Reg: Ganymede configuration
Hi all
I'm trying to configure the authentication of routers around 300 by Cisco GANYMEDE, AAA I installed acs4.2 on a windows Server 2003 and updated as a result of orders from AAA in the router, the RADIUS server host and the key on trialrouter
AAA new-model
!
!
AAA authentication login default group Ganymede + local
NO_AUTHEN AAA authentication login no
AAA authorization config-commands
AAA authorization exec default group Ganymede + authenticated if
NO_AUTHOR AAA authorization exec no
AAA authorization commands 1 default group Ganymede + authenticated if
AAA authorization commands 1 NO_AUTHOR no
AAA authorization commands 15 default group Ganymede + authenticated if
AAA authorization commands 15 NO_AUTHOR no
AAA authorization network series none
AAA accounting exec default start-stop Ganymede group.
accounting AAA commands default 15 stop only Ganymede group.
!
AAA - the id of the joint session
then I created a user and mentioned a secret key on the acs server, I added this router as an AAA client, the router no longer meets the old login name and password but did not username set to GBA, where I am a mistake? Kindly help.
Thank you.
ANU,
Are you Ganymede username-password prompt?
If you get the username-password prompt and it isn't taking Ganymede credentials, could you please connect with the local user name-password and run him debugs.
debugging Ganymede
Debug aaa authentication
term Lun
After this attempt to connect again with Ganymede username-password and send me the output.
Fix the failure of GBA attemopts > reports and activity.
HTH
JK
The rate of useful messages-
Tags: Cisco Security
Similar Questions
-
GANYMEDE configuration on a 1900
Forgive me if this question belongs on the Forum of General safety
I read the Document ID:9906 configuration GANYMEDE + on the catalyst 1900.
I have a 1924 configuration that has GANYMEDE on it. The switch is not on my network yet... I use a cable from the console to configure. I tftp config running on in NVRAM. Some how in the process, I have a level 15 password enable xxxxx left in the config.
When I log in the sw and go into enable mode... Ganymede should expire several times until I can get in.
My question has to do with enable secret password vs have enable password level 15
Right now I have both... To make my configurations correspond to what is in the rest of my network that is online, I need to remove the level 15 of the enable password xxxx (xxxx pretending is the pw) command because its pw is not encrypted.
Which leaves me with the password enable secret lonely.
My concern is when I take off the level of password enable 15... I am not able to get back into my switch!
Enable-use-Ganymede
and
password server GANYMEDE last resort
are both in my configuration
Can I take the xxxx level 15 password enable leaving the enable secret in and not locked switch?
Keep in mind that the 1924 is not on my network yet... I have to drive hundreds of miles to install it and don't want to get in trouble when I'm there with her.
Thanks for your help.
Hello
The main difference between the enable password and the enable secret password is that the encrypted enable password uses a reversible encryption function and the password plaintext can be recovered by using the encrypted password. The secret password enable, however, uses a non-reversible encryption function.
Is the only time where the enable password is used if the enable secret password is disabled (or you are using an old image that does not support the enable secret password).
Therefore, it should be perfectly safe to remove the enable password. You will not get locked switch as long as you know the enable secret password.
Hope that help - rate pls post if it does.
Paresh
-
Hello
I am trying to build a Ganymede + config on my network devices. I have an ACS do the authentication. I want to do is to have GBA authenticate my users and allow them access. However, I would like to leave a console access using both local and local user name select the password so that I have a backdoor in case of future problems. I have everything working except the ability to go to activate the console mode using the local enable password. I get an auth error, because I think that the device tries to ACS auth password enable result:
the AAA authentication enable default group Ganymede + activate
I can get around it by applying a level 15 privlive to next line directly in the activation of the mode, but it seems less sure.
Any ideas?
Here's my config relevent bits (and I don't have a local user name and enable defined)
AAA new-model
AAA authentication login default group Ganymede + local
AAA authentication local console connection
the AAA authentication enable default group Ganymede + activate
default AAA authorization exec group Ganymede + local no
Console exec AAA local authorization
0 default AAA authorization commands group Ganymede + local no
default 1 AAA authorization commands group Ganymede + local no
default 15 AAA authorization commands group Ganymede + local no
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 1 by default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
AAA - the id of the joint sessionLine con 0
password 7
console login authenticationThanks in advance
Hi Rose,
Unfortunately, there is no way to apply a specific method list for the enable authentication to apply to the console.
Named method list for enable authentication is not supported.
Regards,
~JGDo rate helpful posts
-
Reg: Scheduler configuration
Hello
I am very new in obiee. in the configuration of mail in the Scheduler configuration server, should I give administrators email address or leave the field blank in the slot of the senders address?
Thank youHello
You can give your mail id or user id admin in spammers
Check these http://gerardnico.com/weblog/2009/04/26/obiee-how-to-configure-the-mail-server-of-oracle-bi-schedulerdelivers/
http://www.artofbi.com/index.php/2009/07/setting-up-OBIEE-deliversibots-to-send-alerts/If the ldap user, then he must be in ldap check this http://oraclebizint.wordpress.com/2007/09/13/oracle-bi-ee-10133-configuring-delivers-ibots/
hope that answered your question.
See you soon,.
KK -
GANYMEDE for VTY &; Console
Hello
I am creating a GANYMEDE configuration that will make sure that when you log on to the CONSOLE or VTY you get GANYMEDE challenge and if the RADIUS server is down then switch to the user/password local and local enable password.
Please notify that I have followed Cisco best practices that will help many others to follow;
Thank you and best regards,
Cisco username secret cisco123
Enable secret cisco456
AAA authentication login network access group Ganymede + local
the AAA authentication enable default group Ganymede + activate
AAA authorization exec default group Ganymede + local is authenticated by any
AAA authorization commands 1 default group Ganymede + if authenticated by any
AAA authorization commands 15 default group Ganymede + local authenticated by if (what is the difference between this and just below command & which command to use)
or
default 15 AAA authorization commands group Ganymede + none
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 1 by default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
line vty 0 15
connection of network access authentication
0 line console
connection of network access authentication
T1) your configuration should work for both types of users.
Q2) authorization and accounting at all levels will increase the volume of network traffic and increase the need for storage on the server. You must decide on the basis of your organization and your needs if the additional traffic and the increased storage is justifiable.
HTH
Rick
-
Hi Expert,
I have two switches, the switch has problem when I run the GANYMEDE configuration. I have two servers and be able to ping the server success. I have a doubt when I read the description in the Cisco docs. Please help identify the cause. Thank you and enjoy using.
switch02 #test aaa group Ganymede + btela77 Aug2011b legacy
% Failed authorization.
I run the show found Ganymede socket error:
switcho02 #show Ganymede
GANYMEDE + server: 10.52.0.158/49
Opening of socket: 4
Firm grip: 4
Write-offs of socket: 0
Socket errors: 4
Socket timeout: 0
Failed connection attempts: 0
Total packets sent: 4
Recv packets total: 4
GANYMEDE + server: 10.51.65.94/49
Opening of socket: 3
Firm grip: 3
Write-offs of socket: 0
Socket errors: 0
Socket timeout: 0
Failed connection attempts: 0
Total packets sent: 0
Recv packets total: 0
Can you try again the switch with a problem and then check on the RADIUS server and see if the server has nothing in his diary of the failed attempts in this regard?
HTH
Rick
-
AAA in switches routers vs (on Cisco IOS)
I have AAA with GANYMEDE + configured on a router in this way:
AAA login authentication default group Ganymede + local-case allow
the AAA authentication enable default group Ganymede + activate
Enter the same configuration on a switch (switches in general)?
What accounting? I have the same accounting configured on the router and switch?
for the switch I need to allow angling of the console of accounting services?
example:
Line con 0
accounting of the default commands 15
accounting exec failure
so, in the configured router Ihave accounting but not applied to interfaces for example) console, vty... as soon as the accounting is enabled on the router, it is automatically applied to all interfaces if I use the default method list? and is it true for switches?
Hi Nathan,
Whether router/Switch commands AAA for both work sense.
And you have "default" reason means that it will be applied on all interfaces on routers, as well as on the switch. You do not have to specify explicitly as:
Line con 0
accounting of the default commands 15
accounting exec failure
There is no need, as you say once again to search the accounting list 'default', which if we have already set up will look the same.
Terefore only commands that you specify is:
Accouting AAA commands default 0 arrhythmic group Ganymede +.
AAA accouting orders 1 by default start-stop Ganymede group.
AAA accouting orders 15 by default start-stop Ganymede group.
As a default we orders on three levels of privilege on IOS devices. Level of 0.1 and 15.
It can be useful :)
-
Out-of-band access (modem) to IDSM2 blade
We will soon have a few strands of IDSM2 distributed geographically. My company security group does not control the Cat 650 x switch as such, and I would like to know if there is some way we could get access to consoles (modem) to the IDSM2 blade only (without getting to the switch).
If this is not possible, is there a common console connection that must be shared between the infrastructure group and the security group? is it possible for us to share access modem/console as well as the separation of privileges?
Your help is appreciated. Thank you
The JOINT-2 itself is not a port of the console.
Options to access the JOINT-2:
(1) a user can access console switch and the switch CLI, the user can JOINT-2 session. This would require a physical connection to the switch via a console port (or terminal server) and passwords to access the switch and the JOINT-2.
(2) a user could connect to the switch via a modem and the switch CLI user can sesion at the JOINT-2. This would imply a connection by modem to the switch and the passwords to access the switch and the JOINT-2.
(3) a user could telnet or ssh to the switch and the switch CLI user can JOINT-2 session. This would require network connectivity to the ip address of the switch itself and passwords for the switch and JOINT-2.
(4) a user could SSH directly to the JOINT-2 command and control the IP address. This would require network connectivity to the command and control of the IDSM2 ip address and require only passwords for JOINT-2 itself.
(5) similar to the number 4 above, the user could telnet directly to the JOINT-2.
(6) a user could browse the Web (HTTPS) to the JOINT-2 command and control IP address to access the IDS Device Manager. This would require network connectivity to the command and control of the IDSM2 ip address and require only passwords for JOINT-2 itself.
-------------
During the initial installation of the JOINT-2, options 4,5 and 6 cannot be used. This is because the JOINT-2 comes with a standard default ip address that is not likely available. For the initial Setup, the user must session from a CLI switch.
However, once that the "setup" command was run on the JOINT-2 and the configuration of the JOINT-2 switch to place in the vlan correct for the IP JOINT-2 command and control, then the JOINT-2 accessible directly on the network via options 4,5 and 6.
Once the initial Setup is complete, the day-to-day management of the JOINT-2 can be made through direct network access, so there is no need to access the switch.
The only time wherever the switch will have to be consulted again is to configure the sending of packets to the JOINT-2 (usually done with the initial setup and rarely changes) and reset the module or reload a new image on the module in case of major problems. (Note that the standard upgrades can be performed via direct access to the network without access to the switch).
If some users choose to work in collaboration with the team of the switch during initial setup and during periods of trouble shootin.
And will just use the direct access via ssh or telnet to the JOINT-2 for the activity on the day the day.
Other groups have used GANYMEDE + to provide a userid on the switch to the security team. Via GANYMEDE + configuration entries, the Userid for the security team may be limited to the execution of only the commands that are required to maintain the JOINT-2.
The user ID could be used to connect through the network to the switch, or connect on the console switch or a modem connected to the switch.
If you fear that repeatedly when the network connectivity between your main site and the remote site is down, so have you considered adding a PC on the remote site, which would be on the same network as the command and control of JOINT-2 address?
You could put a modem in the PC and then when you need to dial in the PC and the PC would be able to telnet or ssh to the IP address of the JOINT-2.
-
ACS 5.1 integration with WLC
Hello
can someone help me find a document for ACS 5.1 appliance, integration GANYMEDE + (configuration) with my WLC. configuration of RADIUS also for clients.
all configuration of wireless controller shows only acs 4.x integration.
Thanks in advance
Hello
There is unfortunately no official configuration example for this right now.
Haowever, you can view these screenshots I took an example of laboratory, to set up the profile of shell and pass it back due to the authorization rule.Hope this helps,
Fede
--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it. -
in PIX with SSH connection issues
Hello
I have a PIX 506 running OS 6.2 (2) which is located in a demilitarized zone known as the PIX from the outside. It's behind an another PIX506 (PIX inside). The two PIX have Ganymede + configured for authentication of the connection.
Last week the outdoor PIX crushed physically and I replaced it with a spare PIX part and he completely reconfigured.
Now I can't connect to this outside PIX using SSH, despite the list of access inside PIX is correct and can SSH and Ganymede +. However, I can telnet to it.
I use Putty to connect and when I start the session SSH from the PIX, the login window appears and disappears immediately without having the time to do anything myself.
Any help would be greatly appreciated. Thanks in advance.
A.G.
##################################################
Inside PIX config:
access-list inside allow TCP Company-Interior-Net 255.255.255.0 host outsidepix-Interior-interface eq ssh
list Company-Interior-Net 255.255.255.0 access inside permit tcp host eq telnet interface-inside-outsidepix
access-list inside allow the ICMP messages to echo DMZNet 255.255.255.192 Company-Interior-Net 255.255.255.0
access-list inside allow Company-Interior-Net icmp 255.255.255.0 DMZNet 255.255.255.192 - response to echo
dmzacl list of access allowed icmp echo host outsidepix-Interior-interface company-Interior-Net 255.255.255.0
dmzacl list of access allowed icmp host outsidepix-Interior-interface company-Interior-Net 255.255.255.0 - response to echo
access-list permits dmzacl tcp host outsidepix-Interior-interface host Ganymede-server1 eq Ganymede
access-list permits dmzacl tcp host outsidepix-Interior-interface host Ganymede-server2 eq Ganymede
The outdoor PIX config:
GANYMEDE + Protocol Ganymede + AAA-server
AAA-server GANYMEDE + (inside) host Ganymede-server1 1234 timeout 10
AAA-server GANYMEDE + (inside) host Ganymede-server2 1234 timeout 10
RADIUS Protocol RADIUS AAA server
AAA-server local LOCAL Protocol
Console telnet authentication GANYMEDE AAA +.
the AAA console ssh GANYMEDE authentication +.
AAA authentication enable console GANYMEDE +.
Telnet Company-Interior-Net 255.255.255.0 inside
Telnet timeout 5
SSH-company-Interior-Net 255.255.255.0 inside
SSH DMZNet 255.255.255.192 inside
SSH timeout 5
did you follow the steps to configure ssh? the domain name and host name is defined on it? CA has generated you any rsa... to create the encryption keys?
-
How the device select radius-server
Hi guys,.
We have the existing Ganymede configuration to form our devices and server ACS 2 did. the acs server are managed with other suppliers that the acs server is on their site. Now intended to manage the acs server. We installed a new server CSA of our location, we have thousand of the devices, if we move to the new server we just add the acs unit 2 Server? the new acs server will be are able to connect to the device? How a device chooses which acs primary or secondary server? Please notify.
Old configuration
AAA new-model
AAA authentication login vtymethod group Ganymede + local
AAA authorization config-commands
AAA authorization exec default group Ganymede + local authenticated by FIS
AAA authorization commands 0 default group Ganymede + local authenticated by FIS
15 AAA authorization commands default group Ganymede + local authenticated by FIS
AAA accounting send stop-record an authentication failure
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
AAA accounting system default start-stop Ganymede group.
Ganymede IP source-interface Loopback0
RADIUS-server host 10.x.x.x
RADIUS-server host 10.x.x.x
New config
AAA new-model
AAA authentication login vtymethod group Ganymede + local
AAA authorization config-commands
AAA authorization exec default group Ganymede + local authenticated by FIS
AAA authorization commands 0 default group Ganymede + local authenticated by FIS
15 AAA authorization commands default group Ganymede + local authenticated by FIS
AAA accounting send stop-record an authentication failure
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
AAA accounting system default start-stop Ganymede group.
Ganymede IP source-interface Loopback0
RADIUS-server host 10.x.x.x
RADIUS-server host 10.x.x.x
RADIUS-server host 100.x.x.x<-->-->
RADIUS-server host 100.x.x.x<-->-->
Hi m.,.
N ° not round robin.
It checks the first IP address. It checks only the following IP address if one has failed.
I hope it's clearer now
Rating of useful answers is more useful to say "thank you".
-
GANYMEDE + configured on the router and the router is in ACS. I can ping from the ACS, but the router cannot establish a connection to authenticate users.
AAA server Ganymede group + hq_acs-1
Server 10.20.17.2
Ganymede IP source-interface GigabitEthernet0/0
!
AAA authentication login default group Ganymede + local
AAA authorization config-commands
AAA authorization exec default group Ganymede + local
AAA authorization commands by default group Ganymede + local 10
AAA authorization commands 15 default group Ganymede + local
nested AAA accounting
AAA accounting newinfo periodic update 60
AAA accounting auth-proxy default start-stop Ganymede group.
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
AAA accounting network default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
AAA accounting system default start-stop Ganymede group.
AAA accounting resource by default start-stop Ganymede group.
BigTree_3945 #sh ip int br
Interface IP-Address OK? Method State Protocol
GigabitEthernet0/0 10.4.3.1 YES NVRAM low low
GigabitEthernet0/1 10.12.10.26 YES NVRAM up up
Serial0/2/0 unassigned YES NVRAM low low
Serial0/2/0.602 10.12.15.10 YES NVRAM low low
11:08:13.673 Apr 13: MORE: Queuing AAA request authentication 79 for the treatment
11:08:13.673 Apr 13: MORE: treatment demand beginning 79 authentication id
11:08:13.675 Apr 13: MORE: authentication start package created for 79 (cisscdb)
11:08:13.675 Apr 13: MORE: using the 10.20.17.2 Server
11:08:13.675 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: started 5 sec timeout
11:08:18.676 Apr 13: HIGHER (0000004F) / 0/NB_WAIT/1BDD9C34: expired
11:08:18.676 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: expired, cleaning
11:08:18.676 Apr 13: HIGHER (0000004F) / 0/1BDD9C34: the package of treatment response
11:08:25.834 Apr 13: MORE: Queuing AAA request authentication 79 for the treatment
11:08:25.834 Apr 13: MORE: treatment demand beginning 79 authentication id
11:08:25.834 Apr 13: MORE: authentication start package created for 79 (cisscdb)
11:08:25.834 Apr 13: MORE: using the 10.20.17.2 Server
11:08:25.834 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: started 5 sec timeout
11:08:30.836 Apr 13: HIGHER (0000004F) / 0/NB_WAIT/1BDD9C34: expired
11:08:30.836 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: expired, cleaning
11:08:30.836 Apr 13: HIGHER (0000004F) / 0/1BDD9C34: the package of treatment response
11:08:43.689 Apr 13: TAC: using default Ganymede groups ' Ganymede"list."
11:08:43.689 Apr 13: TAC +: opening TCP/IP 10.20.17.2/49 Timeout = 5
11:08:51.057 Apr 13: MORE: Queuing AAA request authentication 79 for the treatment
11:08:51.057 Apr 13: MORE: treatment demand beginning 79 authentication id
11:08:51.057 Apr 13: MORE: authentication start package created for 79 (cisscdb)
11:08:51.057 Apr 13: MORE: using the 10.20.17.2 Server
11:08:51.057 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: started 5 sec timeout
11:08:54.692 Apr 13: TAC +: TCP/IP open to 10.20.17.2/49 failed - connection has expired; remote host does not
11:08:54.692 Apr 13: MORE: Queuing AAA accounting request treatment 76
11:08:54.692 Apr 13: MORE: treatment of the accounting application id 76
11:08:54.692 Apr 13: MORE: sending AV task_id = 332
11:08:54.692 Apr 13: MORE: sending AV timezone = EDT
11:08:54.692 Apr 13: MORE: AV = shell shipping service
11:08:54.692 Apr 13: MORE: sending AV start_time = 1334329734
11:08:54.692 Apr 13: MORE: sending AV priv-lvl = 15
11:08:54.692 Apr 13: MORE: sending AV cmd = show logging
11:08:54.692 Apr 13: MORE: request for accounts created for 76 (n20j03t)
11:08:54.692 Apr 13: MORE: using the 10.20.17.2 Server
11:08:54.692 Apr 13: HIGHER (0000004C) / NB_WAIT/1/20FD90EC: started 5 sec timeout
11:08:56.058 Apr 13: HIGHER (0000004F) / 0/NB_WAIT/1BDD9C34: expired
11:08:56.058 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: expired, cleaning
11:08:56.058 Apr 13: HIGHER (0000004F) / 0/1BDD9C34: the package of treatment response
11:08:59.693 Apr 13: HIGHER (0000004C) / NB_WAIT/1/20FD90EC: expired
11:08:59.693 Apr 13: HIGHER (0000004C) / NB_WAIT/1/20FD90EC: expired, cleaning
11:08:59.693 Apr 13: 1/HIGHER (0000004C) / 20FD90EC: the package of treatment response
BigTree_3945 #.
The AAA Client IP address
10.4.3. * 10.12.15.10
Key
Group of network devices
Test
NJT
AccessLink
(Not assigned)
Authenticate using
GANYMEDE + (Cisco IOS)
RADIUS (Cisco Aironet)
RADIUS (Cisco BBSM)
RADIUS (Cisco IOS/PIX)
RADIUS (Cisco VPN 3000)
RADIUS (Cisco VPN 5000)
RADIUS (IETF)
RADIUS (Mount)
RADIUS (Juniper)
RADIUS (Nortel)
RADIUS (Sepi)
Connect GANYMEDE + single AAA Client (stop recording in accounting in case of failure).
The 10.12.10. range * is listed under the HQ site.
Your help is greatly appreciated.
You said that you can ping the router ACS, have you tried the GigabitEthernet 0/0 interface packages (that is those THAT GANYMEDE + will attempt to use, given the configuration you have posted) supply?
What is the network path between the router and look like ACS (IE, a firewall, NAT, etc.)?
Can you connect to port 49 to the IP address of the router GBA, GigabitEthernet 0/0 of supply packages?
Using VRF?
Which version of IOS?
-
Just finished a 3 on server 2008r2 dot installation, but when I try to add the Admin Services as localhost and WIN-5SRHHS52LM1 , he said we turn it off or?
Where are the logs for me to review the matter?
and here is the output of the Oracle EPM System Diagnostics
Please notify
Oracle EPM system
Diagnosis
Generated 04/09/2013 21:24
Validation on WIN-5SRHHS52LM1
Build version: 11.1.2.3.0.8719
The EPM System Diagnostics Info: 11.1.2.3.0 drop build 27 8414-on-03/21/2013 10:40
Name of the operating system: Windows Server 2008 R2
OS version: 6.1
Location of the Instance of EPM system: C:\Oracle\Middleware\user_projects\epmsystem1
Status Service Test Description duration of test
Foundation of Hyperion
Validation of Audit THAT the Audit has been initialized
0 seconds
ACHIEVED CES validate that CES has been initialized
0 seconds
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST CSS CSS validation has been initialized
0 seconds
PAST DB: Checking the connectivity of database to connect to the jdbc:oracle:thin:@localhost:1521:orcl database
0 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://WIN-5SRHHS52LM1:19000 / DataSync
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://win-5SRHHS52LM1:19000/Hyperion-BPMA-server/applications.asmx
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://Win-5SRHHS52LM1:19000 / interop
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://win-5SRHHS52LM1:19000/calcmgr/index.htm
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://win-5SRHHS52LM1:19000/aps/APS
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://win-5SRHHS52LM1:19000/AWB/conf/AwbConfig.XML
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://Win-5SRHHS52LM1:19000 / space of work/status
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://win-5SRHHS52LM1:19000/easconsole/console.html
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://Win-5SRHHS52LM1:19000 / HyperionPlanning /
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://WIN-5SRHHS52LM1:19000 / essbase-webservices/AdminService? wsdl
0 seconds
HUB PAST validate this HUB has been initialized
0 seconds
PAST WEB: Permissions HIT all entries are present in system-jazn-"Data.xml"
0 seconds
PAST LCM validating this LCM has been initialized
0 seconds
PASSED Single Sign - On check the availability of connection http://win-5SRHHS52LM1:19000/interoperability/logon
0 seconds
LNK PAST: register to check that all the components in the registry have a link to the host
0 seconds
PAST CFG: Control environment if the system path variable length exceeds 2 000
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
PAST the record validating this registry has been initialized
0 seconds
WEB PAST: Web Application availability of Web application context http://Win-5SRHHS52LM1:9000 / interop
0 seconds
PAST REG: Web Server control if the associated Web Applications Web server all the
0 seconds
Registration of EPM system
PAST REG: Register of all the components of taxonomy of registry.
6 seconds
Essbase / Essbase
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
EAS PAST: starting the server of the Essbase Server validation using the MaxL Essbase
2 seconds
PAST EAS: Connection to the server of Essbase validation of Essbase Server WIN-5SRHHS52LM1
2 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
Essbase / Essbase Administration Services
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST REG: Datasource control whether the datasource property exists in the registry
0 seconds
PAST DB: Checking the connectivity of database to connect to the jdbc:oracle:thin:@localhost:1521:orcl database
0 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
WEB PAST: Web Application availability of Web application context http://win-5SRHHS52LM1:9000/easconsole/console.html
0 seconds
WEB PAST: Web Application availability of Web application context http://win-5SRHHS52LM1:9000/aps/APS
0 seconds
WEB PAST: Web Application availability of Web application context http://WIN-5SRHHS52LM1:9000 / essbase-webservices/AdminService? wsdl
0 seconds
Essbase / Essbase Integration Services
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
Essbase / Essbase Studio
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
ESS FAILED: connection of Essbase Studio Essbase Studio server validation
Error: The network communication with the server failed. Check your network connection and try again.
Recommended action: application startup
1 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
Essbase / service provider
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
WEB PAST: Web Application availability of Web application context http://win-5SRHHS52LM1:9000/aps/APS
0 seconds
WEB PAST: Web Application availability of Web application context http://WIN-5SRHHS52LM1:9000 / essbase-webservices/AdminService? wsdl
1 seconds
Foundation / calculation Manager
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST REG: Datasource control whether the datasource property exists in the registry
0 seconds
PAST DB: Checking the connectivity of database to connect to the jdbc:oracle:thin:@localhost:1521:orcl database
0 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
WEB PAST: Web Application availability of Web application context http://win-5SRHHS52LM1:9000/calcmgr/index.htm
0 seconds
Foundation / Performance Management architect
ÉCHEC de lancement AppMgrLoadAdf vérificateur externe avec la commande suivante : C:\Oracle\Middleware\EPMSystem11R1\... \jdk160_35/bin/Java-DEPM_ORACLE_HOME = C:\Oracle\Middleware\EPMSystem11R1-DEPM_ORACLE_INSTANCE = C:\Oracle\Middleware\user_projects\epmsystem1-Djava.util.logging.config.class=oracle.core.ojdl.logging.LoggingConfiguration-Doracle.core.ojdl.logging.config.file=C:\Oracle\Middleware\user_projects\epmsystem1\config\validation\11.1.2.0\validationTool-logging.xml com.oracle.epm.epma.config.validations.appmanager.AppMgrLoadAdf
Error: Failed to initialize AppMgrLoadAdf. Please check all the registry information are valid and HSS is running.
Recommended action: make sure that the external auditor is working.
17 seconds
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST DB: Checking the connectivity of database to connect to the jdbc:oracle:thin:@localhost:1521:orcl database
0 seconds
ÉCHEC de lancement DimEditorLoadAdf vérificateur externe avec la commande suivante : C:\Oracle\Middleware\EPMSystem11R1\... \jdk160_35/bin/Java-DEPM_ORACLE_HOME = C:\Oracle\Middleware\EPMSystem11R1-DEPM_ORACLE_INSTANCE = C:\Oracle\Middleware\user_projects\epmsystem1-Djava.util.logging.config.class=oracle.core.ojdl.logging.LoggingConfiguration-Doracle.core.ojdl.logging.config.file=C:\Oracle\Middleware\user_projects\epmsystem1\config\validation\11.1.2.0\validationTool-logging.xml com.oracle.epm.epma.config.validations.dimeditor.DimEditorLoadAdf
Error: Failed to initialize DimEditorLoadAdf. Please check all the registry information are valid and HSS is running.
Recommended action: make sure that the external auditor is working.
19 seconds
ÉCHEC de lancement EnumApplications vérificateur externe avec la commande suivante : C:\Oracle\Middleware\EPMSystem11R1\... \jdk160_35/bin/Java-DEPM_ORACLE_HOME = C:\Oracle\Middleware\EPMSystem11R1-DEPM_ORACLE_INSTANCE = C:\Oracle\Middleware\user_projects\epmsystem1-Djava.util.logging.config.class=oracle.core.ojdl.logging.LoggingConfiguration-Doracle.core.ojdl.logging.config.file=C:\Oracle\Middleware\user_projects\epmsystem1\config\validation\11.1.2.0\validationTool-logging.xml com.oracle.epm.epma.config.validations.repository.EnumApplications
Error: Failed to initialize EnumApplications. Please check all the registry information are valid and HSS is running.
Recommended action: make sure that the external auditor is working.
19 seconds
ÉCHEC de lancement EnumDataSyncs vérificateur externe avec la commande suivante : C:\Oracle\Middleware\EPMSystem11R1\... \jdk160_35/bin/Java-DEPM_ORACLE_HOME = C:\Oracle\Middleware\EPMSystem11R1-DEPM_ORACLE_INSTANCE = C:\Oracle\Middleware\user_projects\epmsystem1-Djava.util.logging.config.class=oracle.core.ojdl.logging.LoggingConfiguration-Doracle.core.ojdl.logging.config.file=C:\Oracle\Middleware\user_projects\epmsystem1\config\validation\11.1.2.0\validationTool-logging.xml com.oracle.epm.epma.config.validations.repository.EnumDataSyncs
Error: Failed to initialize EnumDataSyncs. Please check all the registry information are valid and HSS is running.
Recommended action: make sure that the external auditor is working.
20 seconds
ÉCHEC de lancement EnumDimensions vérificateur externe avec la commande suivante : C:\Oracle\Middleware\EPMSystem11R1\... \jdk160_35/bin/Java-DEPM_ORACLE_HOME = C:\Oracle\Middleware\EPMSystem11R1-DEPM_ORACLE_INSTANCE = C:\Oracle\Middleware\user_projects\epmsystem1-Djava.util.logging.config.class=oracle.core.ojdl.logging.LoggingConfiguration-Doracle.core.ojdl.logging.config.file=C:\Oracle\Middleware\user_projects\epmsystem1\config\validation\11.1.2.0\validationTool-logging.xml com.oracle.epm.epma.config.validations.dimeditor.EnumDimensions
Error: Failed to initialize EnumDimensions. Please check all the registry information are valid and HSS is running.
Recommended action: make sure that the external auditor is working.
125 seconds
FAILED PMAJ: EPMA validation if Service the jobmanager service is available.
Error: com.hyperion.cis.utils.BadResponseCodeException: bad response code: 500
Recommended action: Verify that the application is started
10 seconds
PAST DSC: Starting EPMA DimensionServer Server Configuration validation EPMA Dimension hyperion-bpma-server... Success...
2 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
WEB PAST: Web Application availability of Web application context http://win-5SRHHS52LM1:80/Hyperion-BPMA-server/applications.asmx
20 seconds
WEB PAST: Web Application availability of Web application context http://WIN-5SRHHS52LM1:9000 / DataSync
0 seconds
WEB PAST: Web Application availability of Web application context http://win-5SRHHS52LM1:9000/AWB/conf/AwbConfig.XML
0 seconds
Foundation / workspace
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
JOURNAL PAST: test Module for connection to the service provider with the URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=APS.APS
0 seconds
JOURNAL PAST: Login Module test of Performance Management architect Dimension Server with URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=Hyperion-BPMA-server.Hyperion-BPMA-Server
0 seconds
JOURNAL PAST: Login test Module for the SSP with the URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=Interop.Interop
0 seconds
JOURNAL PAST: Login Module to test for planning with the URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=HyperionPlanning.HyperionPlanning
0 seconds
JOURNAL PAST: Login test Module for the Services of the Essbase Administration with the URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=EAS.EAS
0 seconds
JOURNAL PAST: Login Module test of Performance Management architect Data Synchronizer with the URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=DataSync.DataSync
0 seconds
JOURNAL PAST: Login Module test of Performance Management architect with URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=AWB.AWB
0 seconds
JOURNAL PAST: Login Module calculation Manager with the URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=calcmgr.calcmgr
0 seconds
PASSED Single Sign - On check the availability of connection http://Win-5SRHHS52LM1:19000 / workspace / logon
4 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
PAST REG: Register all links are present in the registry.
0 seconds
WEB PAST: Web Application availability of Web application context http://Win-5SRHHS52LM1:9000 / space of work/status
0 seconds
Planning
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST REG: Datasource control whether the datasource property exists in the registry
0 seconds
PAST DB: Checking the connectivity of database to connect to the jdbc:oracle:thin:@localhost:1521:orcl database
0 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
WEB PAST: Web Application availability of Web application context http://Win-5SRHHS52LM1:9000 / HyperionPlanning /
11 seconds
Test start time: 04/09/2013-21:19
Test the end time: 04/09/2013-21:24
Test duration: 288 seconds
EAS has been deployed to a single managed server's default running on port 9000
FROM WEB: the Web of the Web application context http://WIN-5SRHHS52LM1:9000/easconsole/console.html Application availability
So in the Regional service console when you add the server or add port 9000 or OSH 19000, e.g. WIN - 5SRHHS52LM1:9000
See you soon
John
-
See 4.5 Single Sign-on does not
I try to activate SSO for a specific ORGANIZATIONAL unit. The problem I see is that it's still asking me a password. We have an Interactive logon message is configured under Local Policies\Security Options click OK on this screen. I had the view_agent.adm imported, but we have a 2008 domain controller, and they said that it imported without all the configured settings. They have enabled SSO and I can see in the registry for AllowSingleSignon it's true. I have to also configure the registry in HKLM\software\microsoft\windows nt\currentversion\winlogon? If I set the account to the Administrators group and set up AutoAdminLogon and ForceAutoLogon registry, it tries to connect, but not with the password. How can I configure it properly because the view Management Guide does not mention reg keys configuration.
4.5 is not this bug; the interactive logon message won't break SSO. See http://blogs.vmware.com/view/2010/12/troubleshooting-single-sign-on.html for advice on troubleshooting SSO.
-
GANYMEDE + with 3560 cisco switch configuration issue
Hi Forum,
Here's my setup GANYMEDE + on my cisco 3560 switch and my question is, how can I configure the switch, if I would not type enable after I put the user name and password? with configs below, users will need to type activate whenever they connect to the switch in order to enter the user exec mode. Please let me know if there is something missing in my configs to help me avoid typing 'enable '.
Thanks in advance,
MacBookAir: ~ MacBook$ ssh [email protected]/ * /.
Password:
Switch > en
Switch #show run | include the aaa
AAA new-model
AAA server Ganymede group + mpcc
AAA authentication login default group Ganymede + local
activate the default AAA authentication no
AAA authorization exec default group Ganymede + authenticated if
AAA authorization commands 1 default group Ganymede + authenticated if
AAA authorization commands 15 default group Ganymede + authenticated if
start-stop radius group AAA accounting dot1x default
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 1 by default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
AAA accounting system default start-stop Ganymede group.
AAA server RADIUS Dynamics-author
AAA - the id of the joint session
Switch #.
Hello
Add the level of privilege 15 control VTY line configuration.
line vty 0 4 [..] privilege level 15 !
Concerning
Maybe you are looking for
-
Can not change the configuration of the e-mail pop up account when add existing e-mail account
As says the issue I can change the name, but not the fields email and password in the first box pop up that appears when you add an existing e-mail account. Seems to be a bug in the pop-up edition regardless of the new account is.
-
Qosmio F20-111: need latest Nvidia 6600 GB display driver
Hello I have problems finding the new driver for my Toshiba Qosmio F-20/111 ' display Nvidia 6600 driver go ' for 1 year. I could not find a newer driver than 76.74... I wrote about it to support NVIDIA service but they told me: look at this page "ww
-
Example of a State-space?
Hello; I'm a grad student and I got my presentation tomorrow and really I need your comments. I select a topic which is the ANALYSIS of the STATE-SPACE. The attached file has my file vi. I have dwsign a simple survey. control loop of l which has a tr
-
HOW TO OPEN A NEW FOLDER ON DESKTOP PHOTOS & MISSING FILE DOCUMENTS
I created a new folder on the desktop storage of photos of the documents"" folder. When I try to open the folder, I wonder "what program I want to use. should what program I use? also, the pictures I've selected appear is in the documents folder.
-
I read the discussion of ZIZOU published the thread Josephs of May 12, 2009. My question is EXACTLY the same as hers. I have tried everything everyone suggested fixes with no results. How can I stop mobsync take over my computer. Mouse freezes m