SARBANES_OXLEY_TEXT and Local Login Mask

Similar Messages

• Disabled my Win2003 DC Network adapter by fault and cannot login locally to enable it again

  Disabled my Win2003 DC Network adapter by fault and cannot login locally to enable it back again

  Hi,
  Agree with Darshana. For the detailed procedure, please refer to the link below:
  https://technet.microsoft.com/en-us/library/cc776568(v=ws.10).aspx
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Screen Sharing and Remote Login suddenly stopped working

  I have had Screen Sharing and Remote Login turned on on my iMac for several weeks and they have been working fine up until now. I have been accessing the computer via VNC programs and command-line ssh logins from other computers on the same local network. When I tried to connect today, i was given the following error message.
  ssh: connect to host xxx.xxx.xxx.xxx port 22: No route to host
  I have all of the required settings turned on in System preferences and there are no firewalls or router settings blocking it. I connected the two computers together via ethernet cable and the error message still occurred.
  I can ssh from the machine to 127.0.0.1, so the ssh server is running. I can ssh to other locations from the laptop i am attempting to connect with, so that's not the problem either. I just spent an hour on the phone with the apple tech support line and they couldn't figure anything out either. Can anybody figure something out?

  have you tried the obvious - restarting the computers involved and the router?

• LDAP vs local login for remote access

  Hi Team,
  I am evaluating the best means for single factor authentication for remote access (client to site or SSL VPN). The options I see are creating local usernames and password or integration with Active Directory via LDAP. What are the pros and cons of these solutions.
  I feel local logins are more secure comparitavely because the user first login using local login and password and then has to use the domain credentials for accessing corporate resources. Of course, this comes at an admistrator overload and local management of user names and passwords. Do you have any opinion on this? Any acknowledgement will be highly appreciated.

  Hello Manoj,
  IMO, I would never consider the LOCAL DB as an option for a corporate deployment. It does not scale and it is not easy to manage.
  Local DB is used in case you need to manage a number of 15 users for instance, so in this case it is managable, but when it comes to a higher number it is not an option.
  Active Directory is a better solution since it is meant to handle hundred of users and allows password-management for instance. Also you can have many ASA devices, performing DB bindings and queries to check the users credentials to the AD servers, so you don't need to deal with tons of user accounts on each ASA, for instance.
  If you are looking for a more secure way to authenticate your users you can consider two-factor authentication using certificates for instance:
  AnyConnect Certificate Based Authentication.
  Why to use AD:
  Pros
  Scalable.
  Easy to manage.
  Allows password-management.
  Cons:
  Expensive (not open AD solution).
  HTH.
  Please rate helpful posts.

• Best Practice in maintaining multiple apps and user logins

  Hi,
  My company is just starting to use APEX, and none of us (the developers) have worked on this before either. It is greatly appreciated if we can get some help here.
  We have developed quite a few applications in the same workspace. Now, we are going to setup UAT and PRD environments and also trying to understand what the best practice is to maintain multiple apps and user logins.
  Many of you have already worked on APEX environment for sometime, can you please provide some input?
  Should we create multiple apps(projects) for one department or should we create one app for one department?
  Currently we have created multiple apps for one department, but, we are not sure if a user can login once and be able to access to all the authenticated apps.
  Thank you,
  LC

  LC,
  I am not sure how much of this applies to your situation - but I will share what I have done.
  I built a single 700+ page application for my department - other areas create separate smaller applications.
  The approach I chose is flexible enough to accomdate both.
  I built a separate access control application(Control) in its own schema.
  We use database authenication fo this app - an oracle account is required.
  We prefer to use LDAP for authentication for the user applications.
  For users that LDAP is not option - an encrypted password is stored - reset via email.
  We use position based security - priviliges are based on job functions.
  We have applications, appilcations have roles , roles have access to components(tabs,buttons,unmasked card numbers,etc.)
  We have positions that are granted application roles - they inherit access to the role components.
  Users have a name, a login, a position, and a site.
  We have users on both the East Coast and the West Coast, we use the site in a sys_context
  and views to emulate VPD. We also use the role components,sys_contexts and views to mask/unmask
  card numbers without rewriting the dependent objects(querys,reports,views,etc.)
  The position based security has worked well, when someone moves,
  we change the position they are assigned to and they immediately have the privileges they need.
  If you are interested I can rpovide more detail.
  Bill

• Server Intermittently refuses to display local login window - screen saver

  Occasionally the local login window refuses to appear after the screen saver has been activated on my 10.5.8 Server, resulting in my inability to access the interface at all afterwards. Other symptoms of the problem are that remote logins (ssh) are also no longer possible because passwords aren't accepted for any user. The password prompt is simply displayed repeatedly in the remote user's terminal until the tries are used up, and this happens whether or not the password was entered correctly. In other words remote login is no longer possible because no password is accepted. Because of this, the computer must be forcibly restarted to achieve recovery, which has to be done locally, of course, by either holding in the power button or disconnecting power to the computer. The log entries that seem to coincide with the occurrence of the problem appear to refer to a screen saver crash. The next workaround solution I intend to try is to prevent screen saver activation altogether. What are possible causes for this? Thanks.

  Removing the following two files and reinstalling the latest server combo update were recommended by the article to which you referred.
  ~/Library/Preferences/com.apple.desktop.plist
  ~/Library/Preferences/com.apple.preference.desktopscreeneffect.plist
  I performed those steps and am still observing in order to establish whether or not they have provided a complete remedy. I haven't observed any occurrences of the problem since performing these steps, but the problem is quite intermittent, and the server remains configured to restart once every 24 hours. My next step is to remove the scheduled restart configuration so that the server runs continually. If the problem hasn't returned at all after a few weeks of continuous operation, then I'll consider the question answered. Thanks!

• Failover to local login when TACACS is reachable but not authenticating

  Hello, I'm confident I already know the answer to this question but I want to be sure.
  I am moving a large number of Cisco devices to a new TACACS server, is there anything that can be done to allow local login if the new TACACS server is reachable but not authenticating for some reason? For example if the Cisco source IP is not built correctly into the server or the key is not configured properly on the device; in these situations the server is reachable but will not provide authentication.
  I already have AAA authentication set similar to the following:
  Router1(config)#aaa authentication login default group tacacs+ line
  This will allow me to use line authentication if the tacacs server is not reachable but not if the server is reachable and not authenticating properly.
  Any ideas on how/if I can failover to local login for the example situation I provided above?

  Looks like NX-OS will not allow me to do this.
  Nexus001(config)# aaa authentication login default local group TACACS
                                                                    ^
  % Invalid command at '^' marker.
  Nexus001(config)# aaa authentication login default local ?
    <CR> 
  Nexus001(config)# aaa authentication login ?
    ascii-authentication  Enable ascii authentication
    chap                  CHAP authentication for login
    console               Configure console methods
    default               Configure default methods
    error-enable          Enable display of error message on login failures
    mschap                MSCHAP authentication for login
    mschapv2              MSCHAP V2 authentication for login
  Nexus001(config)# aaa authentication login default ?
    fallback  Configure fallback behavior
    group     Specify server groups
    local     Use local username authentication
    none      No authentication
  Nexus001(config)# aaa authentication login default local ?
    <CR> 

• VPN server claims I have multiple local logins

  I have successfully been logging in from my home Linux box to the company VPN using AnyConnect with DuoPush for about a month. As of last night I can no longer log in. The AnyConnect client says somethng like, "AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer.  A VPN connection will not be established."
  I am the only one on this Linux system. I have rebooted. I have forcibly rotated wtmp and utmp logfiles in case AnyConnect was confused by my not logging out when the system had to be shut down in a hurry due to A/C failure. The "last" command shows only me logged in. The "who" command shows me at the console, and on various ptys connected to xterms; I even killed the xterms at one point just to be sure that wasn't confusing it (this should be unnecessary but I was trying everything I could thnik of).
  What is AnyConnect looking at that convinces it there are multiple local logins?
  Thanks.

  Hi,
  You cannot use Windows Server Backup to back up file and folders on volumes that require more than 2040 GB (or 2 TB). However, as long as the data size is less than 2 TB, you can perform a file or folder backup.
  If you configure windows server backup to backup this 4TB volume to 8TB every 1 hour for period of 12 hours every day, you will get 12 versions shadow copies. You can now use a single backup to back up both the system state and other data on your server. These
  system state backups are now faster and require less space for multiple versions because they use shadow copies for versioning, similar to volume based backups, and not individual folders for each version.
  Windows Server Backup does not require user intervention to periodically delete older backups to free up disk space for newer backups—older backups are deleted automatically.
  For more detailed information, please refer to the article below:
  Windows Server Backup Overview
  http://technet.microsoft.com/en-us/library/cc772523.aspx
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Nexus 7000 aaa and local authentication

  Hello,
  I tried to configure aaa (with radius) and local user authentication on a Nexus 7004 (Version 6.2(6a)), but did not get it to work.
  Radius authentication is working fine(!), but I can't Login with a local created user (role vdc-Operator).
  Any help is highly appreciated.
  Kind regards,
  Andreas

  Hi,
  yes, I know that the fallback will jump in when no radius-Server responds, but I need the behaviour like the 6500'er (or 4500) act.(btw. local login works if radius is disabled, or local is the default, but if local is the default, radius Login no longer works) - Only one of the method at a time works.
  On the 6500 I configured aaa with Windows NPS-Server and a local user (e.g. for the Cisco-LMS). This works fine. Even if the radius server is available, i can log into the device (via ssh) with the locally defined user-account.
  What I miss is a kind of the command:
  "aaa authentication login default local group radius"
  "aaa authentication enable default enable"
  (which works on the WS-C6509 or  WS-C4500X).
  Is there any chance to get this work on the Nexus7000?
  Kind regards,
  Andreas

• Howto automatically call Novell-Client Login-Mask

  Hi,
  we have a few cases in which users first have to login to windows and then use the "N" symbol to connect to edir to get their drives.
  Now we would like to configure the Novell Client SP3 IR8 in a way that the login mask appears automatically after the desktop appears.
  Is there any way?
  thx,
  hugo

  Originally Posted by susehoush
  Hi,
  we have a few cases in which users first have to login to windows and then use the "N" symbol to connect to edir to get their drives.
  Now we would like to configure the Novell Client SP3 IR8 in a way that the login mask appears automatically after the desktop appears.
  Is there any way?
  thx,
  hugo
  Have not tried but it looks like calling loginw32.exe would bring up the box?
  https://www.novell.com/support/kb/doc.php?id=3718002
  Thomas

• Participant.create ignores timezone and locale

  Hi,
  I create participants in an automatic activity by using:
  Java.Util.Locale locale=new Java.Util.Locale("en");          
  Java.Util.TimeZone timeZone = TimeZone.getTimeZone(arg1 : "Europe/Zurich");
  humanParticipant = DirHumanParticipant.create(...);
  humanParticipant.changeLocale(locale : locale);
  humanParticipant.changeTimezone(timezone : timeZone);
  After the creation in the database everything seems to be correct, but if the user logs in for the first time, the language of the workspace is German and if the user goes to the setting the timezone is something in Africa ... If the user then corrects the entries in the settings dialog and saves it, everything works perfect. The user gets the workspace in englisch and the timezone is correct (also after a logout and login). But in the database it seems to me nothing has changed.
  Does anyone knows, why the locale and timezone is ignored in this case?
  Many thanks for your help.
  Kind regards
  Matthias

  Hi Matthias,
  Oracle Support might disagree, but I think it's a bug. Telling you what you already know, but it will always give new Participants the default timezone and language even if you run the changeTimezone( ) and changeLocale( ) methods in logic like this:
  locale as Java.Util.Locale
  locale = Java.Util.Locale(arg1 : "fr", "")
  timeZone as Java.Util.TimeZone = TimeZone.getTimeZone(arg1 : "PST");
  timeZone.id = "PST"
  humanParticipant.changeLocale(locale : locale);
  changeTimezone humanParticipant
      using timezone = timeZone
  update humanParticipant
  humanParticipant = DirHumanParticipant.fetch(session : directorySession, id : name)As shown here, I'm trying to update the participant's timezone and locale using logic. If you happened to check the Directory Service Database, you'd see that the row for the participant was inserted correctly with the right values in the FUEGO_PARTICIPANT table's FUEGO_LOCALE and FUEGO_TIMEZONE ("fr" and "PST") respectively.
  As you already discovered, Oracle BPM ignores this and forces these values back to the Engine's default timezone and language when the participant logs in for the first time. Guessing there is a flag set somewhere that indicates that the end user has never logged in.
  Sorry,
  Dan

• Using local login while RADIUS is running

  Hello,
  I would like to configure our switches to use the local login while RADIUS is working. Currently the switch just looks to the server to authenticate, so the local account will not work unless RADIUS is down. Here is our current config:
  username networkteam privilege 15 password 7 0337572B035E95412B211F50
  aaa new-model
  aaa authentication login default local
  aaa authentication login NetworkAuth group radius local
  aaa authorization exec NetworkAuth group radius local
  aaa session-id common
  line vty 0 4
  exec-timeout 30 0
  privilege level 15
  authorization exec NetworkAuth
  logging synchronous
  login authentication NetworkAuth
  transport input ssh
  line vty 5 15
  transport input none

  Hi,
  lemme make it simple.
  The following is your configuration :
  aaa new-model
  aaa authentication login default local
  aaa  authentication login NetworkAuth group radius local
  aaa authorization  exec NetworkAuth group radius local
  aaa session-id common
  line vty 0 4
  authorization exec  NetworkAuth
  login authentication NetworkAuth
  transport input ssh
  line vty 5 15
  transport input none
  This means that When you try login to the switch, the first 5 sessions will head for authentication to radius server because of the following configuration:
  aaa  authentication login NetworkAuth group radius local
  aaa authorization  exec NetworkAuth group radius local
  line vty 0 4
  authorization exec  NetworkAuth
  login authentication NetworkAuth
  But when you have a 5th Session for the switch the authentication will happen locally because of the following configuration:
  aaa authentication login default local
  The default method list gets applied to the line vty, console and auxillary if no specific method is mentioned.
  hence you can use local authenticatin for the session after 5.
  Hope this helps.
  Regards,
  Anisha
  P.S.: please mark this post as answered if you feel your query is resolved. Do rate helpful posts.

• Tacacs Fallback and console login

  Hello,
  I am trying to create a tacacs config that will make sure that when you log onto the console you do not get tacacs and that we are on line login and local enable. If connectivity to the tacacs server is lost, the login for telnet defaults to the line password and uses the local enable password.
  My config:
  aaa authentication login default group tacacs+ line
  aaa authentication login CONSOLE line
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec default group tacacs+ if-authenticated
  aaa authorization exec CONSOLE none
  aaa authorization commands 1 default if-authenticated
  aaa authorization commands 15 default if-authenticated
  aaa authorization commands 1 CONSOLE none
  aaa authorization commands 15 CONSOLE none
  aaa accounting exec default start-stop group tacacs+
  aaa accounting commands 1 default start-stop group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+
  aaa accounting connection default start-stop group tacacs+
  aaa accounting system default start-stop group tacacs+
  line con 0
  password xxxxx
  authorization exec CONSOLE
  login authentication CONSOLE
  end
  Thanks
  msteinhoff

  This is exactly what you need:
  aaa authentication login notac none
  aaa authentication login VTY group tacacs+ local
  aaa authentication enable default group tacacs+ enable
  aaa authorization console
  aaa authorization config-commands
  aaa authorization exec default group tacacs+ group tacacs+
  aaa authorization exec notac none
  aaa authorization exec VTY group tacacs+ if-authenticated none
  aaa authorization commands 0 VTY group tacacs+ if-authenticated none
  aaa authorization commands 1 VTY group tacacs+ if-authenticated none
  aaa authorization commands 15 VTY group tacacs+ if-authenticated none
  aaa authorization network VTY group tacacs+ if-authenticated none
  aaa accounting exec TAC start-stop group tacacs+
  aaa accounting exec VTY start-stop group tacacs+
  aaa accounting commands 0 TAC start-stop group tacacs+
  aaa accounting commands 0 VTY start-stop group tacacs+
  aaa accounting commands 1 TAC start-stop group tacacs+
  aaa accounting commands 1 VTY start-stop group tacacs+
  aaa accounting commands 10 TAC start-stop group tacacs+
  aaa accounting commands 15 TAC start-stop group tacacs+
  aaa accounting commands 15 VTY start-stop group tacacs+
  aaa accounting network VTY start-stop group tacacs+
  aaa accounting connection TAC start-stop group tacacs+
  line con 0
  exec-timeout 0 0
  authorization exec notac
  accounting commands 0 VTY
  accounting commands 1 VTY
  accounting commands 15 VTY
  accounting exec VTY
  logging synchronous
  login authentication notac
  line vty 0 15
  exec-timeout 0 0
  authorization commands 0 VTY
  authorization commands 1 VTY
  authorization commands 15 VTY
  authorization exec VTY
  accounting commands 0 VTY
  accounting commands 1 VTY
  accounting commands 15 VTY
  accounting exec VTY
  login authentication VTY
  transport input ssh
  This will give very fine control on what user(s) can and can not do. I use this configuration with Freeware TACACS and it
  works wonder for me.
  Good luck.
  David
  CCIE Security

• Difference between AD domain user and local user

  Hello, I think the title is self explanatory. I am trying to figure out difference between AD domain user and local user. SAP Help wasnt very helpful.
  Thanks.

  Hi,
  It's about where the user accounts are kept. Domain users are users that are entered into the domain users group on a domain controller. These domain users can be centrally managed at the server. Whereas the local users are the users created in the local system.
  In BPC, you can select users from either of them or in combination as well. However, If you want to make change in the local user credentials, you need to login to the system in which the user has been created and make the changes there. On the other hand, changes to domain users can be made from any domain connected machine with the right software and the necessary rights. The changes only need to be made once.
  Hope this helps.

• Can't establish local login/authorization on 6500's

  I have a need to allow a small group of users temporary level-15 access to several 6500
  switches (running 12.2-33 SXJ2 code), but do not want to provide them with the enable secret password which is used on the
  rest of the network (over 1200 devices).  I tried to eliminate AAA using the "no aaa new-model" command, but was told I could not remove aaa while there were active sessions, and "login local" no longer appeared as an option for vty lines.  So, I created a local user database called "support" which I used to replace the "group" entry in the authentication and authorization sections of our AAA config and for login on vty 0 4.
  [The username is given a privilege level of 15 along with an individual password for authentication.  (ex. username jsmith privilege 15 password 0 xxxxx)]
  I modified our AAA configuration to support local login, but was unable to establish "enable mode" (i.e. # prompt) with any account.  I
  can login locally, but only to a normal "user mode" (i.e. > prompt).
  Here is the current, unmodified and sanitized config for our AAA and line vty 0 4 sections.  Please tell me what needs
  to stay and what needs to go.  Thank you!
  P.S.:  for security reasons, we want to track individual activity, so need the accounting portion of aaa to stay.
  aaa new-model
  aaa group server tacacs+ XXXXXX
  server xxx.xxx.xxx.xxx
  server xxx.xxx.xxx.xxx
  aaa authentication login default group XXXXXX enable
  aaa authentication enable default enable
  aaa authorization exec default group XXXXXX none
  aaa authorization commands 15 default if-authenticated
  aaa authorization network default group XXXXXX none
  aaa authorization network MLPPP-PPP none
  aaa authorization network MLPPP none
  aaa accounting exec default start-stop group XXXXXX
  aaa accounting commands 15 default start-stop group XXXXXX
  aaa accounting network default start-stop group XXXXXX
  aaa accounting connection default start-stop group XXXXXX
  aaa accounting system default start-stop group XXXXXX
  line vty 0 4
  access-class 75 in
  exec-timeout 15 0
  privilege level 0
  password 7 xxxxxxxxxxxxxxxxxxx
  transport input ssh

  I will probably need more info before I can provide more help but from I am seeing in the snip-it, you have aaa configured and your AAA server is a TACACS+ server. If that is the case you should keep in mind the following:
  1. If the authentication/authorization commands are referencing the TACACS+ group then you will need to add "local" at the end of the command. This will allow local accounts to be used when the AAA server is down/unreachable
  2. Keep in mind that the local users will ONLY be used when the AAA server is down/unreachable. You cannot have a mixture of both
  Side question, since you have a TACACS+ server, why don't you just create temporary accounts directly on the TACACS+ server vs local accounts? You can get very granular that way and only permit certain commands on certain devices, during certain time of the day, etc...
  Hope this helps and thank you for rating!