Sent to the RADIUS server IP address
Install a GANYMEDE server on network to control console and telnet access to routers and switches. Most of our remote routers have multiple paths wan to RADIUS servers and may present a different IP address depending on what path is available or less busy. This causes an authentication failure that denies access to the equipment. Is it possible to configure the router to always send a specific address or a loopback or internal LAN IP address?
You can also go through the link below
http://my.safaribooksonline.com/book/networking/Cisco-IOS/0596527225/tacacsplus/i85779__heada__4_7
~ BR
Jatin kone
* Does the rate of useful messages *.
Tags: Cisco Security
Similar Questions
-
Setup
Cisco Catalyst 2960-S running 15.0.2 - SE8
Under Centos freeRadius 6.4 RADIUS server
Client (supplicant) running Windows 7
When Windows client is connected to the port (port 12 in my setup) with authentication of 802. 1 x active switch, show of Wireshark that catalyst sends ask EAP and the client responds with EAP response. But it made not the request to the Radius server. The RADIUS test utility 'aaa RADIUS testuser password new-code test group' works.
Here is my config running. Any advice would be greatly appreciated.
#show running mySwitch-
mySwitch #show running-config
Building configuration...Current configuration: 2094 bytes
!
version 12.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname myswitch
!
boot-start-marker
boot-end-marker
!
activate the password secret 5 $1$ Z1z6$ kqvVYRQdVRZ0h8aDTV5DR0 enable password!
!
!
AAA new-model
!
!
AAA dot1x group group radius aaa accounting dot1x default start-stop radius authentication group!
!
!
AAA - the id of the joint session
1 supply ws-c2960s-24ts-l switch
!
!
!
!
!
control-dot1x system-auth
pvst spanning-tree mode
spanning tree extend id-system
!
!
!
!
internal allocation policy of VLAN no ascendant interface FastEthernet0 no stop ip address!
GigabitEthernet1/0/1 interface
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
switchport mode access
Auto control of the port of authentication
dot1x EAP authenticator
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
IP 10.1.2.12 255.255.255.0
!
IP http server
IP http secure server
activate the IP sla response alerts
recording of debug trap
10.1.2.1 host connection tcp port 514 RADIUS-server host 10.1.2.1 transport auth-port 1812 acct-port 1646 timeout 3 retransmit testing123 key 3.
Line con 0
line vty 0 4
password password
line vty 5 15
password password
!
endinterface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20Have you run wireshark on the server because the request to switch? If so you make sure that there is a response from the server? For Windows network POLICY Server (I've never tried Centos), you must ensure that the request is related to a policy which then authenticates, or denies access. Usually, it is a matter of such attributes and the seller.
Regarding the configuration, it seems a bit out of the AAA. Try to remove the:
line "aaa dot1x group service radius authentication" and this by using instead:
"aaa dot1x default radius authentication group". After the dot1x word you are supposed to provide a list of the authentication or the default Word if you do not want to use a list.
-
Cisco 1812 no contact to the Radius Server
Hi guys,.
IM pretty new to cisco and plays with an 1812 products... I am trying set up an easy VPN server, with the support of ray and I can see that I did everything right, but there is a problem, because the router do not contact the RADIUS server and the RADIUS server has been tested ok.
Anyone who can see what I'm missing? Worked with this problem for 3 days now.
Here is my CONF.
Current configuration: 9170 bytes
!
! Last modification of the configuration to 13:44:49 UTC Tuesday, October 12, 2010
!
version 15.1
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
router host name
!
boot-start-marker
boot-end-marker
!
!
no set record in buffered memory
!
AAA new-model
!
!
AAA server radius sdm-vpn-server-group 1 group
auth-port 1645 90.0.0.245 Server acct-port 1646
!
AAA authentication login default local
AAA authentication login sdm_vpn_xauth_ml_1-passwd-expiry group sdm-vpn-server-group 1
AAA authorization exec default local
AAA authorization sdm_vpn_group_ml_1 LAN
!
!
!
!
!
AAA - the id of the joint session
!
Crypto pki token removal timeout default 0
!
Crypto pki trustpoint TP-self-signed-250973313
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 250973313
revocation checking no
!
!
TP-self-signed-250973313 crypto pki certificate chain
certificate self-signed 01
308201A 5 A0030201 02020101 3082023C 300 D 0609 2A 864886 F70D0101 04050030
2 040355 04031325 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 30312E30
69666963 32353039 37333331 33301E17 313031 30313230 39343333 0D 6174652D
395A170D 2E302C06 1325494F 03540403 32303031 30313030 30303030 5A 303031
532D 5365 6C662D53 69676E65 4365 72746966 69636174 652 3235 30393733 642D
06092A 86 4886F70D 01010105 33313330 819F300D 00308189 02818100 0003818D
BCF94FB0 77240E92 B703CE70 556D5D22 A57823E5 DD4CD4C4 12D639DE 5E97DB2D
81FBB304 9FA677A6 CAD84F96 9734081B F8F8FAAE 000B02FB AEF7C7B1 73AFA44B
7D27E112 8991F03B 3D4FD484 34E2EA9F BD426F73 48778F2A AD35AAD6 EC00805D
249B 8702 D545AEEA 40670DFD 3E6BEC29 EE48A0C6 CB7694FD 722D1A62 3A499CC5
02030100 01A 36630 03551 D 13 64300F06 0101FF04 05300301 01FF3011 0603551D
11040A 30 08820652 6F757465 72301F06 23 04183016 801462CB F6BD12F6 03551D
080C8A89 F9FBBDCE 9751528A FFFD301D 0603551D 0E041604 1462CBF6 BD12F608
0C8A89F9 FBBDCE97 51528AFF FD300D06 092 HAS 8648 01040500 03818100 86F70D01
ACA87977 CF 55225 6 9147E57E 8B5A8CA8 46348CAF 801D11C6 9DA57C69 14FA5076
6844F0CC 4CBEB541 136A483A 69F7B7F0 E44474E8 14DC2E80 CC04F840 B 3531, 884
F08A492D 8C3902C0 725EE93D AC83A29F 799AAE0F 5795484B B3D02F84 911DB135
5 189766 C30DA111 6B9B4E46 E999DA5B 202 21B0B9D4 HAS 6900 07A93D8D 41C7FD21
quit smoking
dot11 syslog
IP source-route
!
!
!
!
!
IP cef
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!
!
!
license udi pid CISCO1812/K9 sn FCZ10232108
username admin privilege 15 secret 5 P677 $1$ $ Rggfdgt8MeD8letZDL08d.
!
!
!
type of class-card inspect correspondence sdm-nat-smtp-1
game group-access 101
smtp Protocol game
type of class-card inspect entire game SDM_AH
match the name of group-access SDM_AH
type of class-card inspect all sdm-cls-insp-traffic game
match Protocol cuseeme
dns protocol game
ftp protocol game
h323 Protocol game
https protocol game
match icmp Protocol
match the imap Protocol
pop3 Protocol game
netshow Protocol game
Protocol shell game
match Protocol realmedia
match rtsp Protocol
smtp Protocol game
sql-net Protocol game
streamworks Protocol game
tftp Protocol game
vdolive Protocol game
tcp protocol match
udp Protocol game
inspect the class-map match sdm-insp-traffic type
corresponds to the class-map sdm-cls-insp-traffic
type of class-card inspect all SDM-voice-enabled game
h323 Protocol game
Skinny Protocol game
sip protocol game
type of class-card inspect entire game SDM_IP
match the name of group-access SDM_IP
type of class-card inspect entire game SDM_ESP
match the name of group-access SDM_ESP
type of class-card inspect entire game SDM_EASY_VPN_SERVER_TRAFFIC
match Protocol isakmp
match Protocol ipsec-msft
corresponds to the SDM_AH class-map
corresponds to the SDM_ESP class-map
type of class-card inspect the correspondence SDM_EASY_VPN_SERVER_PT
corresponds to the SDM_EASY_VPN_SERVER_TRAFFIC class-map
type of class-card inspect all match sdm-cls-icmp-access
match icmp Protocol
tcp protocol match
udp Protocol game
type of class-card inspect correspondence sdm-invalid-src
game group-access 100
type of class-card inspect correspondence sdm-icmp-access
corresponds to the class-map sdm-cls-icmp-access
type of class-card inspect correspondence sdm-Protocol-http
http protocol game
!
!
type of policy-card inspect sdm-permits-icmpreply
class type inspect sdm-icmp-access
inspect
class class by default
Pass
type of policy-card inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-smtp-1
inspect
class class by default
drop
type of policy-map inspect sdm - inspect
class type inspect sdm-invalid-src
Drop newspaper
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-Protocol-http
inspect
class type inspect SDM-voice-enabled
inspect
class class by default
Pass
type of policy-card inspect sdm-enabled
class type inspect SDM_EASY_VPN_SERVER_PT
Pass
class class by default
drop
type of policy-card inspect sdm-license-ip
class type inspect SDM_IP
Pass
class class by default
Drop newspaper
!
security of the area outside the area
safety zone-to-zone
ezvpn-safe area of zone
safety zone-pair sdm-zp-self-out source destination outside zone auto
type of service-strategy inspect sdm-permits-icmpreply
source of sdm-zp-out-auto security area outside zone destination auto pair
type of service-strategy inspect sdm-enabled
safety zone-pair sdm-zp-in-out source in the area of destination outside the area
type of service-strategy inspect sdm - inspect
sdm-zp-NATOutsideToInside-1 zone-pair security source outside the area of destination in the area
type of service-strategy inspect sdm-pol-NATOutsideToInside-1
in the destination box source sdm-zp-in-ezvpn1 ezvpn-pairs area security
type of service-strategy inspect sdm-license-ip
source of sdm-zp-out-ezpn1 of security area outside zone ezvpn-zone time pair of destination
type of service-strategy inspect sdm-license-ip
safety zone-pair sdm-zp-ezvpn-out1-source ezvpn-zone of destination outside the area
type of service-strategy inspect sdm-license-ip
safety zone-pair source sdm-zp-ezvpn-in1 ezvpn-area destination in the area
type of service-strategy inspect sdm-license-ip
!
!
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
!
Configuration group Sindby crypto isakmp client
key TheSommerOf03
90.0.0.240 DNS 8.8.8.8
win 90.0.0.240
SBYNET field
pool SDM_POOL_2
Max-users 15
netmask 255.255.255.0
ISAKMP crypto sdm-ike-profile-1 profile
identity Sindby group match
client authentication list sdm_vpn_xauth_ml_1
ISAKMP authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-model 1
!
!
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
Crypto ipsec transform-set esp-SHA2-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA3-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA4-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA5-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA6-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA7-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA8-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA9-ESP-3DES esp-sha-hmac
Crypto ipsec transform-set esp-3des SHA10-ESP-3DES esp-sha-hmac
!
Profile of crypto ipsec SDM_Profile1
game of transformation-ESP-3DES-SHA10
isakmp-profile sdm-ike-profile-1 game
!
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
Shutdown
!
interface FastEthernet0
Description $FW_OUTSIDE$
IP address 93.166.xxx.xxx 255.255.255.248
NAT outside IP
IP virtual-reassembly in
outside the area of security of Member's area
automatic duplex
automatic speed
!
interface FastEthernet1
no ip address
Shutdown
automatic duplex
automatic speed
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
FastEthernet6 interface
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
type of interface virtual-Template1 tunnel
IP unnumbered FastEthernet0
ezvpn-safe area of Member's area
ipv4 ipsec tunnel mode
Tunnel SDM_Profile1 ipsec protection profile
!
interface Vlan1
Description $FW_INSIDE$
IP 90.0.0.190 255.255.255.0
IP nat inside
IP virtual-reassembly in
Security members in the box area
!
local IP SDM_POOL_1 90.0.0.25 pool 90.0.0.29
local IP SDM_POOL_2 90.0.0.75 pool 90.0.0.90
IP forward-Protocol ND
IP http server
local IP http authentication
IP http secure server
IP http timeout policy inactive 600 life 86400 request 10000
!
!
IP nat inside source static tcp 192.168.1.200 25 interface FastEthernet0 25
the IP nat inside source 1 interface FastEthernet0 overload list
IP route 0.0.0.0 0.0.0.0 93.166.xxx.xxx
!
SDM_AH extended IP access list
Remark SDM_ACL = 1 category
allow a whole ahp
SDM_ESP extended IP access list
Remark SDM_ACL = 1 category
allow an esp
SDM_IP extended IP access list
Remark SDM_ACL = 1 category
allow an ip
!
exploitation forest esm config
access-list 1 permit 90.0.0.0 0.0.0.255
Access-list 100 = 128 SDM_ACL category note
access-list 100 permit ip 255.255.255.255 host everything
access-list 100 permit ip 127.0.0.0 0.255.255.255 everything
access-list 100 permit ip 93.166.xxx.xxx 0.0.0.7 everything
Remark SDM_ACL category of access list 101 = 0
IP access-list 101 permit any host 192.168.1.200
!
!
!
!
!
!
RADIUS-server host 90.0.0.245 auth-port 1645 acct-port 1646
!
control plan
!
!
Line con 0
line to 0
line vty 0 4
transport input telnet ssh
!
end
Hello
Looks like you're missing the key from the radius server configuration "RADIUS-server host 90.0.0.245 auth-port 1645 1646 key your_keyacct-port»
Thank you
Wen
-
How to restrict Internet access by using the RADIUS server via switch Catalyst 3560
Dear all,
I need a configuration using any. I have a small network of 15 users a 3560, which is in turn connected to a router ISR 2811. Interface fastethernet 0/24 switch 3560 I intend to connect to a unix based server RADIUS. ISP is connected on the opposite side of the 2811 to the fa0/0 interface.
I want to make is that if someone among the 15 users tries to access the internet, they must be validated in the RADIUS server by their pre-configured user credentials. (I'm going to store 15 user credentials here). If someone else tries to connect (except those 15) he or she should be denied internet access.
The RADIUS server will be having a login page to type the name of user and password.
Please guide based on what commands I should inject into the 3560 or what specifically, I need to have to run this task.
Thanks in advance!
Samrat.
I only did this in a very long time, but you probably want to do is activate the web authentication.
-
Have CSA 6.0.2 much workstaitions not answering a similar event:
The agent software cannot compile configuration sent from the central server:
(C:\Program Files\Cisco\CSAgent\cfg\agent.rul(4256): the CSIDL_SYSTEMX86 variable was not declared
(C:\Program Files\Cisco\CSAgent\cfg\agent.rul(4550): the CSIDL_SYSTEMX86 variable was not declared
(C:\Program Files\Cisco\CSAgent\cfg\agent.rul(4708): the ProcessName variable was not declared
(C:\Program Files\Cisco\CSAgent\cfg\agent.rul(4771): the ProcessName variable was not declared
(C:\Program Files\Cisco\CSAgent\cfg\agent.rul(5155): parse error
(C:\Program Files\Cisco\CSAgent\cfg\agent.rul(5165): parse error
(C:\Program Files\Cisco\CSAgent\cfg\agent.rul(5171): parse error
(C:\Program Files\Cisco\CSAgent\cfg\agent.rul(5192): parse error
(C:\Program Files\Cisco\CSAgent\cfg\agent.rul(5211): parse error
(C:\Program Files\Cisco\CSAgent\cfg\agent.rul(5215): parse error
(C:\Program Files\Cisco\CSAgent\cfg\agent.rul(5236): parse error
(C:\Program Files\Cisco\CSAgent\cfg\agent.rul(5252): parse error
(C:\Program Files\Cisco\CSAgent\cfg\agent.rul(5258): parse error
C:\Program Files\Cisco\CSAgent\cfg\agent.rul(5287)You may be experiencing bug CSCtg78612. This occurs when the CSA MC is updated from a previous version of 6.0 to 6.0.2 and managed agents have not yet been upgraded. You should be able to solve the problem by programming upgrades the agent for the affected hosts.
You can view the full bug details here:
Scott
-
Unable to connect to the radius server
Hello
I do configuration of the radius server on win Server 2008r2 wireless IEEE 802. 1 x.and I do the configuration on the access point to the RADIUSin win7 machine when I tried to connect to the server and enter the username and password that I created in AD, but win7 still asked me to username and password and it doesn't show me any errorPlease help meThank you.Hello
I suggest you to ask your question at the following link.
http://social.technet.Microsoft.com/forums/en-us/w7itpronetworking/
I hope this helps.
-
Test of the RADIUS server options
Hello
Does anyone have experience in the radius server availability tests? I have what the switch is used to test the availability of the radius server and what measures he will take after the detection of server are dead? Setup is done with ISE 1.4.
Hello
Because how switch contact RADIUS and how to configure the switch for dead timers, I will redirect you on the Cisco documentation which is very simple and complete as well.
http://www.Cisco.com/c/en/us/products/collateral/iOS-NX-OS-software/iDEN...
All parameters to mark a server as dead and how long it will be considered as dead are tweak-able. Setting dynamically some servers as dead if no responses may result in better performance of RADIUS response.
Thank you
PS: Please don't forget to rate and score as correct answer if this answered your question.
-
change the IP address of the RADIUS server
Hi all
I'm looking to reloacte a Ganymede server + inside the demilitarized zone and, consequently, the server will be on a new IP range.
I will seek the role these command using chat tools that I have a large number of switches
the configuration of switches is less than
existing Ganymede:
host key 10.11.11.40 radius-server 9090897979800090908
Now I move the server to a new IP 10.99.1.40
If I put the command
host key 10.99.1.40 radius-server 9090897979800090908
the configuration looks like this:
host key 10.11.11.40 radius-server 9090897979800090908
host key 10.99.1.40 radius-server 9090897979800090908
I need to confirm that when I switch the server again this IP switches will turn to the new ip address of 10.99.1.40 and I do after all, that is, remove the old line: no host key 10.11.11.40 radius-server 9090897979800090908
Or it will work now and I have to set up a group that is located at the bottom of the page from the link below
http://www.Cisco.com/c/en/us/TD/docs/iOS/12_2/security/configuration/guide/fsecur_c/scftplus.html
Thank you very much
The method explained in the linked document is the most recent. On IOS 15.x the previous method (which still works) generates a message in the cli parser that it was withdrawn and Cisco recommends to the new method.
That said, each method should work. The new method should be good all switches or routers with IOS 12.0 +.
When there are two servers configured, IOS them will try in order and, if a response is not received in three trials (each in the case of multiple servers), it may fall to another configured method aaa (or fails aaa if no second method has been defined)
-
Problem with the DHCP server IP address
Hello
a new installation of LAN, two VSS pair core 6509, 15 closets, with piles of 3750. Floor 15 only, host devices can ping the DHCP server, but cannot acquire IP addresses. not this problem on other floors?
PortFast a dother settings are intact.
your thoughts with be appreciated.
Massoud
Are the trunks will switches closets for the vlan, the DHCP server is in?
Sent by Cisco Support technique iPhone App
-
How to account for the Radius Server cisco vpn client
Hello
I would like to realize vpn cisco customers
My config is:
AAA authentication login default local radius group
RADIUS AAA authentication login aaa_radius local group
RADIUS group AAA authorization exec default authenticated if
AAA authorization vpn LAN
failure to exec AAA accounting
action-type market / stop
RADIUS group
!
AAA accounting network aaa_radius
action-type market / stop
RADIUS groupRADIUS-server host x.x.x.x auth-port 1812 acct-port 1813 key xxxxx
No package of accounitng is sent to the server radius, only the packages autthetication
RADIUS server is freeradius
Thank you
Pet
Hello!
The sequence of commands you add to your configuration:
1. in the case of former card crypto
crypto-NAME of the customer accounting card card list aaa_radius
2. in the case of isakmp profiles
Profile of crypto isakmp PROFILE NAME
accounting aaa_radius
When the NAME of the map and the PROFILE NAME real names for you profile crypto map or isakmp respectively.
I hope this helps.
Best regards.
-
Newbie question on access to the RADIUS server
I've worked before on RADIUS servers running on Windows but not on Unix. I'm new to an environment without any documentation and I make sure I have access to the GANYMEDE/ACS config.
I go to my config switch and I see that ' 10.0.0.1 radius-server.
Then I ssh into ' 10.0.0.1' and I see the below after "method.
From the bottom, you have an idea on how to access the configuration of the ACS in case I need to change any setting it? I tried http://10.0.0.1 but it does not work.
-bash-3, $00 ls
bin features core net sbin TT_DB
Start the etc. opt system usr lib
export of CDROM lost + found tftpboot var platform
dev House Dem proc tmp flight-bash-3. $00 ls
bin features core net sbin TT_DB
Start the etc. opt system usr lib
export of CDROM lost + found tftpboot var platform
dev House Dem proc tmp flightTry http://10.0.0.1:2002 for ACS listening on port default 2002.
Pete
-
How 2 Configure ACS 4.2 to delegate authentication to the radius server
Hello
We need run the following scenario:
Cisco VPN client (or any connect, Cisco SSL VPN client)---> Cisco ASA 5520---> Cisco ACS 4.2---> CAT Authentication Server
The CAT authentication server is a Radius server. It can receive Radius authentication requests and respond. It is used for strong authentication TFA WBS similar to RSA OTP tokens.
The question is: how we set up the 4.2 ACS to delegate authentication request to another Radius server.
Thnx
Add the RSA server as an external database, configure the drop user profile or a group to authenticate on the new external database rather than ACS DB Local (or Windows DB).
Easy as pie!
Please rate if this is useful.
-
Changing the vCenter Server IP address
I am trying to build a new vCenter environment, we are currently waiting on IP ports and patch our networks team but I would "If I can" start building the server vCenter for this environment, there will be a virtual server.
We have a test environment in place for the moment that we have a shared iscsi data store that once the environment has been built, we can remove from the inventory and add to the new environment once completed.
Can we see problems with IP addressing if I build the server with a temp IP then import into my new environment and then change the IP address?
Yes,
As you say you have a DB server as physics that won't change, even if you go for the production.
So, all that you requested
(1) SSO - for SSO db if you use existing DB for this tha'ts then fine, but if you plan to have additional server to DB, you will find difficulty
(2) SQL server for VC - as you said that you use existing DB... It is very good
(3) installing vcenter server and inventory... require you to have details of the SSO server. If you use the IP agreement for the installation of VC, there is difficulty, where you must uninstall VC and inventory services.
Kind regards
Sachin Bhardwaj
-
Invitations not sent on the Calendar Server 6.3
We would be grateful for any help on this. We can give more details if necessary, please just let us know.
Thank you very much.
Question:
Our clients calendars server seems to be fully operational and error-free. However, when a customer creates a new event and invites others to attend, no prompt is sent. The creator of the event, however, believes everything is in order, because no error message appears and the guest list is displayed on the event. He worked recently. We tried some things have changed (e.g. disk space, size of files, corruption, recent patching, licenses expiring, etc.), but not him have not yet found something that has changed.
Some details of our system:
./CAL/sbin/csversion
Oracle Communications Calendar Server 6.3 - 27.01 (built on February 15, 2011)
SunOS 5.10 xxxx Generic_142909-17 sun4u sparc SUNW, Sun-Fire-V440
In var/opt/SUNWics5/logs/watcher.log, we get these notices and these errors when restart us the service.
[20/Feb / 2012:12:35:56 + 1300] (Reviews) Request received to restart: store admin http
[20/Feb / 2012:12:35:56 + 1300] (Reviews) Connecting to watcher...
[20/Feb / 2012:12:36:00 + 1300] 7698 (opinion)
[20/Feb / 2012:12:36:00 + 1300] (Reviews) If you stop http server 7704... fact
[20/Feb / 2012:12:36:02 + 1300] (Reviews) If you stop http server 7705... fact
[20/Feb / 2012:12:36:02 + 1300] (Opinion) server admin does not work
[20/Feb / 2012:12:36:02 + 1300] (Reviews) Stopping Server store 7700... timeout
[20/Feb / 2012:12:37:03 + 1300] (Error) Can not stop Bank server with SIGTERM, now a new attempt with SIGKILL
[20/Feb / 2012:12:37:03 + 1300] (Reviews) Stopping Server shop 7700... fact
[20/Feb / 2012:12:37:05 + 1300] (Reviews) Ex-store server... 7718
[20/Feb / 2012:12:37:05 + 1300] (Reviews) Verification to store the State of the server... ready
[20/Feb / 2012:12:37:07 + 1300] (Reviews) Starting the server admin... Looked at 'csadmind' process 7725 ended abnormally
7725
[20/Feb / 2012:12:37:08 + 1300] (Reviews) From http server... [20/Feb / 2012:12:37:08 + 1300] (Reviews) Request received to restart: store admin http
[20/Feb / 2012:12:37:08 + 1300] (Reviews) Connecting to watcher...
... 7727
[20/Feb / 2012:12:37:13 + 1300] 7698 (opinion)
[20/Feb / 2012:12:37:13 + 1300] Store (error) has failed two times in 600 seconds, they will not restart
Looked at 'csadmind' process 7844 ended abnormally
What we did:
We had db_verify and csdb - v check on data bases. ics50deletelog.DB had corruption, we who fixed using db_dump and db_load to export, and then import the data bases.
We also served the ics50deletelog.db database with the help of cspurge later in the discharge and charge do not seem to have had an effect.
We have tried to put the log level upward in the opt/SUNWics5/cal/config/ics.conf, but did not have more details when you restart the service (via /etc/init.d/sunwics5 restart)
Before that we had the db_dump and db_load purge:
Calendar database version: 4.0.0
Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Total database size in bytes: 1465503744
Total number of calendars: 14964
Total number of events: 830842
Total number of tasks: 17351
Total number of alarms: 57181
Total number of entries of gse: 9
Total number of entries of main component: 24100
Total number of entries deletelog: 1779967
Logfile total size in bytes: 79262
Session database version: 3.0.0 [BerkeleyDB]
Total database size in bytes: 0
Logfile total size in bytes: 0
Meter database version: 1.0.0 [memory mapped files]
Total database size in bytes: 0
After the db_dump and db_load the purge:
Calendar database version: 4.0.0
Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
Total database size in bytes: 1201864704
Total number of calendars: 14964
Total number of events: 830845
Total number of tasks: 17351
Total number of alarms: 55116
Total number of entries of gse: 9
Total number of entries of main component: 24100
Total number of entries deletelog: 1779967
Logfile total size in bytes: 5251612
Session database version: 3.0.0 [BerkeleyDB]
Total database size in bytes: 0
Logfile total size in bytes: 0
Meter database version: 1.0.0 [memory mapped files]
Total database size in bytes: 0
Thanks again.Sounds like we're talking about 'Notifications of events Invitations '. These are notifications that is sent when someone invites you to an event. If you get the notification or not depends on your preference stored in ldap. This can be set using the Convergence to navigate through the Options-> calendar-> notifications (check "Notify me by email of new invitations or modifications of the invitation"). The attributes below is actual ldap that is stored in the user input.
icsExtendedUserPrefs: ceNotifyEnable = 1
icsExtendedUserPrefs: [email protected]In the following cases (participant) user won't get notifications even if the preference above is defined.
a > creating an event with participants in the past. CS6, by default, removes the notifications of past events. You can turn notifications of past events by setting the configuration 'ine.pastnotification.enable' on 'Yes' in ics.conf
b > if the client creating the application server event does not send notifications. (smtpNotify wcap param to storeevents.wcap). Outlook Connector uses this param wcap, so you won't get notifications server for events invited using Outlook Connector. Outlook Connector sends that is own notifications directly.
According to me, you are looking for this kind of notifications. The process responsible for sending these notifications is "csadmind" on the Frontend. So, you must check the admin.log on the Frontend to see whether or not it is sending notifications.
Published by: dabrain on February 21, 2012 09:26
-
Assign the radius server to specific groups of VPN 3000
Last week, I assigned a test Cisco ACS server to be used for authentication and device of accounting for a specific group on a Cisco VPN concentrator 3060. When I looked at ACS, it appears that not only the Group was to go there but others through this way and using the default values on the Cisco Secure ACS. Is it possible that I can make sure only the traffic assigned to this specific group of VPN using the ACS server defined?
Thank you
Hello
Not sure about your implementation. But you must configure the group for this specific ad group map can only authentication.
In the external group map db, map
Group ACS VPN---> with<---- ad="" vpn="">---->
Any other combination should point to any access group.
Kind regards
~ JG
Note the useful messages
Maybe you are looking for
-
Satellite P300 - cursor jumps back
Hello I have a Satallite P300 - 19 p and when I type after some works the cursur jumps to a place randomly in the text that I write. Is very annoying because I have to look at the screen all the time, I tried to type very slowly to see if I tap on a
-
CLIQ: unable to post on facebook! Help
I'm unable to post on facebook, attempted several times only to get a triangle of error, help
-
Urge 4520: 4520 ENVY will be is no longer scan or print
I got my desire since December and until today, it was great. It won't print or scan. I tried everything I can think of. I used HP printing Scan Doctor several times. I checked my settings wireless more than once, I downloaded the drivers and softwa
-
Hibernation succeeded, but fail to start again
make short, my laptop win7 had hibernated successfully, but the next time that I started it, he jumped in menu mode safe before bootscreen as it has been applied to stop... but the hibernation was a great success! I don't know how I can fix this, nee
-
Need password on wake up does not work with two monitors
I use a laptop with a second monitor attached. I have the settings set to sleep when I close the lid, and then request a password on the reactivation. He does not sleep, and if the second monitor, but when I open again the cover, it does not require