GANYMEDE for VTY & Console

Similar Questions

• GANYMEDE for ASA 5550

  Hello

  How to configure Ganymede for ASA 5550 with acs4.2. I have two asa, one is active and others in mode. pls tell me how to set up. I couldn't find any good docs either.

  Thank you.

  Hi Gavin,

  Here is the sample config for ASA's telnet authentication from Tacacs: username admin password xxxxx privilege 15 aaa-server TEST protocol tacacs+ aaa-server TEST (inside) host x.x.x.x  yyy   [x.x.x.x is the ip address of the tacacs server and is reachable from the inside interface and yyy is the shared secret key.] aaa authentication telnet console TEST LOCAL   [This will send the telnet authentication request to the tacacs server first and if it is not reachable then use the local database of the ASA] aaa authentication ssh console TEST LOCAL    [same as above but for ssh session] aaa authorization exec authentication-server    [this enables exec authorization for the telnet and ssh sessions.] 
  aaa authentication http console TEST LOCAL [for HTTP]
  order of accounting AAA TEST [this helps accountants of the order for all orders entered in the telnet or ssh session.]  On the Ganymede server we need to add this ASA as a RADIUS client with shared secret key yyy.
  
  You can find more details: -.
  http://www.Cisco.com/en/us/docs/security/ASA/asa80/configuration/guide/mgaccess.html#wp1042026
  The GBA, you need to add ASA as device under config network with Protocol Ganymede.
  Thank you
  Vinay
  If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.
  		   

• What is the cause of the message "Waiting for Service ' Console CVD activity

  I have two related questions.

  basis, I just started centralizing 200 computers ish, all except 2 appears fine, 2 questions, one below and another with VSS errors.  This message is just for the question "in waiting for the Service.

  1. What is the cause of the message "Waiting for Service ' Console CVD activity and is there anywhere that documents these meanings of status.
  2. No idea where I should start troubleshooting the message "Waiting for Service ' I get to the computer below.

  I have a computer with this status which comes to have installed the client and will not be to centralize.  Other computers seem to work properly (centralized).

  The computer is to ping requests, but appears as disconnected in the console.

  I deleted the CVD and restarted the centralization CVD using a different policy on a different volume without change.

  Journal of the history of CVD below

  Description of the Type of weather

  31/01/2014-08:52:32 AUDIT_EVENT assign device, device: PC30866 (1995), cardiovascular disease: 11614, political CVD: don't Default - every 4hrs - no drive D (1.1)

  02/05/2014-13:53:58 politics AUDIT_EVENT assign CVD, CVD: PC30866 (11614), CVD policy: Migration Post-quotidien (1.0)

  31/01/2014 General Office EVENT 20:44:46 service error

  31/01/2014 General Office service EVENT 17:39:04 error

  31/01/2014 14:44:34 EVENT has not finished downloading, internal error, exception attached

  31/01/2014 General error from the EVENT 13:05:15 service office

  31/01/2014-12:30:37 TRANSACTION_START PC30866 - centralize endpoint

  the transaction log has an inscription mentioning a failure (not sure if it is the server or PC related) disc.

  Diseases cardiovascular diseases cardiovascular name Type State layer size (MB) data transferred (MB) branch reflector savings start time end time transfer (MB)

  Of the endpoint PC30866 centralize 11614 reading disc failed 169648 1531 0 31/01/2014 12:30:37 05 d 04:16:52

  The next event is in the application event log and the Mirage event log for the failed computer. (there were not all other errors in the paper since the deployment of mirage customer and there is no errors in the system event log)

  Event type: error
  Event source: VMware Horizon Mirage customer
  Event category: no
  Event ID: 0
  Date: 31/01/2014
  Time: 20:44:46
  User: n/a
  Computer: PC30866
  Description:
  Error general service office
  Unexpected exception taken (sender Name:Wanova.Desktop.Service.exe
  There is no policy context.
  , the object exception System.OutOfMemoryException: Exception of type 'System.OutOfMemoryException' was thrown.
  System.Collections.Generic.List to ' 1.set_Capacity (Int32 value)
  System.Collections.Generic.List to ' 1.EnsureCapacity (Int32 min)
  to System.Collections.Generic.List' 1. Add (T item)
  at Wanova.Net.DataTransfer.TransferStreams.SignatureResponseStream.ProcessChunk (ChunkInfo chunkInfo)
  at Wanova.Net.DataTransfer.TransferStreams.ChunkInfoDecodingStream.BeginWrite (Byte [] buffer, TransferStreamWriteCallback onWriteComplete)
  at Wanova.Net.DataTransfer.DataHandler.ExecuteDataStreamTask (DataHandlerExecutionTask task, MarkCompletionCallback markCompletionCallback)
  at Wanova.Net.DataTransfer.DataHandler.ExecuteTask (IExecutionTask task, MarkCompletionCallback markCompletionCallback)
  Wanova.Net.DataTransfer.ExecutionController.QueueListener (Group IExecutionTask)
  to Wanova.Common.ThreadUtils.ParamaterizedWorkItem'1.Run (object fakeParam)
  at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context (Object state)
  at System.Threading.ExecutionContext.Run (ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
  at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem)
  at System.Threading.ThreadPoolWorkQueue.Dispatch)
  at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback (), ends at True)

  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

  It turns out that this computer seems to have hard drive errors, so not a matter of mirage.

• another name for service console

  What is another name for service console?

  can someone let me know the right answer...

  Thanks in advance

  Rajesh reddy

  COS?  (Console operating system)

  It is based of RHEL

• Removed shortcut for Web Console?

  I can bring is more up/down of the Web Console with Ctrl + Shift + K shortcut keyboard key, nor is any shortcut listed next to it under Tools-> Web Developer.

  The shortcut is still listed here:

  https://support.Mozilla.org/en-us/KB/keyboard-shortcuts-perform-Firefox-tasks-quickly

  Not having is not a shortcut is such a concern, what good reason is there to remove it?

  If it was me that somehow it deleted (have not published on: config any time recently), I thank you for the tips on how to bring it back.

  It still works for me. The problem survives a cycle of exit/restart of Firefox?

  Sometimes there are conflicts shortcut keyboard with Add-ons. It is not obvious to me the best way to resolve these, but there are modules that allow you to change the shortcuts; This could be useful if the conflict continues. To see if it is caused by an extension, try Mode without failure of Firefox. It is a standard diagnostic tool in order to avoid interference by extensions (and some custom settings). More info: questions to troubleshoot Firefox in Safe Mode.

  You can restart Firefox in Mode safe help

  Help > restart with disabled modules

  In the dialog box, click on 'Start mode safe' (not Reset)

  Any difference?

• Authentication mode privilege using Ganymede for Cisco routers

  I'm trying to set up a test environment where I need to be able to be requested for both a user name and password entering mode mode exec on a cisco IOS router. I was told the only way to do is through Ganymede. But I didn't all these configuration on Ganymede options to put in right place. Someone has already done an installation like this before. I'd appreciate any help on this. Thank you.

  That's right, as I said in my previous post you can not accomplish what you're trying to do.  In IOS the username that you use to connect

  the router is ALWAYS used when you are in enable mode.  If you want to change the user logged in as you will need log on the

  router and log back in with the right user.

  -Jesse

• GANYMEDE + for the unified management of ASA and VPN auth

  Hello, I have ASA 5540 and 4.2 ACS (AD backend), I want authentic unified management and vpn access.

  For example, I have two groups in ACS (mapping AD): Admins, VPN access.

  I wish that Admins have full access (shell, VPN) and "Access VPN" only vpn, without shell of any kind.

  I understand how to do with RADIUS - use 'Service-type' and network access profile, but how to do it with GANYMEDE +?

  There is something

  I explained to him almost the same scenario in the post of 2008

  https://Cisco-support.hosted.Jivesoftware.com/message/853751#853751

  To achieve this, you should have even ASA added to GANYMEDE and RADIUS AAA cleint.

  

  Since you want to group admin must have FULL access so don't change anything on this group.

  Now vpnaccess Group on ACS must have only access to the VPN, then here you need to implement IP-based NAR

  Go into the setup of the Group > ip based NAR

  

  I hope this helps.

  Rgds, jousset

  Note the useful posts ~

• GANYMEDE for user in several groups

  Hello

  Quick question on GANYMEDE and a user who must be greater than 1 group

  We have a group of networkAdmins that is bound to the Administrators group of the AD domain with an inside network admin

  o then have another group to the firewall that is bound to the firewall access to AD user group is in both groups who all have both been created using a manual mapping in GANYMEDE but the user does only in the NetworkAdmin group not in the firewall administrators group

  any ideas why the user does not or is it still possible

  Thank you

  No problem! I had problems in the past when the local and domain user are identical. You can always get around that by defining what identity stores are used (for example, excluding the user database internal) and/or by properly constructing your authorization rules.

  Also, do you use ACS 4.x or 5.x?

  Thanks for the note!

• How make for the image path full output for recorder/console

  Hi all

  I'm just starting getting my hands dirty with the lr sdk and could do with a little guidance.

  For a part of a plugin, I need to retrieve the path complete to each image, and well I can achieve what I want I fight to print the path to the console log / and can not understand why.

  Here is a snippit of code to illustrate things:

  for photo in exportSession:photosToExport() do 
  
       filename = photo:getFormattedMetadata( "fileName" )
       outputToLog( filename )  -- Works as expected
       folderName = photo:getFormattedMetadata( "folderName" ) 
       outputToLog( folderName )  -- Works as expected
  
  
       local path = LrPathUtils.standardizePath(photo:getRawMetadata("path"))
       outputToLog( path ) -- Output is always blank
  
  
       -- and yet when passed to exiftool the path is correct and works as expected
  
       LrTasks.execute("exiftool  -Copyright=\"Imaginary person\" \""..path.."\"")
  
  
  
  end
  

  Basically, I can get the path and use them as part of a command, exiftool, but cannot work, how the path to the log console to output debugging purposes. Am I missing something simple, or is it a voluntary limitation?

  Any help much appreciated.

  I don't know what the problem is. What camera you're out in?

  i.e. have you tried logger: enable ("logfile") - that works for me in OSX to save to a file.

  Here is the code I use:

  Self.Logger = LrLogger (logName)

  function local logToFile (msg)

  local f = io.open (self.logFilePath, 'a')

  If f is nil then

  Debug.pause ('failed to open log file', self.logFilePath)

  return

  end

  f: Write (LrDate.timeToUserFormat (LrDate.currentTime (), "%-% m-% d % H: % m: %s"), "", msg, "\n" ' ")

  f: Close)

  end

  If self.verbose then

  -self.logger:enable ("logfile") - check all in the log file.

  Self.Logger:Enable (logToFile)

  on the other

  local = {}

  -debug output is removed when you don't sign in details

  trace = logToFile,

  Info = logToFile,

  warn = logToFile,

  error = logToFile,

  fatal = logToFile,.

  }

  Self.Logger:Enable (interventions) - remove trace & debug.

  end

  R

• Change password for administration Console

  How can I change the password to 10.3.0.0 weblogic administration console?
  
  Published by: raviiyer.r on March 9, 2012 02:17
  
  Published by: raviiyer.r on March 9, 2012 02:24

  I guess only with the help of the
  Home > summary of the servers > summary of the security areas > myrealm > Users and Groups > weblogic > passwords

  in the weblogic console is not an option for you...

• VLAN for Service Console

  Hi guys.

  Ive been through the strengthening of the security/best practice document and working my way through it.

  I understand that its best practices to isolate the service console using a vlan separate but the problem I have with this is things like NTP and DNS does not work as the console will be completely isolated. I have only one Layer2 switch and im wondering what is the best way for acheving this is. Perhaps something like an Hytrust appliance?

  Any suggestions, tales of wisdom tor welcome

  Thank you

  I have to disagree with this statement since Andre, that we have found that when you run a scanner security on the management network (port), and especially against the VMotion network (port), you can stop the services, disable VMotion and so, by default, disabling of DRS.

  I used HyTrust and found valuable by adding an extra layer of security.

  FYI HyTrust works to implement authentication 2 factor for ESX and vCenter as part of the management functions of the access of the HyTrust Appliance for their next version 1.1.  This is for the connections of management vCenter both direct-to-host using Virtual Infrastructure Client or ssh.  They are currently seeking to implement for RSA SecureID, smart card, RADIUS and kerberos.

  b

• Search for service console

  Hello

  I recently installed ESX v3.5 on a server that had 4 network cards, during the installation, I just plugged the LAN cable on a random NETWORK map and the selected installation than NIC for the Service Console which was NIC3.

  After installation I discovered in the ESX he had used this NETWORK card and ip 192.168.1.19 for example management console. after boot ESX, it displays the screen saying that you connect to http:
  192.168.1.19 for the web client.

  And in the ESX I want to do, is change the Console NIC of Service ESX to another nic for example. use the vmnic0 and IP 192.168.1.20 rather than the vmnic3 and IP 192.168.1.19 his currently uses.

  So I used the "esxcfg" command to remove the vswif0 and then create a new swtich and qualify the service console IP 192.168.1.20 only there and then I run the esxcfg-vswif - l and esxcfg-vswitch - l to check and it seems to look ok.

  But then in the ESX when I press on the Atl + F1/F11 to toggle the screen ESX, it still seems to show the "connect to http:
  192.168.1.19 for web client"rather that I have configured the new IP 192.168.1.20 is possible to change this screen to display the correct information as well or have I left out something.

  I have successfully downloaded the vi client and can connect by using the IP 192.168.1.20 but the ESX still shows the old IP ' to connect to http:
  192.168.1.19 for web client"so I'm not if I missed something.

  Also when the Service Console switch configuration is really possible to use a NETWORK adapter rather than the vmnic0, because apparently there is no parameters in the command line "esxcfg?

  esxcfg-vswif - a COnsole vswif0 Service\-i x.x.x.x - x.x.x.x where x.x.x.x b n (I can't remmeber if it's the correct syntax).

  Thank you very much

  If it goes back a.19, so your hostname / IP has not been updated in all the places that I mentioned earlier.  Make sure that these files that I referenced contain the correct host name or IP address.

  -KjB

  VMware vExpert

• Determine good network card PCI bus for Service Console?

  Are the bus PCI in hexadecimal or decimal?

  I ask because I put the Service Console on the bad NIC (0b.00.00) and I want to know which is the NIC low to move it to.

  I have the following:

  Card internal Broadcom: 03.00.00 and 05.00.00 - I want these to become vmic0 and vmnic1

  Map external Intel: 0b.00.00 and 0b.00.0 - I want these to become vmic3 and vmnic4

  Am I right that 03.00.00 is the bus PCI NIC plus small number?

  Once I know that, I'll add this 03.00.00 vmnic to the current SC vSwitch reassign SC him then remove the other vmNIC to it.

  In addition, how is it possible to re - assign vmnic numbers to different network adapters?

  Say vmnic0 is on the NIC 0b.00.00 and I really want to vmnic0 on 03.00.00, how do I do? -command and syntax?

  Thank you, Tom

  Yes, 03:00 is the smallest address PCI - 05:00's next, b 0:00: #'s next - his numbered in hexadecimal - you can reinstall ESX and select the correct network adapter or you can check out here how to renumber - http://vmware-land.com/Vmware_Tips.html#Net4

  If you find this or any other answer useful please consider awarding points marking the answer correct or useful

• GANYMEDE user through the console?

  Hi all

  We had a strange problem with authentication via GANYMEDE. Logging on to a switch via VTY works well... I enter my user name and PW and start at the privileged exec prompt. But when I am trying to connect through the console, I won't get it priviledge rights exec without entering in a passage of the ena. This phenomenon occurs in different versions of IOS.

  Config looks like this:

  AAA new-model

  AAA authentication login default group Ganymede + local

  the AAA authentication enable default group Ganymede + activate

  default AAA authorization exec group Ganymede + none

  AAA authorization network default group Ganymede + local

  AAA accounting send stop-record an authentication failure

  AAA accounting newinfo periodic update 15

  AAA accounting exec default start-stop Ganymede group.

  orders accounting AAA 15 by default start-stop Ganymede group.

  Default connection accounting AAA power Ganymede group.

  !

  username privilege 15 password

  RADIUS-server host x.x.x.x

  RADIUS-server host x.x.x.x

  RADIUS-server timeout 25

  radius-server key

  Line con 0

  exec-timeout 0 0

  line vty 0 4 aso.

  Any ideas?

  Kind regards

  Sebastian

  Sebastian

  What you are experiencing is a behavior of Cisco implements voluntarily. As has been explained to me, to directly enter mode privilege is a combination of authentication and authorization. For the vty ports it is enabled. For the console, it is the authentication, but not the component of the authorisation. The reason for this is that it is easy to misconfigure the framework for approval of the configuration. It's one thing to lock you into the vty ports and it's something of another (and more serious) If you lock you out of the console. So as a safety mechanism Cisco only default not apply permission on the console. You will need to enter the password to enable on the console.

  HTH

  Rick

• How can I retrieve username for console WL?

  Hello

  I got the system that has installed 10.3.2 weblogic, but I lost the ADMIN username and password for connection console WL.

  Somehow, I got the password, but I have no idea on the name user.

  Please suggest me to find the WL console ADMIN username.

  Thank you

  Shiva.

  Hello

  You can find the username in the config.xml file at this location

  / u01middlware/user_projects/Domains/torms_new_domain/config

  config.XML VI

  example of

  fsweblogic

  {ESA} EO5408cGM3N + wqdbJHHJ/Eb4kBJJQ3k88DpXnV2eaPY =

  AB... com

  WLS_FORMS

  true

  Kind regards

  Rous