Problems of GANYMEDE

I'm unable to authenticate using AD Ganymede credentials on a router, but I can access local user account. It's a router moved to another site where he was working, but now is not. The IP is the same. I have attached one that works. Can someone tell me what I'm missing?

Velezm,

First of all make sure that GANYMEDE is accessible (ping via loopback0) router. If it is fine, then look for any firewall blocking the port 49. Check if there are hits on the newspapers of Ganymede? If this is not the case, then asked probably not reached radius server.

Download debugs.

-debug Ganymede

-debug aaa authentication

Kind regards

~ JG

Tags: Cisco Security

Similar Questions

Problem with GANYMEDE + (ACS) and cat 2950

I have configured the 2950 as below and properly configured ACS and I can connect to the 2950 using this configuration, the problem lies after that I go to enable and try any command, I get approval to next error command failed.

What I missed out the config that will allow me to execute commands?

AAA new-model

AAA authentication login default group Ganymede + local

AAA authorization exec default group Ganymede + local authenticated by FIS

AAA authorization commands 15 default group Ganymede + authenticated if

AAA authorization network default group Ganymede + local authenticated by FIS

AAA accounting exec default start-stop Ganymede group.

orders accounting AAA 15 by default start-stop Ganymede group.

AAA accounting network default start-stop Ganymede group.

GANYMEDE server host ***. ***

radius-server key 7 *.

Thanks in advance.

Jon

Hi Jon,

AAA of the switch seems ok, maybe you need to take a look at your ACS.

Check the following information, where you have to apply it in your ACS config:

http://www.Cisco.com/en/us/products/sw/secursw/ps5338/products_configuration_guide_chapter09186a00801fd6fc.html#wp676529

Rgds,

AK

Problem connecting GANYMEDE on ACS 4.0

I have configured the ACS area with a correct customer LAN infrastructure including client ip addresses to devices, a key, then assign authentication via GANYMEDE. I configured a test user in the local ACS internal database. Next, I set up a switch with the IP address of the ACS and the correct key. When I then try to connect to the switch he fails, and the following is recorded in the log of failed attempts of ACS:

2007-08-29 11:39:22 authentic failed... Default group... (Default) Incompatibility of keys...... .. x.x.x.x.. .. .. .. .. Switches LAN LAN-Infrastructure

I have triple checked that the keys are correct and yet fail reason is incompatibility of keys. I don't know if I have something bad in config or if there is a bug.

Cisco switch configuration:

AAA new-model

connection of AAA 5 authentication attempts

AAA authentication login default group Ganymede + local

AAA authentication local console connection

the AAA authentication enable default group Ganymede + activate

AAA authorization exec default group Ganymede + authenticated if

AAA authorization commands 15 default group Ganymede + authenticated if

AAA authorization commands 15 no_tacacs no

AAA accounting exec default start-stop Ganymede group.

orders accounting AAA 15 by default start-stop Ganymede group.

!

RADIUS-server host x.x.x.x

done - no radius-server request

RADIUS-server key xxx

Server RADIUS ports source-1645-1646

Version of the ACS:

CiscoSecure ACS

Release 4.0 Build (1) 44

What could be worng

Please check,

ACS network configuration---> NDG (where you have this switch)--->---> Change---> Remove key properties.

NDG key replaces the key aaa client.

Concerning

~ JG

Problem of GANYMEDE ACS 4.2 NDG and shell permission sets

Hi all

I am trying to solve this problem without success so far. I have fresh GBA 4.2.15 patch 5 ACS installation and I am tryng to deploy to our environment. So I configured a 2960 S to be my test client and everything works well. Problem is when I try to create strategies to fine grains using groups of network devices and shell permission sets.

I created called ReadOnly and FullAccess authorization of shell games. I also created NDG called FloorSwitches and added my 2960. I have 2 groups of users called FloorSwitchesReadOnly and FloorSwithcesFullAccess. Now, if I have set up a FloorSwitchesFullAccess group and assign the set of permission controls Shell by NDG and then log in to the switch, all my orders are rejected as unauthorized.

One thing I noticed, is that if I give the command shell permission set it to any device (in the settings of user group) works fine. Or if I create binding with DEFAULT NDG to the Group of users that works too. My conclusion is therefore that the ACS for some reason any does not associate my passage to correct group but is instead the DEFAULT group for some reason any.

Someone at - it had the similar problem, or is there something I'm doing wrong? Is there another way to achieve such a thing without use of NDG?

Thank you all...

Please upgrade to patch 6, there is a bug in the patch 5 and you can see the release notes or the Readme for more information.

Which is the user setting on while you test command authorization, do you have it set on the group setting?

Thank you

Tarik Admani

GANYMEDE + authentication errors

I have problems to GANYMEDE + AAA working with my 3560 switches. I set up users, groups, and NDG on ACS SE, as per GBA CS course material and triple checked my keys to make sure they match. I have attached the debugging switch of authentication, authorization, and Ganymede. Can someone please tell me what I'm doing wrong?

Oh, if its SE which is not working.

To do this, ACS---> configuration network ===> table Proxy Dis---> click default ===> if you see delivenrance 1 to the aaa Server---> drag it to 'Prior to'---> and what is there under forward to---> Drag it server aaa--> submit + apply.

It should work now.

If you do not see distribution proxy option then go to GBA--->---> advanced option interface configuration---> enable the distributed array.

Kind regards

~ JG

2960S battery, SE3 15.0 (2) & GANYMEDE

Hello

I upgraded a stack of Cisco 2960 s of 15.0 (2) 15.0 (2) SE2 SE3 yesterday.

The battery of the switch is configured to use RADIUS for authentication.

Since then, I am more capable loging to the switch using ssh or http.

I'm starting a SSH session, enter my user name and immediately I got access denied (3 times and the switch interrupts the connection).

I can't see all Ganymede packets sent to the switch to the ACS server.

The release notes for 15.0 (2) SE3 indicate no problems with Ganymede.

Any ideas?

Thank you

L

Problem is reproducible on several models.

As soon as I add

AAA authentication login default group Ganymede +.

or

AAA authorization exec default group Ganymede +.

and have a configured RADIUS server and accessible, with the first connection attempt, the HIGHER process goes up to 100% CPU load.

Login is not possible, only possibility to reach the server is rsh.

GANYMEDE-journal shows no server request.

If I go down to 15.0 (2) SE2, all is ok - using the same configuration.

Tested on

WS-C2960G-48TC-L

WS-C3650-8PC-S

WS-C2960G-8TC-L

Update:

I forgot to mention:

Switch still works properly, there is no other impact

no login to 3750G after upgrade to 15, 0 - 2.SE3

I just did a test upgade to a unit of 15, 0-2SE2 to 15.0.2 - SE3 after that reload Ganymede no longer works and the console, remote ssh, telnet access no longer works. I get console access if it starts the switch without having an uplink.

TAC newspapers showing the upgrade.

Fri Jun 14 07:06:33 2013 10.100.0.125 tgreaser 10.3.9.31 tty1 stop task_id = 104 timezone = service EDT = start_time = 1371207993 priv-lvl = 15 = cmd shell archive download-sw / overwrite/allow-feature-upgrade tftp://thorin/c3750-ipservicesk9-tar.150-2.SE3.tar
Fri Jun 14 07:29:20 2013 10.100.0.125 tgreaser 10.3.9.31 tty1 stop task_id = 105 timezone = service EDT = start_time = 1371209360 priv-lvl = 15 = cmd shell write memory
Fri Jun 14 07:29:22-2013 10.100.0.125 tgreaser 10.3.9.31 tty1 stop task_id = 106 timezone = service EDT = start_time = 1371209362 priv-lvl = 15 = reload cmd shell

Debugging records now showing me trying ot login to the console / ssh / telnet after I've brought up the switch and went up to enable

June 14 08:34:27 10.100.0.125 30: 00:06:33: MORE: Queuing AAA accounting request 12 treatment

June 14 08:34:27 10.100.0.125 31: 00:06:33: MORE: Queuing AAA accounting request 12 treatment
June 14 08:34:27 10.100.0.125 32: 00:06:33: MORE: treatment of the accounting application id 12
June 14 08:34:27 10.100.0.125 33: 00:06:33: MORE: sending AV task_id = 4
June 14 08:34:27 10.100.0.125 34: 00:06:33: MORE: sending AV timezone = IS
June 14 08:34:27 10.100.0.125 35: 00:06:33: MORE: AV = shell shipping service
June 14 08:34:27 10.100.0.125 36: 00:06:33: MORE: sending AV priv-lvl = 15
June 14 08:34:27 10.100.0.125 37: 00:06:33: MORE: send cmd =-exec debugging Ganymede AV
June 14 08:34:27 10.100.0.125 38: 00:06:33: MORE: request for accounts created for 12()
June 14 08:34:27 10.100.0.125 39: 00:06:33: MORE: using the 10.100.0.75 Server
June 14 08:34:27 10.100.0.125 40: 00:06:33: MORE (0000000C) / 0/IDLE/B64918: started 5 sec timeout
June 14 08:34:27 10.100.0.125 41: 00:06:33: MORE (0000000C) / 0/IDLE/B64918: got immediately connect on new 0
June 14 08:34:27 10.100.0.125 42: 00:06:33: MORE (0000000C) / 0/WRITING/B64918: started 5 sec timeout
June 14 08:34:27 10.100.0.125 43: 00:06:33: MORE (0000000C) / 0/WRITING: write to 10.100.0.75 failed with errno 257 ((ENOTCONN))
June 14 08:34:27 10.100.0.125 44: 00:06:33: MORE: sending AV task_id = 4
June 14 08:34:27 10.100.0.125 45: 00:06:33: MORE: sending AV timezone = IS
June 14 08:34:27 10.100.0.125 46: 00:06:33: MORE: AV = shell shipping service
June 14 08:34:27 10.100.0.125 47: 00:06:33: MORE: sending AV priv-lvl = 15
June 14 08:34:27 10.100.0.125 48: 00:06:33: MORE: send cmd =-exec debugging Ganymede AV
June 14 08:34:27 10.100.0.125 49: 00:06:33: MORE: request for accounts created for 12()
June 14 08:34:27 10.100.0.125 50: 00:06:33: MORE: treatment of the accounting application id 12
June 14 08:34:27 10.100.0.125 51: 00:06:33: MORE: sending AV task_id = 38
June 14 08:34:27 10.100.0.125 52: 00:06:33: MORE: sending AV timezone = IS
June 14 08:34:27 10.100.0.125 53: 00:06:33: MORE: AV = shell shipping service
June 14 08:34:27 10.100.0.125 54: 00:06:33: MORE: sending AV priv-lvl = 15
June 14 08:34:27 10.100.0.125 55: 00:06:33: MORE: send cmd = debug Ganymede AV
June 14 08:34:27 10.100.0.125 56: 00:06:33: MORE: request for accounts created for 12()
June 14 08:34:27 10.100.0.125 57: 00:06:33: MORE: using the 10.100.0.75 Server
June 14 08:34:27 10.100.0.125 58: 00:06:33: MORE (0000000C) / IDLE/1/C2B3F0: started 5 sec timeout
June 14 08:34:27 10.100.0.125 59: 00:06:33: MORE (0000000C) / IDLE/1/C2B3F0: got immediately connect on 1 new
June 14 08:34:27 10.100.0.125 60: 00:06:33: MORE (0000000C) / WRITING/1/C2B3F0: started 5 sec timeout
June 14 08:34:27 10.100.0.125 61: 00:06:33: MORE (0000000C) / 1/WRITING: write to 10.100.0.75 failed with errno 257 ((ENOTCONN))
June 14 08:34:27 10.100.0.125 62: 00:06:33: MORE: sending AV task_id = 38
June 14 08:34:27 10.100.0.125 63: 00:06:33: MORE: sending AV timezone = IS
June 14 08:34:27 10.100.0.125 64: 00:06:33: MORE: AV = shell shipping service
June 14 08:34:27 10.100.0.125 65: 00:06:33: MORE: sending AV priv-lvl = 15
June 14 08:34:27 10.100.0.125 66: 00:06:33: MORE: send cmd = debug Ganymede AV
June 14 08:34:28 10.100.0.125 67: 00:06:33: MORE: request for accounts created for 12()
June 14 08:34:53 10.100.0.125 68: 00:06:58: MORE: Queuing AAA accounting request 12 treatment
June 14 08:34:53 10.100.0.125 69: 00:06:58: MORE: Queuing AAA accounting request 12 treatment
June 14 08:34:59 10.100.0.125 70: 00:07:04: MORE: Queuing AAA accounting request 12 treatment
June 14 08:35:31 10.100.0.125 71: * 14 Jun 08:35: % SYS-6-CLOCKUPDATE: system clock has been updated from 19:00:37 GMT Sunday, February 28, 1993 at 08:35:00 EDT Friday 14 June 2013, configured from console by console.
June 14 08:35:32 10.100.0.125 72: 00:07:37: MORE: Queuing AAA accounting request 12 treatment
June 14 08:35:32 10.100.0.125 73: 00:07:37: MORE: Queuing AAA accounting request 12 treatment
June 14 08:35:35 10.100.0.125 74: 00:07:39: MORE: Queuing AAA accounting request 12 treatment

June 14 08:35:50 10.100.0.125 76: 00:07:55: MORE: Queuing AAA accounting request 12 treatment
June 14 08:35:53 10.100.0.125 77: 00:07:58: MORE: Queuing AAA accounting request 12 treatment
June 14 08:35:53 10.100.0.125 78: 00:07:58: MORE: Queuing AAA accounting request 12 treatment
June 14 08:35:58 10.100.0.125 79: 00:08:02: MORE: Queuing AAA accounting request 12 treatment
June 14 08:35:58 10.100.0.125 80: 00:08:02: MORE: Queuing AAA accounting request 12 treatment
June 14 08:36 10.100.0.125 81: 00:08:05: MORE: Queuing AAA accounting request 12 treatment
June 14 08:36 10.100.0.125 82: 00:08:05: MORE: Queuing AAA accounting request 12 treatment

can test the unit fine on different subnets. No ACLs do block... I can even see my ssh - ing host vty LCD counter him

I'm NOT under ACS or ISE... an older worm running compiled code.

/ usr/sbin/tac_plus - v
tac_plus version 4.4rc2 - 3 (Extended Tac_plus)
CONST_SYSERRLIST
FIONBIO
LINUX
LITTLE_ENDIAN
LOG_LOCAL6
NO_PWAGE
REAPCHILD
REARMSIGNAL
SHADOW_PASSWORDS
SIGTSTP
SIGTTIN
SIGTTOU
SO_REUSEADDR
TAC_PLUS_PORT
VOIDSIG
__STDC__

Does anyone else have this problem? Anyone know a fix than ive seen a few posts over the years, but never seen a fix. (Im having the same problem with Ganymede on 3750e universal 15.0.2SE3)

In addition to discussions about the bug, CSCug62154, can be found here.

State authorization of catalyst C6509 aaa post = error

Worm of GBA: 5.2

L3 Switch: C6509

IOS version: s72033-ipservices_wan - mz.122 - 33.SXI7.bin

All C6509 has the following aaa config:

cisco-admin privilege 15 secret 5 username #$% ^ & * gfnEhts$ 5678 #.

AAA authentication login default group Ganymede + local

the AAA authentication enable default group Ganymede + activate

AAA authorization config-commands

AAA authorization exec default group Ganymede + local authenticated by FIS

15 AAA authorization commands default group Ganymede + local authenticated by FIS

AAA accounting exec default start-stop Ganymede group.

orders accounting AAA 1 by default start-stop Ganymede group.

orders accounting AAA 15 by default start-stop Ganymede group.

RADIUS-server host xx.xx.xxx.12

RADIUS-server timeout 15

RADIUS-server application made

RADIUS-server key bonnefin

DSW4 remote session, note the prompt:

User name (local user name request)

DSW3 remote session, note the prompt:

user name (right off the bat, I know that's asking on behalf of Ganymede)

DSW2 remote session, note the prompt:

user name (right off the bat, I know that's asking on behalf of Ganymede)

I can ping my ACS server or DSW.

AAA authorization results of debugging:

DSW4

16:47:32.660 March 5: AAA/AUTHOR (915254943): permission post = ERROR

16:47:32.660 March 5: tty1 AAA/AUTHOR/CMD (915254943): method = LOCAL

16:47:32.660 March 5: AAA/AUTHOR (915254943): position of authorization = PASS_ADD

DSW3 and DSW2

5 March 08:44:26.475 of the Pacific: AAA/BIND (000003E3): link i / f

5 March 08:44:26.475 of the Pacific: AAA/AUTHENTIC/LOGIN (000003E3): choose method list "by default".

5 March 08:44:32.411 of the Pacific: AAA/AUTHOR (0x3E3): choose method list "by default".

5 March 08:44:32.415 of the Pacific: AAA/AUTHOR/EXEC (000003E3): treatment AV cmd =

5 March 08:44:32.415 of the Pacific: AAA/AUTHOR/EXEC (000003E3): treatment AV priv-lvl = 15

5 March 08:44:32.415 of the Pacific: AAA/AUTHOR/EXEC (000003E3): successful authorization

Hundreds of other ASW I manage have the same configuration and authentication problems through Ganymede.

I was digging through community support forum to see if everything matches my problem, no luck. Any input is highly appreciated.

Thank you.

You wrote that you already checked the keys in your post in another thread, however, debugs always complain of bad keys. Could check you it again. During configuration of key, do not copy and paste.

15:19:17.629 18 Apr: TAC +: Invalid AUTHOR/START packet (check keys)

In addition, I see not a mistake of the ACS. Please add that also if you problem.

Kind regards

Jatin kone

-Does the rate of useful messages-

GANYMEDE + Administration problem reports

Once we improved GBA to 4.1 Build 23 (1) 3.3.4 we no longer get the information in the report of Administration GANYMEDE files +.

AAA new-model

AAA-authentication failure message ^ CC connection failed, Please Try Again. ^ C

prompt password authentication AAA Non_TACACS_Password:

AAA-guest authentication username Non_TACACS_Username:

AAA authentication login default group Ganymede + local

AAA authentication login no_tacacs local

the AAA authentication enable default group Ganymede + activate

AAA authorization config-commands

AAA authorization exec default group Ganymede + local

AAA authorization commands 0 default group Ganymede + local

AAA authorization commands 1 default group Ganymede + local

AAA authorization commands 15 default group Ganymede + local

AAA authorization network default group Ganymede +.

AAA accounting exec default start-stop Ganymede group.

orders accounting AAA 0 arrhythmic default group Ganymede +.

orders accounting AAA 0 NetAdmins arrhythmic group Ganymede +.

orders accounting AAA 1 by default start-stop Ganymede group.

orders accounting AAA 7 by default start-stop Ganymede group.

orders accounting AAA 15 by default start-stop Ganymede group.

AAA accounting system default start-stop Ganymede group.

Hello

It is a known issue, you must apply the hotfix ACS 4.1.1.23.5 to solve the problem.

Patch for the unit is available on

http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-Soleng-3DES

The patch name: ACS SE 4.1.1.23.5 rollup

Patch for windows acs is available on

http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-win-3DES

The patch name: ACS 4.1.1.23.5 rollup

That should solve the problem

Kind regards

Jagdeep

Note: If this answers your question, then please mark this thread as solved, so that others can benefit from.

GANYMEDE + records of command problems

All,

Working on a problem I'll have get record installation for my switch / router infrastructure. Here's my config authentication works, the two console & SSH. Authorization is also working. Some of my accounting functions work, like GANYMEDE + successful connections, but all my logging features of command do not work correctly.

I am running ACS V4.1. In addition, what is the difference between using named auth / accounting of lists and by default? Is it fair that I need to apply some interfaces, where the default value is applied to all interfaces?

Configs:

AAA new-model

AAA SSH authentication connection group Ganymede + local
local authentication AAA CONSOLE connection
authorization AAA console
local CONSOLE AAA authorization exec
exec authorization AAA SSH group Ganymede +.
network of local AAA CONSOLE authorization
authorization for AAA network SSH group Ganymede +.
exec accounting AAA SSH start-stop group Ganymede +.
AAA accounting command 0 SSH start-stop group Ganymede +.
AAA accounting command SSH 1 start-stop Ganymede group.
AAA accounting command SSH 15 group arrhythmic Ganymede +.
network accounting AAA SSH start-stop group Ganymede +.

access-list 1 permit X.X.56.0 0.0.0.255
GANYMEDE-server host X.X.X.X XXXXXXXXXXXXX key
RADIUS-server timeout 30
RADIUS-server application made
!
control plan
!
!
Line con 0
session-timeout 10
exec authorization CONSOLE
the CONSOLE connection authentication
line vty 0 4
session-timeout 10
access-class 1
exec authorization SSH
accounting of the SSH commands 0
accounting controls 1 SSH
SSH 15 orders accounting
accounting SSH exec
the SSH connection authentication
entry ssh transport
line vty 5 15
session-timeout 10
access-class 1
exec authorization SSH
accounting of the SSH commands 0
accounting controls 1 SSH
SSH 15 orders accounting
accounting SSH exec
the SSH connection authentication
entry ssh transport

Any help is appreciated.

Thank you!

Jon

Hi Jon,

Could you let us know the exact version of the CSA? If it's the ACS 4.1.1.23, then you would have to apply the latest patch from FAC as there is a bug in ACS 4.1.1.23 in what order accountant does not work.

Here is the information about the bug:

CSCsg97429:

GANYMEDE + accounting command does not work in ACS 4.1 Build 23 (1).

Symptom:

GANYMEDE + accounting command does not work in ACS 4.1 Build 23 (1).
No accounts appear in the log of Administration GANYMEDE +.

Conditions:

Accounting command is configured on the NAS server. After the seizure of the orders on the NAS
no record is visible in the Administration GANYMEDE log file +. Debugs on the show NAS
files sent and they get to the ACS server, but if
log file is not updated.

GANYMEDE + SSH authentication problem Fo ASA

Dear Sir

I managed an ASA 5540 assets/failover pair. SSH authentication is performed via GANYMEDE + ACS located 4.2 in the same VLAN as the inside interface of the firewall. I have added two firewalls on the ACS using their inside as the interface IP addresses (using addresses active and reserve). I can succesfully authenticate and connect to the ASA assets without any problem. But on the SAA on hold, I get SSH prompt but I couldn't connect. When I see the log of failed attempts under GBA, I noticed that "Unknown SIN" for the ASA. How can I solve this problem?

Best regards

Abebe Amare

Engineer network, VivaCell

Hi Abebe,

On the ASA high school, please check the following:

SH failover---> and make sure that the secondary image is waiting ready and not missed.

HS-Server aaa---> check the output and see if the ASA marked the radius server under the name 'UP' and the exchange of packets.

Activate the following debugs and perform an authentication test as shown:

Debug aaa authentication

debugging Ganymede

Debug ssh

aaa-server host username authentication test "insert name of" passes "insert a password."

Provide me with him debugs after taking on your username in it so that I can analyze.

See you soon,.

Christian V

Problem setting 7606 router for authentication GANYMEDE +.

Hello community support.

I have two routers Cisco 7606 I tried in vain to have users authenticated using servers GANYMEDE +. As noted below, I have two servers (1.1.1.1 and 2.2.2.2) accessible via vrf OAM which is accessible from desktop to ssh login. The real IPS and FFS have been changed because it's a router of the company.

I use two servers to authenticate on a lot other devices Cisco network that they work properly.

I can reach the vrf servers and the source in use interface. I can also port telnet 49 if the source interface servers and the vrf.

The server key is hidden, but at the time of configuration, I can see that it is correct.

The problem is that after confuring for authentication RADIUS, the router always uses the password to enable instead of GANYMEDE. While debug output shows "incorrect password", why not the router authenticates using GANYMEDE? Why is he using the enable password?

Please review the outputs below and help point out what I may need to change.

PS: I have tried many other combinations, including obsolete without success, including the method proposed in this page.

http://www.Cisco.com/en/us/docs/iOS/sec_user_services/configuration/guide/sec_vrf_tacas_svrs.html

Please help I'm stuck.

ROUTER #sh running-config | s aaa

AAA new-model

AAA server Ganymede group + admin

Server name admin

Server name admin1

IP vrf forwarding OAM

Ganymede IP interface-source GigabitEthernet1

AAA authentication login admin group Ganymede + local activate

AAA - the id of the joint session

ROUTER #sh running-config | dry Ganymede

AAA server Ganymede group + admin

Server name admin

Server name admin1

IP vrf forwarding OAM

Ganymede IP interface-source GigabitEthernet1

AAA authentication login admin group Ganymede + local activate

GANYMEDE Server Admin

1.1.1.1 ipv4 address

button 7 XXXXXXXXXXXXXXXXXXXX

GANYMEDE Server admin1

2.2.2.2 ipv4 address

button 7 XXXXXXXXXXXXXXXXxxxx

line vty 0 4

authentication admin login

ROUTER #sh Ganymede

GANYMEDE + - public server:

Server name: admin

Server address: 1.1.1.1

Server port: 49

Opening of socket: 15

Firm grip: 15

Write-offs of socket: 0

Socket errors: 0

Socket timeouts: 0

Failed connection attempts: 0

Total packets sent: 0

Recv packets total: 0

GANYMEDE + - public server:

Server name: admin1

Server address: 2.2.2.2

Server port: 49

Opening of socket: 15

Firm grip: 15

Write-offs of socket: 0

Socket errors: 0

Socket timeouts: 0

Failed connection attempts: 0

Total packets sent: 0

Recv packets total: 0

Oct 22 12:38:57.587: AAA/BIND(0000001A): link i / f

22 Oct 12:38:57.587: AAA/AUTHENTIC/LOGIN (0000001 a): Select method list "admin".

Oct 22 12:38:57.587: AAA/AUTHENTIC/ENABLE(0000001A): action of treatment application LOGIN

Oct 22 12:38:57.587: AAA/AUTHENTIC/ENABLE(0000001A): reported GET_PASSWORD

Oct 22 12:39:02.327: AAA/AUTHENTIC/ENABLE(0000001A): action of treatment application LOGIN

Oct 22 12:39:02.327: AAA/AUTHENTIC/ENABLE(0000001A): reported FAIL - wrong password

22 Oct 12:39:04.335: AAA/AUTHENTIC/LOGIN (0000001 a): Select method list "admin".

Oct 22 12:39:04.335: AAA/AUTHENTIC/ENABLE(0000001A): action of treatment application LOGIN

Oct 22 12:39:04.335: AAA/AUTHENTIC/ENABLE(0000001A): reported GET_PASSWORD

Oct 22 12:39:08.675: AAA/AUTHENTIC/ENABLE(0000001A): action of treatment application LOGIN

Oct 22 12:39:08.675: AAA/AUTHENTIC/ENABLE(0000001A): reported FAIL - wrong password

22 Oct 12:39:10.679: AAA/AUTHENTIC/LOGIN (0000001 a): Select method list "admin".

Oct 22 12:39:10.683: AAA/AUTHENTIC/ENABLE(0000001A): action of treatment application LOGIN

Oct 22 12:39:10.683: AAA/AUTHENTIC/ENABLE(0000001A): reported GET_PASSWORD

Oct 22 12:39:14.907: AAA/AUTHENTIC/ENABLE(0000001A): action of treatment application LOGIN

Oct 22 12:39:14.907: AAA/AUTHENTIC/ENABLE(0000001A): reported FAIL - wrong password

ROUTER #sh worm

Cisco IOS software, software of c7600rsp72043_rp (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 15.1 (3) S3, RELEASE SOFTWARE (fc1)

Technical support: http://www.cisco.com/techsupport

Copyright (c) 1986-2012 by Cisco Systems, Inc.

Updated Saturday, March 30, 12 08:34 by prod_rel_team

ROM: System Bootstrap, Version 12.2 SRE (33r), RELEASE SOFTWARE (fc1)

BOOTLDR: Cisco IOS software, software c7600rsp72043_rp (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 15.1 (3) S3, RELEASE SOFTWARE (fc1)

The availability of ROUTER is 7 weeks, 5 days, 16 hours, 48 minutes

Availability for this control processor is 7 weeks, 5 days, 16 hours, 49 minutes

System returned to ROM by reload (SP by charging)

System restarted at 20:00:59 UTC Wednesday, August 28, 2013

System image file is "sup - bootdisk:c7600rsp72043 - advipservicesk9 - mz.151 - 3.S3.bin.

Last reload type: normal charging

Reload last reason: power

This product contains cryptographic features and is under the United States

States and local laws governing the import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third party approval to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. laws and local countries. By using this product you

agree to comply with the regulations and laws in force. If you are unable

to satisfy the United States and local laws, return the product.

A summary of U.S. laws governing Cisco cryptographic products to:

http://www.Cisco.com/WWL/export/crypto/tool/stqrg.html

If you need assistance please contact us by mail at

[email protected] / * /.

Processor CISCO7606 - S (M8500) Cisco (revision 1.1) with 3670016 K/K 262144 bytes of memory.

Card processor ID FOX1623G61B

PLINTH: RSP720

CPU: MPC8548_E, Version: 2.1 (0 x 80390021)

KERNEL: E500, Version: 2.2, (0 x 80210022)

CPU:1200 MHz, CCB:400 MHz, DDR:200 MHz,

L1: D-cache 32 KB active

I'm hiding active 32 KB

Last reset of tension

3 virtual Ethernet interfaces

76 of the gigabit Ethernet interfaces

8 ten interfaces Ethernet Gigabit

3964K bytes of non-volatile configuration memory.

500472K bytes of the map of PCMCIA ATA internal (512 bytes sector size).

Configuration register is 0 x 2102

To resolve this problem. Please replace the below listed order

AAA authentication login admin group Ganymede + local activate

with;

Enable AAA authentication login default local admin group

You have set the group name server as a list of methods and instead use admin as a group of servers, you used Ganymede +.

Note: Please ensure that you have local users and enable the password configured in the case of Ganymede inaccessible server.

~ BR
Jatin kone

* Does the rate of useful messages *.

Problem connection ASA 5520 GANYMEDE

I'm just confused at this point. This is the configuration I have so far for the configuration of Ganymede on ASA 5520. SH run

aaa-server TacServer protocol tacacs+aaa-server TacServer (LAN) host 172.19.0.226key *****

user-identity default-domain LOCALaaa authentication telnet console LOCALaaa authentication http console TacServer LOCAL aaa authentication ssh console TacServer LOCAL aaa authentication enable console TacServer LOCALaaa authorization command TacServer LOCAL

route LAN 172.19.0.0 255.255.255.0 172.30.186.1 1

After that I was done with the Setup, I was able to connect using my username tacacas and the password you + activate password.

After that, I closed my GANYMEDE server + to try to the local database. It worked for the user name and password but my password enable does not work locally. Got to be something very simple and he had written down, I was connected via the cable from the console and also changed it was completely with the user name and password but still not able to go into enable mode.

After that failed I returned and turned on on my server TACACAS. When to wait a few minutes and trying to connect via tacacas NO GO. He doesn't like my username and password.

So now I'm locked out and have to do password recovery because I can not connect using tacacas, and when tacacas is off I can not go in the local mode.

Very litle documentation cisco out there for this issue... Any thoughts what coukld be the cause? I know that GANYMEDE works very well since he works on 500 + devices, I'm just confused at this point.

I need to check a few things before recovery of password:

To activate question, try typing the login: follow-up of your user name and password.

For Ganymede number:

1.] error on the section of logging of the server Ganymede while accessing the credentials of Ganymede.

2.] was there any problems reachbility during this time?

3.] all services came fine?

4.] should focus on debugs following:

debugging Ganymede

Debug aaa authentication

I'm not sure if this can be replicated, but yes love to help out if possible.

Jatin kone

-Does the rate of useful messages-

With Ganymede ACS authentication problem

My organization was using ACS with AD to authenticate users for access to network devices.

But lately, it does not work. There has been no known changes.

Can anyone help point the possible problems or links to see how the actual configuration of the CSA to be or look like for that to work.

My apologies if this is naïve question, am not not so easy with ACS.

Thank you!

Hello

There are two ways to correct the message 'windows dialin permission required. You can either add permissions to call on the user accounts on your database of Windows, or you can remove the option "Require Dialin permissions" ACS. To do this, go to "External user databases" and select "Database Configuration". Then go in your database of Windows and click "configure". The first option is a

box that gives you the opportunity to "make sure that grant dialin permission is checked.

Checking this box will cause the error you get if your windows users do not have permissions to call. If you uncheck this box, it must clarify this.

HTH

JK

BlackBerry plugin 1.1 for the eclipse problem

I used my Eclipse SDK - 3.5.2 - win32 + BB plugin 1.1 Setup for more than a month without probs either.

After a minor JRE 1.6 Online updated today, the workspace of Blackberry has simply disappeared without a trace.

No entry on the menu bar and no BlackBerry option in preferences. Nada.

Install Eclipse SDK details show that the plugin is actually installed.

BlackBerry Java plug-in 1.1.2.201003212304 - 12 net.rim.EclipseJDE.feature.group
BlackBerry Java SDK 5.0.0.25 net.rim.ejde.feature.componentpack5.0.0.feature.group
Eclipse SDK 3.5.2.M20100211 - 1343 org.eclipse.sdk.ide

So, nothing has been changed in the settings or if it appears.

I have Eclipse Ganymede 3.4 with the 4.7 version of the plugin installed that I used before and it works great.

Any ideas?

Thank you

Looks like I solved the problem.

Display in the case where someone else runs into the same problem

1 re-BlackBerry plugin Full package installed, namely BlackBerry_JDE_PluginFull_1.1.2.201003212304 - 12.exe

in the same directory of Eclipse, without taking into account the suggestion of the installer to install in a new.

2. If you want to watch Eclipse gets a dialog box error: JVM terminated. Exit =-1 code

3 edited eclipse.ini file to point to the following location on the computer - virtual

C:\Program Files\Java\jdk1.6.0_12\jre\bin\client\jvm.dll

Please note that http://wiki.eclipse.org/Eclipse.ini suggests C:\Java\JDK\1.5\bin\javaw.exe for the address of the JAVA virtual machine, which did not work in my case.

Happy computer