Tacacs+ config help
Having some trouble with a tacacs config..
I can SSH into my 3560 switch with a tacacs configured username / password but commands like write mem or dir display an error message.
The command 'write <cr>' is not authorized for user [username] and client [ip addr]
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
tacacs.net is the software.
I'm digging through the documentation, but its quite lousy IMHO.
I'll start troubleshooting this from a server authorization perspective, I just found I can rename the authorization.xml to authorization.xml.old. I've tested and now I have full control over commands.
Looks like I'll have to tweak this list of commands / permissions and rename again get this working.
Thanks for pointing me in the right direction.
-Rob
Similar Messages
-
Per-VRF TACACS config gets "Address already in use" error
I have created a per-VRF TACACS config on a couple of network devices. I can ping the ACS servers through the VRF. TACACS makes the attempt to contact the servers, but the following message shows up in the log when I debug TACACS:
*Mar 11 08:57:38 starts: TAC+: Opening TCP/IP to x.x.x.x/49 timeout=5
*Mar 11 08:57:38 starts: TAC+: TCP/IP open to x.x.x.x/49 failed -- Address already in use
I can't find anything on CCO that references the "Address already in use" message.
Has anyone run into this?Hmmm...no, the server group is still there. Did you see the other post which describes the bug ID? The link to the bug is:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsl45701
Do you get the IP address is in use log message? -
Autonomous 1231/1242 Radius Config Help. What is this not working?
Hey Guys,
I can't seem to get the SSID RadiusTest to work properly.
Windows PC's show "Windows was unable to find a certificate to log you into the network". Macs don't authenticate either. Radius server isn't seeing any requests at all. Radius server is working because we are authenticating other things to it.
On my test 1231, IOS is 12.3(8) JEB1.
And all help is appreciated.
Thanks,
Scott
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname TKS-AP1231-ICTServices
enable secret 5 $1$Izyg$qXSRYpFDI9ZX6F50vDrku0
clock timezone K 10
clock summer-time K recurring
ip subnet-zero
ip domain lookup source-interface BVI1
ip domain name domain.com.au
ip name-server 172.16.###.###
ip name-server 172.16.###.###
aaa new-model
aaa group server radius rad_eap
server 172.16.###.### auth-port 1812 acct-port 1813
ip radius source-interface BVI1
aaa group server tacacs+ tac_admin
aaa group server radius infrastructure
aaa group server radius clients
aaa group server radius central_auth
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap1
server-private 172.16.###.### auth-port 1812 acct-port 1813 key 7 060D062F4B5D1B18045GHW1E0718
server 172.16.###.### auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login method_infrastructure group infrastructure
aaa authentication login method_clients group clients
aaa authentication login method_Central group central_auth local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa authorization exec method_Central group central_auth local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 mbssid
dot11 vlan-name Conference vlan 150
dot11 ssid RadiusTest
vlan 18
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
mbssid guest-mode
dot11 ssid Staff
vlan 17
authentication open
authentication key-management wpa optional
wpa-psk ascii 7 055E5F5E0555401B161003171928013C22272D6B6370
dot11 ssid Student
vlan 16
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 02575102282A2323434F1B1D0C1915595A5C
dot11 network-map
dot11 arp-cache optional
username ########## privilege 15 password 7 ###################
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 17 mode ciphers tkip wep40
encryption vlan 16 mode ciphers tkip
encryption vlan 18 mode ciphers aes-ccm tkip
ssid RadiusTest
ssid Staff
ssid Student
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
no power client local
power client 50
power local cck 50
power local ofdm 20
channel 2437
station-role root
interface Dot11Radio0.6
encapsulation dot1Q 6 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.16
encapsulation dot1Q 16
no ip route-cache
bridge-group 16
bridge-group 16 subscriber-loop-control
bridge-group 16 port-protected
bridge-group 16 block-unknown-source
no bridge-group 16 source-learning
no bridge-group 16 unicast-flooding
bridge-group 16 spanning-disabled
interface Dot11Radio0.17
encapsulation dot1Q 17
no ip route-cache
bridge-group 17
bridge-group 17 subscriber-loop-control
bridge-group 17 port-protected
bridge-group 17 block-unknown-source
no bridge-group 17 source-learning
no bridge-group 17 unicast-flooding
bridge-group 17 spanning-disabled
interface Dot11Radio0.18
encapsulation dot1Q 18
no ip route-cache
bridge-group 18
bridge-group 18 subscriber-loop-control
bridge-group 18 block-unknown-source
no bridge-group 18 source-learning
no bridge-group 18 unicast-flooding
bridge-group 18 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.6
encapsulation dot1Q 6 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.16
encapsulation dot1Q 16
no ip route-cache
bridge-group 16
no bridge-group 16 source-learning
bridge-group 16 spanning-disabled
interface FastEthernet0.17
encapsulation dot1Q 17
no ip route-cache
bridge-group 17
no bridge-group 170 source-learning
bridge-group 17 spanning-disabled
interface FastEthernet0.18
encapsulation dot1Q 18
no ip route-cache
bridge-group 18
no bridge-group 18 source-learning
bridge-group 18 spanning-disabled
interface BVI1
ip address 172.16.#.### 255.255.255.192
no ip route-cache
ip default-gateway 172.16.#.###
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging history debugging
snmp-server view iso iso included
snmp-server community KingsRO RO
snmp-server community KingsWr1t3 RW
snmp-server trap-source BVI1
snmp-server location ###
snmp-server contact ############################################
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps cpu threshold
snmp-server enable traps aaa_server
snmp-server host 172.16.###.## version 2c cisco udp-port 1620
radius-server host 172.16.###.### auth-port 1812 acct-port 1813 key ##########################
bridge 1 route ip
wlccp ap username wds password #################
wlccp authentication-server infrastructure method_infrastructure
wlccp authentication-server client any method_clients
banner login ^C
^C
line con 0
line vty 0 4
sntp server 172.16.###.###
sntp server 172.16.###.###
sntp server 172.16.###.###
sntp broadcast client
endYou configured your WDS to use empty radius methods. There's no much point to this apart from breaking your setup.
Remove all 3 "wlccp" commands. I suggest to have your normal radius working before you try and do WDS.
If behavior is still the same, then it means that the radius server has to get a request if the clients are proposed EAP-TLS and they are looking for a certificate to authenticate with ...
Did you pre-configure a profile on the client ? Did you configure them for PEAP ? EAP-TLS ? Which method do you allow on your radius server.
Nicolas -
I am trying to veiw my PIX515e via the ASDM, but I am unable to...Can you review my config and make sure I have everything setup the way it is supposed to?
PIX Version 8.0(4)32
hostname pixfirewall
domain-name jkkcc.com
enable password DQucN59Njn0OjpJL encrypted
passwd DQucN59Njn0OjpJL encrypted
no names
interface Ethernet0
nameif outside
security-level 0
ip address 24.234.xxx.xxx 255.255.255.224
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.20.1 255.255.255.248
interface Ethernet2
shutdown
nameif exchange
security-level 100
ip address 10.0.30.1 255.255.255.248
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 68.105.28.16
name-server 68.105.29.16
domain-name jkkcc.com
access-list ouside-acl extended permit tcp any host 24.234.xxx.xxx eq smtp
access-list ouside-acl extended permit tcp any host 24.234.xxx.xxx eq www
access-list ouside-acl extended permit tcp any host 24.234.xxx.xxxeq https
pager lines 24
mtu outside 1500
mtu inside 1500
mtu exchange 1500
icmp unreachable rate-limit 1 burst-size 1
icmp deny any outside
asdm image flash:/asdm-602.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp 192.168.2.22 smtp netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.2.22 https netmask 255.255.255.255
static (inside,outside) tcp interface www 192.168.2.22 www netmask 255.255.255.255
access-group ouside-acl in interface outside
router eigrp 1
network 10.0.0.0 255.0.0.0
network 192.168.0.0 255.255.255.0
network 192.168.2.0 255.255.255.0
network 192.168.4.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 24.234.118.193 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 0.0.0.0 0.0.0.0 inside
http 10.0.20.0 255.255.255.248 inside
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
inspect ils
service-policy global_policy global
prompt hostname context
Cryptochecksum:abd41b3df257873d44a6fc1545ae4418
: endHello,
Yes I know what the problem is
the Cipher used by the web browser is not the same than the one the ASA uses.
You will need to get the des/aes license and then change the SSL cipher
Unfortunatelly I do not have the link with me, but as soon as I has it ( tomorrow morning as maximum) I will give it to you
100 % sure this will solve your problem.
EDIT: Here is the link to get the license you need ( it will be for free)
https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139
After installing the license please add the following command:
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
Finally test it one more time! That should do it
DO rate all the helpful posts
Julio -
PIX 515E Config Help!!!
I just got my PIX515e configured and thought I had it working correctly, but on my 3745 router, the line protocol is down, I've looked through the configs for bot the PIX and the 3745 and can't seem to figure out why I don't have access. Would anyone be able to please help resolve the issue for me?
Pix515E config:
pixfirewall# show run
: Saved
PIX Version 8.0(4)32
hostname pixfirewall
domain-name home.jkkcc.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.20.1 255.255.255.248
interface Ethernet2
nameif DMZ
security-level 50
ip address 10.0.30.1 255.255.255.248
ftp mode passive
dns server-group DefaultDNS
domain-name home.jkkcc.com
pager lines 24
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside) 1 0.0.0.0 0.0.0.0
router eigrp 1
network 10.0.0.0 255.0.0.0
network 192.168.0.0 255.255.255.0
network 192.168.2.0 255.255.255.0
network 192.168.4.0 255.255.255.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
inspect ils
service-policy global_policy global
prompt hostname context
Cryptochecksum:c7359e3905dd13a5aa1a1c0e85a91f52
: end
3745 Config:
3745-Internet#show run
Building configuration...
Current configuration : 2248 bytes
version 12.4
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname 3745-Internet
boot-start-marker
boot system flash:
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
memory-size iomem 25
no network-clock-participate slot 2
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.150
ip dhcp pool HOME-Network
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.127 192.168.1.128
ip dhcp pool home-network
ip domain name www.jkkcc.com
ip name-server 192.168.2.127
multilink bundle-name authenticated
parameter-map type regex sdm-regex-nonascii
pattern [^\x00-\x80]
username woodjl1650 privilege 15 password 0 henry999
archive
log config
hidekeys
interface FastEthernet0/0
description $FW_OUTSIDE$
ip address 10.0.20.2 255.255.255.248
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface Serial0/0
description $FW_INSIDE$
ip address 10.0.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1
description $FW_INSIDE$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
interface Serial0/1
description $FW_INSIDE$
ip address 10.0.10.2 255.255.255.248
ip nat inside
ip virtual-reassembly
router eigrp 1
network 10.0.0.0
network 192.168.0.0
network 192.168.2.0
network 192.168.4.0
auto-summary
no ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 15 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.2.21 80 interface FastEthernet0/0 80
ip nat inside source list 104 interface FastEthernet0/0 overload
access-list 15 permit 10.0.8.0 0.0.7.255
access-list 15 permit 192.168.4.0 0.0.0.255
access-list 104 permit ip any any
snmp-server community public RO
snmp-server community private RW
snmp-server enable traps tty
control-plane
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet
webvpn cef
endEverything seems to be working fine now, except one last issue. I can ping my exchange server. Do you see anything wrong or why my ping would not go through? I can ping 10.0.20.1 (Pix Ethernet 1) and I can ping from all my computers to the 10.0.20.1 but not I get this when trying to ping 10.0.30.1
C:\Users\Exchange>ping 10.0.30.1
Pinging 10.0.30.1 with 32 bytes of data:
Reply from 10.0.30.3: Destination host unreachable.
Reply from 192.168.2.1: Destination host unreachable.
Reply from 192.168.2.1: Destination host unreachable.
Reply from 192.168.2.1: Destination host unreachable.
Ping statistics for 10.0.30.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Exchange = 10.0.30.3 255.255.255.248
Pix Ethernet 2 (exchange) = 10.0.30.1 255.255.255.248
Current Config:
PIX Version 8.0(4)32
hostname pixfirewall
domain-name home.jkkcc.com
enable password DQucN59Njn0OjpJL encrypted
passwd DQucN59Njn0OjpJL encrypted
names
interface Ethernet0
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.20.1 255.255.255.248
interface Ethernet2
nameif exchange
security-level 100
ip address 10.0.30.1 255.255.255.248
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 192.168.2.127
name-server 192.168.2.22
domain-name home.jkkcc.com
access-list inbound extended permit tcp any host 68.224.242.13 eq www
access-list inbound extended permit tcp any host 68.224.242.13 eq smtp
pager lines 24
mtu outside 1500
mtu inside 1500
mtu exchange 1500
icmp unreachable rate-limit 1 burst-size 1
icmp deny any outside
asdm image flash:/asdm-61551.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (exchange) 1 0.0.0.0 0.0.0.0
static (exchange,outside) tcp interface smtp 10.0.30.3 smtp netmask 255.255.255.
255
router eigrp 1
network 10.0.0.0 255.0.0.0
network 192.168.0.0 255.255.255.0
network 192.168.2.0 255.255.255.0
network 192.168.4.0 255.255.255.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
inspect ils
service-policy global_policy global
prompt hostname context
Cryptochecksum:3672d254988d246453e4be381a198858
: end
pixfirewall# -
Airport General Config Help Required
I've got a wireless Thomson broadband router hooked up downstairs running DHCP server, and upstairs I've got an airport extreme configured in bridge mode. I've got a MAC Mini directly ethernet cabled to the AE.
I can connect to the internet from the Mac, but cannot see a couple of ethernet devices connected to the remaining two AE ethernet ports (Windows Home Server and Buffalo Linkstation).
I can change the config so that the AE acts as the DHCP server, am then able to use WHS and the Linkstation, but not internet.
Can anyone give me any pointers as to how to configure it up (if at all possible). Does the AE need to be hard wired to the router?
ThanksHello Sai Narayana,
Our client wants to implement whole travel management in ESS, I am new to SAP travel management, Could you please help me in starting the configuration of create travel request, which node the master cost center is configured. I looked under financial accounting->travel management->Travel Planning and Travel Expenses but couldnt figure out where the travel request will be configured. We are using ECC 6.0. Your help is very much appreciated as I am doing configuration alone i dont have any other help.
I have question regading Travel Planning if we want to implement travel planning do we have to use AMADEUS or can we integrate the clients present used travel link to R/3 using RFCs.
Regards,
Latha -
3750 IOS 15.0(2)SE4 tacacs when issuing tacacs-server host X.X.X.X I receive "the cli will be deprecated soon" please advise
The syntax structure of the AAA commands for both Radius and TACACS+ are being changed with the newer code. Take a look at this link for some examples:
http://slaptijack.com/networking/new-style-tacacs-configuration/
Hope this helps!
Thank you for rating helpful posts! -
Small photo studio needs config help
We are a small photo studio and we are about to purchase an xSERVE with 4 500GB drives and add drives to the system as time goes on. I need some advice on the best way to set it up and config it.
We will be using the xSERVE RAID attached via fibre to a new G5 Tower which will be connected to a gigbit switch. The switch has 3 computers connected @ gigabit. The xSERVE RAID will store all photography jobs currently in post-production and after post is complete the jobs will move off this system and be archived using another system to save space on the RAID.
3 users (computers) will need to access the RAID to edit the RAW files (15MB/each) jobs and work on photoshop files for retouching. We generate a lot of information and can produce as much as 50 GB / day of shooting. For these jobs we can shoot as many as 7 days in a row, so that would be 350 GB just for the RAW files. We then might retouch 150 files from that job or more depending on the client.
So my main questions would be how to best set up the RAID and different components? I think RAID 5 would be a good solution. But what other setup/config options should I be considering?
I know this is not an easy answer and there are multiple options. But if you could be as kind to give some different options/scenarios, I would greatly appreciate it.
I think its neat that the mac community supports these forums and they have been extremely helpful.
Thank you mac people.
Mac OS X (10.4.7) all computers are running OSX 10.4.7I like RAID5 for it's ability to tolerate losing a drive without losing data. One thing that you have to account for is that the price for that you pay for surviving a drive failure is 25% of your disk space. In other words, once you take these four drives and make them into a RAID5, you can expect to have ~1.5TB available. So you may want to add a 5th drive. Personally, as cheap as drives are, I'd put the full 7 in.
You really don't have enough client machines to bother with a lot of the esoteric stuff. A simple RAID5 gives you durability and enough speed that the network will be the speed bottleneck.
As you get into these larger filesystems, backups and disaster recovery become much more challenging because of the time it takes to handle massive amounts of data.
Roger -
I need to configure our Cisco Aironet 1200's for multiple VLANs. VLAN101 is for public use & VLAN2 is for employees only. Existing config is attached.
I need:
1. To disable the broadcast of VLAN2's SSID so that only VLAN101 shows up in the SSID list for visitors. Right now both are showing up.
2. To ensure the WEP key is setup correctly for VLAN2
Thanks in advance for your help!So are you saying both SSID's are currently broadcasting?
I would delete and re-create your client configurations. I don't think it's on the AP side. -
I am struggling in configuring the TACACS configure to allow authentication via Cisco ACS, I could able to configure for switches 2950,3750 but not with ASA & PIX, can any let me know the configs?
I am actually looking for a similar command which I used on the Cisco 2950/3750
aaa new-model
aaa authentication login default group tacacs+ enable local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
with this commands I could able to track the command what all the user has used, logs with the user name which I configured on TACACS, the command which you have sent me I could able to login with the TACACS user name "aaa-server TACACS+ host " but it is not accounting all the details like login & logout time, command what the user has issued etc.. -
I am trying to veiw my PIX515e via the ASDM, but I am unable to...Can you review my config and make sure I have everything setup the way it is supposed to?
PIX Version 8.0(4)32
hostname pixfirewall
domain-name jkkcc.com
enable password DQucN59Njn0OjpJL encrypted
passwd DQucN59Njn0OjpJL encrypted
no names
interface Ethernet0
nameif outside
security-level 0
ip address 24.234.xxx.xxx 255.255.255.224
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.20.1 255.255.255.248
interface Ethernet2
shutdown
nameif exchange
security-level 100
ip address 10.0.30.1 255.255.255.248
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 68.105.28.16
name-server 68.105.29.16
domain-name jkkcc.com
access-list ouside-acl extended permit tcp any host 24.234.xxx.xxx eq smtp
access-list ouside-acl extended permit tcp any host 24.234.xxx.xxx eq www
access-list ouside-acl extended permit tcp any host 24.234.xxx.xxxeq https
pager lines 24
mtu outside 1500
mtu inside 1500
mtu exchange 1500
icmp unreachable rate-limit 1 burst-size 1
icmp deny any outside
asdm image flash:/asdm-602.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp 192.168.2.22 smtp netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.2.22 https netmask 255.255.255.255
static (inside,outside) tcp interface www 192.168.2.22 www netmask 255.255.255.255
access-group ouside-acl in interface outside
router eigrp 1
network 10.0.0.0 255.0.0.0
network 192.168.0.0 255.255.255.0
network 192.168.2.0 255.255.255.0
network 192.168.4.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 24.234.118.193 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 0.0.0.0 0.0.0.0 inside
http 10.0.20.0 255.255.255.248 inside
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
inspect ils
service-policy global_policy global
prompt hostname context
Cryptochecksum:abd41b3df257873d44a6fc1545ae4418
: endHello Jonathan,
Please close this treath as you already open another one ( duplicate) or just mark it as answered.
Regards,
Julio -
Hi All,
we need to create 2 communication channels from SCOT to transfer emails,
from one all the emails go via SMTP installed on local unix server
only for one destination (ex:abc a thotmail.com), email needs to be sent to specific SMTP which has encryption
is it possible from SCOT?
if not can we do it at config file of SMTP on unix server?
please let me know if we have any other way to do this
Thanks
SamratHi,
Refer link http://help.sap.com/saphelp_470/helpdata/en/af/73563c1e734f0fe10000000a114084/content.htm
Also ensure that Mail server allows SMTP relaying from SAP Server IP address.
Regards,
Deepak Kori -
please give me ESS and MSS config. docs and info docs too
http://help.sap.com/saphelp_erp60_sp/helpdata/en/f6/263359f8c14ef98384ae7a2becd156/frameset.htm
https://forums.sdn.sap.com/click.jspa?searchID=22541873&messageID=6683999
/message/6229160#6229160 [original link is broken]
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/208974c1-b4c2-2b10-cbb4-eac704d7b707 -
I searched the forums but I'm still a little lost. Trying to build xarchiver.
checking for egrep... grep -E
checking for ANSI C header files... yes
checking for pkg-config... no
checking for PACKAGE... configure: error: The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
Now, the search on the forums told me I need to make sure the .pc file is in my package config path. However, I don't know what .pc file I'm looking for. Thanks for the help.[root@workstation64 andyrtr]# pacman -Qo /usr/bin/pkg-config
/usr/bin/pkg-config is owned by pkgconfig 0.19-1
So "pacman -Sy pkgconfig" should solve it. -
B1UP Validation Config - help please
Hi Experts
I would like to create a validation on Sales Order for when a customer has a particular payment terms of Cash Basic.
In these cases I need users to record the method of payment on a UDF called U_CashBasicType
The UDF has a linked table and 7 options (not including blank) - BA, CA, CC, CH, OK, RP, VO
I would like SAP to throw an error message when the customer is cash basic (GroupNum field 139.47)
I have so far created a B1 Validation Config in Add/Update form mode on event Validate
The SQL condition is:
IF(SELECT GroupNum FROM OCRD WHERE CARDCODE=$[$4.0.0]) =-1 and ordr.U_CashBasicType is NULL)
BEGIN
SELECT 'CASH BASIC' FOR BROWSE
END
the function to execute is a simple status bar error which block the event.
All looks okay to me but it doesn't see to run when the customer is cash basic and the UDF is blank (null)
Any ideas what I'm doing wrong?
Fairly new to B1UP and my only training has been through the samples on the Boyum website (not great!) so apologies if this is an obvious fix.
Best Regards
GeoffHi Geoff,
i thing you want to Stop the Sales Order let suppose Payment Terms Is 'Net-30' And UDF is Null So
IF (ordr.[GroupNum]=-1 and isnull(ordr.U_Fetch,-1)=-1 )
BEGIN
SELECT 'CASH BASIC' FOR BROWSE
END
You can Also do it on the Back end in Transaction Notification SP ...
I Hope this may be Helpful .
Regards,
Mayank Shah
Maybe you are looking for
-
Error executing batch file within web application
Hi all, I am trying to execute a batch file from within my web application (struts 1.2). The batch file is being kept inside the 'src' folder. The batch file contains only one command to open NOTEPAD. The code inside my Action class is: URL url = get
-
JMS message not getting delivered
I'm trying to create a simple MDB with JDeveloper 10.1.3.2. I've tried to configure the sender and receiver to use the embedded OC4J message service. The code compiles and runs without any errors but the message doesn't seem to get delivered to the M
-
Problems running both the *stock* 6600 and 7800GT card. Help needed!
hi everyone, I recently picked up a 6600 gfx card to use as a s-video output for a TV monitor or beamer. I have a 7800GT (ordered with the G5) previous to the 6600 installation i was able to send a DVI or VGA signal from the 7800's second output. Now
-
DI Server Purchase Request DI Object
Hi Experts, I am working on DI Server. The Purchase request DI Object is not exposed in it. Is there any other work around to post purchase request through B!WS. I am using SAP business one 9.0 PL 6 and SQL 2008 standard edition. Regards, Gokul K.
-
APEX cannot accept any other number format mask except 999G999G999G999G990?
Hi, guys: Can anyone help me on this problem? I have a report with a column of number type, but I want to use accounting format mask such as <1234.56>, however. whenever I choose any other format model for this number column, I got the error message