Reg:Configuration of TACACS+

Similar Messages

• REGI configuration path not found in HANA studio

  Dear Experts,
  I have my HANA studio and HANA client installed. I can see the regi.exe file in the hdbclient folder. I am using studio 1.0.7000.
  But i am not able to find the suggested path for Regi configuration in the studio.
  Window - > Preferences -> SAP HANA Development -> Repository Access.
  Please find the PIC attached. I am using the development perspective.
  I searched everywhere here but could not found. Not sure if its renamed to something else.
  Can someone please help?

  Hi Amit,
  HANA studio has no dependency on Regi from SP7.
  You can see more details in http://scn.sap.com/community/developer-center/hana/blog/2013/12/03/sap-hana-sps07--various-new-developer-features
  Best Regards,
  Lohit

• Reg: Configuration of AAA using TACACS+

  Hi,
  I am Anubhav ,i m new to TACACS+ server and trying to implement aaa authentication using Cisco TACACS+ Server for which i've decided following AAA commands and a fall back user user1 has been configured on router to be authenticated.
  aaa authentication login default group tacacs+ local
  aaa authentication login NO_AUTHEN none
  aaa authorization config-commands
  aaa authorization exec default group tacacs+ if-authenticated
  aaa authorization exec NO_AUTHOR none
  aaa authorization commands 1 default group tacacs+ if-authenticated
  aaa authorization commands 1 NO_AUTHOR none
  aaa authorization commands 15 default group tacacs+ if-authenticated
  aaa authorization commands 15 NO_AUTHOR none
  aaa authorization network serial none
  aaa accounting exec default start-stop group tacacs+
  aaa accounting commands 15 default stop-only group tacacs+
  aaa session-id common:purpose of this line ?
  Kindly check if it's ok and i might not get locked out.acs server has been defined on router .kindly guide us on steps to configure the user ,group ,privilege level on TACACS.
  Thanks.

  Hi,
  As I ve written in my previous post that i ve configured acs-server host and key on router , i ve created a user name test 1 on acs and added ,the router through add AAA client and Secure as shared Key.I must mention that i am using a Cisco 3845 router connected on my LAN for testing ACS and I have access to it through console as well.What else should I do on acs4.2 to get it authenticated by TACACS server ,also if i have more routers to add ,could i create a group in the same way and add AAA clients,Kindly suggest if my approach is correct.will there be separate users for each AAA client or same user can be used for all AAA clients for authentication through ACS if they are assigned to same group or if they are in Default group.
  Also how to implement policies on a group(say:security).Is there any screenshots tutorial available for the same.
  Thanks,

• [SOLVED] What is the minimum .reg configuration for monting eMMC2??

  Hello Friends,
  Greetings for the day!!
  As, I have a board that contains the eMMC2(slot=3). We have made some changes in the driver for make it capable for slot=3. Now, the turn of .reg files. We have made all the required entries for Driver\BuiltIn\SDHC3. And driver is taking the values correctly.
  Now the part of remaining entries related to file system, profiles, partition, partition table etc
  I have made entries are as - 
  [HKEY_LOCAL_MACHINE\System\StorageManager\Profiles]
  "AutoMount"=dword:1
  "AutoPart"=dword:1
  "AutoFormat"=dword:1
  "MountFlags"=dword:1
  "DefaultFileSystem"="FATFS"
  "PartitionDriver"="mspart.dll";; -- Required
  "Folder"="";; -- Required
  [HKEY_LOCAL_MACHINE\System\StorageManager\Profiles\eMMC]
  "Name"="MMC Card"
  "Folder"="MMC_CARD" ;MC Card
  "AutoMount"=dword:1
  "AutoPart"=dword:0
  "AutoFormat"=dword:0
  "DefaultFileSystem"="FATFS"
  "PartitionDriver"="mspart.dll"
  [HKEY_LOCAL_MACHINE\System\StorageManager\Profiles\eMMC\FATFS]
  "Flags"=dword:14
  "FormatTfat"=dword:1
  "DisableAutoScan"=dword:1
  "FormatNumberOfFats"=dword:2
  "EnableWriteBack"=dword:1
  ;;"CheckForFormat"=dword:1
  [HKEY_LOCAL_MACHINE\System\StorageManager\Profiles\eMMC\Part00]
  "Folder"="MMC_Part"
  "AutoPart"=dword:1
  "MountPermanent"=dword:1
  ;; "AutoMount"=dword:1
  "BootPhase"=dword:1
  "MountHidden"=dword:1
  "MountAsBootable"=dword:1
  "MountAsRoot"=dword:0
  "MountSystem"=dword:1
  "AutoPart"=dword:0
  [HKEY_LOCAL_MACHINE\System\StorageManager\Autoload\fsdmgr]
  "Dll"="fsdmgr.dll"
  "Paging"=dword:1
  "LoadFlags"= dword:1
  I have read lot of document related to the issue that eMMC2 is not mounted for most of the persons. In every document I have observed that they are using different keys and keys values.. I am confused that what is the minimum keys and keys values required
   for the eMMC2 to be mounted apart from driver level.... ???
  With this values my logs are as -
  13525 PID:400002 TID:2300006 SDBusDriver: The SDIO card does not support block mode. Use Soft-Block instead.
  13527 PID:400002 TID:4bc0002 AddFonts(.ttf) returned 4 fonts
  13527 PID:400002 TID:4bc0002 AddFonts(.ttc) returned 0 fonts
  13528 PID:400002 TID:4bc0002 AddFonts(*) returned 4 fonts
  13529 PID:400002 TID:4bc0002 AddAllEUDCFonts(tte) returned 0 fonts
  13531 PID:400002 TID:2300006 SetInterface MMCHS_HCTL value = F02
  13531 PID:400002 TID:2300006 SDSetCardInterfaceForSlot - HC ClockRate differs desired setting: desired: 20000000 Hz, Actual : 19200000 Hz
  13532 PID:400002 TID:2300006 The clock rate is set to 19200000
  13533 PID:400002 TID:2300006 HandleAddDevice: LoadDevice type = 1, slot 0
  13540 PID:400002 TID:2300006 OSAXST1: >>> Loading Module 'sdmemory.dll' (0x9E474C58) at address 0xEEB10000-0xEEB2A000 in Process 'NK.EXE' (0x8711FAD0)
  PB Debugger Loaded symbols for 'C:\WINCE700\OSDESIGNS\ENVENTURE\ENVENTURE\RELDIR\PHYTEC_AM335X_BSP_ARMV7_DEBUG\SDMEMORY.DLL'
  13591 PID:400002 TID:2300006 SDMemory: +SMC_Init
  13591 PID:400002 TID:2300006 SDGetDeviceHandle: ActivePath: Drivers\Active\32
  13593 PID:400002 TID:2300006 SDGetClientFunctions: +Init
  13594 PID:400002 TID:2300006 SDGetClientFunctions: -Init
  13596 PID:400002 TID:2300006 SDMemCardConfig: Card is high capacity (2.0+)
  13596 PID:400002 TID:2300006 SDMemCalcDataAccessClocks: Tpd:f ns, Asynch: f ns, AsyncClocks:0 , SyncClocks: 1078591488, ReadTotal: 0, Write Factor: 1099109072 WriteTotal: 769230
  13597 PID:400002 TID:2300006 SDMemory: Initialize: Using block transfer size of 64 blocks
  13598 PID:400002 TID:2300006 SDMemory: Idle Timeout: 2000 Idle Power State: 2
  13599 PID:400002 TID:2300006 SDMemory: Power Management Setup complete
  13599 PID:400002 TID:2300006 SDMemory: -SMC_Init
  13602 PID:400002 TID:8b0002 SDMemory: GetDeviceInfo - Profile = eMMC, length = 10
  13602 PID:400002 TID:8b0002 SDemory: GetDeviceInfo - RegQueryValueEx(Profile) returned 2
  13603 PID:400002 TID:8b0002 SDMemory: GetStorageID Insufficient buffer space
  SDMemory: -GetStorageID
  13608 PID:400002 TID:8b0002 Partition Part00 NumSectors=15106032
  13608 PID:400002 TID:8b0002 MSPART!PD_OpenPartition: dwStoreId=AB543350, PartName=Part00
  13617 PID:400002 TID:8b0002 CreateCache: Successful. Cache Size: 256 KB, Start: 6, End: 29453, CreateFlags: 2.
  13619 PID:400002 TID:8b0002 CreateCache: Successful. Cache Size: 256 KB, Start: 29454, End: 15106031, CreateFlags: 2.
  13627 PID:400002 TID:4bc0002 LogFontFromRegistry(SYSTEM\GWE\Menu\BarFnt), lfHeight = -12
  13628 PID:400002 TID:4bc0002 LogFontFromRegistry(SYSTEM\GWE\Menu\PopFnt), lfHeight = -12
  Anyone can tell me that what is the minimum .reg entries that is required to mount the eMMC2 ????

  Hello Friends,
  I am happy to intimate you that I have self solved the above problem with minimal configuration as shown below -
  [HKEY_LOCAL_MACHINE\System\StorageManager\Profiles]
  "AutoMount"=dword:1
  "AutoPart"=dword:0
  "AutoFormat"=dword:0
  "MountFlags"=dword:0
  "DefaultFileSystem"="FATFS"
  "PartitionDriver"="mspart.dll";; -- Required
  "Folder"="";; -- Required
  [HKEY_LOCAL_MACHINE\System\StorageManager\Profiles\eMMC]
  "Name"="MMC Card"
  "Folder"="MMC_CARD" ;MC Card
  But, atleast you have to find the tool that format and create single partition as per your requirement ...

• Reg: Configuring the User-Defined Message Search

  Hi Experts !
  I am getting an error while configuring the user defined message search.
  Followed all the step mentioned in the sap help documentation.
  http://help.sap.com/saphelp_nwpi711/helpdata/en/48/c85598f63335bfe10000000a42189d/frameset.htm
  The last step, where we need to enter  URL for WSDL Access i am getting the following error:
  Error in WSDL access: Exception occurred in communication framework:
  Error in HTTP Framework:404Not Found
  http://<Host>/<Port>/MessageSearch/MessageSearchImplBean
  You should enter the host name and the HTTP port for the Advanced Adapter Engine
  i didnt get the meaning of above sentence : Is it different from what we use in the URL to access ESR and ID.
  Is there any other steps to make   MessageSearch/MessageSearchImplBean available
  Regards,
  Srinivas
  Edited by: Srinivas on Oct 1, 2010 7:48 PM

  Hi José Omar,
  thanks for the reply...
  I tried manual configuration but with no luck..opened a similar forum thread
  I have applied the sap note suggested  ,thinking that the error is due
  to any source code.
  The data synchronization is happening properly , but when i use test extractor button it throws the above mentioned error.
  In the system details  in have given the port number as 50700(which is visible in the link when we open integration builder page) and ESR client as 001.
  could you please let me know if the exact values to be filled in transport setting.i just entered the port and client , other things
  as default.
  Regards,
  Srinivas

• Reg configuration of hyperion shared services on 11.1.2.1

  Hi
  I have installed shared services on 2 servers(Server1 & Server2) for load balancing. I have only 1 instance of oracle schema. I have successfully configured shared services on 1 server.
  Now i need to configure shared services on server2 with the already configured oracle schema.
  Could any one pl. suggest how to do it.
  Cheers
  Praveen

  I take it you have read all the documentation and have understood it before carrying out the installation/configuration - http://download.oracle.com/docs/cd/E17236_01/epm.1112/epm_install_11121/ch03s03.html
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Reg: Configuration of Managed Server through Node Manager

  Hello:
  I have a question Regarding the System properties (-Dname= value
  pairs) that are passed when starting the Managed Servers.
  In the managed Server script I am passing below two name value pairs
  when starting the managed server
  -Dorg.omg.CORBA.ORBClass=com.inprise.vbroker.orb.ORB
  -Dorg.omg.CORBA.ORBSingletonClass=com.inprise.vbroker.orb.ORB
  I am able to see these variables as <java System variabales > in the
  weblogic.log corresponding to managed server.
  Next is starting managed server through the node manager. Now in this
  case the Node managed recives the configuration
  of the managed server from the Administration server and he then
  starts the managed server.
  Now my question is though I have changed the startup scripts of
  the Managed server to include the above two name value pairs. But I am
  not able to see them in the congfiguration file in NodeManagerLogs
  corresponding to the Managed Server. Also even in weblogic.log
  corresponding to the Managed Server.
  Can any one clarify this. Also How to define the new system variables
  for the Managed Server so that I can see them in the configuration
  file that Adminitration Server sends to the Node Manager.
  Thanks,
  Vijay

  Thanks Anand.
  "Anand Byrappagari" <[email protected]> wrote:
  Vijay,
  When you say managed server scripts do you mean startWeblogic.cmd ?
  If you are using the node manger to start the managed servers then these
  scripts are not executed. You should set the properties in the console.
  Goto YourDomain>Servers>YourManagedServer in the console.
  Select "Configuration" tab.
  Then select "Remote Start" tab.
  In the "Remote Start" tab enter the properties in the "Arguments" field.
  -- Anand
  "Vijay Kumar" <[email protected]> wrote in message
  news:[email protected]..
  Hello:
  I have a question Regarding the System properties (-Dname= value
  pairs) that are passed when starting the Managed Servers.
  In the managed Server script I am passing below two name value pairs
  when starting the managed server
  -Dorg.omg.CORBA.ORBClass=com.inprise.vbroker.orb.ORB
  -Dorg.omg.CORBA.ORBSingletonClass=com.inprise.vbroker.orb.ORB
  I am able to see these variables as <java System variabales > in the
  weblogic.log corresponding to managed server.
  Next is starting managed server through the node manager. Now in this
  case the Node managed recives the configuration
  of the managed server from the Administration server and he then
  starts the managed server.
  Now my question is though I have changed the startup scripts of
  the Managed server to include the above two name value pairs. But Iam
  not able to see them in the congfiguration file in NodeManagerLogs
  corresponding to the Managed Server. Also even in weblogic.log
  corresponding to the Managed Server.
  Can any one clarify this. Also How to define the new system variables
  for the Managed Server so that I can see them in the configuration
  file that Adminitration Server sends to the Node Manager.
  Thanks,
  Vijay

• Reg:Configuration&Setup guide

  Hi,
  In our troupe we have implemented one Application (Java/ Oracle) for clients.
  And we need to prepare configuration/setup guide for this application
  So What information i need to mention in that guide.
  could you please help me in this..

  Rajakumar,
  There are almost an infinite number of ways to configure IM, depending on the business processes your client intends to implement.
  Start with SAP Best practices config guide for [Materials Management|http://help.sap.com/bp_bl603/BBLibrary/Documentation/104_BB_ConfigGuide_EN_IN.doc].
  Other BP guides at [Best Practices (India)|http://help.sap.com/bp_bl603/BBLibrary/Content_Library_BL_EN_IN.htm]
  Rgds,
  DB49

• How to configure ACS 5.2 for policy condition on TACACS+ Service

  In https://supportforums.cisco.com/message/3953175#3953175 thread, I was able to get the ACS 5.2 work with SRX for both SSH CLI and J-Web TACACS+ accounts. However, I found the behavior is different on our production environment. I found our ACS 5.2 was configured authorization rule with condition "TACACS+ Service" = "junos-exec". I don't know how to configure this on my ACS 5.2 Please guide me how to configure this.
  I found there was NO TACACS+ "Authorization Request" when access via J-Web in our production SRX and ACS. However, there were TACACS+ "Authorzation Request" when access via J-Web in our production SRX and ACS. The difference between my lab ACS and production ACS is the authorization rule condition. In my condition, I configure with all "SRX" Device Type. but in our production ACS 5.2, it was configure to TACACS+ Service=junos-exec. so I like to test it in our lab to find out the difference. Thanks.

  I would suggest you to go through the below two link.
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/migration/guide/Migration_Configure.html
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/common_scenarios.html

• TACACS configuration on WAAS

  I am trying to configure tacacs on a WAAS device using 4.1.1c. I have configured the tacacs server to allow the user to login using privilege level 7 then the user is required to enable the device and login again to reach privilege level 15.
  When ever i login then enable the device I am getting the following error
  Error: Wrong Admin Password. Try again...
  I can get the user to login straight to level 15 but this doesn't follow our security requriements.
  has anyone seen this before or experienced this issue?
  Thanks
  Matt

  Matt,
  The current TACACS implementation in WAAS supports command levels 0 and 15. Levels 1-14 are downgraded to 0.
  Regards,
  Zach

• After TACACS configured, Authenticate successfully but not able to go in config mode.

  Hi All,
  I Have Cisco 4710 ACE, and configured TACACS on ACE for authentication and accounting. Configuration paste below.
  I am able to authenticate with ACS server 5.1 but not able to go in config mode of ACE 4710.
  Debug output attached.
  Need help on this.
  tacacs-server key 7 "wwxfeootjv"
  tacacs-server timeout 60
  tacacs-server host 128.9.31.70 key 7 "wwxfeootjv"
  aaa group server tacacs+ TACACS_Group_Server
    server 128.9.31.70
  ntp server 128.9.24.58
  aaa authentication login default group TACACS_Group_Server
  aaa accounting default group TACACS_Group_Server
  Below Logs are coming on Device.
  Sep 19 2010 16:35:55 : %ACE-6-302022: Built TCP connection 0x3853a for vlan1000:172.24.24.70/16477 (172.24.24.70/16477) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:35:55 : %ACE-6-302023: Teardown TCP connection 0x3853a for vlan1000:172.24.24.70/16477 (172.24.24.70/16477) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
  :00:00 bytes 743 TCP FINs
  Sep 19 2010 16:35:58 : %ACE-6-302022: Built TCP connection 0x38570 for vlan1000:172.24.24.70/16480 (172.24.24.70/16480) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:35:58 : %ACE-6-302023: Teardown TCP connection 0x38570 for vlan1000:172.24.24.70/16480 (172.24.24.70/16480) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
  :00:00 bytes 742 TCP FINs
  Sep 19 2010 16:37:51 : %ACE-6-302022: Built TCP connection 0x38aff for vlan1000:172.24.24.70/16545 (172.24.24.70/16545) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:37:51 : %ACE-6-302023: Teardown TCP connection 0x38aff for vlan1000:172.24.24.70/16545 (172.24.24.70/16545) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
  :00:00 bytes 736 TCP FINs
  Sep 19 2010 16:38:21 : %ACE-6-302022: Built TCP connection 0x38c9d for vlan1000:172.24.24.70/16559 (172.24.24.70/16559) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:38:21 : %ACE-6-302022: Built TCP connection 0x38c9f for vlan1000:172.24.24.70/16560 (172.24.24.70/16560) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:38:21 : %ACE-6-302023: Teardown TCP connection 0x38c9d for vlan1000:172.24.24.70/16559 (172.24.24.70/16559) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
  :00:00 bytes 722 TCP FINs
  Sep 19 2010 16:38:21 : %ACE-6-302023: Teardown TCP connection 0x38c9f for vlan1000:172.24.24.70/16560 (172.24.24.70/16560) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
  :00:00 bytes 788 TCP FINs
  Sep 19 2010 16:38:29 : %ACE-6-302022: Built TCP connection 0x38ce1 for vlan1000:172.24.24.70/16565 (172.24.24.70/16565) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:38:29 : %ACE-6-302022: Built TCP connection 0x38cff for vlan1000:172.24.24.70/16566 (172.24.24.70/16566) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:38:29 : %ACE-6-302023: Teardown TCP connection 0x38ce1 for vlan1000:172.24.24.70/16565 (172.24.24.70/16565) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
  :00:00 bytes 661 TCP FINs
  Sep 19 2010 16:38:29 : %ACE-6-302023: Teardown TCP connection 0x38cff for vlan1000:172.24.24.70/16566 (172.24.24.70/16566) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
  :00:00 bytes 712 TCP FINs
  Sep 19 2010 16:38:29 : %ACE-6-302022: Built TCP connection 0x38cf5 for vlan1000:172.24.24.70/16567 (172.24.24.70/16567) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:38:29 : %ACE-6-302023: Teardown TCP connection 0x38cf5 for vlan1000:172.24.24.70/16567 (172.24.24.70/16567) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
  :00:00 bytes 724 TCP FINs
  Sep 19 2010 16:39:41 : %ACE-6-302022: Built TCP connection 0x390a1 for vlan1000:172.24.24.70/3883 (172.24.24.70/3883) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:39:41 : %ACE-6-302023: Teardown TCP connection 0x390a1 for vlan1000:172.24.24.70/3883 (172.24.24.70/3883) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0:0
  0:00 bytes 737 TCP FINs
  Sep 19 2010 16:40:20 : %ACE-6-302022: Built TCP connection 0x3929b for vlan1000:172.24.24.70/3902 (172.24.24.70/3902) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:40:20 : %ACE-6-302022: Built TCP connection 0x392ab for vlan1000:172.24.24.70/3903 (172.24.24.70/3903) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:40:20 : %ACE-6-302023: Teardown TCP connection 0x3929b for vlan1000:172.24.24.70/3902 (172.24.24.70/3902) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0:0
  0:00 bytes 722 TCP FINs
  Sep 19 2010 16:40:20 : %ACE-6-302023: Teardown TCP connection 0x392ab for vlan1000:172.24.24.70/3903 (172.24.24.70/3903) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0:0
  0:00 bytes 791 TCP FINs
  Sep 19 2010 16:45:17 : %ACE-6-302022: Built TCP connection 0x3a127 for vlan1000:172.24.24.70/53389 (172.24.24.70/53389) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:45:17 : %ACE-6-302023: Teardown TCP connection 0x3a127 for vlan1000:172.24.24.70/53389 (172.24.24.70/53389) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
  :00:00 bytes 723 TCP FINs
  Sep 19 2010 16:46:11 : %ACE-6-302022: Built TCP connection 0x3a3b3 for vlan1000:172.24.24.70/53414 (172.24.24.70/53414) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:46:11 : %ACE-6-302022: Built TCP connection 0x3a3c3 for vlan1000:172.24.24.70/53415 (172.24.24.70/53415) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:46:11 : %ACE-6-302023: Teardown TCP connection 0x3a3b3 for vlan1000:172.24.24.70/53414 (172.24.24.70/53414) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
  :00:00 bytes 722 TCP FINs
  Sep 19 2010 16:46:11 : %ACE-6-302023: Teardown TCP connection 0x3a3c3 for vlan1000:172.24.24.70/53415 (172.24.24.70/53415) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
  :00:00 bytes 788 TCP FINs
  Sep 19 2010 16:46:23 : %ACE-6-302022: Built TCP connection 0x3a467 for vlan1000:172.24.24.70/53422 (172.24.24.70/53422) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:46:23 : %ACE-6-302022: Built TCP connection 0x3a469 for vlan1000:172.24.24.70/53423 (172.24.24.70/53423) to vlan1000:128.9.31.70/49 (128.9.31.70/49)
  Sep 19 2010 16:46:23 : %ACE-6-302023: Teardown TCP connection 0x3a467 for vlan1000:172.24.24.70/53422 (172.24.24.70/53422) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
  :00:00 bytes 661 TCP FINs
  Sep 19 2010 16:46:23 : %ACE-6-302023: Teardown TCP connection 0x3a469 for vlan1000:172.24.24.70/53423 (172.24.24.70/53423) to vlan1000:128.9.31.70/49 (128.9.31.70/49) duration 0
  :00:00 bytes 712 TCP FINs
  Regards
  MS.

  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/aaa.html#wp1411787
  To configure the TACACS+ role and domain settings on Cisco Secure ACS,  perform the following steps:
  Step 1 Go to the Interface Configuration section of the  Cisco Secure ACS HTML interface and access the TACACS+ (Cisco IOS) page.  Perform the following actions:
  a. Under the TACACS+ Services  section of the page, the User column or the Group column depending on  your configuration, check the Shell (exec) check  box.
  b. Under the Advanced Configuration  Options section of the page, check the Display a  window for each service selected in which you can enter customized  TACACS+ attributes check box.
  c. Click Submit.
  Step 2 Go to the Advanced Options page of the Interface  Configuration section of the Cisco Secure ACS HTML interface. Perform  the following actions:
  a. Check the Per-user  TACACS+/RADIUS Attributes check box.
  b. Click Submit.
  Step 3 Go to the User Setup section of the Cisco Secure  ACS HTML interface and double-click the name of an existing user that  you want to define a user profile attribute for virtualization. The User  Setup page appears.
  Step 4 Under the TACACS+ Settings section of the page,  configure the following settings:
  •Check the Shell (exec) check box.
  •Check the Custom  attributes check box.
  •In the text box under the Custom  attributes, enter the user role and associated domain for a specific  context in the following format:
  shell:= ...
  For example, to assign the selected user to the C1 context with the role  ROLE1 and the domain DOMAIN1, enter shell:C1=ROLE1  DOMAIN1.
  You can also substitute an asterisk (*) for the equals sign (=) as  follows:
  shell:* ...
  Use the above shell string if you are also using Cisco IOS command  authorization.
  Step 5 Under the Checking This option Will PERMIT all  UNKNOWN Services section of the page, check the Default  (Undefined) Services check box to permit unknown services.
  Step 6 Click Submit when you finish  configuring the TACACS+ role and domain settings.
  For example, if USER1 is assigned the role ADMIN and the domain  MYDOMAIN1 (where shell:Admin=ADMIN MYDOMAIN1), then one of the following  can occur:
  •If USER1 logs in through the Admin  context, that user is automatically assigned the Admin role and the  MyDomain1 domain.
  •If USER1 logs in through a different  context, that user is automatically assigned the default role  (Network-Monitor) and the default domain (default-domain). In this case,  the user profile attribute is not obtained from the TACACS+ server  during authentication.
  Gilles.

• ACS 5.3, ASA using TACACS+ forces to PAP?

  As the title says I'm trying to have an ASA (8.2.3) auth against an ACS 5.3 using TACACS+.  It only works if I have PAP enabled on the ACS.  Obviously this concerns me.  I've found the following reference in the configuration guides:
  TACACS+ Server Support
  The ASA supports TACACS+ authentication with ASCII, PAP, CHAP, and MS-CHAPv1.
  I can't figure out how to make the ASA use MS-CHAPv1 though.  Seems like it should be pretty simple.
  Incidentally I was having the same problem with VPN auth's using RADIUS but I was able to fix that by enabling the password management option which is only available in CHAPv2.  Seems that option isn't available under TACACS+.
  Any suggestions?

  As far as I am aware the asa will only use PAP to authenticate console exec logins. I wish it used chap-v2.
  Sent from Cisco Technical Support iPhone App

• Reg: How to Stop Polling of JDBC Adapter without Scheduling the adapter

  Dear Gurus,
  Here I am having one requirement. My clients wants to send data from JDBC adapter (ORcale System table) to R3 system via RFC.
  His Requirement::
  1. He is not telling the time of data flow from Oracle server so that based on that we can schedule the adapter in the Communication Channel monitoring (Availablitiy Time Planning) or Else we can Schedule by deciding the setting of the polling interval time.
  2. He is telling that When ever he waants to send the data he will place one dummy file in the File Adapter FTP location so that it will became an Indication for u to poll the jdbc adapter and to transfer the data to R3.
  3. Untill he keeps the file or gives indication he doesn;t want to communicate with Oracle server due to some security and it s a most important data base he doesn't want to disturb that Oracle Server as so many business are running  on that.....
  We Proposed::
  1. Atleast you need to tell the scheduling time or poll interval time so that we can schedule our adapter.
  but he s not accepting for this
  2. Atleast U need to give access for Data base to enter one more extra field like STATUS CODE so that we will add one number and we keep on Update in the Update table and based on that Update table statement it will poll.
  but he s not even accepting for this
  3. Finally we prposed that to create another table in the Oracle SYstem as Dulplicate Table which is similar to Standard Orginal table when ever he wants to pick the data please keep that data in this Duplicate TABle so that JDBC adapter will pick the data from thsi TABLE instead of picking the data from that standard table so that it will not effect any standard table data in the table.
  but he s not even accepting for this
  We have done some R & D:::
  1. WE approached even through BPM and via switch conditions is one scenario
     FILE RECEIVE >SWITCH CONDITION> RECEIVE AND SEND or else EXIT
  2. Using correlation in anotehr scenario means correlating File adapter and JDBC and based on one dynamica value it will goes to SEND STEP ( RECE IVE --> RECEIVE --> SEND STEPS )
  Even though we know this...concept that...we jsut tried::
  In BPM we can control the flow in XI 3.0 but we cannot Stop the Polling of JDBC adapter at backend because one the data comes from FILE adapter it will keep on HOLD untill it receives the JDBC from Oracle then based on the condition or Correlation it will goes futher SEND step means after that file adapter is picking file or not ...what ever it may be JDBC will polls at backend and brings that data to BPM"
  Hence sugest me How to Stop Polling of JDBC Adapter without Scheduling the adapter or else using STATUS CODE Update statements in JDBC Tables 
  Regards:
  Amar Srinivas Eli

  Hi! All,
  Finally I decided to do the scenario in two steps:
  1: FILE REQ --> JDBC REQ -->JDBC RES --> FILE RECV
  2: FILE RECV --> RFC
  But I am getting issue while doing first scenario
  Desgn :
  I have created 2 Synchronous interfaces :
  1) FILE 2 JDBC REQ
  In this a) out put message is FILE  Req
            b) Input msage:; FILE RES
  2} JDBC2FILE RECV
          a) Output mesage;; JDBC REQ
          b) Input Msge :: JDBC Response
  Mappings:
  1) File REQ-->JDBC REQ
  2) JDBC RES-->FILE RES
  Interface mappings:
  1: FILE 2 JDBC REQ--> JDBC 2 FLE RECV
  CONFIGURATION ::
  1: One Seder File CC
  2: Two reciever CC's one is for JDBC RECEIVER and other s FILE RECEIVER
  3; One Sender Agreement
  4: 2 Recver agreements
  5: One Interface Determination and
  6: One RECCV Determination
  My Question;;
  1. First let confirm whether my development steps are right or not ?
  2: Another thing s I am not sure reg Configuration Steps means
  whetehr one interface determination and one Receiver Determinations are required or not as these are synchronous Interfaces
  3: main Issue is::::
  If my scenario s FILE2RFC2FILE then I will get RFC response automatically but here issue is this is JDBC
  My reqquirement is By sending one Field from fILE to JDBC REQ it needs to send entire TAbLE records as a Response to file as XML
  without having Sender JDBC how can I send the JDBC Res to FILE and If that is the case then again JDBC adapter is polling which is contradict to the client requuirement which i explained above.
  pleas suggest me the Detailed steps mainly Colloboration agreements and logical routings and
  also explain in detail if i can  go for BPM
  Also give cleear blogs but before giving make sure that it contains detailed screen shots because aIready gone thorugh
  Scenario File-JDBC-RFC
  File<-->JDBC Sync coomunication.
  https://www.sdn.sap.com/irj/scn/wiki?path=/display/xi/file-rfc-file(Without+BPM)
  /people/luis.melgar/blog/2008/05/13/synchronous-soap-to-jdbc--end-to-end-walkthrough
  Regards::
  Amar Srinivas Eli

• Loss of TACACS key after harddisk failure

  Our WAE/WAVEs in the field are configured for TACACS Autherntication. During harddisk failures we could not access the devices. The ACS logs a invalid TACACS secret. In running-config the "tacacs key ****" statement is missing.  The statement still could be found in the startup-config.
  Is the "tacacs key" statement dependent on the harddisk?

  Hello,
  The internal WAAS TACACS setup causes a vicious circle. Authentication is required to access a devices for troubleshooting. But Authentications fails with a strict TACACS policy. In the meanwhile we find out the we can access the WAVE/WAE  when  authentication failover is disabled. With this change the WAE switches to the backup authentication method even when the password is wrong. This workaround allows access during disk failure situations. The workaround is in conflict with a our security policy and we now are checking via TAC if the WAE behavior is a feature or a bug.
  Kind regards Peter

• Prime Infrastructure 2.x tacacs+ with radiator

  Trying to setup Prime Infrastructure 2.x (2.2) to use Tacacs+.  The Tacacs service is running on a Linux server running Radiator(4.12).  With Radius and Radiator all we needed to do is define the user group and all the tasks associated with that group were inherited.  
  When configuring the TACACs configuration files have tried various permutations of adding the cisco-avpair(cisco-av-pair) reply attrs on authentication and/or authorization. When defining the group or using the individual tasks I get the following error message:
  "no authorization information found for remote authenttication user. please check the correctness of the associated task(s) and Virtual Domain(s) in the remote server"
  <ServerTACACSPLUS>
      Key SECRET
      Port 49
      GroupMemberAttr OSC-Authorize-Group
      # General Authorization rule format:
     AuthorizeGroup core-group permit protocol=HTTP service=NCS {cisco-av-pair="virtual-domain0=ROOT-DOMAIN" cisco-av-pair="role0=Super Users" }
  </ServerTACACSPLUS>

  It's not yet supported. Cisco doesn't generally publish roadmaps publicly for future support. The best you can do via public sources is to continue to watch the Supported Devices lists for updates.
  As of right now, here is a list of the current data center switches supported (in PI 2.1):
  Cisco Nexus 6004 Switch
  Cisco Nexus 5596T Switch
  Cisco Nexus 5010 Switch
  Cisco Nexus 5020 Switch
  Cisco Nexus 5020T Switch
  Cisco Nexus 7000 10-Slot Switch
  Cisco Nexus 7000 18-Slot Switch
  Cisco Nexus 1000V Series Switches
  Cisco Nexus 1010 Virtual Services Appliance
  Cisco Nexus 4001I Switch Module for IBM BladeCenter
  Cisco Nexus 4005I Switch Module for IBM BladeCenter
  Cisco Nexus 5548P Switch
  Cisco Nexus 5548UP Switch
  Cisco Nexus 5596UP Switch
  Cisco Nexus 3064 Switch
  Cisco Nexus 3048 Switch
  Cisco Nexus 3016 Switch
  Cisco Nexus 7000 9-Slot Switch
  Cisco Nexus 9500 Switch
  Cisco Nexus 3548 Switch