Validating logon... prb
hi...
something wrong with this code?
its a log in validation, if the user detials dont exits it should output something otherwise go to another link... depending on the resultset,
but it doesnt seem to work if the user detials are invalid, i.e when the resulset does not return antyihng ==null.... it goes to a blank page... but not with the output....
method
public ResultSet validUser(String email, String password)
try
String query = "SELECT * FROM Users WHERE email = '" + email + "' AND password = '" + password + "'";
Statement stmt = conn.createStatement();
rs = stmt.executeQuery(query);
catch ( SQLException sqle )
errorMsg = errorMsg + "\n" + "Error: SQLException " + sqle.getMessage();
catch (Exception e)
errorMsg = errorMsg + "\n" + "Error: General: " +e.getMessage();
return rs;
JSP
String email = request.getParameter("email");
String password = request.getParameter("password");
String type = null;
logon.connect();
ResultSet rs = logon.validUser(email, password);
if (rs == null)
{ %>
</p>
<p>Sorry please Enter your own Email and registration number, the system does not recognise your email or password
<a href="frontPage.htm">click Here to go Back</a>
<%
if (rs.first())
type = rs.getString(3);
if (type.equals("student"))
{ %>
<jsp:forward page="studentMain.jsp"/>
<%
else if (type.equals("teacher"))
{ %>
<jsp:forward page="teacherMain.jsp"/>
<p>
<%
logon.disconnect();
%>
<%= logon.getError() %>
in that code, it looks like if rs is null, you are still attempting to call first or other methods on it... Personally, I wouldn't return a result set from the login method. I would return null if it's invalid and if it's a valid login, create an object (some bean class) that contains the user information and store that in the session, that way you always have it from then on elsewhere.
Similar Messages
-
View data in client B from client A in the same SID without a valid logon?
Hi Folks
We are planning on upgrading our 4.6C system to ERP 6.0, and are initialy considering having two clients in the same sandbox SID. One would be for the developers to perform code remediation checks (client A), and one would contain a copy of production data for performing testing of functionality over live data (client B).
Would it be possible to view data in client B from client A in the same system without a valid logon to client B or RFC connection to client B from client A? For example via the use on an ABAP program to SQL the database?
I know one can use transactions like SM30/SM31 to view, compare, and adjust data between clients, but this requires an RFC connection and valid logon to the target client.
Regards
Kevin.Hi Kevin.
>
Kevin McLatchie wrote:
> Would it be possible to view data in client B from client A in the same system without a valid logon to client B or RFC connection to client B from client A? For example via the use on an ABAP program to
Short answer: yes.
If someone has the right to write and execute ABAP reports on the system he is able to access the data of all clients. So I don't think that this setup is advisable. Don't mix development and production data in one system.
Best regards,
Jan -
Hi, getting Could not save the document to the repository for the following reason: [repo_proxy 30] DocumentFacade::uploadBlob - Query execute has failed : Error occurred while attempting to reconnect to CMS : Not a valid logon token. (FWB 00003) (hr=#0x80042a70) (WIS 30567) amongst lots of other errors when scheduling.
I was logged in as administrator and attempting to schedule a webi document to my self using the email option.
thanks in advanceHi Trinath,
Could you please confirm if you could save a new report as well or not; or is it specific to scheduling.
If you are unable to save a report also then I think this is due to the path of the Input File Repository Server or its temporary directory are not pointing to the same path, and their locations are set to 2 different hard drives
BOXI3.1 Server must use the same hard drive (local or network share) for the Input File Repository Server and its temporary directory.
- Shahnawaz -
How to create a logon ticket in WAS ABAP ?
Hi,
Create a logon Ticket in a WAS Java is quite easy, but How create a logon ticket in a WAS ABAP ?
If anyone have an answer for this question, I'm glad to ear it.
Thanks in advance for your help.Thanks Eddy, for this link.
In fact, I do not want to handle logon Error, but write a logon ticket for the connected user in a BSP page.
In my case the user connect with a login + PWd in the URL. So the session stay open while timeout is not reached, or browser's window is not closed.
When timeout is reached the user will no longer be able to browse to an other page without having to logon again. That why I would like, in the logon page, to write a logon ticket with 8 hours validity.
In such case, if user's session timesout, next navigation will create a new session because having a valid logon ticket in browser session.
It's quite easy to do this in WAS Java, but I do not know how to do this in WAS ABAP...
I hope this description of my need will be more explicit.
Taryck. -
Saved logons (user ids & password) are not filling out logons
I have user ids and passwords saved but when I navigate to the site for which the user id and password are saved, the logon fields are no longer being filled.
These are valid logons which worked under older versions of Firefox.
I've looked for any settings I may have missed and have found nothing different between 4.0 and 3.6Ok, this seems to be a long and convoluted path to do absolutely nothing.
You submit the form.
You run a servlet that gets the parameters correctly (good), creates a SimpleBean (good) and then sets this into request attribute space under the names "user" and "pass" - (why?)
You then forward to the jsp: submit.jsp.
Submit.jsp creates a new SimpleBean, and attempts to populate it with <jsp:setProperty>. You then call the issueData method on it.
Your complaint: Rows are being created in the database which have empty string values instead of the parameters you have passed.
So, why are the values blank? Where do you think these values should be coming from?
Looking at SimpleBean we find one mistake - you have mis-named your get/set methods.
To properly follow java beans standards, you should use camel-case for your methods.
Rather than getuserName() the method should be getUserName(). getpassword() should be getPassword() etc etc.
The method getUserName() defines a property "userName" for the bean.
Once that is fixed, lets go to submit.jsp. The <jsp:setProperty> statement will try and set all properties of the bean from the request parameters.
There are no request parameters "userName" or "password" so those values don't get set in the bean, therefore it uses their default value of empty string - "".
There ARE request parameters called "user" and "pass" but because they aren't properties of the bean, they get ignored.
As a result, the values are empty string, and that is exactly what gets inserted into the database.
Ways to fix this
1 - rename your parameters on your form to be "userName" and "password" to match the bean. That way the <jsp:setProperty> tag will populate them properly.
or
2 - Call issueData() method from your servlet after you have created the SimpleBean. Better in my opinion as you then don't have any scriptlet code on a JSP page.
Cheers,
evnafets -
Getting null pointer exception when connecting to 10.2.0.4
Hi,
We just had some of our Oracle databases upgraded to 10.2.0.4 from 10.2.0.3. Now, I get a 'null' response with a Java stack trace. I can work with the 10.2.0.3 databases fine, it's the 10.2.0.4 databases that error when trying to open the connection. I changed the properties from network alias (10.2 client installed) to Connection Identifier and it seemed to work. The below error is what I'm getting. Just an inconvenience... does anyone know what the cause of this could be?
java.lang.NumberFormatException: null
at java.lang.Integer.parseInt(Integer.java:415)
at java.lang.Integer.parseInt(Integer.java:497)
at oracle.net.ns.NSProtocol.connect(Unknown Source)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:844)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:268)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:414)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:165)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:35)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:801)
at oracle.jdeveloper.db.adapter.AbstractConnectionCreator.getConnection(AbstractConnectionCreator.java:153)
at oracle.dbtools.raptor.standalone.connection.RaptorConnectionCreator.getConnection(RaptorConnectionCreator.java:59)
at oracle.jdeveloper.db.adapter.DatabaseProvider.getConnection(DatabaseProvider.java:309)
at oracle.jdeveloper.db.adapter.DatabaseProvider.getConnection(DatabaseProvider.java:238)
at oracle.jdevimpl.db.adapter.CADatabaseFactory.createConnectionImpl(CADatabaseFactory.java:60)
at oracle.javatools.db.DatabaseFactory.createConnection(DatabaseFactory.java:407)
at oracle.javatools.db.DatabaseFactory.createDatabase(DatabaseFactory.java:126)
at oracle.jdeveloper.db.DatabaseConnections.getDatabase(DatabaseConnections.java:637)
at oracle.jdeveloper.db.DatabaseConnections.getDatabase(DatabaseConnections.java:564)
at oracle.dbtools.raptor.utils.Connections$ConnectionInfo$ConnectRunnable.doWork(Connections.java:1144)
at oracle.ide.dialogs.ProgressRunnable.run(ProgressRunnable.java:161)
at oracle.ide.dialogs.ProgressBar.run(ProgressBar.java:615)
at java.lang.Thread.run(Thread.java:595)Hi,
The error you got seems to occur because you probably type blank spaces for the password.
If you change with a valid logon that should work!!!
Regards,
Mireille -
Connect to VPN but can't ping past inside interface
Hello,
I've been working on this issue for a few days with no success. We're setting up a new Cisco ASA 5515 in our environment and are trying to get a simple IPSec VPN setup on it for remote access. After some initial problems, we've gotten it to where the VPN tunnel authenticates the user and connects as it should, however we cannot ping into our LAN. We are able to ping as far as the firewall's inside interface. I've tried other types of traffic too and nothing gets through. I've checked the routes listed on the VPN client while we're connected and they look correct - the client also shows both sent and received bytes when we connect using TCP port 10000, but no Received bytes when we connect using UDP 4500. We are trying to do split tunneling, and that seems to be setup correctly because I can still surf while the VPN is connected.
Below is our running config. Please excuse any messyness in the config as there are a couple of us working on it and we've been trying a whole bunch of different settings throughout the troubleshooting process. I will also note that we're using ASDM as our primary method of configuring the unit, so any suggestions that could be made with that in mind would be most helpful. Thanks!
ASA-01# sh run
: Saved
ASA Version 8.6(1)2
hostname ASA-01
domain-name domain.org
enable password **** encrypted
passwd **** encrypted
names
interface GigabitEthernet0/0
speed 100
duplex full
nameif inside
security-level 100
ip address 10.2.0.1 255.255.0.0
interface GigabitEthernet0/1
description Primary WAN Interface
nameif outside
security-level 0
ip address 76.232.211.169 255.255.255.192
interface GigabitEthernet0/2
shutdown
<--- More --->
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
speed 100
<--- More --->
duplex full
shutdown
nameif management
security-level 100
ip address 10.4.0.1 255.255.0.0
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.2.11.6
domain-name domain.org
dns server-group sub
name-server 10.2.11.121
name-server 10.2.11.138
domain-name sub.domain.net
same-security-traffic permit intra-interface
object network 76.232.211.132
host 76.232.211.132
object network 10.2.11.138
host 10.2.11.138
object network 10.2.11.11
host 10.2.11.11
<--- More --->
object service DB91955443
service tcp destination eq 55443
object service 113309
service tcp destination range 3309 8088
object service 11443
service tcp destination eq https
object service 1160001
service tcp destination range 60001 60008
object network LAN
subnet 10.2.0.0 255.255.0.0
object network WAN_PAT
host 76.232.211.170
object network Test
host 76.232.211.169
description test
object network NETWORK_OBJ_10.2.0.0_16
subnet 10.2.0.0 255.255.0.0
object network NETWORK_OBJ_10.2.250.0_24
subnet 10.2.250.0 255.255.255.0
object network VPN_In
subnet 10.3.0.0 255.255.0.0
description VPN User Network
object-group service 11
service-object object 113309
<--- More --->
service-object object 11443
service-object object 1160001
object-group service IPSEC_VPN udp
port-object eq 4500
port-object eq isakmp
access-list outside_access_in extended permit icmp object VPN_In 10.2.0.0 255.255.0.0 traceroute log disable
access-list outside_access_in extended permit object-group 11 object 76.232.211.132 interface outside
access-list outside_access_in extended permit object DB91955443 any interface outside
access-list outside_access_in extended permit udp any object Test object-group IPSEC_VPN inactive
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any
access-list inside_access_in extended permit ip any any log disable
access-list inside_access_in extended permit icmp any any echo-reply log disable
access-list inside_access_in extended permit ip object VPN_In 10.2.0.0 255.255.0.0 log disable
access-list domain_splitTunnelAcl standard permit 10.2.0.0 255.255.0.0
access-list domain_splitTunnelAcl standard permit 10.3.0.0 255.255.0.0
access-list vpn_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
ip local pool VPNUsers 10.3.0.1-10.3.0.254 mask 255.255.0.0
<--- More --->
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any management
icmp permit any inside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic any interface
nat (inside,outside) source dynamic any WAN_PAT inactive
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 113309 113309
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 11443 11443
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 1160001 1160001
nat (outside,outside) source static any any destination static interface 10.2.11.138 service DB91955443 DB91955443
nat (inside,outside) source static NETWORK_OBJ_10.2.0.0_16 NETWORK_OBJ_10.2.0.0_16 destination static NETWORK_OBJ_10.2.250.0_24 NETWORK_OBJ_10.2.250.0_24 no-proxy-arp route-lookup
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 76.232.211.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
<--- More --->
dynamic-access-policy-record DfltAccessPolicy
aaa-server ActiveDirectory protocol nt
aaa-server ActiveDirectory (inside) host 10.2.11.121
nt-auth-domain-controller sub.domain.net
aaa-server ActiveDirectory (inside) host 10.2.11.138
nt-auth-domain-controller sub.domain.net
user-identity default-domain LOCAL
eou allow none
http server enable
http 10.4.0.0 255.255.255.0 management
http 10.2.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
no sysopt connection permit-vpn
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
<--- More --->
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
<--- More --->
subject-name CN=ASA-01
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate a6c98751
308201f1 3082015a a0030201 020204a6 c9875130 0d06092a 864886f7 0d010105
0500303d 31153013 06035504 03130c43 5248442d 4d432d46 57303131 24302206
092a8648 86f70d01 09021615 43524844 2d4d432d 46573031 2e637268 642e6f72
67301e17 0d313330 35303730 32353232 325a170d 32333035 30353032 35323232
5a303d31 15301306 03550403 130c4352 48442d4d 432d4657 30313124 30220609
2a864886 f70d0109 02161543 5248442d 4d432d46 5730312e 63726864 2e6f7267
30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00c23d5f
acbf2b3f 9fe6e3c9 1866c344 07b6ee49 f6f31798 0b87a38b 890f70e2 c28cc1d5
fd1b4e80 7fa25483 09e79459 6bf92155 c55240b4 93eeb4eb af3f8aec 8906ef48
140c57bb 5ca4471f 275c1932 7e90976f f0dfe8a3 04a7861f cce7a320 7267df2e
61f9b6b8 22bb70ac d9cedb73 3cf9747b c2636892 48b35385 a94bfae5 fd020301
0001300d 06092a86 4886f70d 01010505 00038181 003c7e16 be4aff40 8fe69a31
acf31808 680e44eb 8ede9094 f9a4a147 0ae18cdc 000dc07f c1da1af4 a2d964ed
288689ee 95179ad0 90728324 9803248d b9d10641 01897453 fe7fafcd 34dee13a
92798615 4acb1f27 14fdb346 ab3eb825 04f23791 81d08fa2 b54c6a47 aedd9694
1c9fbcb4 455fd5ce 420298aa 9333737c 19f0e715 50
quit
crypto isakmp identity address
crypto isakmp nat-traversal 30
crypto ikev2 policy 1
<--- More --->
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
<--- More --->
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
<--- More --->
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
<--- More --->
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
<--- More --->
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
<--- More --->
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd dns 10.2.11.121 10.2.11.138
dhcpd lease 36000
dhcpd ping_timeout 30
dhcpd domain sub.domain.net
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
<--- More --->
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect profiles VPN_client_profile disk0:/VPN_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy domain internal
group-policy domain attributes
banner value You are attempting to access secured systems at thsi facility. All activity is monitored and recorded. Disconnect now if you are not authorized to access these systems or do not possess valid logon credentials.
wins-server value 10.2.11.121 10.2.11.138
dns-server value 10.2.11.121 10.2.11.138
vpn-idle-timeout none
vpn-filter value vpn_access_in
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value domain_splitTunnelAcl
default-domain value sub.domain.net
split-dns value sub.domain.net
group-policy DfltGrpPolicy attributes
dns-server value 10.2.11.121 10.2.11.138
vpn-filter value outside_access_in
vpn-tunnel-protocol l2tp-ipsec
default-domain value sub.domain.net
split-dns value sub.domain.net
address-pools value VPNUsers
username **** password **** encrypted privilege 15
<--- More --->
username **** password **** encrypted privilege 15
username **** attributes
webvpn
anyconnect keep-installer installed
anyconnect dtls compression lzs
anyconnect ssl dtls enable
anyconnect profiles value VPN_client_profile type user
tunnel-group DefaultL2LGroup general-attributes
default-group-policy domain
tunnel-group DefaultRAGroup general-attributes
address-pool VPNUsers
authentication-server-group ActiveDirectory
default-group-policy domain
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
ikev1 trust-point ASDM_TrustPoint0
tunnel-group DefaultWEBVPNGroup general-attributes
default-group-policy domain
tunnel-group domain type remote-access
tunnel-group domain general-attributes
address-pool (inside) VPNUsers
address-pool VPNUsers
authentication-server-group ActiveDirectory LOCAL
authentication-server-group (inside) ActiveDirectory LOCAL
<--- More --->
default-group-policy domain
dhcp-server link-selection 10.2.11.121
tunnel-group domain ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
<--- More --->
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 21
subscribe-to-alert-group configuration periodic monthly 21
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:2578e19418cb5c61eaf15e9e2e5338a0
: endHello,
I've been working on this issue for a few days with no success. We're setting up a new Cisco ASA 5515 in our environment and are trying to get a simple IPSec VPN setup on it for remote access. After some initial problems, we've gotten it to where the VPN tunnel authenticates the user and connects as it should, however we cannot ping into our LAN. We are able to ping as far as the firewall's inside interface. I've tried other types of traffic too and nothing gets through. I've checked the routes listed on the VPN client while we're connected and they look correct - the client also shows both sent and received bytes when we connect using TCP port 10000, but no Received bytes when we connect using UDP 4500. We are trying to do split tunneling, and that seems to be setup correctly because I can still surf while the VPN is connected.
Below is our running config. Please excuse any messyness in the config as there are a couple of us working on it and we've been trying a whole bunch of different settings throughout the troubleshooting process. I will also note that we're using ASDM as our primary method of configuring the unit, so any suggestions that could be made with that in mind would be most helpful. Thanks!
ASA-01# sh run
: Saved
ASA Version 8.6(1)2
hostname ASA-01
domain-name domain.org
enable password **** encrypted
passwd **** encrypted
names
interface GigabitEthernet0/0
speed 100
duplex full
nameif inside
security-level 100
ip address 10.2.0.1 255.255.0.0
interface GigabitEthernet0/1
description Primary WAN Interface
nameif outside
security-level 0
ip address 76.232.211.169 255.255.255.192
interface GigabitEthernet0/2
shutdown
<--- More --->
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
speed 100
<--- More --->
duplex full
shutdown
nameif management
security-level 100
ip address 10.4.0.1 255.255.0.0
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.2.11.6
domain-name domain.org
dns server-group sub
name-server 10.2.11.121
name-server 10.2.11.138
domain-name sub.domain.net
same-security-traffic permit intra-interface
object network 76.232.211.132
host 76.232.211.132
object network 10.2.11.138
host 10.2.11.138
object network 10.2.11.11
host 10.2.11.11
<--- More --->
object service DB91955443
service tcp destination eq 55443
object service 113309
service tcp destination range 3309 8088
object service 11443
service tcp destination eq https
object service 1160001
service tcp destination range 60001 60008
object network LAN
subnet 10.2.0.0 255.255.0.0
object network WAN_PAT
host 76.232.211.170
object network Test
host 76.232.211.169
description test
object network NETWORK_OBJ_10.2.0.0_16
subnet 10.2.0.0 255.255.0.0
object network NETWORK_OBJ_10.2.250.0_24
subnet 10.2.250.0 255.255.255.0
object network VPN_In
subnet 10.3.0.0 255.255.0.0
description VPN User Network
object-group service 11
service-object object 113309
<--- More --->
service-object object 11443
service-object object 1160001
object-group service IPSEC_VPN udp
port-object eq 4500
port-object eq isakmp
access-list outside_access_in extended permit icmp object VPN_In 10.2.0.0 255.255.0.0 traceroute log disable
access-list outside_access_in extended permit object-group 11 object 76.232.211.132 interface outside
access-list outside_access_in extended permit object DB91955443 any interface outside
access-list outside_access_in extended permit udp any object Test object-group IPSEC_VPN inactive
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any
access-list inside_access_in extended permit ip any any log disable
access-list inside_access_in extended permit icmp any any echo-reply log disable
access-list inside_access_in extended permit ip object VPN_In 10.2.0.0 255.255.0.0 log disable
access-list domain_splitTunnelAcl standard permit 10.2.0.0 255.255.0.0
access-list domain_splitTunnelAcl standard permit 10.3.0.0 255.255.0.0
access-list vpn_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
ip local pool VPNUsers 10.3.0.1-10.3.0.254 mask 255.255.0.0
<--- More --->
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any management
icmp permit any inside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic any interface
nat (inside,outside) source dynamic any WAN_PAT inactive
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 113309 113309
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 11443 11443
nat (outside,outside) source static 76.232.211.132 76.232.211.132 destination static interface 10.2.11.11 service 1160001 1160001
nat (outside,outside) source static any any destination static interface 10.2.11.138 service DB91955443 DB91955443
nat (inside,outside) source static NETWORK_OBJ_10.2.0.0_16 NETWORK_OBJ_10.2.0.0_16 destination static NETWORK_OBJ_10.2.250.0_24 NETWORK_OBJ_10.2.250.0_24 no-proxy-arp route-lookup
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 76.232.211.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
<--- More --->
dynamic-access-policy-record DfltAccessPolicy
aaa-server ActiveDirectory protocol nt
aaa-server ActiveDirectory (inside) host 10.2.11.121
nt-auth-domain-controller sub.domain.net
aaa-server ActiveDirectory (inside) host 10.2.11.138
nt-auth-domain-controller sub.domain.net
user-identity default-domain LOCAL
eou allow none
http server enable
http 10.4.0.0 255.255.255.0 management
http 10.2.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
no sysopt connection permit-vpn
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
<--- More --->
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
<--- More --->
subject-name CN=ASA-01
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate a6c98751
308201f1 3082015a a0030201 020204a6 c9875130 0d06092a 864886f7 0d010105
0500303d 31153013 06035504 03130c43 5248442d 4d432d46 57303131 24302206
092a8648 86f70d01 09021615 43524844 2d4d432d 46573031 2e637268 642e6f72
67301e17 0d313330 35303730 32353232 325a170d 32333035 30353032 35323232
5a303d31 15301306 03550403 130c4352 48442d4d 432d4657 30313124 30220609
2a864886 f70d0109 02161543 5248442d 4d432d46 5730312e 63726864 2e6f7267
30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00c23d5f
acbf2b3f 9fe6e3c9 1866c344 07b6ee49 f6f31798 0b87a38b 890f70e2 c28cc1d5
fd1b4e80 7fa25483 09e79459 6bf92155 c55240b4 93eeb4eb af3f8aec 8906ef48
140c57bb 5ca4471f 275c1932 7e90976f f0dfe8a3 04a7861f cce7a320 7267df2e
61f9b6b8 22bb70ac d9cedb73 3cf9747b c2636892 48b35385 a94bfae5 fd020301
0001300d 06092a86 4886f70d 01010505 00038181 003c7e16 be4aff40 8fe69a31
acf31808 680e44eb 8ede9094 f9a4a147 0ae18cdc 000dc07f c1da1af4 a2d964ed
288689ee 95179ad0 90728324 9803248d b9d10641 01897453 fe7fafcd 34dee13a
92798615 4acb1f27 14fdb346 ab3eb825 04f23791 81d08fa2 b54c6a47 aedd9694
1c9fbcb4 455fd5ce 420298aa 9333737c 19f0e715 50
quit
crypto isakmp identity address
crypto isakmp nat-traversal 30
crypto ikev2 policy 1
<--- More --->
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
<--- More --->
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
<--- More --->
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
<--- More --->
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
<--- More --->
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
<--- More --->
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd dns 10.2.11.121 10.2.11.138
dhcpd lease 36000
dhcpd ping_timeout 30
dhcpd domain sub.domain.net
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
<--- More --->
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect profiles VPN_client_profile disk0:/VPN_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy domain internal
group-policy domain attributes
banner value You are attempting to access secured systems at thsi facility. All activity is monitored and recorded. Disconnect now if you are not authorized to access these systems or do not possess valid logon credentials.
wins-server value 10.2.11.121 10.2.11.138
dns-server value 10.2.11.121 10.2.11.138
vpn-idle-timeout none
vpn-filter value vpn_access_in
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value domain_splitTunnelAcl
default-domain value sub.domain.net
split-dns value sub.domain.net
group-policy DfltGrpPolicy attributes
dns-server value 10.2.11.121 10.2.11.138
vpn-filter value outside_access_in
vpn-tunnel-protocol l2tp-ipsec
default-domain value sub.domain.net
split-dns value sub.domain.net
address-pools value VPNUsers
username **** password **** encrypted privilege 15
<--- More --->
username **** password **** encrypted privilege 15
username **** attributes
webvpn
anyconnect keep-installer installed
anyconnect dtls compression lzs
anyconnect ssl dtls enable
anyconnect profiles value VPN_client_profile type user
tunnel-group DefaultL2LGroup general-attributes
default-group-policy domain
tunnel-group DefaultRAGroup general-attributes
address-pool VPNUsers
authentication-server-group ActiveDirectory
default-group-policy domain
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
ikev1 trust-point ASDM_TrustPoint0
tunnel-group DefaultWEBVPNGroup general-attributes
default-group-policy domain
tunnel-group domain type remote-access
tunnel-group domain general-attributes
address-pool (inside) VPNUsers
address-pool VPNUsers
authentication-server-group ActiveDirectory LOCAL
authentication-server-group (inside) ActiveDirectory LOCAL
<--- More --->
default-group-policy domain
dhcp-server link-selection 10.2.11.121
tunnel-group domain ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
<--- More --->
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 21
subscribe-to-alert-group configuration periodic monthly 21
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:2578e19418cb5c61eaf15e9e2e5338a0
: end -
Error in displaying Cascading Reports
Hi,
I'm using ASP.NET 2.0 page to display reports from Crystal Reports Server XI R2.
I have trouble when displaying dynamic cascading reports in my web page:
I got this error message:
List of Values failure: fail to get values. [Cause of error: initializationEx SDKException:An error occurred at the server :
Not a valid logon token.]
The reports are displayed fine in Infoview.
Actually sometimes the cascading reports work fine in my web, but at most cases the error occurs.
The following code works fine when the report is not cascading type.
Code:
ReportApplicationServer.InfoStoreConnectionHelper helper = new ReportApplicationServer.InfoStoreConnectionHelper();
using (helper)
CrystalDecisions.ReportAppServer.ClientDoc.ReportClientDocument doc = helper.GetClientDocumentByID(id);
if (doc != null)
{ doc.DatabaseController.LogonEx(ConfigurationManager.AppSettings["report_servername"], ConfigurationManager.AppSettings["report_dbname"],ConfigurationManager.AppSettings["report_username"],ConfigurationManager.AppSettings["report_password"]);
crViewer.ReportSource = doc;
Variable id contains report id in repository and is passed from previous page and I put that code on Page_Load.
The following is stack trace:
[COMException (0x80004005): List of Values failure: fail to get values. [Cause of error: initializationEx SDKException:An error occurred at the server :
Not a valid logon token.
CrystalDecisions.ReportAppServer.Prompting.IPromptEngine.processPrompting(IPromptingFeedback feedback) +0
CrystalDecisions.ReportSource.EromReportSourceBase.DoParameterPrompting(PromptingRequestContext reqContext) +386
CrystalDecisions.Web.ReportAgentBase.ProcessPrompting(PromptingHTMLFeedback feedback) +80
CrystalDecisions.Web.CrystalReportViewerBase.OnParameterPrompt() +258
CrystalDecisions.Web.CrystalReportViewerBase.RaisePostBackEvent(String eventArgument) +39
CrystalDecisions.Web.CrystalReportViewer.RaisePostBackEvent(String eventArgument) +88
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +172
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +4921
Please help meHi, thanks for your reply.
Actually my setting for Crystal Report Viewer in Infoview is Advanced DHTML Viewer.
I've tried to switch between Advanced DHTML viewer and normal DHTML viewer but everything is OK in Infoview.
I suspect if I need more than just calling LogonEx in my ASP.NET code for this case, but I have no reference.
Everything is fine for static and dynamic (non cascading) reports in my web.
Do you have any suggestion for this problem? -
Error on webi schedules on HPUX environment - XI 3.1
Getting this error when scheduling a webi report:
Error Message: Could not save the document to the repository for the following reason: [repo_proxy 30] DocumentFacade::uploadBlob - Query execute has failed : Error occurred while attempting to reconnect to CMS : Not a valid logon token. (FWB 00003) (hr=#0x80042a70) (WIS 30567)
=======================
Title: Test for Scheduling
Document Type: Web Intelligence Report
Status Failed
Destination: Default
Owner: Administrator
Creation Time: 5/28/2010 7:33 AM
Start Time: 5/28/2010 7:33 AM
End Time: 5/28/2010 7:33 AM
Server Used: sia_MACHINE.WebIJobServer2
PID: 20241
Parent Object Path: Tesla/
Remote Instance in Federated Cluster: No
Expiry: 5/28/2010 7:40 AM
Formats: Web Intelligence
Parameters:
Error Message: Could not save the document to the repository for the following reason: [repo_proxy 30] DocumentFacade::uploadBlob - Query execute has failed : Error occurred while attempting to reconnect to CMS : Not a valid logon token. (FWB 00003) (hr=#0x80042a70) (WIS 30567)
===
System Information
XI 3.1 SP2; FP 2.6
SAP IK XI 3.2 SP2 FP 2.6
HP64
Tomcat55
single serverAs per SAP Note - 1432731, this issue is targeted to be fixed in SP5. The proposed workaround is:
- restart CMS, then the Adaptive Job Server(s) and WebI Processing Server(s).
For some Production environment that may be an issue.
However, I also tested following workaround which seemed to have worked:
1. launched the Instance Manager and checked how many Pending instances objects were displayed for a single report.
There were too many (about 1,595)
2. Used the Query Builder and delete those Pending instances
Having applied this workaround, most of recurring reports completed successfully. -
Error when connecting to Universe
Hi all,
when i try to connect to Universe it gives me these error:
"Logon failed"
the universe is the sample efashion
I found some posts on the internet about this error but i dont understand it
or
"Failed to open connection
Details: There is no datasource credentials for businessobjects universes for this CE user."
The universe is build on a micrososft acces database.
Where can be the possible problem?
Thanks,
regards Martin Zluky
Edited by: Martin Zluky on Mar 25, 2010 3:23 PMHi Martin,
First make sure you have valid logon credentials to the Designer.
If they are correct then I suspect there is no ODBC datasource created for efashion universe or the datasource has invalid database path.
Follow these steps:
1. Go to Start| Run and enter odbcad32.
2. Click on System DSN and click Add.
3. Select MS Access driver.
4. Select the efashion mdb database and enter Datasource name.
5. Login to the Designer and click on Connections.
6. Make sure efashion is pointing to the datasource you created.
Hope this helps. -
NAC 4.7.1 L3 OOB - Temporary Role bugs ?
Hi
We have a L3 OOB routed gateway configuration (with redundant CAS and CAM), We are currently running 4.7.1 on the appliances and the agent is 4.7.10.
We have experienced two problems:
1. On several occasions we can abort a valid logon, but can still be allowed access to the network 'silently' ;
a - without any indication on the CAM i.e. no online users, no certified devices
b - the switch is still in the 'unauthenticated vlan' and the
c - ip address of the client is on the 'untrusted' subnet.
d - the 'unauthenticated' policy DOES NOT ALLOW web traffic.
It would seem that the user is able to trick the system by aborting the logon with the agent i.e. closing the window etc, (the login credentials are
correct and posture fails on an optional check and so amber) but the system DOES NOT show the user at all.
The Temporary role does allow full access, if I disable the policy rule the traffic is stopped.
The problem is there is no indication of this user on the system at all, this happens a couple of times a week.
2. When a user is genuinely placed into a TEMPORARY role (as indicated by the system, note: not the same as above),
about 50% of the time communication is blocked even though the policy allows it (repeated challenges by NAC).
Close the agent and do it the second time and it will work.
I think the symptoms are related as they both seem to be related to the usage of the TEMPORARY ROLE - has anyone else seen this bug ?Hi,
You said not to configure a quarantine vlan, but by the time the users get connected how is gonna be the process for authentication (quarantine) and access vlan??? I mean how is it going to perform the nac process and how to control what happens if it fails (not in compliance) or if it suceed??
It seems that the version 4.9(1) has the integration, but is not so clear:
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/49/cam/m_woob.html#wp1139585
What versions were you running in your deployment. -
Cannot connect through TCP/IP
On a single NT workstation I have (a) Developer 6 (b) Oracle 8i Enterprise (c) Application server - all on different homes.
I can connect to the database from Dev 6 if protocol is IPC but not if it is TCP. I can Ping the host successfully and Listener is opening to port 1521 if I use TCP.
If I Tnsping the database the address is successfully resolved but I simply timeout. No error message.
Can anyone help?<p>Yes, you have to configure a connect string (connect_string) your
tnsnames.ora and use it while connecting to the database from the client. Add
appropriate values for <i>connect_string, ip_or_hostname</i> and <i>sid</i> :-<br>
<br>
Here are the options to configure:-<br>
<br>
<u><b>Option # 1</b>:</u> Oracle Net Configuration Assistant <br>
<br>
You can use the above (Start -> Programs -> Oracle...) if Oracle Net component
is installed in your client machine.<br>
<br>
Oracle New Configuration Assistant -> Local Net Service Name configuration ->
Add -> <br>
Service Name : sid.domain or just sid<br>
Protocol: TCP<br>
Host name: ip_or_db_hostname<br>
Choose the standard port 1521 (default)<br>
Perform a test to check the config (by default it will try to use
system/manager, change it to a valid logon and test it again)<br>
Net Service Name : connect_string<br>
<br>
or <br>
<br>
<b><u>Option # 2:</u></b> Oracle Net Manager <br>
<br>
If using Oracle Net Manager, click on Service Naming, then on the menu click
EDIT --> CREATE<br>
Net Service Name : connect_string<br>
then rest is all same as specified in Oracle New Configuration Assistant.<br>
<br>
or<br>
<br>
<b><u>Option # 3:</u></b> Manually edit tnsnames.ora and add entry. A typical
TNS entry in tnsnames.ora would like like below:-<br>
<br>
<font face="Courier New" size="2"><<i>connect_string</i>> =<br>
(DESCRIPTION =<br>
(ADDRESS_LIST =<br>
(ADDRESS =
(PROTOCOL = TCP)(HOST = <<i>ip_or_db_hostname</i>>)(PORT = 1521))<br>
)<br>
(CONNECT_DATA =<br>
(SERVER = DEDICATED)<br>
(SID = <<i>sid</i>>)<br>
)<br>
)</font><br>
<br>
Hope it helps,<br>
Babu Rangasamy</p> -
SM59 problem in ECC50 to send Idocs to XI
while creating RFC in ECC5.0 to post IDoc's into XI. I got into some problem.
we have to give XI user.Id/pw <u>or</u> ECC50 user.Id/pw. which Is correct. how many bytes is the p.w length and we have give p.w in uppercase. is this correctHi,
For an RFC connection to work from ECC to XI it should be a valid logon in XI. You can create an XI Service user for managing RFC connections. Make sure that the created user has sufficient roles to do the process of sending the IDOCs into XI. The Username is usually in CAPS but the password needs to be as usual. its case sensitive.
Let me know if you need any more details.
Thanks
Suman Jaltar
Thanks Bavesh. That was a typo error.
Message was edited by:
Suman Jaltar -
A question about valueRef...
hello all:
in jsf,javabean uses as valueRef can only set in session scope..
if i set a javabean named mybean in request scope,and set it as valueRef of a form.
first : form is show data from mybean .
then : when user edit the form and submit to post,updateModel method will can't not find javabean because the bean has been destroyed by system when show date from mybean at first step.
how to solve this trouble...hello all:
in jsf,javabean uses as valueRef can only set in
session scope..That's not correct. You can define a <managed-bean> in your faces-config.xml file that will cause a bean to be created for you in request scope every time it is referenced by a value reference expression.
if i set a javabean named mybean in request
t scope,and set it as valueRef of a form.
first : form is show data from mybean .
then : when user edit the form and submit to
o post,updateModel method will can't not find javabean
because the bean has been destroyed by system when
show date from mybean at first step.
how to solve this trouble...Let's assume you want to create a logon form, and deal with the username and password fields in a request scoped bean. Create the page like this:
<h:form ...>
<h:input_text id="username" valueRef="logonBean.username"/>
<h:input_secret id="password" valueRef="logonBean.password"/>
<h:command_button ... actionRef="logonBean.logon"/>
</h:form>
Next, define the managed bean entry to create a logon bean whenever necessary, in faces-config.xml:
<managed-bean>
<managed-bean-name>logonBean</managed-bean-name>
<managed-bean-class>mypackage.YourClassName</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
</managed-bean>
Now, lets create the YourClassName bean that is instantiated for you:
package mypackage;
import javax.faces.application.Action;
public class YourClassName {
private String username = null;
public String getUsername() { return username; }
public void setUsername(String username) { this.username = username; }
private String password = null;
public String getPassword() { return password; }
public void setPassword(String password) { this.password = password; }
public Action getLogon() {
return new Action() {
public String invoke() { return logon(); }
private String logon() {
if (... valid logon ...) {
return ("success");
} else {
FacesContext.getCurrentInstance().addMessage(...);
return (null);
Craig McClanahan -
Intermittent "Permission Denied" Message on WCS
HI All,
We upgraded to WCS 6.0.202.0 last night and everything seemed to be OK. This morning we have been informed that our Lobby Admisitrators are getting the following error message page when trying to logon:
"Permission Denied. You do not have privileges for the requested operation". Attaching screenshot of error message.
We have subsequently discovered that entering any characters for the password results in a valid logon failure message and we can then logon successfully after that.
Anybody see anything like before?
Thanks,
BrendanHello Nicolas,
No, authentication is local for the admin and Lobby Ambassadors.
Regards,
Brendan
Maybe you are looking for
-
Hi, I have an All-In-One DX1210 i5, which has a BD-ROM. My problem is, it will read CD's and DVD, and I can brun to DVD's but I can't brun to CD's. Any ideas. Spida.
-
Welcome to the HP Support Forum! This forum is a great place to get your questions answered as well as learn how to get the most out of your HP products. If this is your first time in our community, you have come to the right place to learn how the F
-
How do you save the info that you write into apps?
I have entered a lot of info into List Master, and don't want to lose it. Is there an app or program that can save this information?
-
Help! 250GB external HD formats only to 127.9GB
I'd greatly appreciate any suggestions on how to solve this problem: I bought a Western Digital 250GB 7200RPM 8MB Cache hard drive last Sunday. I brought it home, installed it in an external drive enclosure, and formatted it. It would only format to
-
How to run the VI developed in labVIEW 2011 in its previous versions
Hi all, I am currently using LabVIEW 2011 in my home PC. But, all my school computers are installed with LabVIEW 2010 and 2010 SP1. How to run the VI developed in LabVIEW 2011 in its previous versions? Is there any conveter for that? Regards Prasanth