TACACS AUTH with SSR on SRW

Similar Messages

• Using TACACS+ auth from ACS 5.1.0.44 to ACE. Having Issues with Shell (Exec)

  Using TACACS+ auth from ACS 5.1.0.44 to ACE. Having Issues with Shell (Exec)
  So I am trying to get TACACS+ auth to work for my ACE.
  The command string that I have on the ACE is as follows:
  tacacs-server host 172.16.101.4 key 7 XXXYYYZZZ timeout 15
  aaa group server tacacs+ tacacs+
    server 172.16.101.4
  aaa authentication login default group tacacs+ local
  aaa authentication login console local
  aaa accounting default group tacacs+ local
  But to finish getting this enabled I need to create some sort of shell (exec) string in the ACS that tells the ACE what permission level to allocate.
  I do not know how to do this on the ACS 5.1.0.44.
  Anyone know?
  TAC made a good suggestion but the command path doesn't seem to line up with my version of ACS.
  Thanks for your reply. About this question:
  shell:<Context>*<Role> <Domain>
  What I meant is that you need to check the following couple of things on
  your ACS server in order to have AAA Tacacs users to login into the
  ACE over the context with superuser ritghts.
  Group setup ‑> users ‑> TACACS + Settings ‑> enable Shell(exec)
  ‑> enable Custom attributes ‑> right below this part you need to
  use the following sintax to link the ACE context that this user
  has access to.
  For example:
  shell:<Context>*<Role> <Domain>
  shell:Admin*Admin default‑domain
  Where this user will have access to the Admin context with the role
  admin using the 'default‑domain'

  Wilfred,
  What you will have to do on your version of ACS is modify the shell profile that your admins are hitting for other IOS devices or you can create another shell profile under Policy Elements -> Device Administration ->
  Once you get into this shell profile select the Custom Attributes tab and put in the following fields close to the bottom of the screen, from the example you provided type shell:Admin for the attribute field and then default-domain for the value field, and make sure you select this requirement as optional, if you select mandatory and other IOS devices use this same shell profile you will force this av pair to these devices also which will impact the priv levels that then need for authentication.
  After you add this attribute, save your changes and then test, also make sure that your Aceess Policy is calling this shell profile under the authorization profile for default device admin.
  Thanks,
  Tarik Admani

• Windows Integrated Security with SSRS, Sharepoint 2013 and SSAS over http

  I have the following setup and problem:
  Sharepoint 2013 with SSRS in Sharepoint integrated mode
  SSAS 2012 SP1 with http access (IIS + msmdpump) enabled on the same box as SSAS
  Every component I have tried works fine with this (PerformancePoint, .bism connections, SSIS packages etc.), connecting over http using Kerberos and windows integrated authentication.
  SSRS (.rsds) connections in Sharepoint fail a connection test when using the same http connection string + Windows integrated authentication which works for everything else. The error is: "Unsupported data format: -> Microsoft.ReportingServices.DataExtensions.AdomdTestConnectionException:
  Unsupported data format:"
  SQL server profiler shows that the windows username is reaching the SSAS server is all cases.
  Kerberos delegation is set up for SSAS and is working.
  Switching the .rsds connection to saved credentials (same user as I tried with Windows integrated auth) works fine and SQL server profile logs look the same as the Windows integrated case.
  So, everything seems to work with Kerberos + http apart from SSRS ... any idea welcome. I did read that SSPI is not supported for http connections but then again, there are sites which give examples of exactly such connection strings. I can't find any
  mention of this case or exact problem anywhere ...

  For information, this was fixed by applying the .NET 4.5.1 patch as advised by MS support. Now http connections from integrated mode SSRS work ok.

• Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

  I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
  When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
  to use to log in   and after 3-5 second
   and return me the logon page with error message “Authentication failed” 
  I base my setup on the technet article
  http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
  I validated than all my certificate are valid and able to retrieve the crl
  I got in eventlog id 300
  The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
  Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
  Additional Data
  Exception details:
  Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
  ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
  correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  --- End of inner exception stack trace ---
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
  serializationContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
  trustNamespace, AsyncCallback callback, Object state)
  System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
  failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  thx
  Stef71

  This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
  on my case was :
  PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ad0001.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
  Certificate                 : [Subject]
                                  CN=domain.AD0001CA, DC=domain, DC=com
                                [Issuer]
                                  CN=domain.AD0001CA, DC=portal, DC=com
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  22/07/2014 11:32:05
                                [Not After]
                                  22/07/2024 11:42:00
                                [Thumbprint]
                                  blablabla
  Name                        : domain.ad0001
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : domain.ad0001
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17164
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ADFS_Signing.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
  Certificate                 : [Subject]
                                  CN=ADFS Signing - adfs.domain
                                [Issuer]
                                  CN=ADFS Signing - adfs.domain
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  23/07/2014 07:14:03
                                [Not After]
                                  23/07/2015 07:14:03
                                [Thumbprint]
                                  blablabla
  Name                        : Token Signing Cert
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : Token Signing Cert
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17184
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.PORTAL>

• Performance with SSRS on Sharepoint

  Hi,
  Environment: Sharepoint 2010, SSRS deployed in Share Point integrated mode.
  Problem: Performance of page load with ssrs reports
  I have a Share Point page which displays 10 SSRS report, SSRS reports only contains 1 graph each. SSRS graph are displayed on sharepoint using a custom Web part. Report url is passed to webpart and it renders the report. Sharepoint page act as an dashboard.
  Data points:
  Sharepoint page takes 1 sec to load without any SSRS report on it. So I guess everything is fine from SharePoint configuration perspective
  With 1 report on page, load time is 6sec
  With 2 reports on page, load time is 8 sec
  With 3 reports on page, load time is 12 sec
  With all 10 reports, load time is 22 sec
  SSRS reports are very small and none of the proc used inside them takes more than 2 sec to pull data. Though reports take ,
   5-6 sec when opened from report library.
  I have checked all my system parameter CPU,Memory, network, all are fine.
  I have tried to load custom webparts asynchronously  using
  AsyncRendering="True",
  the page header loads in 1 sec but report loading happens sequencely(one after one) and still take 22 sec to complete page load. During 22 sec loaded reports are visible in grey and become active after complete page load.
  What steps can be taken to improve page load time.
  TIA
  Rahul Kumar, MCTS, India, http://sqlserversolutions.blogspot.com/

  Hi,
  In SharePoint Server 2010, there are certain limits that are by design and cannot be exceeded, including page.
  You can take a look at the documentation below about
  SharePoint Server 2010 capacity management: Software boundaries and limits:
  http://technet.microsoft.com/en-us/library/cc262787(v=office.14).aspx#Page
  As your test result suggests, when there are many reports display in one page, the performance would be affected significantly.
  A workaround is that we can optimize the report processing to shorten the time of page loading.
  The documentation below will provide some
  Design Tips for Optimizing Report Processing:
  http://technet.microsoft.com/en-us/library/bb522806(v=sql.105).aspx#Tips
  Another suggestion is that you can try to split the reports into different pages based on the real business need and perform page redirection for a better performance.
  Thanks
  Patrick Liang
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Patrick Liang
  TechNet Community Support

• Issue with SSRS Expression

  Hi all, 
  I am facing some issue with ssrs expression. 
  I used below expression to show sum of budget. 
  =Sum(  CDbl(Fields!Budget.Value))
  When I preview the report it shows #Error in that textbox. 
  Please help me to fix this one , I am not getting where its breaking.. 
  Thanks
  Rohit

  Hi Rohit,
  According to your description, you want to sum the [EstimatedCostField] with an expression.
  In your scenario, since the [EstimatedCostField] is budget which you want to perform sum calculation, you should specify the sum expression like below:
  =Sum(CDbl(Fields!EstimatedCostField.Value))
  If issue persists, please run the report in the BIDS then check the warning message in output to see the detail information about the #Error. Besides, please also share the report design for our analysis.
  If you have any question, please feel free to ask.
  Best regards,
  Qiuyun Yu
  Qiuyun Yu
  TechNet Community Support

• Web auth with , intenal web page of WLC and ISE as radius server

  Hi All ,
  We have created a SSID as web auth with internal web page for login . In advanced tab we configured AAA server.  AD is integrated with ISE .
  When the user tries to get connect , he is getting redirect URL . But during the authentication , we are getting error in ISE as
  "ise has problems communicating with active directory  using its machine credentials "  and authentication getting failed .
  When we have L2 security mechanism enabled with PEAP , ISE is able to read the AD and providing authentication .
  Only for L3 web auth it is not happening..
  Any clue on this ..???
  Thanks,
  Regards,
  Vijay.

  Machine credentials requires a lookup on the computer OU and that has to be defined on the client side.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• How to import weather data without using SSIS; only with SSRS

  I am trying to develop a chart showing the weather data using SSRS. I do not have SSIS.
  Is there a free web service that you can offer me? Also a brief step by step guide on how to provision it would be nice.
  I am currently looking into http://graphical.weather.gov but have no idea how to use it with SSRS.
  Please advise,
  Thanks

  I have created such a Report using Yahoo weather web Service and wrote a blog including downloadable example; it's in German, but you could use an online translator:
  http://olafhelper.over-blog.de/article-der-aktuelle-wetter-ssrs-bericht-73766985.html
  Olaf Helper
  [ Blog] [ Xing] [ MVP]

• IE 6.0 Mutual auth with Sun One 8

  Hello,
  What I intend to do - generate new server key pair, then generate client key pair. Export client pair to IE (newest) for mutual auth.
  Command I use:
  Server pair:
  1. keytool -genkey -keyalg rsa -keystore keystore.jks -storepass pass -alias server -dname "cn=www.myCompany.com,o=O2,ou=Ou2,L=W,C=US,S=W"
  2. keytool -export -alias server -file server.cer -keystore keystore.jks --storepass pass
  3. keytool -noprompt -import -v -trustcacerts -file server.cer -alias server -keystore cacerts.jks -storepass pass2
  Client pair:
  1. keytool -genkey -keyalg rsa -keystore keystore.jks -storepass ssaperots -alias client -dname "cn=client1,o=O2,ou=Ou2,L=W,C=US,S=W"
  2. keytool -export -alias client -file client.cer -keystore keystore.jks --storepass pass
  3. keytool -noprompt -import -v -trustcacerts -file client.cer -alias client -keystore
  cacerts.jks -storepass pass2
  Now I replace domain1/cacerts.jks and domain1/keystore.jks with new files, restart the server.
  Mutual auth with jax-rpc from j2ee tutorial works flawlessly.
  Finally I want IE to be able to do mutual auth:
  Using jstk-1.0.1 from http://www.j2ee-security.net/book/dnldsrc/
  jstk-1.0.1/bin/crypttool.sh export -keystore keystore.jks -alias client -storepass pass -outform PKCS12
  I have client.p12 which I import into IE personal certificates.
  Enter secure site on the server. Server cert is OK. I choose client1 pair for mutual auth.
  Then I see in the browser: HTTP Status 403 - Access to the requested resource has been denied.
  During the handshake in server.log I see:
  [#|2004-06-02T01:12:42.496+0200|WARNING|j2ee-appserver1.4|org.apache.coyote.http11.Http11Processor|_ThreadID=11;|
  Exception getting SSL Cert
  java.net.SocketException: Socket Closed
  a lot of stuff here
  [at the end]
  http1043-Processor3, handling exception: java.net.SocketTimeoutException: Read
  I tries also additional java security package with JDK 1.5.0 beta to generate PKCS12 pair.
  The same error diffrent exceptions.
  Question:
  1. Did I do something wrong ?
  2. Is the PKCS12 file corrupted in some way ?
  Thank You.

  OK. I answer to my own question ;)
  The problem I described in post 1 didn't even exist. I figured it by changing admin console to use mutual auth. It works.
  However I change the question. I modify bookstore2 app from sun app server 8 tutorial sdk 1.4 to use mutual auth. I present deployment descriptors generated by deploytool.
  This is sun-web.xml:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 Servlet 2.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_4-0.dtd">
  <sun-web-app>
  <context-root>/bookstore2</context-root>
  <security-role-mapping>
  <role-name>appuser</role-name>
  <principal-name>admin</principal-name>
  </security-role-mapping>
  <resource-ref>
  <res-ref-name>jdbc/BookDB</res-ref-name>
  <jndi-name>jdbc/BookDB</jndi-name>
  <default-resource-principal>
  <name>PBPUBLIC</name>
  <password>PBPUBLIC</password>
  </default-resource-principal>
  </resource-ref>
  <cache enabled="false" max-entries="4096" timeout-in-seconds="30">
  <default-helper/>
  </cache>
  <jsp-config>
  <property name="keepgenerated" value="true"/>
  </jsp-config>
  </sun-web-app>
  This is web.xml:
  <?xml version="1.0" encoding="UTF-8"?>
  <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
  <display-name>bookstore2</display-name>
  <context-param>
  <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
  <param-value>messages.BookstoreMessages</param-value>
  </context-param>
  <listener>
  <listener-class>listeners.ContextListener</listener-class>
  </listener>
  <servlet>
  <display-name>Dispatcher</display-name>
  <servlet-name>Dispatcher</servlet-name>
  <servlet-class>dispatcher.Dispatcher</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookstore</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookcatalog</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookdetails</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookshowcart</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookcashier</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookordererror</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Dispatcher</servlet-name>
  <url-pattern>/bookreceipt</url-pattern>
  </servlet-mapping>
  <jsp-config>
  <jsp-property-group>
  <display-name>bookstore2</display-name>
  <url-pattern>*.jsp</url-pattern>
  <el-ignored>false</el-ignored>
  <scripting-invalid>false</scripting-invalid>
  <is-xml>false</is-xml>
  <include-prelude>/template/prelude.jspf</include-prelude>
  <include-coda>/template/coda.jspf</include-coda>
  </jsp-property-group>
  </jsp-config>
  <security-constraint>
  <display-name>SecurityConstraint</display-name>
  <web-resource-collection>
  <web-resource-name>WRCollection</web-resource-name>
  <url-pattern>/*</url-pattern>
  <http-method>TRACE</http-method>
  <http-method>DELETE</http-method>
  <http-method>POST</http-method>
  <http-method>OPTIONS</http-method>
  <http-method>HEAD</http-method>
  <http-method>GET</http-method>
  <http-method>PUT</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>appuser</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
  <auth-method>CLIENT-CERT</auth-method>
  </login-config>
  <security-role>
  <role-name>appuser</role-name>
  </security-role>
  <resource-ref>
  <res-ref-name>jdbc/BookDB</res-ref-name>
  <res-type>javax.sql.DataSource</res-type>
  <res-auth>Container</res-auth>
  <res-sharing-scope>Shareable</res-sharing-scope>
  </resource-ref>
  </web-app>
  Using these I can't login.
  It is because I don't have an option to specify a user when I login.
  Qustions:
  1. How to change the application so it uses only client-cert (without users and passwords)
  2. How to change the application so login is possible with client-cert with specified user - admin?
  (my first guess - do form auth then client-cert, client-cert -> form login not possible ?)
  3. Are the certificated bound to specyfic application server users ?
  Thanks.

• NTLM Auth with socket connection

  Hi,
  can somebody please tell me how to do NTLM-Auth with a socket connection?
  Thanx in advance

  You know, I did a Google search with the phrase "NTLM authentication protocol", and the very first hit I got was an entire explanation, with accompnaying source code, byte code, and documentation, in Java.
  <plaintive>Why can't people use Google?</plaintive>
  Grant

• TACACS auth and RADIUS accounting with ACS

  I am having RADIUS accounting issues with an ASA 5520 that uses TACACS for authentication. Both are hosted on the same ACS server. I can send RADIUS info to my Microsoft IAS box but get Syslog ID 113022 errors when trying to send to the ACS RADIUS. A packet capture shows the RADIUS accounting request getting to the ACS box (Windows Server 2003 R2) but syslog shows failedauth. Any ideas?

  Thank you for the response. I did verify the syslog explanation you gave below and the AAA server is online as TACACS message are getting to it. My configuration for the ASA for RADIUS is as follows
  Server Group - RADIUS
  Protocol - RADIUS
  Accounting Mode - Simultaneous
  Reactivation Mode - Timed
  Max Failed attempts - 3
  Two servers in the Server Group
  ACS - Not working
  Microsoft IAS - Working
  I have tried removing the IAS server and changing the accounting mode to single and still getting auth failures.
  ACS is configured as follows
  Network Configuration
  AAA Clients - ASA authenticate using TACACS+
  AAA Servers - None listed. When I tried to add the ACS machine the error said the server already existed (In another Network Device Group)

• AAA auth with ip http server not working

  Hi all,
  I am unable to get ip http server to authenticate against tacacs. attached is the debug output when logging in with the user "mark".
  Router config:
  aaa new-model
  aaa authentication login default group tacacs+ local enable
  aaa authentication login ALREADY-IN none
  aaa authentication login web group tacacs+ local enable
  aaa authorization exec web group tacacs+ local if-authenticated
  aaa session-id common
  ip http server
  ip http authentication aaa login-authentication web
  ip http authentication aaa exec-authorization web
  the priv-lvl 15 attribute is being sent, but IP HTTP Auth fails.. any ideas why?
  Cheers,
  Mark
  Update: Fixed it! I believe the access-enable autocommand was the cause!

  Hi,
  I have seen that additional attributes such as "access-enable timeout 1920" would not allow http authentication to work with certain IOS versions.
  Regards,
  Vivek

• Sharepoint foundation 2010 integrate it with ssrs

  hello,
  I am integrating sql server and sharepoint foundation 2010 server both are installed in different pc,
  First i have installed sql server in  machine 1 ,
  second i installed sharepoint foundation 2010 in machine 2
  with complete mode,
  third i installed sharepoint foundation 2010 in
  machine 1 for minimal installation with complete mode,
  and integrated ssrs.
  Its working fine.
  But i need to know whether we can install sharepoint foundation 2010 standalone mode in
  machine 1 which is a sql server.
  I hope this topic might be help full to many people's.
  thanks
  regards
  krishnakumar

  Hi krishnakumar,
  The Short Answer: YES
  The Long Answer: The report server instance cannot use the SQL Server Express Edition for its database. However, the SQL Server Express Edition instance that is installed by the SharePoint product or technology can exist side-by-side with other Database
  Engine editions that you might also install. For more information about edition requirements for the report server database, see
  Creating a Report Server Database.
  Reference:
  http://technet.microsoft.com/en-us/library/bb677368(v=sql.105).aspx
  Cheers,
  -Ivan

• Outlook 2013 with SSRS charts in MHTML displays wrong image in email

  Hi,
  I've posted this question already to the SQL Server group and the SQL Team confirms this is potentially an issue with Outlook 2013 and image cache changes between 2010 and 2013.  Please see the more detailed post here for more information: https://social.msdn.microsoft.com/Forums/sqlserver/en-US/e34516c5-53cd-4792-bc6d-4cb6e41e63cf/ssrs-2012-with-mthml-subscriptions-graphs-and-outlook-cache-issues?forum=sqlreportingservices
  In short, when changing between emails that display charts from SSRS distributed via MHTML, Outlook 2013 will display the wrong graph from its image cache.  This issue does NOT happen when opening the email in a browser by using the "View in Browser"
  option from the Information ribbon in the email.
  The issue began after upgrading from Outlook 2010 to 2013 so it would appear that the image cache algorithm has changed.  We need a resolution to stop this from happening that does not include turning off cached exchange mode.  I've tried changes
  in the Trust center by turning off the viewers but that doesn't fix anything.
  We are using Office 365 and Outlook 2013 x64 SP1.
  Has anyone else experienced this or found a workaround for the issue?  This is what it looks like when clicking between emails and then opening in the browser.
  Thanks,
  Kevin

  Outlook uses Word as an email editor. That's why you may see the difference between the browser and Outlook inspectors. See the following series of articles for more information:
  Word 2007 HTML and CSS Rendering Capabilities in Outlook 2007 (Part 1 of 2)
  Word 2007 HTML and CSS Rendering Capabilities in Outlook 2007 (Part 2 of 2)

• How can I use web service call for edit a report with SSRS in Java Struts2 web application

  Hello im new in SSRS technologie and I would like make web service call at my SSRS server. Is sombody can help me ?
  - What API should I import in my project ? I use Maven can I found this API on Maven repository ?
  - I would like have an sample of code which initialize the ReportingService, do the call and process result.
  We use the SQL Server ReportingService 2008 R2 and currently we made HTTP call like this : http://<ssr_server>/ReportServer/Pages/ReportViewer.aspx?%2fSSRS_OMB%2fMyReport&rs:Command=Render&MyParam=<value>
  Regards

  Hi ombinte,
  SQL Server Reporting Services provides access to the full functionality of the report server through the Report Server Web service. Because the Report Server Web service is an XML Web service which uses Simple Object Access Protocol (SOAP) over Hypertext Transfer
  Protocol (HTTP), any SOAP-aware application or development tool can communicate with the SSRS web service.
  There are three primary ways to develop Reporting Services applications based on the Web service, please see:
  Develop applications using Microsoft Visual Studio and the Microsoft .NET Framework SDK.
  Develop applications using the rs utility (RS.exe), the Reporting Services script environment.
  Develop applications using any SOAP-enabled set of development tools.
  For more information about Report Server Web Service, you can refer to the following document:
  http://technet.microsoft.com/en-us/library/ms152787.aspx
  Hope this helps.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support