://docs.sun.com/source/819-6255/webauth_config_browser.html the login-page is being displayed normally and SSGD works.
The main difference I can find between the location /secure and /sgd is: /secure is a simple directory and /sgd is a JkMount to Tomcat.
Changing the JkLogLevel to debug gives the following info in the JkLogFile:
Radius authentication:
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (449): Attempting to map URI '/sgd' from 5 maps
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/examples/*'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/axis/*'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/sgd/*'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/axis'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/sgd'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (486): Found an exact match tta -> /sgd
With the password-authentication file:
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (449): Attempting to map URI '/sgd/' from 5 maps
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/examples/*'
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/axis/*'
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/sgd/*'
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (475): Found a wildchar match tta -> /sgd/*
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_get_worker_for_name::jk_worker.c (111): found a worker tta
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_maintain::jk_worker.c (301): Maintaining worker axis
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_maintain::jk_worker.c (301): Maintaining worker tta
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_maintain::jk_worker.c (301): Maintaining worker examples
It seems that the JkMount is not being evaluated correctly after using the radius-authentication.
Any help will be usefull since I am allready stuck on this problem for a couple of days :(
Thanks,
Remold | EverettI got response from the Fat Bloke on the mailing list.
Adding the following line in the apache httpd.conf seams to help and resolved my problem:
Alias /sgd "/opt/tarantella/webserver/tomcat/5.0.28_axis1.2final_jk1.2.8/webapps/sgd"
Thanks The Fat Bloke !!
- Remold
These instructions are for a 4.2 SGD installation using SGD's third
party web authentication with mod_auth_radius.so (www.freeradius.org).
With 4.2 Sun didn't distribute enough of the Apache configured tree
to enable the use of axps to build the mod_auth_radius module, 4.3 is
better - Sun now install a modified axps and include files, I haven't
tried this with 4.3 yet though.
I built the mod_auth_radius module for Apache 1.3.33 (shipped with 4.2)
So, this is how we got this working with Radius (tested with SBR
server and freeradius.org server.)
Install SGD in the usual way.
Enable 3rd party authentication:
According to:
http://docs.sun.com/source/819-4309-10/en-us/base/standard/
webauth_config_browser.html
Configure the Tomcat component of the Secure Global Desktop Web
Server to
trust the web server authentication. On each array member, edit the
/opt/tarantella/webserver/tomcat/version/conf/server.xml file. Add the
following attribute to the connector element (<Connector>) for the
Coyote/JK2 AJP 1.3 Connector:
tomcatAuthentication="false"
# cat /opt/tarantella/webserver/tomcat/5.0.28_axis1.2final_jk1.2.8/
conf/server.xml
<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
<Connector port="8009" minProcessors="5" maxProcessors="75"
tomcatAuthentication="false"
enableLookups="true" redirectPort="8443"
acceptCount="10" debug="0" connectionTimeout="0"
useURIValidationHack="false"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
"By default, for security reasons, Secure Global Desktop
Administrators can't
log in to the browser-based webtop with web server authentication.
The standard
login page always displays for these users even if they have been
authenticated
by the web server. To change this behavior, run the following command:"
# tarantella config edit --tarantella-config-login-thirdparty-
allowadmins 1
Without this, after authenticating via webauth, the user will be
prompted for a
second username and password combination.
# /opt/tarantella/bin/tarantella objectmanager &
# /opt/tarantella/bin/tarantella arraymanager &
In Array Manager:
Select "Secure Global Desktop Login" on left side and click
"Properites" at bottom
Under "Secure Global Desktop Login Properties"
cd /opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/conf
edit httpd.conf:
### For SGD Apache based authentication
Include conf/httpd4radius.conf
at the end of httpd.conf add:
Alias /sgd "/opt/tarantella/webserver/tomcat/
5.0.28_axis1.2final_jk1.2.8/webapps/sgd"
# cat httpd4radius.conf
LoadModule radius_auth_module libexec/mod_auth_radius.so
AddModule mod_auth_radius.c
# Add to the BOTTOM of httpd.conf
# If we're using mod_auth_radius, then add it's specific
# configuration options.
<IfModule mod_auth_radius.c>
# AddRadiusAuth server[:port] <shared-secret> [ timeout [ : retries ]]
# Use localhost, the old RADIUS port, secret 'testing123',
# time out after 5 seconds, and retry 3 times.
AddRadiusAuth radiusserver:1812 testing123 5:3
# AuthRadiusBindAddress <hostname/ip-address>
# Bind client (local) socket to this local IP address.
# The server will then see RADIUS client requests will come from
# the given IP address.
# By default, the module does not bind to any particular address,
# and the operating system chooses the address to use.
# AddRadiusCookieValid <minutes-for-which-cookie-is-valid>
# the special value of 0 (zero) means the cookie is valid forever.
AddRadiusCookieValid 5
</IfModule>
<LocationMatch /radius >
Order Allow,Deny
AuthType Basic
AuthName "RADIUS Authentication"
AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusCookieValid 5
AuthRadiusActive On
Require valid-user
Satisfy any
</LocationMatch>
SetEnvIf Request_URI "\.(cab|jar|gif|der)$" sgd_noauth_ok
<LocationMatch /sgd >
Order Allow,Deny
Allow from env=sgd_noauth_ok
AuthType Basic
AuthName "RADIUS Authentication"
AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusCookieValid 5
AuthRadiusActive On
Require valid-user
Satisfy any
</LocationMatch>
Put appropriate mod_auth_radius.so into
/opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/libexec
# mkdir /opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/htdocs/radius/
# cat /opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/htdocs/htpasswd/index.html
<HTML>
<HEAD>
<TITLE> Test Page for RADIUS authentication </TITLE>
</HEAD>
<BODY>
<B> You have reached the test page for RADIUS authentication.
</BODY>
</HTML>
I hope this helps!
-FB -
External authentication for Essbase 7.1.6.
Hi all,
We are trying to set up external authentication for Essbase 7.1.6. We have a customized version of Essbase which does not use DLL. we do not have a Hyperion Hub or any CSS set up. All we have is an authentication module from the vendor to be used instead of the DLL. As per the documents provided to us all we have to do is change the cfg file to include the AUTHENTICATIONMODULE setting. Does anyone has any experience with this? What all parameters do we need to pass to Active Directory for this to work? Please help.
Thanks.
Vish.You could create a maxl script that replaces the filters, when you call the maxl script you could pass in a variable such as YR08 and use that variable in the script.
Cheers
John
http://john-goodwin.blogspot.com/ -
How to preview standard MDM Webdynpro Components ?
Hi
As we know, we can create standard MDM Webdynpro components from CE 7.1 SP 04 onwards.
Suppose I have created a project using MDM WD configurator and added a search component, a resultset component and an itemdetails component. We can preview the individual components using the preview button provided in the configurator. But in order to see the consolidated project containing all the 3 components, we need to embed them as used components in a custom WD component. Then through the custom WD component we can preview the 3 standard components.
My question is, is there any way in which we an preview all the 3 standard MDM WD components together without putting them in a custom WD component ?
Is there a way we can directly assign an iview to a project created with MDM WD configurator ?
Thanks
Sayan GhoshFound the sloution. Can be launched in the browser with the following url giving the component details :
http://<hostName>:<portNumber>/webdynpro/dispatcher/sap.com/tcmdmwdcompsmasterwd/MASTER?proj=<Project_Name>&rs=<ResultSet_Name>&s=<Search_Name>id=<ItemDetails_Name> -
Javascript error in Standard MDM IViews on portal
Hello Xperts,
I have deployed standard MDM IViews on my portal.
In standard Resultset IView, there is a provision of saving results by using My Bags option. When I click on My Bags option and then New Bag, it throws javascript error.
Details of systems are as below.
MDM API version 5.5
Portal Version EP 7 SP07.
Appreaciate any inputs for this.
AshutoshHi Anu,
Thanks for the reply.
we are able to login to Data Manager with Mapped ID's and I even tried creating new IViews. Nothing worked.
As you suggested, will try restarting the portal server.
Thanks
Satish -
ASA - cut through proxy authentication for RDP?
I know how to set this up on a router (dynamic access-list - lock and key)... But, I'm having trouble understanding how to setup OUTSIDE to INSIDE cut through proxy authentication for RDP.
OUTSIDE to INSIDE RDP is currently working.
I have 2 servers I want RDP open for..
[*]OUTSIDE 1.1.1.1 to INSIDE 10.10.70.100
[*]OUTSIDE 1.1.1.2 to INSIDE 10.10.50.200
What's required for OUTSIDE users to authenticate on the ASA before allowing port 3389 opens? I was hoping for is a way to SSH into this ASA, login with a special user, then have the ASA add a dynamic ACE on the OUTSISE interface to open 3389 for a designated time limit. Is this possible?
Here is my current config.
[code]
ASA Version 8.2(5)
hostname ASA5505
names
name 10.10.0.0 LANTraffic
name 10.10.30.0 SALES
name 10.10.40.0 FoodServices
name 10.10.99.0 Management
name 10.10.20.0 Office
name 10.10.80.0 Printshop
name 10.10.60.0 Regional
name 10.10.70.0 Servers
name 10.10.50.0 ShoreTel
name 10.10.100.0 Surveillance
name 10.10.90.0 Wireless
interface Ethernet0/0
description TO INTERNET
switchport access vlan 11
interface Ethernet0/1
description TO INSIDE 3560X
switchport access vlan 10
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
no nameif
security-level 50
no ip address
interface Vlan10
description Cisco 3560x
nameif INSIDE
security-level 100
ip address 10.10.1.1 255.255.255.252
interface Vlan11
description Internet Interface
nameif OUTSIDE
security-level 0
ip address 1.1.1.1 255.255.255.224
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 4.2.2.2
domain-name test.local
access-list RDP-INBOUND extended permit tcp any host 1.1.1.1 eq 3389
access-list RDP-INBOUND extended permit tcp any host 1.1.1.2 eq 3389
pager lines 24
logging enable
logging timestamp
logging trap warnings
logging device-id hostname
logging host INSIDE 10.10.70.100
mtu INSIDE 1500
mtu OUTSIDE 1500
ip verify reverse-path interface OUTSIDE
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
global (OUTSIDE) 1 interface
nat (INSIDE) 1 LANTraffic 255.255.0.0
static (INSIDE,OUTSIDE) tcp interface 3389 10.10.70.100 3389 netmask 255.255.255.255
static (INSIDE,OUTSIDE) tcp 1.1.1.2 3389 10.10.50.200 3389 netmask 255.255.255.255
access-group RDP-INBOUND in interface OUTSIDE
route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
route INSIDE LANTraffic 255.255.0.0 10.10.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http Management 255.255.255.0 INSIDE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 10.10.70.100 255.255.255.255 INSIDE
ssh Management 255.255.255.0 INSIDE
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh timeout 5
ssh version 2
console timeout 0
threat-detection basic-threat
threat-detection scanning-threat shun
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
username scott password CNjeKgq88PLZXETE encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1e9d278ce656f22829809f4c46b04a07
: end
[/code]You're running ASA 8.2(5). In 8.4(2) Cisco added support for what they call Identity Firewall rules. That is, you can make access-lists entries specific to users (or object groups containing users).
There's an overview document on this posted here. It's a bit dated but I believe the only change is that Cisco is now preferring use of the more current Context Directory Agent (CDA) - a free VM they provide - vs. the deprecated AD agent (software service that runs on your DC).
Maybe you are looking for
-
Help Please I can't print IE or Safari with 10.4.4
Can anybody HELP ME PLEASE. I have upgraded to 10.4.4 and now I can't print from Internet Explorer or Safari. I don't have any problems with Mail or any other programs. I just can't print any web pages and I need to do that often. I have tried all th
-
No longer able to use Express to extend wired connection
I have an airport extreme base station connected to a cable modem. I have for some time used an airport express to make a wired connection to my xbox in another room. Something happened the other night and I had to reset both the extreme and the expr
-
Unable to import MS PowerPoint slides Captivate 6 on Mac
I have an existing project which I imported two PowerPoint slides into without a problem. I then made changes to the slides in PowerPoint, and when I went to re-import to Captivate, I get this pop-up message: This is on Mac OS X 10.8.3. I open the sa
-
Place the tabular data and it's corresponding graphic into one page?
We know that BEx Analyzer seems not be able to place tabular data and it's corresponding graphics like pie chart into one page. Could someone yield detailed technical steps on how to realize this? Thanks!
-
before it crashed I was trying to take firefox to factory reset, my computer turned off before. I have a mac OSX 10.6