VCS Local database Authentication
Hi Everyone,
As my subject above,
I want to set my VCS Expressway's Authentication to use Local Database,
So all user (either H323 and SIP) must have valid username and password to do registration with my VCS Expressway,
In Cisco's guide Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-0 said that I must go to VCS configuration > Authentication > Devices > Configuration and change Database Type to Local Database,
But the problem is I can not find this menu in my VCS Expressway,
Attached screen capture from my VCS Expressway.
How can I set the Database Type if I can not find this important menu?
My VCS Expressway software is x7.2.2.
Please advise :(
regards,
Thanks,
Ovindo
Hello Ovindo -
Because you're running a VCS with X7.2.2 software, and using an guide that's meant for X7.0, what you're looking for has changed since that guide.
Please take a look at the X7.2.2 release notes on page 10, "Device Authentication".
You should be using this device authentication guide for your version of VCS software.
Similar Messages
-
Default VCS certificate - SIP-TLS Local Database Registration
Hi,
Can someone please tell me if it's possible to use the default VCS certificate for SIP-TLS registration for endpoints listed under the local database? If so will this work by default or is there extra configuration required?
ThanksHello Ovindo -
Because you're running a VCS with X7.2.2 software, and using an guide that's meant for X7.0, what you're looking for has changed since that guide.
Please take a look at the X7.2.2 release notes on page 10, "Device Authentication".
You should be using this device authentication guide for your version of VCS software. -
ACS Authentications via RSA or local database
Hi Expert,
Currently, I have a group of devices authenticate through RSA. Now, we are implementing Nagios monitoring system that require backup device configuration through ACS local database. Is that possible to create a login credential using local database while maintain two form factor authentication?
Cheers,
JeffreyHi,
We had a same sceraria as well, which is required login credential by using ACS local database only as our NMS do not support two form factor login. Currently, we are using ACS 5.2. Appreciate if you could provide us some idea on this. Thanks! -
After upgrading ACS 3.3.1 to 4.2 on windows the local database is not working
Hi,
I have upgaded the ACS 3.3.1 for windows server to 4.2. Everything went fine but the local database is not working.
The CD is an upgrade kit from 3.x to 4.2 on windows. I tried to install directly the 4.2 I was able to install but integration with AD/LDAp is not working. Anysay its an upgrade kit so I cant expect it shoud work when install drectly the 4.2 but by upgrading from 3.3 to 4.2 everything should work fine.
I followed the upgradation path as recomended.
Also we have a requirment that once it is upgraded to 4.2 we need to shift the whole thing from the physical server to a virtual machine on VMware ESX server 3.5.
Can anybody pls guide me if anything else to do after the upgradation.
Thanks & Regards
SachiHi Javier,
First of all I was facing a problem of restoring the old database of 3.3 to 4.2. Somehow I overcame that issue by following the below steps. Now local authentication is working fine but AD/other External database authentication is not working. As you told the setting for the unknown users are configured to fetch the credentials from the external database if it is not in the local database.
Do we need to do anything in the AD itself?
Regards
Sachi
Steps for ACS upgrade to 4.2 version
Below are the requested steps mentioned for the up gradation from ACS 3.3.2 to ACS 4.2.
1) Take a configuration backup from existing ACS. ACS--->System
configuration----> ACS Backup
2) now if you have ACS 3.3.2 on server. take backup of the ACS
3) Insert the cd or if you have the set up on the system then Run the setup of ACS 3.3.4. During the process it will prompt you to
upgrade existing configuration. Make sure you check that option else we will
loose the database. Now you need to hit next.next to finish the 3.3.4 upgrade.
4) Once you are at 3.3.4, take a backup and keep it handy.
5) Run the setup of 4.1.1. During this process it will prompt you to
upgrade existing configuration. Make sure you check that option else we will
loose the database. Now you need to hit next.next to finish the 4.1 upgrade.
6)Once you are at 4.1.1.24 take a backup and keep it handy.
7) Run the setup of 4.2. During this process it will prompt you to
upgrade existing configuration. Make sure you check that option else we will
loose the database. Now you need to hit next.next to finish the 4.2 upgrade.
8) Once you are at 4.2 take a backup and keep it handy. Now run the
patch 12 and take a backup again.
9) Now fresh install 4.2 on your new production server and install patch
12. Restore the 4.2 patch 12 backup and you should be all set. -
Trouble connecting Reporting Services to local database
I am experiencing issues trying to configure/connect the Reporting Services in order to change the database to a local database.
Hi Ralph,
According to your description, it seems that you are trying to connect to a local database when create a data source in a Reporting Services report.
If in this scenario, in the Connection Properties dialog box, we can type . or localhost or server_name in the Server name textbox. Then select the database, Windows Authentication or SQL Server Authentication to log on the server. For more details,
please see the following blog:
http://blogs.technet.com/b/microsoft_in_education/archive/2013/01/31/ssrs-101-creating-a-shared-data-source.aspx
If there are any misunderstanding, please elaborate the issue for further investigation.
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
Connection String to Local Database Problem
I just copied a database on the development server which I am not owner of, but I have rights to the database. I copied it to my local server. Now I need to connect to the local database and I don't know how.
Dim MM_cnnName_STRING
MM_cnnName_STRING = "Provider=SQLOLEDB.1;Password=xxx;Persist Security Info=True;User ID=xxx;Initial Catalog=DBName;Data Source=DevComputerName"
The above is what I used to connect to the development server. How can I figure out the string for my local MS SQL ServerNow I have this error once I try to bring up a page that calls the db
Microsoft OLE DB Provider for SQL Server error '80004005'
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
/CourseList.asp, line 9 -
Configuring a 1230 AP as a "Local Radius Authenticator"
Configuring a 1230 AP as a "Local Radius Authenticator"
CCO-URL: Configuring an Access Point as a Local Authenticator
http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080184a9b.html
this is the minimal config, i think:
AP# configure terminal
AP(config)# radius-server local
AP(config-radsrv)# nas 1.1.1.1 key 111
AP(config-radsrv)# group clerks
AP(config-radsrv-group)# vlan 2
AP(config-radsrv-group)# ssid batman
AP(config-radsrv-group)# reauthentication time 1800
AP(config-radsrv-group)# lockout count 2 time 600
AP(config-radsrv-group)# exit
AP(config-radsrv)# user jsmith password twain74 group clerks
AP(config-radsrv)# end
whereas 1.1.1.1 is the IP of the AP himself ?
is there a must for additional config commands like this:
radius-server host 1.1.1.1 auth-port 1812 acct-port 1813 key 111
aaa group server radius rad_eap
server 1.1.1.1 auth-port 1812 acct-port 1813
aaa group server radius rad_admin
server 1.1.1.1 auth-port 1812 acct-port 1813
all attempts didn't work
"station <MAC> authentication failed"
is there anything else nessecary ???You seem to be missing the following commands;
authentication network-eap eap_methods
authentication key-management cckm optional
The following commands are useful for diagnosis;
Show radius local statistics
show interface dot11Radio 0 aaa client
Debug dot11 aaa dot1x state
Debug dot11 mgmt interface
Local authentication is designed as a fall-back service for when the primary RADIUS server fails. We not encourage the use of Local authentication as a replacement for a radius server.
* With an ACS you get Authentication, Authorization and Accounting. With Local authentication you only get Authentication.
* ACS scales, supports external user-databases, supports multiple authentication types, supports database backup and replication, etc, etc... Local authentication supports a maximum of 50 users, internal static configuration only, and LEAP only.
Following is an IOS configuration, that I have tested, and works on an AP1200 (should work on an 1100 too, I just havent tested it);
· This configuration enables a single AP to do local authentication. No WDS is included for fast roaming.
· This configuration can be cut-and-pasted into an AP that has been write-erased (blank config), and it will configure all the parameters to allow a client to LEAP authenticate to it (even if no Ethernet cable is connected to it)
· Replace usernames/passwords with your own usernames/passwords
· Replace ip-addresseswith the APs IP address
· I added DHCP configuration so you can connect to a stand-alone AP with your DHCP-enabled laptop (with a profile that matches the test APs SSID and LEAP settings).
conf t
host loc-auth-ap-name
enable secret cisco
no ip domain-lookup
line vty 0 4
password cisco
exec-timeout 0 0
login
int bvi 1
ip address 10.11.12.13 255.255.255.0
Interface dot11 0
no ssid tsunami
encryption mode ciphers ckip-cmic
ssid test-loc-auth
authentication network-eap eap_methods
authentication key-management cckm optional
ip dhcp excluded-address 10.11.12.13
ip dhcp pool temp
network 10.11.12.0 255.255.255.0
interface BVI1
ip address 10.11.12.13 255.255.255.0
no ip route-cache
aaa new-model
aaa group server radius rad_eap
! add a real AAA server (with auth-port 1645) before
! the following statement if you are configuring a
! fallback authentication service instead of a
! standalone service
server 10.11.12.13 auth-port 1812 acct-port 1646
aaa authentication login eap_methods group rad_eap
! add a real AAA server (with auth-port 1645) before
! the following statement if you are configuring a
! fallback authentication service instead of a
! standalone service
radius-server host 10.11.12.13 auth-port 1812 acct-port 1646 key 0 l0cal-key-secret
radius-server deadtime 10
dot11 holdoff-time 1
ip radius source-interface BVI1
radius-server local
nas 10.11.12.13 key 0 l0cal-key-secret
user testuser password 0 testuser-key-secret
exit
exit
wri -
AAA and local user authentication
Hi,
I already have AAA authentication setup on my switch. And I can use local users to login when the AAA server is unreachable.
But I want to know if it is possible to use local users even when the AAA server is reachable. Something like first it checks the local users databse and if the user does not exists then fallback to AAA or vice versa.
Thanks.Ismail, the authentication method you define act as a service. So only when the service is not avilable the method fallback to the next methond you define.
So in your case if the user account is not present in the local data base it will not fallback to aaa server.
aaa authentication login default local group radius
The same holds true if the user account is not there in the aaa server
aaa authentication login default group radius local
Only when the aaa server is not responding (service downe or not reachable) it will fallback to the local database.
Hope this helps! -
Export User Accounts/AAA Local Database from 4404 WLC
Hi,
Guest User Accounts have been created in the local database of the WLC 4404. Because we are going to use Cisco ISE for Guest user authentication, I would like to know if there is a way to export these accounts and import them into Cisco ISE.
Thanks in advance.
Joana.Ok, thanks for your response.
Joana. -
I already posted this question in "LiveCycle Designer ES" but I didn't get any response. So, I am posting it here. Be patient.
Hi All,
I am having issue connecting to the local database from the Adobe Form.
Here is the code that I have to open the connection:
// Search for sourceSet node which matchs the DataConnection name
var nIndex = 0;
while(xfa.sourceSet.nodes.item(nIndex).name != sDataConnectionName)
nIndex++;
var oDB = xfa.sourceSet.nodes.item(nIndex);
xfa.host.messageBox("Check 1: "+xfa.sourceSet.nodes.item(nIndex).name); // I am getting the DSN name that I created.
oDB.open(); // I am getting the below message. Once I click "Yes". It is just opening the Form.
xfa.host.messageBox("Check 2: "+xfa.sourceSet.nodes.item(nIndex).name); // I am NOT getting this message.
oDB.first();
Your help is appreciated.
Thanks in advance,
ChandraHello,
Early I saw one example when it was done with aaa atribute list, and it was working, but on 3945E it is not working.
Here is example :
aaa new-model
aaa authentication login ezvpn_users local
aaa authorization network ezvpn_users local
aaa attribute list ezvpn_users
attribute type service-type noopt service shell mandatory
username user1 password 0 superpasword
username user1 aaa attribute list ezvpn_users
Do you have some information about it ? -
Cannot connect local database using net service_name
Good Morning to all ;
FYI : This question wrongly posted under high availability. Now it was removed from there.
I am trying to connect my local database using remote authentication.
but getting error. Client & Server reside on same server.
SQL> conn u1/u1@primdb
ERROR: ORA-12545: Connect failed because target host or object does not exist
SQL> conn / as sysdba
Connected.
SQL> show parameter db_name;
NAME TYPE VALUE
db_name string primary
SQL> show parameter service_names;
NAME TYPE VALUE
service_names string mydb
SQL> show parameter db_domain;
NAME TYPE VALUE
db_domain string primary.com
SQL> show parameter global_name;
NAME TYPE VALUE
global_names boolean FALSE
SQL> select * from global_name;
GLOBAL_NAME
PRIMARY
[oracle@localhost admin]$ lsnrctl start
LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 18-JAN-2014 16:32:08
Copyright (c) 1991, 2005, Oracle. All rights reserved.
Starting /u01/app/oracle/product/10.2.0/db_1/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 10.2.0.1.0 - Production
System parameter file is /u01/app/oracle/product/10.2.0/db_1/network/admin/listener.ora
Log messages written to /u01/app/oracle/product/10.2.0/db_1/network/log/listener.log
Error listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oel5.linuxserver)(PORT=1521)))
TNS-12545: Connect failed because target host or object does not exist
TNS-12560: TNS:protocol adapter error
TNS-00515: Connect failed because target host or object does not exist
Listener failed to start. See the error message(s) above...
my listener.ora file contents :
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = primary)
(ORACLE_HOME = /u01/app/oracle/product/10.2.0/db_1)
(GLOBAL_DBNAME = mydb.primary.com)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = oel5.linuxserver)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
my tnsnames.ora contents
primdb=
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST= oel5.linuxserver)(PORT=1521))
(CONNECT_DATA =
(SERVER=DEDICATED)
(SERVICE_NAME = mydb)
$ tnsping primdb
TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 18-JAN-2014 16:40:55
Copyright (c) 1997, 2005, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST= oel5.linuxserver)(PORT=1521))) (CONNECT_DATA = (SERVER=DEDICATED) (SERVICE_NAME = mydb)))
TNS-12545: Connect failed because target host or object does not exist
Thanks in advance ..Good Morning Ed Stevens ;
Nice to see you once again !
I remember , you are very familiar with oracle net services.
I read your article. Exploring the LOCAL_LISTENER parameter
Now i have removed listener.ora & tnsnames.ora files .
now the listener is registered as dynamically'
SQL> alter system register;
Ed Stevens wrote ..
simply do a "ping oel5.linuxserver" and report the result.
$ ping oel5.linuxserver
ping: unknown host oel5.linuxserver
$ hostname
localhost.localdomain
$ echo $ORACLE_HOSTNAME
oel5.linuxserver
my new tnsnames.ora contents
primdb =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = oel5.linuxserver)(PORT=1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = mydb)
$ tnsping primdb
TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 18-JAN-2014 19:57:13
Copyright (c) 1997, 2005, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = oel5.linuxserver)(PORT=1521)))
(CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = mydb)))
TNS-12545: Connect failed because target host or object does not exist -
Same user in tacacs and local database with different privilege
Hi there,
i am just not sure if this is correct behavior.
i am running NX-OS image n5000-uk9.5.1.3.N1.1.bin on the nexus 5020 platform.
i have configured authorization with tacacs+ on ACS server version 5.2 with fall back to switch local database.
aaa authentication login default group ACS
aaa authorization commands default group ACS local
aaa accounting default group ACS
a user test with priv 15 is craeted on ACS server, password test2
everything works fine, until i create the same username on the local database with privilege 0. ( it doesnt matter if the user in local database was created before user in ACS or after )
e.g.:
username test password test1 role priv-0 (note passwords are different for users in both databases)
after i create the same user in local database with privilege 0,
if i try to connect to the switch with this username test and password defined on ACS, i get only privilege 0 authorization, regardless, that ACS server is up and it should be primary way to authenticate and authorizate the user.
is this normal?
thank you for help...Hello.
Privileges are used with traditional IOS. Privileges are part of "command authorization". Other operating systems (like IOS-XR, Nexus OS , Juniper JunOS) use "role-based authorization" instead of "command authorization".
So traditional IOS can use the "privilege" attribute but other operating systems can not.
Although IOS-XR, Nexus, ACE, Juniper have "roled-based authorization" feature, every single one of them use their particular attributes.
When I was configuring TACACS with ACE, Juniper and other devices I had to capture the packets to find out what were the particular attributes of ACE, what were the particular attributes of JunOS, etc, etc and to search deeply some hints the documentation , because sadly documentation is not very good when talking about TACACS details.
If you find which attributes to use, and what values to assign to the attributes then you can go to ACS and configure a "Shell Profile".
Now back to Nexus 5000. It seems this particular device has the option to mix "role-based" with "command authorization" by overriding the default roles with other roles which names are called "priv". It seems this was an effort to try to map the old concept of "privileges" to the new concept of "roles". Although you see the word "priv", it's just the name of the role. My particular point of view is that this complicates the whole thing. I would recommend to use just the default roles, or customize some of them (only if needed), but not to use "command authorization".
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/security/502_n1_1/Cisco_n5k_security_config_gd_rel_502_n1_1_chapter5.html
I will search the particular attributes Nexus use to talk to TACACS server. If I got them I will post them here.
Please rate if it helps -
CSM 3.1 local user authentication problem
Hi every one.i have strange problem with local user authentication.in our csm i have configured csm to auhenticate users using TACACS+ from our acs server which every thing is ok about this configurtion but also i have configured fall back authentication for user admin.here is the problem even when connection to ACS server is ok and server can send authentication requests to ACS we can authenticate with ACS and Local admin which i think this is wrong because using local admin is configured as fallback.so what do you think about this problem which CSM authenticates users with ACS and local database same time??
You probably need to go under the system context and create the interface and also allocate vlans to it in CSM before you configure the context itself.
I hope it helps.
PK -
Can i use local database in webdynpro
Hai,
I want to store a string in the local database. is it possible to store in local dictionary-->structures.
using this how cani store , retrieve, update and delete the data in the local dictionary.
regards,Hi Naga,
It was discussed already:
store data in database and access
making database connection
REG: DATABASE Connection
Best regards, Maksim Rashchynski. -
let say that i access a oracle form through the web and that form access data from two distributed databases, then will there be a remote database and local database for the user or all the databases will be remote databases to the user
In my opinion.
using local databases -- access tables without DB_link
using Remote databases -- access tables through DB_link
Maybe you are looking for
-
I'm using my iPad 4 and my iPhone 4.
-
SSD on MacBook Pro 9,2 (13 inches mid 2012)
Hi, I have a brand new MacBook Pro model 9,2 and happy with it. I want to speed up the hard disc usage and considering replace the internal HD with a new SSD. My question is the following: rather than just get 1 SSD to replace the original Apple HD,
-
Can't Find Recipe Box after upgrade to Windows 7
I own a TouchSmart IQ526. Recently upgraded to Windows 7 and TouchSmart 3.0 software but cannot find the Recipe Box application. The following page says there's a download: http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01941604&cc=us&lc=en&dl
-
Does the cache matter when choosing hard drive for mac pro?
Hi, I have been looking at all the specs to see about adding another hard drive to my mac pro. It is the 1st generation 2006 duel. I am getting a bit confused about the specs required! I don't understand cache? I think that mine is 8 cache, but a lot
-
Pass query to the report through form
Hello everybody... I m using forms and reports 6i. I create query through form depends on user selection. Means user select specified columns from specific table. And finally i create complete query. Now i wanna pass that query to report builder and