The AAA authentication: not configured

I have cisco 851 using ccp to configure EASY VPN

I click on TEST VPN SERVER, and then click Start the State shows successful

When I tried to connect a client I mm_no_state

When I considered the report of the test I found

My AAA

AAA new-model

AAA authentication login tgcsusers local

AAA authorization tgcsvpn LAN

AAA - the id of the joint session

I have also attached my config

Ideas or thoughts?

You will need to get my client work...

I logged by user name password you provided.

Please check the pictures I downloaded to you.

Good night, sleep tight.

Thank you

Rizwan James

Tags: Cisco Security

Similar Questions

The AAA authentication not working method and 'by default' list

Guys,

I hope someone can help me here to the problem of the AAA. I copied the configuration and debugging below. The router keeps using username/password local name even if the ACS servers are accessible and functional. To debug, it seems he keeps using the method list 'default' ignoring GANYMEDE config. Any help will be appreciated

Config

**********************************

AAA new-model

!

username admin privilege 15 secret 5 xxxxxxxxxx.

!

AAA authentication login default group Ganymede + local

the AAA authentication enable default group Ganymede + activate

authorization AAA console

AAA authorization exec default group Ganymede + local

AAA authorization commands 15 default group Ganymede + local

AAA authorization default reverse-access group Ganymede + local

orders accounting AAA 0 arrhythmic default group Ganymede +.

orders accounting AAA 15 by default start-stop Ganymede group.

Default connection accounting AAA power Ganymede group.

!

AAA - the id of the joint session

!

RADIUS-server host x.x.x.x

RADIUS-server host x.x.x.x

RADIUS-server host x.x.x.x

RADIUS-server host x.x.x.x

RADIUS-server application made

RADIUS-server key 7 0006140E54xxxxxxxxxx

!

Ganymede IP interface-source Vlan200

***************************

Debugs

002344: 5 Dec 01:36:03.087 ICT: AAA/BIND (00000022): link i / f

002345: Dec 5 01:36:03.087 ICT: AAA/AUTHENTIC/LOGIN (00000022): choose method list "by default".

002346: Dec 5 01:36:11.080 ICT: AAA/AUTHENTIC/LOGIN (00000022): choose method list "by default".

core01 #.

002347: Dec 5 01:36:59.404 ICT: AAA: analyze name = tty0 BID type =-1 ATS = - 1

002348: Dec 5 01:36:59.404 ICT: AAA: name = tty0 flags = 0 x 11 type = 4 shelf = 0 = 0 = 0 = 0 = 0 channel port adapter slot

002349: Dec 5 01:36:59.404 ICT: AAA/MEMORY: create_user (0 x 6526934) user = "admin" ruser = "core01" ds0 = 0 port = "tty0" rem_addr = "async" authen_type = service ASCII = NONE priv = 15 initial_task_id = '0', vrf = (id = 0)

002350: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): Port = "tty0" list = "service = CMD

002351: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/CMD: tty0 (2162495688) user = "admin".

002352: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send service AV = shell

002353: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send cmd = AV set up

002354: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send AV terminal = cmd - arg

002355: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send cmd - arg = AV

002356: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): found the 'default' list

002357: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): method = Ganymede + (Ganymede +)

002358: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): user = admin

002359: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send service AV = shell

002360: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send cmd = AV set up

002361: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send AV terminal = cmd - arg

002362: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send cmd - arg = AV

Enter configuration commands, one per line. End with CNTL/Z.

core01 (config) #.

002363: Dec 5 01:37:04.261 ICT: AAA/AUTHOR (2162495688): permission post = ERROR

002364: Dec 5 01:37:04.261 ICT: tty0 AAA/AUTHOR/CMD (2162495688): method = LOCAL

002365: Dec 5 01:37:04.261 ICT: AAA/AUTHOR (2162495688): position of authorization = PASS_ADD

002366: Dec 5 01:37:04.261 ICT: AAA/MEMORY: free_user (0 x 6526934) user = "admin" ruser = "core01" port = "tty0" rem_addr = "async" authen_type = ASCII service = NONE priv = 15

core01 (config) #.

Ganymede + accessible servers use source vlan 200. Also in the Ganymede server + can you check if the IP address for this device is configured correctly and also please check the pwd on the server and the game of this device.

As rick suggested sh Ganymede would be good as well. That would show the failures and the successes

HTH

Kishore

The AAA authentication configuration

We have ACS server 3.1 to AAA for authentication for all routers and switches. I want each person to connect the router using its own id, password password and activate. If the ACS server is unavailable, I want to have different id, password and enable password for console and telnet access. What is the right way to do this? I also want to follow all orders entered on the router.

That's what I have:

AAA new-model

AAA authentication login default group Ganymede + local

enable AAA authentication login no_tacacs

the AAA authentication enable default group Ganymede + line

AAA authorization exec default group Ganymede + local

AAA authorization commands 15 default group Ganymede + local

AAA accounting exec default start-stop Ganymede group.

orders accounting AAA 15 by default start-stop Ganymede group.

!

username admin password 7 xxxxxxxxxxxxxxxx

!

!

Line con 0

connection of authentication no_tacacs

line to 0

line vty 0 4

password 7 xxxxxxxxxxxxxxxxxxxxxxxx

!

Yes, it's Joy on the right. Thank you, Renault

the AAA authentication enable default group Ganymede + activate

I implement CSACS 4.0. First of all on the client, I will apply aaa authenticatio / authorization under vty. The issure if I use the followin command

the AAA authentication enable default group Ganymede + activate

What happens if I connect via the console? I need to enter a name of user and password?

Here is my configuration

AAA new-model

Group authvty of connection authentication AAA GANYMEDE + local

the AAA authentication enable default group Ganymede + activate

authvty orders 15 AAA authorization GANYMEDE + local

RADIUS-server host IP

Radius-server key

Ganymede IP source interface VLAN 3

AAA accounting send stop-record an authentication failure

AAA accounting delay start

AAA accounting exec authvty start-stop group Ganymede +.

orders accounting AAA 15 authvty power group Ganymede +.

AAA accounting connection authvty start-stop group Ganymede +.

line vty 0 15

connection of authentication authvty

authorization orders 15 authvty

authvty connection accounting

accounting orders 15 authvty

accunting exec authvty

Any suggestion will be appreciated!

It should work because it is a guest message.banner whenever you try to connect (console/vty). I set it up on my router.

If you have banner motd, it will appear as well (see below). So, I have to remove it to get only the aaa banner & prompt is displayed:

************************************************************

Username: cisco, password: cisco (priv 15f - local) *.

************************************************************

Any unauthorized use is prohibited.

Enter your name here: User1

Now enter your password:

Router #.

The configuration more or less looks like this:

AAA new-model

AAA authentication banner ^ is forbidden to use CUnauthorized. ^ C

AAA authentication password prompt "enter your password now:

AAA-guest authentication username "enter your name here:

Group AAA authentication login default RADIUS

local authentication AAA CONSOLE connection

HTH

AK

Excluding the lines of Terminal Server in the AAA authentication

Hi all

Hope you can help, I'm trying to find a solution to exclude only the following line port by using the AAA authentication (ACS GANYMEDE +) on a map of Terminal Server on a Cisco 2600 router. Does anyone know how to do this, or point me in the right direction to solve?

I've included the output below:

AAA authentication login default group Ganymede + local
AAA authorization exec default group Ganymede + local
AAA accounting exec default start-stop Ganymede group.
AAA accounting network default start-stop Ganymede group.
AAA accounting default connection group power Ganymede
AAA accounting system default start-stop Ganymede group.
AAA - the id of the joint session

line 41
session-timeout 20
decoder location - XXXXXX XXXXXX BT
No banner motd
No exec-banner
absolute-timeout 240
Modem InOut
No exec
transport of entry all
StopBits 1
Speed 38400

Is it a question of disabling the command line or using a defined group?

Thanks a lot for your help.

Jim.

Hi Jim

You may need to create another group for authentication to the and send your AAA configuration

line to 0

connection of authentication aux_auth

AAA authentication login aux_auth line

You can also configure a username local/pw and map it on the group to here...

Console and telnet would still use the configured default group, or you can specify specific groups:

Line con 0

console login authentication

line 4 vty0

vty authentication login

and specify the aaa authentication settings individually...

I hope this helps... all the best

REDA

Try to connect to the network, get a msg "the server is not configured for transactions.

I have a desktop running Vista Professional (SP2) and a laptop running XP Professional (SP3). They are connected by a WiFi network, the Desktp acting as a server. Everything worked well until the Office had a problem and had to have re-installed Windows. Now, although the Office can find the laptop, the laptop can not find the office or its working group. I get a message " is not accessible. You might not have permission to use this network resource. Contact the server administrator to find out if you have access permissions. The server is not configured for transactions. »
- But once, for about five minutes, it worked - and then stopped again. For no apparent reason.
- If I connect with an Ethernet cable and no WiFi machines, the last sentence of this message changes to "the list of servers of this working group is currently unavailable."
- When you run the Configuration Wizard from the network on the laptop, he told me that I have to run the Wizard "on each of the computers on your network. To run the wizard on computers running XP, you can use the Windows XP CD or a network setup disk". I was not able to do so - the XP disc I have does not behave as indicated by the wizard and the wizard does not recognize my CD - RW drive to create a network setup disk.
Can anyone help?

Well, who has not responded to my problem, but it was eventually fixed by a support guy with the company who sold me the desktop PC. As I understand it, it was a problem of file sharing. Seems he had to undo sharing all my records on the desktop, then re - share once again, since when I did not have this particular problem. But it's obviously not ideal (in MS eyes at least) to the network of computers with different operating systems.

Whenever I try to enter KB2559049 it always gets back after the restart, saying "NOT CONFIGURED".

original title: HELP... (seniors not if nobody PC)!

Whenever I try to enter KB2559049 it always gets back after the restart, saying "NOT CONFIGURED" and then it lands in the updates page... So I used the Microsoft Fix - it tool and she is 'THE PLACE WHERE WINDOWS STORES DATA has CHANGED AND MUST BE FIXED... CHANGE OF PLACES in UPDATE from WINDOWS to THE SETTINGS by DEFAULT in WINDOWS'... well I think, but I don't know how the making and tool Fix - it didn't tell me how is... Please someone can help me to what is necessary.

Hello

I suggest you to follow these steps and check if that helps:

Method 1:

If you have installed a security software on the computer, then I suggest you try to disable temporary and check to see if the same problem happens. Make sure that you enable security software back once the diagnosis is made to prevent the computer from virus attacks.
http://Windows.Microsoft.com/en-us/Windows-Vista/disable-antivirus-software

Method 2:

Try to download the update from this link and install the update manually and check if it helps:

http://www.Microsoft.com/download/en/default.aspx

It will be useful.

Error 0 x 80070035 "[name of the PC] is not configured to establish a connection on Port"File and Printer sharing (SMB)"on this computer".

Original title: "home network".

0 x 80070035 "[name of the PC] is not configured to establish a connection on Port"File and Printer sharing (SMB)"on this computer".

That's what I get on my ThinkPad when I try to do the networking. I placed all the parameters correctly: all 3 of my computers are set the same. 2 workstations work perfectly. They can even see the laptop but not to open all files. The laptop can, open same network t itself file. But he can see the whole of the network (including a printer, is told by the way). I, ve gone through all parameters twice. I've even set the C drives to share via the menus of context on each computer. I have visited many forums with none even come close to this problem (they all will tell you how to set the network parameters or they get very technical and over my head).

I tried with & without a firewall.

No password.

I use a wired network.

Laptop & 1 desktop computer running vista - 1 desktop computer running xp.

They have all the latest service packs ms & udates.

Any help will be appreciated.

These files can be opened by norton or lenovo network setting apps. The settings do not work only in the application of network of vista. Nor can I work norton or lenovo from other computers.

PS how can I ensure these settings effect may just lan and do not extend to the internet?

Thank you bb

I tried new drivers & returned through sharing & permissions, according to Jack, but he was not good. At the level of experience of my computer I can miss something obvious, but I doubt it because I've been very careful in following the instructions. I am experencing other problems with this laptop as well and I'll just get all. I am planing to get back anyway, that's why I needed network. I wanted to Exchange files over the network to avoid having to ' wait & swap "usb drives. Thanks anyway. Thank you BB bb

NAS hard drive not accessible more: the device is not configured to accept connections on port 'files and printers sharing (SMB).

Dear,

I am desperately looking for a solution for my specific problem how access my NAS.

I have a hard drive from Western Digital NAS (Book Live) which worked fine until now. Yet, I just changed my internet provider and I now have a new Fritzbox 6360. Now, I can not access the hard disk of the commune of programs in Windows. I contacted two suppliers already, but without success. I think I have some incorrect settings in my Windows 7, 64 bit. This is the situation:

-NAS is still working with my old Fritzbox, for testing that I went back-> ok

-I can access the NAS via the dashboard or a TwonkyServer-> ok

-When I access it via Windows Explorer, I wonder is to give my credentials (which don't work) or I get the error message: the device is not configured to accept connections on port 'files and printers sharing (SMB).

-J' changed my IP address (dynamic even static) and connections, password-> without success.

-J' tried SFC with the result that found no violation of integrity. -> ok.

Any idea?

Can you please turn off the NAS, unplug the cable and Ethernet cable? Wait about 2 minutes then plug all the cables back in. Any security program or firewall to this computer? Try disabling it for now.

You have another PC or laptop which has Windows 7/8 and try to access the NAS?

You have a smartphone or a Tablet and download an application for the WD NAS and then try to access files.

The key of the MA is not configured properly or is corrupted in the file system and s doe does not exist in the repository of management.

I get this error and is it possible to solve this problem without re-creating the service/s once again, etc. Just curious, if you have suggestions/steps I may have missed or I'll drop and recreate new services
In any case, I have a backup of the emkey.ora and place it in the sysman/config directory, but still does not work... Please see below...
C:\Documents and Settings\abigail > emctl status emkey
Oracle Enterprise Manager 11g Database Control Release 11.2.0.1.0
Copyright (c) 1996, 2010 Oracle Corporation. All rights reserved.
Enter the password for the repository:
********
****
The key of the MA is not configured properly or is corrupted in the file system and the DOE
s does not exist in the repository of management. To correct the problem:
(1) (copy the emkey.ora another WHO file or backup machine OH/sysman/c
onfig directory.
(2) configure the emkey.ora file by running ' emctl config emkey - emkeyfile < emkey.
".ora file location >.
C:\Documents and Settings\abigail > emctl config emkey - emkeyfile E:\app\abigail\p
roduct\11.2.0\dbhome_1\sysman\config
Oracle Enterprise Manager 11g Database Control Release 11.2.0.1.0
Copyright (c) 1996, 2010 Oracle Corporation. All rights reserved.
Enter the password for the repository:
********
****
The key of Em is already configured. To override the current configuration, run "em".
CTL emkey < options > config - force. "
C:\Documents and Settings\abigail > emctl config emkey - emkeyfile E:\app\abigail\p
roduct\11.2.0\dbhome_1\sysman\config-force - sysman_pwd *.
Oracle Enterprise Manager 11g Database Control Release 11.2.0.1.0
Copyright (c) 1996, 2010 Oracle Corporation. All rights reserved.
The key of the MA could not be configured. Cannot access the file E:\app\abigail\product
\11.2.0\dbhome_1\sysman\config.
C:\Documents and Settings\abigail > emctl dbconsole sysman_pwd secure *.
Oracle Enterprise Manager 11g Database Control Release 11.2.0.1.0
Copyright (c) 1996, 2010 Oracle Corporation. All rights reserved.
http://Abigail:5501 / console/em/aboutApplication
DBCONSOLE already stopped...   Fact.
Officer is arrested...   Fact.
Dbconsole fixing...   Has begun.
Please enter repository schema password:
Dbconsole fixing...   Failed.
EMKey is misconfigured.

Sorry but I have to ignore your suggestion and don't worry how I spend my time

AND OHMYGODD IT WORKSS! For later use, this is how I solved it based on my research, in fact based on a particular search:

http://franjv.blogspot.com/2013/08/eMKey-problems-in-Oracle-RAC-11gr2.html

Thank you the one who wrote this and... is it the same "Fran" who helped me last time? Coincidence?

In any case, thanks

The AAA authentication and VRF-Lite

Hello!

I encountered a strange problem, when you use authentication Radius AAA and VRF-Lite.

The setting is as follows. A/31 linknet is configured between PE and THIS (7206/g1 and C1812), where the EP sub-si is part of a MPLS VPN and VRF-Lite CE uses to maintain separate local services (where more than one VPN is used..).

Access to the this, via telnet, console etc, will be authenticated by our RADIUS servers, based on the following configuration:

--> Config start<>

AAA new-model

!

!

Group AA radius RADIUS-auth server

Server x.x.4.23 auth-port 1645 acct-port 1646

Server x.x.7.139 auth-port 1645 acct-port 1646

!

AAA authentication login default group auth radius local

enable AAA, enable authentication by default group RADIUS-auth

...

touch of 1646-Server RADIUS host x.x.4.23 auth-port 1645 acct-port

touch of 1646-Server RADIUS host x.x.7.139 auth-port 1645 acct-port

...

source-interface IP vrf 10 RADIUS

---> Config ends<>

The VRF-Lite instance is configured like this:

---> Config start<>

VRF IP-10

RD 65001:10

---> Config ends<>

Now - if I remove the configuration VRF-Lite and use global routing on the CE (which is OK for a simple vpn installation), AAA/RADIUS authentication works very well. "" When I activate transfer ip vrf "10" on the interface of the outside and inside, AAA/RADIUS service is unable to reach the two defined servers.

I compared the routing table when using VRF-Lite and global routing, and they are identical. All roads are correctly imported via BGP, and the service as a whole operates without problem, in other words, the AAA/RADIUS part is the only service does not.

It may be necessary to include a vrf-transfer command in the config of Group server as follows:

AAA radius RADIUS-auth server group

Server-private x.x.x.x auth-port 1645 acct-port

1646 key ww

IP vrf forwarding 10

See the document below for more details:

http://www.Cisco.com/en/us/partner/docs/iOS/12_4/secure/configuration/guide/hvrfaaa.html

Understand the AAA basic router configuration

There are two commands within our router from companies that I'm not sure. I need an explanation of these two commands and what they do. Thanks advance.

R # AAA authentication ppp tse local

R # AAA authorization network tse local

Hi mwentwrth,

AAA of authentication ppp local tse is a command to authenticate the serial with ppp interfaces. TSE is a listname and local is a user of your router.

AAA authorization network local tse is first an authorization control (typical via Radius or Ganymede +) in your case your tse list then local.

so please watch where tse is configured must be a radius or Ganymede

Kind regards

Flo

the external authentication server configuration

What is the difference with option 'a' (compared to the 'b' option) what configuration of an external authentication server?

a. configuration | System | Servers | Authentication

b. configuration | User management | Groups | Authentication servers

Is it correct to assume that the 'b' option allows for the configuration of external servers for specific groups? Why should I use option 'a '? Thanks in advance.

OK, option b allows you to set a server authentication for a specific group, while option 1 defines a server authentication for all groups. If option b is set then this server is used for authentication to this group only and overrides whatever it is defined in the option. If it is not set, then the option is used.

The AAA authentication & accounting using the command of Ganymede-orders

In the page of the cisco Remote Access Companion guide 394 book we got these configuration lines:

RTA (config) #tacacs - server host 192.168.0.11

RTA (config) #tacacs - host 192.168.0.12 server

RTA (config) #tacacs - server key topsecret

RTA (config) #aaa new-model

Ganymede + RTA (config) #aaa authentication login default group

If I want to add to the configuration above, the following command:

RTA (config) #aaa accounting connection defult stop / start Ganymede +.

Is it necessary that the above lines be in a specific order when I configure the RTA?

No, the order in which you enter commands doesn't matter.

Updates the help will not configure

When I turn on my computer, it goes to ty to configure the update 3 of 3 then stops and restarts. She does again and again, and I can't start menu to do a restore of the suggestions?

See: The update is not installed successfully, you receive a message, and the computer restarts when you try to install an update in Windows Vista
http://support.Microsoft.com/kb/949358

Ignore the title if not relevant but explains two methods to get into the computer.

Good luck

TaurArian [MVP] 2005-2011 - Update Services

The AAA authentication: not configured

Similar Questions

Maybe you are looking for