GANYMEDE + accounting issue
Hi all
I would like to know GANYMEDE-accounting option in cisco.
We have deployed AAA machine which is Avenda in our network operation and able to enter orders accounting ONLY for valid orders. The GANYMEDE + also can capture invalid orders and sent to Avenda (our AAA machine)?
Please help clarify.
Hello
It is a device-specific thing. In the case of IOS, it only passes the valid commands to the RADIUS server. Example - If we issue the command 'show the user' it will record it and if we run the command "show dog", it will not be logged.
Hope that helps!
Kind regards
~ JG
Note the useful messages
Tags: Cisco Security
Similar Questions
-
AAA GANYMEDE + accounting - CLI question by user not appear in the report of the ACS.
Can I know why CLI cancelled by the user does not show on GANYMEDE ACS accounting report. The length of time is displayed, but I also wanted to connect what is the commands issued by the user.
WHA is missing here?
enable AAA authentication login VTY P1_ACS local group
Group default AAA authorization exec local P1_ACS authenticated by FIS
AAA authorization exec CONSOLE none
AAA exec by default start-stop accounting P1_ACS group
AAA commands 5 default start-stop accounting P1_ACS group
AAA commands 15 arrhythmic default accounting P1_ACS group
Accounting logs command is stroed in the newspapers of the administration of Ganymede.
There is also a known issue on ver 4.1.1 and we must
apply the ACS 4.1.1.23.5 patch to fix the problem.
Patch for the unit is available on
http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-Soleng-3DES
The patch name: ACS SE 4.1.1.23.5 rollup
Acs hotfix for windows is available on
http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-win-3DES
The patch name: ACS 4.1.1.23.5 rollup
CCIE Security
-
AS5300 past Ganymede accounting-duration = 0
Hello
We have two AS5300 (IOS 12.2 (15) T2). Everything works fine except that the two NAS often incorrectly reports elapsed time = 0 for asynchronous ppp to the ACS server sessions. Sessions of ISDN is always correct.
I have looked for a cause/explanation, but can't find it. All information will be...
This is the config of aaa:
AAA new-model
!
!
AAA authentication login default group Ganymede +.
AAA authentication login admin group Ganymede + local
AAA authentication against local connection
the AAA authentication enable default group Ganymede + activate
AAA authentication ppp default if necessary to group Ganymede +.
AAA authorization exec default group Ganymede + authenticated if
AAA authorization default LAN authenticated by FIS
AAA accounting network default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
AAA - the id of the joint session
radius-server host
radius-server host
RADIUS-server application made
radius-server key
Brgds
Conny
This is probably a bug CSCec30517, where time is elapsed = 0 if the session is not closed correctly (IE, if the user simply off his PC, rather than actually disconnect the session correctly).
Good news is that it is fixed in paragraph 12.2 (15) T7, try the upgrade to that and see how you go.
If you want to check that you touch this BEFORE the upgrade, activate the following debugging:
Debug ppp neg
Debug aaa authentic
Debug aaa author
Debug aaa accounting
debugging Ganymede
For the times when the elapsed time is non-nulle (correct), you should see the following debug just before the GANYMEDE debug:
Sep 8 12:19:57.042: As9 LCP: I have TERMREQ [open] id 7 len 16 (0x795A2E62003CCD7400000000)
Sep 8 12:19:57.042: As9 LCP: O TERMACK [open] id 7 len 4
The TERMREQ is a request for termination by the user, indicating that they properly closed the session. Following GANYMEDE Accoutning debugging should then show as zero time.
If you find an accounting debugging GANYMEDE with time elapsed from scratch, look above it and you probably won't see a request for termination of the user in particular, PPP indicating the authorized call wrong down.
-
Cisco ACS SE GANYMEDE + accounting fails
Hello
I'm under Cisco ACS SE 4.1.23.5. My problem is that the ACS don't Jrnl of the remote switches. I have configured the following accounting commands:
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
When I enable aaa accounting debugging, I get the following logs on the switch.
001091: 12 sep 12:06:06.464 TSB: AAA/ACCT: user johndoe, acct type 3 (2684940942): method = Ganymede + (Ganymede +)
001092: 12 sep 12:06:06.665 TSB: TAC +: (2684940942): received the status of response acct = SUCCESS
001093: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:
'show running-config '.
" 001094: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: find the "default" list
001095: 12 sep 12:06:11.346 TSB: AAA/ACCT: user johndoe, acct type 3 (1583033889): method = Ganymede + (Ganymede +)
001096: 12 sep 12:06:12.000 TSB: TAC +: (1583033889): received the status of response acct = SUCCESS
001097: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:
' configure terminal '.
" 001098: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: find the "default" list
001099: 12 sep 12:08:16.303 TSB: AAA/ACCT: user johndoe, acct type 3 (1098049616): method = Ganymede + (Ganymede +)
001100: 12 sep 12:08:16.504 TSB: TAC +: (1098049616): received the status of response acct = SUCCESS
001101: 12 sep 12:08:29.884 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:
It seems that the switch is well a response but the CSA record. I have updated the ACS for the latest patch (4.1.23.5), which is supposed to resolve this known bug.
Is there something that I am missing?
Thank you.
ESD
And what you get in the newspapers of Ganymede Administration?
Kind regards
Prem
-
I've implemented a Cisco Secure ACS with Protocol GANYMEDE. We have problems with network connectivity, and whenever this happens GANYMEDE fallsback to the local database. Is it possible to allow the capture of executed orders when the ACS to disconnect. Can be when GBA comes back as these (accounting) commands can be sent to it by the device itself.
My requirement might seem weird. But I am convinced that anything is possible with Cisco :)
What you ask, it is to have the client IOS T + cache commands and then send to the Association once that customer T + can still communicate with ACS. Yes? By IOS T + controls, no, this is not available. The connection T + is going to fail and fall back to either an another T + server or stop sending documents.
The only solution here is to have two ACS servers online and have the drop T-return to the ACS secondary loss of connection to the primary. Then, have the two ACSes before accounting to a third-party server, ACS or syslog. Of course, this assumes that the customer T + is not lose connectivity to two ACSes.
-
don't know where to post this... .but I sent a phishing mail and invoice as requested... I changed my password, but cannot answer questions of account security... I have no idea of the answers? I can't get through this and can't seem to find a phone number appropriate to the United Kingdom for the security of the accounts...
as someone has any idea how I can do this
VAlerie
This Apple help page provides contact information for different countries for problems of security with a Apple ID:
-
logging on user accounts issues
We have two user accounts on our PC. (1) for children with the mugs of the security and the other for us (parents). When we (the parents) is going to connect to our account it says "user profile service does not logon and user profile cannot be loaded. What does that mean?
Hello
You can try to fix it with Safe Mode - repeatedly press F8 as you bootup. The ADMIN account in trunk
Mode has no default password (unless someone has changed the password so it should be available).Some programs such as the updated Google (if you added the toolbar Google, Chrome or Google Earth)
has been known to cause this problem.Error message when you log on a Windows Vista-based or Windows 7 using computer a
Temporary profile: "the user profile Service has no logon. Unable to load the user profile.
http://support.Microsoft.com/kb/947215How to fix error "the user profile Service has no logon. User profile cannot be loaded. »
http://www.Vistax64.com/tutorials/130095-user-profile-service-failed-logon-user-profile-cannot-loaded.htmlHow to fix error "your user profile was not loaded correctly! You have been connected with a
temporary profile. "in Vista
http://www.Vistax64.com/tutorials/135858-user-profile-error-logged-temporary-profile.htmlBE VERY CAREFUL IF YOU USE THIS ONE:
DO NOT USE THE ACCOUNT HIDDEN ON A DAILY BASIS! If it corrupts you are TOAST.
How to enable or disable the real built-in Administrator account in Vista
http://www.Vistax64.com/tutorials/67567-administrator-account.htmlUse the Admin account hidden to lower your user account APPLY / OK then wear again to
ADMIN. This allows clear of corruption. Do the same for other accounts if necessary after the
above message.You can use the hidden - administrator account to make another account as an ADMINISTRATOR with your same
password (or two with the same password) use a test or difficulty to another.You can run the Admin account hidden from the prompt by if necessary.
This tells you how to access the System Recovery Options and/or a Vista DVD
http://windowshelp.Microsoft.com/Windows/en-us/help/326b756b-1601-435e-99D0-1585439470351033.mspxIf you cannot access your old account, you can still use an Admin to migrate to another (don't forget
always leave to an Admin who is not used except for testing and difficulty account).Difficulty of a corrupted user profile
http://windowshelp.Microsoft.com/Windows/en-AU/help/769495bf-035C-4764-A538-c9b05c22001e1033.mspxI hope this helps.
Rob Brown - MS MVP - Windows Desktop Experience: Bike - Mark Twain said it right.
-
ACS 5.6.0.22 GANYMEDE authentication issue
According to this scenario: Active Directory server does not or is not available.
ACS is configured with both AD and Local users. When the ad is online, I can use a Local account for the RADIUS authentication or AD account. When the ad is unavailable I get error: 24444 Active Directory operation failed because of an error that is not specified in ACS, trying to use the Local account. (Of course I expect is not able to use an AD account)
Is this as expected? or is there an error in the configuration at hand?
Hi Richard,
Announcement is offline, in the case you should still be able to use your account if you select the option to 'Continue to next identity store in the sequence', on the 'advanced options' on the 'sequence to store identity' that you created:
Section "users and identity stores > identity store sequences > Edit:
Advanced optionsIf the current identity store access does notBreak sequence* Continue to next in the sequence identity storeNote: Please mark as answer as appropriate
-
I can't get my security code to my address mail please help me through it
As the account of emissions contain private information that can be shared in a public forum, please use the online form below. They are the only ones who have access to your account information, we simply don't have.
Account of all the partners must now wonder online by using the Microsoft online form
Select the error you must help with and fill in the information requested on the next page. You must be connected to a Microsoft account to access the form.If you are unable to access your main account, you can use another account (if you have one) or create a new one https://signup.live.com/
-
Hello! I have a free student account issued through my school, but was billed $29.99
How can I cancel it and get a refund? I think it's because I didn't renew my CC at the time, but I don't want a second account. How can I go to get rid of one that costs and get my refund on behalf of load?
Creative cloud is set to automatic renewal every month or every year, depending on the option you have chosen.
To contact support, please click the link below, click on the still need help? option in the blue box below, then choose the cat. Make sure you are signed in with your Adobe ID, have cookies enabled and have deleted your cookie cache. If you have any questions, try another browser.
Assistance for orders, refunds and exchanges (non - CC)
Kind regards
Guinot
-
I received notification yesterday orange triangle saying something to have to retype my password. I enter and tells me that it is inadmissible, but I know that it is not. I have change the password three or four times and get the same results. However, go directly to a Google site passwords each time and yet my phone authentication whatever you want to call, he tells me its wrong.
All the patches on this? Can not access Google game or update any window auto app. Any solution to this?
-
Hello
We have set up accoutnig in our network devices. But orders that users type does not appear in the section GANYMEDE + accounting. We use the ACS 4.1se and orders of posting to the devices are given below.
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 1 by default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
Help, please
Command accounting logs are stored in the newspapers of the administration of Ganymede. There is also a known issue on ver 4.1.1 and we must apply the ACS 4.1.1.23.5 patch to fix the problem.
Patch for the unit is available on
http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-Soleng-3DES
The patch name: ACS SE 4.1.1.23.5 rollup
Acs hotfix for windows is available on
http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-win-3DES
The patch name: ACS 4.1.1.23.5 rollup
Kind regards
~ JG
Note the useful messages
-
AAA accounting report is not with issued orders.
Hello everyone, I have a problem with the AAA accounting on my ACS 4.0 device. When I view the posting journal lists the connections, protocols and addresses IP but not the commands executed on the specific switch. When I debug AAA accounting I see ouput but when I debug Ganymede accounting I see nothing. An exammple of my config is:
AAA new-model
AAA group Ganymede Server + ACS
Server [ip address here]
Server [ip address here]
AAA accounting exec by default start-stop group ACS
AAA accounting command 0 arrhythmic group ACS
orders accounting AAA 15 start-stop ACS group
RADIUS-server key [here].
I left on the framework for the authentication of the configuration (in the example above) that it works very well.
Someone at - it ideas why the actual orders are not be captured on GBA?
Thanks in advance.
GBA, accounting of the order must be recorded in the Administration of GANYMEDE + do not connect not the journal GANYMEDE + accounting! Don't ask me why, what just. At least it is on my own and took me a while to discover as well.
Hope this helps
Concerning
Mike
-
Administrator command accounting Pix 515
Hello
Is there a way to connect firewall admin commands issued to the firewall? As for example, send to a GANYMEDE Server +?
Thanks for the help.
Hello noipt,
Accounting command can be configured ONLY in PIX v7.x. In addition, looks not - show only orders will be sent.
By the order No.
Accounting messages to the GANYMEDE + accounting server when you enter one command other display commands in the CLI, use the command of control accounting aaa in global configuration mode.
AAA accounting command
http://www.Cisco.com/univercd/CC/TD/doc/product/multisec/asa_sw/v_7_2/cmd_ref/a1_711.htm#wp1428200
For version 6.x.
Authentication and authorization in order for PIX 6.2
http://www.Cisco.com/warp/public/110/pix_command.shtml#accounting
There is no command available real accounts, but in having enabled on the PIX of syslog, you can see what steps have been made, as shown in this example:
307002: allows connection of the 172.18.124.111 Telnet session
111006: connection to pixtest to the console console
611103: user disconnected: Uname: pixtest
307002: allows connection of the 172.18.124.111 Telnet session
111006: connection to pixtest to the console console
502103: user priv level changed: Uname: pixtest of: 1:15
111008: user 'pixtest' command 'enable '.
111007: configuration Begin: 172.18.124.111 reading of the terminal
111008: user 'pixtest' run the command "configure t."
111008: user 'pixtest' run the command "write t.
I hope this helps! If Yes, please rate.
Thank you
-
Questions for the recovery of account with the code by email * help *.
Hey! I've been struggling with this for a while now and I finally had the time to ask for assistance through this Web site.
I forgot the password for my account, and at one point, I thought that everything would be fine because I thought I could get it back by asking a code by email. Well, it turns out that after entering the code, I get a message that says that this "this code did not work. Check the code and try again. »I have re-tried a few times and I have no other way to recover the account have not sufficient information to allow for a recovery.
This has really been bothering me and this account is important. If someone could help me it would be much appreciated, good holiday!
BrandonBXP
What account are you talking about? Hotmail, Outlook.com, office outlook win 8, etc.?
If it's Hotmail/outlook.com as I suspect, you must post in this section, but they will tell you that the associated account issues must be treated using the secure online form
Microsoft forum account has been deleted and all associated accounts must now wonder online iciSelect the error you must help with and fill in the information requested on the next page. You must be connected to a Microsoft account to access the form.If you are unable to access your main account, you can use another account (if you have one) or create a new one at https://signup.live.comYou can read more information on blocked accounts here
Maybe you are looking for
-
OS Sierra: Cannot play audio via bluetooth are involved during airtime
Cannot play audio via bluetooth speakers during airtime to my TV. Has been able to do before the OS Sierra update. Now if I switch to my bluetooth receiver in the system prefs-> sound-> menu "exit" it disconnects completely airplay. This happens both
-
I have a new computer that does not have any installed web browser when I acquire. So, I can't download Firefox, say, by using Internet Explorer. Can I get a copy of Firefox on a CD and use instead.
-
Original title: we get answersI get a blue screen / saying windows has me down to save damage to my computer? What happened? computer not stop as usual... keep getting a blue screen with the message. Windows has shut down computer so damage won, t h
-
I love periodically re - install a new operating system after reformatting hadr drive. In the past it was the of syetem of full operation and not just an upgrade. I have to be sure that it is not complicated, as I want to install the upgrade to Windo
-
Envy Touchsmart Ultrabook - boot from Usb Flash or optical drive
I just this envy Touchsmart Ultrabook (14 inches) with 8 win and it works very well, but one thing that I can't make it work is to be able to boot from a USB stick or a cd usb player. This system doesn't have a built-in optical drive. I changed the