Creating user in Context

Muhammad Khan · ‎01-19-2010

Hi,

I wounder if anyone could help me. I have an ACE appliace running. I have created a new Context and have done all the configuration i.e. interfaces, loadbalancing, domain, users etc. Only problem and very basic one is that I am unable to login to the Context directly. I can acess the Contect with it's management IP but when I try to login I get "Invalid User Name/Password." message.

I can only login in Admin context. Is there anyting I am missing?

Rgds,

Eric Rose · ‎01-19-2010

Hi,

Did you create a policy for remote access to that context and add the it to the interface?

Typically there is a remote_mgnt service policy - this is used to access the managemnet entity on a specific interface.

Thanks

Eric

Muhammad Khan · ‎01-19-2010

Hi Eric,

Thank you for your reply.

Yes all the policies are in place. I can browse to we Console and Telnet but unable to login. Here is the Context config (It is one armed design with client/server and ACE on same VLAN). None of the users defined in here can login.

access-list ALL line 8 extended permit ip any any
access-list ALL line 16 extended permit icmp any any

probe http Probe_HTTP
interval 5
passdetect interval 60
expect status 200 200
open 10

rserver host Server1
ip address 192.168.0.2
conn-limit max 4000000 min 4000000
inservice

rserver host Server2
ip address 192.168.0.23
conn-limit max 4000000 min 4000000
inservice

serverfarm host Farm1
probe Probe_HTTP
rserver Server1 80
    conn-limit max 4000000 min 4000000
    inservice
rserver Server2 80
    conn-limit max 4000000 min 4000000
    inservice

sticky http-cookie XYZ_Cookie XYZ_Cookie
serverfarm Farm1

class-map type management match-any Management
201 match protocol http any
202 match protocol https any
203 match protocol icmp any
204 match protocol kalap-udp any
205 match protocol ssh any
206 match protocol telnet any
207 match protocol xml-https any

class-map match-all XYZ_VS
2 match virtual-address 192.168.0.9 tcp eq www

policy-map type management first-match Management
class Management
permit

policy-map type loadbalance first-match XYZ_VS-l7slb
class class-default
serverfarm Farm1

policy-map multi-match int3
class XYZ_VS
    loadbalance vip inservice
    loadbalance policy XYZ_VS-l7slb
    nat dynamic 5 vlan 2

interface vlan 2
description Server VLAN
ip address 192.168.0.6 255.255.255.0
alias 192.168.0.8 255.255.255.0
peer ip address 192.168.0.7 255.255.255.0
access-group input ALL
nat-pool 5 192.168.0.9 192.168.0.9 netmask 255.255.255.0 pat
service-policy input int3
service-policy input Management
no shutdown

domain XYZ_Domain
add-object all

ip route 0.0.0.0 0.0.0.0 192.168.0.20

username XYZadmin password 5 *********** role Admin domain default-domain
username XYZusr password 5 ********* role Network-Monitor domain XYZ_Domain

snmp-server contact "ANM"
snmp-server location "ANM"

Thank you.

Muhammad Khan · ‎01-19-2010

Errr... i managed to resolve it

username XYZadmin password 5 *********** role Admin domain default-domain
username XYZusr password 5 ********* role Network-Monitor domain XYZ_Domain

Should have been

username XYZadmin password 0 *********** role Admin domain default-domain
username XYZusr password 0 ********* role Network-Monitor domain XYZ_Domain

I was specifying encrypted password instead of clear text.

Eric Rose · ‎01-19-2010

That is great to hear.

Thanks

Eric