Reg: Ganymede configuration

Hi all

I'm trying to configure the authentication of routers around 300 by Cisco GANYMEDE, AAA I installed acs4.2 on a windows Server 2003 and updated as a result of orders from AAA in the router, the RADIUS server host and the key on trialrouter

AAA new-model

AAA authentication login default group Ganymede + local

NO_AUTHEN AAA authentication login no

AAA authorization config-commands

AAA authorization exec default group Ganymede + authenticated if

NO_AUTHOR AAA authorization exec no

AAA authorization commands 1 default group Ganymede + authenticated if

AAA authorization commands 1 NO_AUTHOR no

AAA authorization commands 15 default group Ganymede + authenticated if

AAA authorization commands 15 NO_AUTHOR no

AAA authorization network series none

AAA accounting exec default start-stop Ganymede group.

accounting AAA commands default 15 stop only Ganymede group.

AAA - the id of the joint session

then I created a user and mentioned a secret key on the acs server, I added this router as an AAA client, the router no longer meets the old login name and password but did not username set to GBA, where I am a mistake? Kindly help.

Thank you.

ANU,

Are you Ganymede username-password prompt?

If you get the username-password prompt and it isn't taking Ganymede credentials, could you please connect with the local user name-password and run him debugs.

debugging Ganymede

Debug aaa authentication

term Lun

After this attempt to connect again with Ganymede username-password and send me the output.

Fix the failure of GBA attemopts > reports and activity.

HTH
JK

The rate of useful messages-

Tags: Cisco Security

Similar Questions

GANYMEDE configuration on a 1900

Forgive me if this question belongs on the Forum of General safety

I read the Document ID:9906 configuration GANYMEDE + on the catalyst 1900.

I have a 1924 configuration that has GANYMEDE on it. The switch is not on my network yet... I use a cable from the console to configure. I tftp config running on in NVRAM. Some how in the process, I have a level 15 password enable xxxxx left in the config.

When I log in the sw and go into enable mode... Ganymede should expire several times until I can get in.

My question has to do with enable secret password vs have enable password level 15

Right now I have both... To make my configurations correspond to what is in the rest of my network that is online, I need to remove the level 15 of the enable password xxxx (xxxx pretending is the pw) command because its pw is not encrypted.

Which leaves me with the password enable secret lonely.

My concern is when I take off the level of password enable 15... I am not able to get back into my switch!

Enable-use-Ganymede

and

password server GANYMEDE last resort

are both in my configuration

Can I take the xxxx level 15 password enable leaving the enable secret in and not locked switch?

Keep in mind that the 1924 is not on my network yet... I have to drive hundreds of miles to install it and don't want to get in trouble when I'm there with her.

Thanks for your help.

Hello

The main difference between the enable password and the enable secret password is that the encrypted enable password uses a reversible encryption function and the password plaintext can be recovered by using the encrypted password. The secret password enable, however, uses a non-reversible encryption function.

Is the only time where the enable password is used if the enable secret password is disabled (or you are using an old image that does not support the enable secret password).

Therefore, it should be perfectly safe to remove the enable password. You will not get locked switch as long as you know the enable secret password.

Hope that help - rate pls post if it does.

Paresh

GANYMEDE + Configuration

Hello

I am trying to build a Ganymede + config on my network devices. I have an ACS do the authentication. I want to do is to have GBA authenticate my users and allow them access. However, I would like to leave a console access using both local and local user name select the password so that I have a backdoor in case of future problems. I have everything working except the ability to go to activate the console mode using the local enable password. I get an auth error, because I think that the device tries to ACS auth password enable result:

the AAA authentication enable default group Ganymede + activate

I can get around it by applying a level 15 privlive to next line directly in the activation of the mode, but it seems less sure.

Any ideas?

Here's my config relevent bits (and I don't have a local user name and enable defined)

AAA new-model
AAA authentication login default group Ganymede + local
AAA authentication local console connection
the AAA authentication enable default group Ganymede + activate
default AAA authorization exec group Ganymede + local no
Console exec AAA local authorization
0 default AAA authorization commands group Ganymede + local no
default 1 AAA authorization commands group Ganymede + local no
default 15 AAA authorization commands group Ganymede + local no
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 1 by default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
AAA - the id of the joint session

Line con 0
password 7
console login authentication

Thanks in advance

Hi Rose,
```
Unfortunately, there is no way to apply a specific method list for the enable authentication to apply to the console.
Named method list for enable authentication is not supported.
Regards,

~JG
Do rate helpful posts
```

Reg: Scheduler configuration
Hello

I am very new in obiee. in the configuration of mail in the Scheduler configuration server, should I give administrators email address or leave the field blank in the slot of the senders address?

Thank you
Hello

You can give your mail id or user id admin in spammers
Check these http://gerardnico.com/weblog/2009/04/26/obiee-how-to-configure-the-mail-server-of-oracle-bi-schedulerdelivers/
http://www.artofbi.com/index.php/2009/07/setting-up-OBIEE-deliversibots-to-send-alerts/

If the ldap user, then he must be in ldap check this http://oraclebizint.wordpress.com/2007/09/13/oracle-bi-ee-10133-configuring-delivers-ibots/

hope that answered your question.

See you soon,.
KK

GANYMEDE for VTY & Console

Hello

I am creating a GANYMEDE configuration that will make sure that when you log on to the CONSOLE or VTY you get GANYMEDE challenge and if the RADIUS server is down then switch to the user/password local and local enable password.

Please notify that I have followed Cisco best practices that will help many others to follow;

Thank you and best regards,

Cisco username secret cisco123

Enable secret cisco456

AAA authentication login network access group Ganymede + local

the AAA authentication enable default group Ganymede + activate

AAA authorization exec default group Ganymede + local is authenticated by any

AAA authorization commands 1 default group Ganymede + if authenticated by any

AAA authorization commands 15 default group Ganymede + local authenticated by if (what is the difference between this and just below command & which command to use)

or

default 15 AAA authorization commands group Ganymede + none

AAA accounting exec default start-stop Ganymede group.

orders accounting AAA 1 by default start-stop Ganymede group.

orders accounting AAA 15 by default start-stop Ganymede group.

line vty 0 15

connection of network access authentication

0 line console

connection of network access authentication

T1) your configuration should work for both types of users.

Q2) authorization and accounting at all levels will increase the volume of network traffic and increase the need for storage on the server. You must decide on the basis of your organization and your needs if the additional traffic and the increased storage is justifiable.

HTH

Rick

Socket GANYMEDE errors

Hi Expert,

I have two switches, the switch has problem when I run the GANYMEDE configuration. I have two servers and be able to ping the server success. I have a doubt when I read the description in the Cisco docs. Please help identify the cause. Thank you and enjoy using.

switch02 #test aaa group Ganymede + btela77 Aug2011b legacy

% Failed authorization.

I run the show found Ganymede socket error:

switcho02 #show Ganymede

GANYMEDE + server: 10.52.0.158/49

Opening of socket: 4

Firm grip: 4

Write-offs of socket: 0

Socket errors: 4

Socket timeout: 0

Failed connection attempts: 0

Total packets sent: 4

Recv packets total: 4

GANYMEDE + server: 10.51.65.94/49

Opening of socket: 3

Firm grip: 3

Write-offs of socket: 0

Socket errors: 0

Socket timeout: 0

Failed connection attempts: 0

Total packets sent: 0

Recv packets total: 0

Can you try again the switch with a problem and then check on the RADIUS server and see if the server has nothing in his diary of the failed attempts in this regard?

HTH

Rick

AAA in switches routers vs (on Cisco IOS)

I have AAA with GANYMEDE + configured on a router in this way:

AAA login authentication default group Ganymede + local-case allow

the AAA authentication enable default group Ganymede + activate

Enter the same configuration on a switch (switches in general)?

What accounting? I have the same accounting configured on the router and switch?

for the switch I need to allow angling of the console of accounting services?

example:

Line con 0

accounting of the default commands 15

accounting exec failure

so, in the configured router Ihave accounting but not applied to interfaces for example) console, vty... as soon as the accounting is enabled on the router, it is automatically applied to all interfaces if I use the default method list? and is it true for switches?

Hi Nathan,

Whether router/Switch commands AAA for both work sense.

And you have "default" reason means that it will be applied on all interfaces on routers, as well as on the switch. You do not have to specify explicitly as:

Line con 0

accounting of the default commands 15

accounting exec failure

There is no need, as you say once again to search the accounting list 'default', which if we have already set up will look the same.

Terefore only commands that you specify is:

Accouting AAA commands default 0 arrhythmic group Ganymede +.

AAA accouting orders 1 by default start-stop Ganymede group.

AAA accouting orders 15 by default start-stop Ganymede group.

As a default we orders on three levels of privilege on IOS devices. Level of 0.1 and 15.

It can be useful :)

Out-of-band access (modem) to IDSM2 blade

We will soon have a few strands of IDSM2 distributed geographically. My company security group does not control the Cat 650 x switch as such, and I would like to know if there is some way we could get access to consoles (modem) to the IDSM2 blade only (without getting to the switch).

If this is not possible, is there a common console connection that must be shared between the infrastructure group and the security group? is it possible for us to share access modem/console as well as the separation of privileges?

Your help is appreciated. Thank you

The JOINT-2 itself is not a port of the console.

Options to access the JOINT-2:

(1) a user can access console switch and the switch CLI, the user can JOINT-2 session. This would require a physical connection to the switch via a console port (or terminal server) and passwords to access the switch and the JOINT-2.

(2) a user could connect to the switch via a modem and the switch CLI user can sesion at the JOINT-2. This would imply a connection by modem to the switch and the passwords to access the switch and the JOINT-2.

(3) a user could telnet or ssh to the switch and the switch CLI user can JOINT-2 session. This would require network connectivity to the ip address of the switch itself and passwords for the switch and JOINT-2.

(4) a user could SSH directly to the JOINT-2 command and control the IP address. This would require network connectivity to the command and control of the IDSM2 ip address and require only passwords for JOINT-2 itself.

(5) similar to the number 4 above, the user could telnet directly to the JOINT-2.

(6) a user could browse the Web (HTTPS) to the JOINT-2 command and control IP address to access the IDS Device Manager. This would require network connectivity to the command and control of the IDSM2 ip address and require only passwords for JOINT-2 itself.

-------------

During the initial installation of the JOINT-2, options 4,5 and 6 cannot be used. This is because the JOINT-2 comes with a standard default ip address that is not likely available. For the initial Setup, the user must session from a CLI switch.

However, once that the "setup" command was run on the JOINT-2 and the configuration of the JOINT-2 switch to place in the vlan correct for the IP JOINT-2 command and control, then the JOINT-2 accessible directly on the network via options 4,5 and 6.

Once the initial Setup is complete, the day-to-day management of the JOINT-2 can be made through direct network access, so there is no need to access the switch.

The only time wherever the switch will have to be consulted again is to configure the sending of packets to the JOINT-2 (usually done with the initial setup and rarely changes) and reset the module or reload a new image on the module in case of major problems. (Note that the standard upgrades can be performed via direct access to the network without access to the switch).

If some users choose to work in collaboration with the team of the switch during initial setup and during periods of trouble shootin.

And will just use the direct access via ssh or telnet to the JOINT-2 for the activity on the day the day.

Other groups have used GANYMEDE + to provide a userid on the switch to the security team. Via GANYMEDE + configuration entries, the Userid for the security team may be limited to the execution of only the commands that are required to maintain the JOINT-2.

The user ID could be used to connect through the network to the switch, or connect on the console switch or a modem connected to the switch.

If you fear that repeatedly when the network connectivity between your main site and the remote site is down, so have you considered adding a PC on the remote site, which would be on the same network as the command and control of JOINT-2 address?

You could put a modem in the PC and then when you need to dial in the PC and the PC would be able to telnet or ssh to the IP address of the JOINT-2.

ACS 5.1 integration with WLC

Hello

can someone help me find a document for ACS 5.1 appliance, integration GANYMEDE + (configuration) with my WLC. configuration of RADIUS also for clients.

all configuration of wireless controller shows only acs 4.x integration.

Thanks in advance

Hello

There is unfortunately no official configuration example for this right now.
Haowever, you can view these screenshots I took an example of laboratory, to set up the profile of shell and pass it back due to the authorization rule.

Hope this helps,

Fede

--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

in PIX with SSH connection issues

Hello

I have a PIX 506 running OS 6.2 (2) which is located in a demilitarized zone known as the PIX from the outside. It's behind an another PIX506 (PIX inside). The two PIX have Ganymede + configured for authentication of the connection.

Last week the outdoor PIX crushed physically and I replaced it with a spare PIX part and he completely reconfigured.

Now I can't connect to this outside PIX using SSH, despite the list of access inside PIX is correct and can SSH and Ganymede +. However, I can telnet to it.

I use Putty to connect and when I start the session SSH from the PIX, the login window appears and disappears immediately without having the time to do anything myself.

Any help would be greatly appreciated. Thanks in advance.

A.G.

##################################################

Inside PIX config:

access-list inside allow TCP Company-Interior-Net 255.255.255.0 host outsidepix-Interior-interface eq ssh

list Company-Interior-Net 255.255.255.0 access inside permit tcp host eq telnet interface-inside-outsidepix

access-list inside allow the ICMP messages to echo DMZNet 255.255.255.192 Company-Interior-Net 255.255.255.0

access-list inside allow Company-Interior-Net icmp 255.255.255.0 DMZNet 255.255.255.192 - response to echo

dmzacl list of access allowed icmp echo host outsidepix-Interior-interface company-Interior-Net 255.255.255.0

dmzacl list of access allowed icmp host outsidepix-Interior-interface company-Interior-Net 255.255.255.0 - response to echo

access-list permits dmzacl tcp host outsidepix-Interior-interface host Ganymede-server1 eq Ganymede

access-list permits dmzacl tcp host outsidepix-Interior-interface host Ganymede-server2 eq Ganymede

The outdoor PIX config:

GANYMEDE + Protocol Ganymede + AAA-server

AAA-server GANYMEDE + (inside) host Ganymede-server1 1234 timeout 10

AAA-server GANYMEDE + (inside) host Ganymede-server2 1234 timeout 10

RADIUS Protocol RADIUS AAA server

AAA-server local LOCAL Protocol

Console telnet authentication GANYMEDE AAA +.

the AAA console ssh GANYMEDE authentication +.

AAA authentication enable console GANYMEDE +.

Telnet Company-Interior-Net 255.255.255.0 inside

Telnet timeout 5

SSH-company-Interior-Net 255.255.255.0 inside

SSH DMZNet 255.255.255.192 inside

SSH timeout 5

did you follow the steps to configure ssh? the domain name and host name is defined on it? CA has generated you any rsa... to create the encryption keys?

How the device select radius-server

Hi guys,.

We have the existing Ganymede configuration to form our devices and server ACS 2 did. the acs server are managed with other suppliers that the acs server is on their site. Now intended to manage the acs server. We installed a new server CSA of our location, we have thousand of the devices, if we move to the new server we just add the acs unit 2 Server? the new acs server will be are able to connect to the device? How a device chooses which acs primary or secondary server? Please notify.

Old configuration

AAA new-model

AAA authentication login vtymethod group Ganymede + local

AAA authorization config-commands

AAA authorization exec default group Ganymede + local authenticated by FIS

AAA authorization commands 0 default group Ganymede + local authenticated by FIS

15 AAA authorization commands default group Ganymede + local authenticated by FIS

AAA accounting send stop-record an authentication failure

AAA accounting exec default start-stop Ganymede group.

orders accounting AAA 0 arrhythmic default group Ganymede +.

orders accounting AAA 15 by default start-stop Ganymede group.

Default connection accounting AAA power Ganymede group.

AAA accounting system default start-stop Ganymede group.

Ganymede IP source-interface Loopback0

RADIUS-server host 10.x.x.x

RADIUS-server host 10.x.x.x

New config

AAA new-model

AAA authentication login vtymethod group Ganymede + local

AAA authorization config-commands

AAA authorization exec default group Ganymede + local authenticated by FIS

AAA authorization commands 0 default group Ganymede + local authenticated by FIS

15 AAA authorization commands default group Ganymede + local authenticated by FIS

AAA accounting send stop-record an authentication failure

AAA accounting exec default start-stop Ganymede group.

orders accounting AAA 0 arrhythmic default group Ganymede +.

orders accounting AAA 15 by default start-stop Ganymede group.

Default connection accounting AAA power Ganymede group.

AAA accounting system default start-stop Ganymede group.

Ganymede IP source-interface Loopback0

RADIUS-server host 10.x.x.x

RADIUS-server host 10.x.x.x

RADIUS-server host 100.x.x.x<-->

RADIUS-server host 100.x.x.x<-->

Hi m.,.

N ° not round robin.

It checks the first IP address. It checks only the following IP address if one has failed.

I hope it's clearer now

Rating of useful answers is more useful to say "thank you".

TAC +: TCP/IP open to 10.20.17.2/49 failed - connection has expired; remote host does not

GANYMEDE + configured on the router and the router is in ACS. I can ping from the ACS, but the router cannot establish a connection to authenticate users.

AAA server Ganymede group + hq_acs-1

Server 10.20.17.2

Ganymede IP source-interface GigabitEthernet0/0

AAA authentication login default group Ganymede + local

AAA authorization config-commands

AAA authorization exec default group Ganymede + local

AAA authorization commands by default group Ganymede + local 10

AAA authorization commands 15 default group Ganymede + local

nested AAA accounting

AAA accounting newinfo periodic update 60

AAA accounting auth-proxy default start-stop Ganymede group.

AAA accounting exec default start-stop Ganymede group.

orders accounting AAA 15 by default start-stop Ganymede group.

AAA accounting network default start-stop Ganymede group.

Default connection accounting AAA power Ganymede group.

AAA accounting system default start-stop Ganymede group.

AAA accounting resource by default start-stop Ganymede group.

BigTree_3945 #sh ip int br

Interface IP-Address OK? Method State Protocol

GigabitEthernet0/0 10.4.3.1 YES NVRAM low low

GigabitEthernet0/1 10.12.10.26 YES NVRAM up up

Serial0/2/0 unassigned YES NVRAM low low

Serial0/2/0.602 10.12.15.10 YES NVRAM low low

11:08:13.673 Apr 13: MORE: Queuing AAA request authentication 79 for the treatment

11:08:13.673 Apr 13: MORE: treatment demand beginning 79 authentication id

11:08:13.675 Apr 13: MORE: authentication start package created for 79 (cisscdb)

11:08:13.675 Apr 13: MORE: using the 10.20.17.2 Server

11:08:13.675 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: started 5 sec timeout

11:08:18.676 Apr 13: HIGHER (0000004F) / 0/NB_WAIT/1BDD9C34: expired

11:08:18.676 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: expired, cleaning

11:08:18.676 Apr 13: HIGHER (0000004F) / 0/1BDD9C34: the package of treatment response

11:08:25.834 Apr 13: MORE: Queuing AAA request authentication 79 for the treatment

11:08:25.834 Apr 13: MORE: treatment demand beginning 79 authentication id

11:08:25.834 Apr 13: MORE: authentication start package created for 79 (cisscdb)

11:08:25.834 Apr 13: MORE: using the 10.20.17.2 Server

11:08:25.834 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: started 5 sec timeout

11:08:30.836 Apr 13: HIGHER (0000004F) / 0/NB_WAIT/1BDD9C34: expired

11:08:30.836 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: expired, cleaning

11:08:30.836 Apr 13: HIGHER (0000004F) / 0/1BDD9C34: the package of treatment response

11:08:43.689 Apr 13: TAC: using default Ganymede groups ' Ganymede"list."

11:08:43.689 Apr 13: TAC +: opening TCP/IP 10.20.17.2/49 Timeout = 5

11:08:51.057 Apr 13: MORE: Queuing AAA request authentication 79 for the treatment

11:08:51.057 Apr 13: MORE: treatment demand beginning 79 authentication id

11:08:51.057 Apr 13: MORE: authentication start package created for 79 (cisscdb)

11:08:51.057 Apr 13: MORE: using the 10.20.17.2 Server

11:08:51.057 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: started 5 sec timeout

11:08:54.692 Apr 13: TAC +: TCP/IP open to 10.20.17.2/49 failed - connection has expired; remote host does not

11:08:54.692 Apr 13: MORE: Queuing AAA accounting request treatment 76

11:08:54.692 Apr 13: MORE: treatment of the accounting application id 76

11:08:54.692 Apr 13: MORE: sending AV task_id = 332

11:08:54.692 Apr 13: MORE: sending AV timezone = EDT

11:08:54.692 Apr 13: MORE: AV = shell shipping service

11:08:54.692 Apr 13: MORE: sending AV start_time = 1334329734

11:08:54.692 Apr 13: MORE: sending AV priv-lvl = 15

11:08:54.692 Apr 13: MORE: sending AV cmd = show logging

11:08:54.692 Apr 13: MORE: request for accounts created for 76 (n20j03t)

11:08:54.692 Apr 13: MORE: using the 10.20.17.2 Server

11:08:54.692 Apr 13: HIGHER (0000004C) / NB_WAIT/1/20FD90EC: started 5 sec timeout

11:08:56.058 Apr 13: HIGHER (0000004F) / 0/NB_WAIT/1BDD9C34: expired

11:08:56.058 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: expired, cleaning

11:08:56.058 Apr 13: HIGHER (0000004F) / 0/1BDD9C34: the package of treatment response

11:08:59.693 Apr 13: HIGHER (0000004C) / NB_WAIT/1/20FD90EC: expired

11:08:59.693 Apr 13: HIGHER (0000004C) / NB_WAIT/1/20FD90EC: expired, cleaning

11:08:59.693 Apr 13: 1/HIGHER (0000004C) / 20FD90EC: the package of treatment response

BigTree_3945 #.

The AAA Client IP address

10.4.3. * 10.12.15.10

Key

Group of network devices

Test

NJT

AccessLink

(Not assigned)

Authenticate using

GANYMEDE + (Cisco IOS)

RADIUS (Cisco Aironet)

RADIUS (Cisco BBSM)

RADIUS (Cisco IOS/PIX)

RADIUS (Cisco VPN 3000)

RADIUS (Cisco VPN 5000)

RADIUS (IETF)

RADIUS (Mount)

RADIUS (Juniper)

RADIUS (Nortel)

RADIUS (Sepi)

Connect GANYMEDE + single AAA Client (stop recording in accounting in case of failure).

The 10.12.10. range * is listed under the HQ site.

Your help is greatly appreciated.

You said that you can ping the router ACS, have you tried the GigabitEthernet 0/0 interface packages (that is those THAT GANYMEDE + will attempt to use, given the configuration you have posted) supply?

What is the network path between the router and look like ACS (IE, a firewall, NAT, etc.)?

Can you connect to port 49 to the IP address of the router GBA, GigabitEthernet 0/0 of supply packages?

Using VRF?

Which version of IOS?

EAS stopped?

Just finished a 3 on server 2008r2 dot installation, but when I try to add the Admin Services as localhost and WIN-5SRHHS52LM1 , he said we turn it off or?
Where are the logs for me to review the matter?
and here is the output of the Oracle EPM System Diagnostics
Please notify
Oracle EPM system
Diagnosis
Generated 04/09/2013 21:24
Validation on WIN-5SRHHS52LM1
Build version: 11.1.2.3.0.8719
The EPM System Diagnostics Info: 11.1.2.3.0 drop build 27 8414-on-03/21/2013 10:40
Name of the operating system: Windows Server 2008 R2
OS version: 6.1
Location of the Instance of EPM system: C:\Oracle\Middleware\user_projects\epmsystem1
Status Service Test Description duration of test
Foundation of Hyperion
Validation of Audit THAT the Audit has been initialized
0 seconds
ACHIEVED CES validate that CES has been initialized
0 seconds
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST CSS CSS validation has been initialized
0 seconds
PAST DB: Checking the connectivity of database to connect to the jdbc:oracle:thin:@localhost:1521:orcl database
0 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://WIN-5SRHHS52LM1:19000 / DataSync
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://win-5SRHHS52LM1:19000/Hyperion-BPMA-server/applications.asmx
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://Win-5SRHHS52LM1:19000 / interop
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://win-5SRHHS52LM1:19000/calcmgr/index.htm
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://win-5SRHHS52LM1:19000/aps/APS
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://win-5SRHHS52LM1:19000/AWB/conf/AwbConfig.XML
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://Win-5SRHHS52LM1:19000 / space of work/status
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://win-5SRHHS52LM1:19000/easconsole/console.html
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://Win-5SRHHS52LM1:19000 / HyperionPlanning /
0 seconds
PAST HTTP: HTTP check availability of HTTP context http://WIN-5SRHHS52LM1:19000 / essbase-webservices/AdminService? wsdl
0 seconds
HUB PAST validate this HUB has been initialized
0 seconds
PAST WEB: Permissions HIT all entries are present in system-jazn-"Data.xml"
0 seconds
PAST LCM validating this LCM has been initialized
0 seconds
PASSED Single Sign - On check the availability of connection http://win-5SRHHS52LM1:19000/interoperability/logon
0 seconds
LNK PAST: register to check that all the components in the registry have a link to the host
0 seconds
PAST CFG: Control environment if the system path variable length exceeds 2 000
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
PAST the record validating this registry has been initialized
0 seconds
WEB PAST: Web Application availability of Web application context http://Win-5SRHHS52LM1:9000 / interop
0 seconds
PAST REG: Web Server control if the associated Web Applications Web server all the
0 seconds
Registration of EPM system
PAST REG: Register of all the components of taxonomy of registry.
6 seconds
Essbase / Essbase
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
EAS PAST: starting the server of the Essbase Server validation using the MaxL Essbase
2 seconds
PAST EAS: Connection to the server of Essbase validation of Essbase Server WIN-5SRHHS52LM1
2 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
Essbase / Essbase Administration Services
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST REG: Datasource control whether the datasource property exists in the registry
0 seconds
PAST DB: Checking the connectivity of database to connect to the jdbc:oracle:thin:@localhost:1521:orcl database
0 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
WEB PAST: Web Application availability of Web application context http://win-5SRHHS52LM1:9000/easconsole/console.html
0 seconds
WEB PAST: Web Application availability of Web application context http://win-5SRHHS52LM1:9000/aps/APS
0 seconds
WEB PAST: Web Application availability of Web application context http://WIN-5SRHHS52LM1:9000 / essbase-webservices/AdminService? wsdl
0 seconds
Essbase / Essbase Integration Services
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
Essbase / Essbase Studio
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
ESS FAILED: connection of Essbase Studio Essbase Studio server validation
Error: The network communication with the server failed. Check your network connection and try again.
Recommended action: application startup
1 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
Essbase / service provider
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
WEB PAST: Web Application availability of Web application context http://win-5SRHHS52LM1:9000/aps/APS
0 seconds
WEB PAST: Web Application availability of Web application context http://WIN-5SRHHS52LM1:9000 / essbase-webservices/AdminService? wsdl
1 seconds
Foundation / calculation Manager
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST REG: Datasource control whether the datasource property exists in the registry
0 seconds
PAST DB: Checking the connectivity of database to connect to the jdbc:oracle:thin:@localhost:1521:orcl database
0 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
WEB PAST: Web Application availability of Web application context http://win-5SRHHS52LM1:9000/calcmgr/index.htm
0 seconds
Foundation / Performance Management architect
ÉCHEC de lancement AppMgrLoadAdf vérificateur externe avec la commande suivante : C:\Oracle\Middleware\EPMSystem11R1\... \jdk160_35/bin/Java-DEPM_ORACLE_HOME = C:\Oracle\Middleware\EPMSystem11R1-DEPM_ORACLE_INSTANCE = C:\Oracle\Middleware\user_projects\epmsystem1-Djava.util.logging.config.class=oracle.core.ojdl.logging.LoggingConfiguration-Doracle.core.ojdl.logging.config.file=C:\Oracle\Middleware\user_projects\epmsystem1\config\validation\11.1.2.0\validationTool-logging.xml com.oracle.epm.epma.config.validations.appmanager.AppMgrLoadAdf
Error: Failed to initialize AppMgrLoadAdf. Please check all the registry information are valid and HSS is running.
Recommended action: make sure that the external auditor is working.
17 seconds
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST DB: Checking the connectivity of database to connect to the jdbc:oracle:thin:@localhost:1521:orcl database
0 seconds
ÉCHEC de lancement DimEditorLoadAdf vérificateur externe avec la commande suivante : C:\Oracle\Middleware\EPMSystem11R1\... \jdk160_35/bin/Java-DEPM_ORACLE_HOME = C:\Oracle\Middleware\EPMSystem11R1-DEPM_ORACLE_INSTANCE = C:\Oracle\Middleware\user_projects\epmsystem1-Djava.util.logging.config.class=oracle.core.ojdl.logging.LoggingConfiguration-Doracle.core.ojdl.logging.config.file=C:\Oracle\Middleware\user_projects\epmsystem1\config\validation\11.1.2.0\validationTool-logging.xml com.oracle.epm.epma.config.validations.dimeditor.DimEditorLoadAdf
Error: Failed to initialize DimEditorLoadAdf. Please check all the registry information are valid and HSS is running.
Recommended action: make sure that the external auditor is working.
19 seconds
ÉCHEC de lancement EnumApplications vérificateur externe avec la commande suivante : C:\Oracle\Middleware\EPMSystem11R1\... \jdk160_35/bin/Java-DEPM_ORACLE_HOME = C:\Oracle\Middleware\EPMSystem11R1-DEPM_ORACLE_INSTANCE = C:\Oracle\Middleware\user_projects\epmsystem1-Djava.util.logging.config.class=oracle.core.ojdl.logging.LoggingConfiguration-Doracle.core.ojdl.logging.config.file=C:\Oracle\Middleware\user_projects\epmsystem1\config\validation\11.1.2.0\validationTool-logging.xml com.oracle.epm.epma.config.validations.repository.EnumApplications
Error: Failed to initialize EnumApplications. Please check all the registry information are valid and HSS is running.
Recommended action: make sure that the external auditor is working.
19 seconds
ÉCHEC de lancement EnumDataSyncs vérificateur externe avec la commande suivante : C:\Oracle\Middleware\EPMSystem11R1\... \jdk160_35/bin/Java-DEPM_ORACLE_HOME = C:\Oracle\Middleware\EPMSystem11R1-DEPM_ORACLE_INSTANCE = C:\Oracle\Middleware\user_projects\epmsystem1-Djava.util.logging.config.class=oracle.core.ojdl.logging.LoggingConfiguration-Doracle.core.ojdl.logging.config.file=C:\Oracle\Middleware\user_projects\epmsystem1\config\validation\11.1.2.0\validationTool-logging.xml com.oracle.epm.epma.config.validations.repository.EnumDataSyncs
Error: Failed to initialize EnumDataSyncs. Please check all the registry information are valid and HSS is running.
Recommended action: make sure that the external auditor is working.
20 seconds
ÉCHEC de lancement EnumDimensions vérificateur externe avec la commande suivante : C:\Oracle\Middleware\EPMSystem11R1\... \jdk160_35/bin/Java-DEPM_ORACLE_HOME = C:\Oracle\Middleware\EPMSystem11R1-DEPM_ORACLE_INSTANCE = C:\Oracle\Middleware\user_projects\epmsystem1-Djava.util.logging.config.class=oracle.core.ojdl.logging.LoggingConfiguration-Doracle.core.ojdl.logging.config.file=C:\Oracle\Middleware\user_projects\epmsystem1\config\validation\11.1.2.0\validationTool-logging.xml com.oracle.epm.epma.config.validations.dimeditor.EnumDimensions
Error: Failed to initialize EnumDimensions. Please check all the registry information are valid and HSS is running.
Recommended action: make sure that the external auditor is working.
125 seconds
FAILED PMAJ: EPMA validation if Service the jobmanager service is available.
Error: com.hyperion.cis.utils.BadResponseCodeException: bad response code: 500
Recommended action: Verify that the application is started
10 seconds
PAST DSC: Starting EPMA DimensionServer Server Configuration validation EPMA Dimension hyperion-bpma-server... Success...
2 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
WEB PAST: Web Application availability of Web application context http://win-5SRHHS52LM1:80/Hyperion-BPMA-server/applications.asmx
20 seconds
WEB PAST: Web Application availability of Web application context http://WIN-5SRHHS52LM1:9000 / DataSync
0 seconds
WEB PAST: Web Application availability of Web application context http://win-5SRHHS52LM1:9000/AWB/conf/AwbConfig.XML
0 seconds
Foundation / workspace
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
JOURNAL PAST: test Module for connection to the service provider with the URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=APS.APS
0 seconds
JOURNAL PAST: Login Module test of Performance Management architect Dimension Server with URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=Hyperion-BPMA-server.Hyperion-BPMA-Server
0 seconds
JOURNAL PAST: Login test Module for the SSP with the URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=Interop.Interop
0 seconds
JOURNAL PAST: Login Module to test for planning with the URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=HyperionPlanning.HyperionPlanning
0 seconds
JOURNAL PAST: Login test Module for the Services of the Essbase Administration with the URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=EAS.EAS
0 seconds
JOURNAL PAST: Login Module test of Performance Management architect Data Synchronizer with the URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=DataSync.DataSync
0 seconds
JOURNAL PAST: Login Module test of Performance Management architect with URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=AWB.AWB
0 seconds
JOURNAL PAST: Login Module calculation Manager with the URL http://win-5SRHHS52LM1:19000/workspace/index.jsp?module=calcmgr.calcmgr
0 seconds
PASSED Single Sign - On check the availability of connection http://Win-5SRHHS52LM1:19000 / workspace / logon
4 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
PAST REG: Register all links are present in the registry.
0 seconds
WEB PAST: Web Application availability of Web application context http://Win-5SRHHS52LM1:9000 / space of work/status
0 seconds
Planning
CFG PAST: Configuration validating this configuration tasks is completed
0 seconds
PAST REG: Datasource control whether the datasource property exists in the registry
0 seconds
PAST DB: Checking the connectivity of database to connect to the jdbc:oracle:thin:@localhost:1521:orcl database
0 seconds
PAST EXT: Provider Configuration external native authentication control external authentication directory
0 seconds
PAST REG: Checking Configuration if the product has a single product in the registry node.
0 seconds
WEB PAST: Web Application availability of Web application context http://Win-5SRHHS52LM1:9000 / HyperionPlanning /
11 seconds
Test start time: 04/09/2013-21:19
Test the end time: 04/09/2013-21:24
Test duration: 288 seconds

EAS has been deployed to a single managed server's default running on port 9000

FROM WEB: the Web of the Web application context http://WIN-5SRHHS52LM1:9000/easconsole/console.html Application availability

So in the Regional service console when you add the server or add port 9000 or OSH 19000, e.g. WIN - 5SRHHS52LM1:9000

See you soon

John

http://John-Goodwin.blogspot.com/

See 4.5 Single Sign-on does not

I try to activate SSO for a specific ORGANIZATIONAL unit. The problem I see is that it's still asking me a password. We have an Interactive logon message is configured under Local Policies\Security Options click OK on this screen. I had the view_agent.adm imported, but we have a 2008 domain controller, and they said that it imported without all the configured settings. They have enabled SSO and I can see in the registry for AllowSingleSignon it's true. I have to also configure the registry in HKLM\software\microsoft\windows nt\currentversion\winlogon? If I set the account to the Administrators group and set up AutoAdminLogon and ForceAutoLogon registry, it tries to connect, but not with the password. How can I configure it properly because the view Management Guide does not mention reg keys configuration.

4.5 is not this bug; the interactive logon message won't break SSO. See http://blogs.vmware.com/view/2010/12/troubleshooting-single-sign-on.html for advice on troubleshooting SSO.

GANYMEDE + with 3560 cisco switch configuration issue

Hi Forum,

Here's my setup GANYMEDE + on my cisco 3560 switch and my question is, how can I configure the switch, if I would not type enable after I put the user name and password? with configs below, users will need to type activate whenever they connect to the switch in order to enter the user exec mode. Please let me know if there is something missing in my configs to help me avoid typing 'enable '.

Thanks in advance,

MacBookAir: ~ MacBook$ ssh [email protected]/ * /.

Password:

Switch > en

Switch #show run | include the aaa

AAA new-model

AAA server Ganymede group + mpcc

AAA authentication login default group Ganymede + local

activate the default AAA authentication no

AAA authorization exec default group Ganymede + authenticated if

AAA authorization commands 1 default group Ganymede + authenticated if

AAA authorization commands 15 default group Ganymede + authenticated if

start-stop radius group AAA accounting dot1x default

AAA accounting exec default start-stop Ganymede group.

orders accounting AAA 1 by default start-stop Ganymede group.

orders accounting AAA 15 by default start-stop Ganymede group.

AAA accounting system default start-stop Ganymede group.

AAA server RADIUS Dynamics-author

AAA - the id of the joint session

Switch #.

Hello

Add the level of privilege 15 control VTY line configuration.
```
 line vty 0 4 [..] privilege level 15 ! 
```
Concerning

Reg: Ganymede configuration

Similar Questions

Maybe you are looking for