Category Archives: Non classé

Cisco devices IOS

Le démarrage dépend du registre de la configuration, cela est visible par
# show version

Le démarrage se fait dans l’ordre:
1) POST: power on self test
2) le bootstrap: localisation de l’IOS puis lecture des commandes boot system en NVRAM. Si pas de commandes ou pas de conf, alors recherches flash, TFTP, ROM (IOS minimaliste)
3) extraction de l’IOS en RAM
4) chargement de la conf ou du mode setup

Cisco IPV6

IPv6 est une adresse sur 128bits, notée en hexadécimale: 8 blocs de 4 chiffres hexa séparés par :
Les en-têtes ont été simplifiées, pas de checksum, pas de fragmentation.
Les en-têtes sont évolutives.

Exemple: 2a01:0000:0000:0000:c66e:1fff:fe04:d596
Les premiers zéros de chaque bloc peuvent être omis.
2a01:1:0000:0000:c66e:1fff:fe04:d596
Une seule fois une suite de zéros peut être remplacé par ::
2a01:1::c66e:1fff:fe04:d596

Structure
2001:1234:abcd c’est le réseau
sab3 c’est le sous réseau
111:aaaa:bbbb:ff11 est la partie host

Trois types d’IPv6
– unicast
– multicast
– anycast
– PAS d’IP de broadcast => utilise un multicast spécifique

Attribution d’une IPv6
– statique
– DHCP v6
– autoconfig stateless, la machine trouve seule son adresse IP. Elle envoit un multicast spécifique, l’équipement réseau (le routeur) lui indique le réseau dans lequel elle est, et ensuite elle doit trouver suele ses 64 bits du host. Pour cela elle utilise la méthode random ou EUI-64 (basée sur la mac)

Migration:
– dual stack: faire tourner les deux protocoles
– tunneling: manuel, 6to4, teredo/isatap, NAT-PT

Sur un même segment de réseau on peut utiliser une adresse IP Link Local. On remplace la partie organisation par fe80

BO authentication based on BW

Steps to configure BO authentication on SAP BW abap stack:
– create BO certificates
– configure BO for SAP authentication in the Central Management Console
– import BO certificates in SAP BW
– modify BO config file to enable SAP authentication

1) At BO server OS level, issue the following commands in order to create certificates files
Change CN name with BO server name, alias can be whatever you want, and xxxxxxxxxxxx is the password

cd "C:Program Files (x86)SAP BusinessObjectsSAP BusinessObjects Enterprise XI4.0javalib"
"C:Program Files (x86)SAP BusinessObjectsSAP BusinessObjects Enterprise XI 4.0win64_x64sapjvmbinjava" -jar PKCS12Tool.jar -alias mywin -storepass xxxxxxxxxx -dname CN=VORANGE
"C:Program Files (x86)SAP BusinessObjectsSAP BusinessObjects Enterprise XI 4.0win64_x64sapjvmbinkeytool" -exportcert -keystore keystore.p12 -storetype pkcs12 -file cert.der -alias mywin

2) In SAP BO Central Management Console, select Authentication then SAP.
First tab Entitlement Systems, indicate SAP BW server informations and click on Update button.
bossosap01
In Options tab, tick SAP Authentication, and indicate SAP BW logical system. If no logical system is there, you can put it again at the end.
bossosap02
At the bottom of Options tab, upload the keystore.p12 file generated in step 1, enter the password and alias. Then click on the Update button
bossosap03
3) Import SAP BW roles relevant for BO access
Tab Import roles, select only relevant roles. Then click on Update button.
bossosap04
4) Import SAP BW users
In tab User update, click on Update now users and aliases
bossosap05
5) import in SAP the BO certificate
Transaction STRUSTSSO2, menu Certificate > Import, select cert.der generated in step 1
bossosap06
Click on button Add to certificate list
bossosap07
Click on button Add to ACL and declare it in all clients (only 000 should be needed but I got trouble without doing it in 500)
bossosap08
6) Check BO services used for SSO are running
Go in CMC, select Servers, open Service Categories, select Core Services and in the right pane select APS
bossosap09
Right click on APS select Edit Common Services, and check if Security Token Service is there. If not, stop APS and add Security Token Service, then start APS.
bossosap10
7) Edit BO configuration files to display SAP authentication at logon screen
Directory:

C:Program Files (x86)SAP BusinessObjectsTomcat6webappsBOEWEB-INFconfigdefault

File global.properties

# For turning persistent cookies on/off for the logon page. Defaults to true if this is not present.
persistentcookies.enabled=true

# You can specify the siteminder Authentication type here. secLDAP, secWinAD.
siteminder.authentication=secLDAP

# Set to false to disable Siteminder single sign on.
siteminder.enabled=false

# Set to true to enable other single sign on.
sso.enabled=true

# Set to true to use SAP SSO as the primary SSO mechanism
sso.sap.primary=false

# Set to true to enable immediate autologoff for SAP NetWeaver iViews
iview.autologoff=true

# The maximum number of elements in the object browser folder tree
max.tree.children.threshold=200

# Trusted authentication: session variable name to retrieve the shared secret; Leave empty if shared secret is not passed from web session
trusted.auth.shared.secret=

# Trusted authentication: set Header/URL parameter/Cookie/Session variable name to retrieve username. No need to set for REMOTE_USER or USER_PRINCIPAL.
trusted.auth.user.param=

# Trusted authentication: set to true to prefix external user name to secExternal:; Leave empty if external user name is mapped to same user name
trusted.auth.user.namespace.enabled=

# Trusted authentication: set how to retrieve userID. Set to "REMOTE_USER" for HttpServletRequest.getRemoteUser(). Set to "HTTP_HEADER" for HTTP header. Set to "QUERY_STRING" for URL query string. Set to "COOKIE" for cookie. Set to "WEB_SESSION" for web session. Set to "USER_PRINCIPAL" for user principal. Reset to empty to disable trusted authentication.
trusted.auth.user.retrieval=

# Set to true to enable Vintela single sign on.
vintela.enabled=false
idm.realm=YOUR_REALM
idm.princ=YOUR_PRINCIPAL
idm.allowUnsecured=true
idm.allowNTLM=false
idm.logger.name=simple
idm.logger.props=error-log.properties

#whether or not to show the warning dialog with the message that the session will expire soon in CMC
pinger.showWarningDialog.cmc=true

#whether or not to show the warning dialog with the message that the session will expire soon in BI launch pad
pinger.showWarningDialog.bilaunchpad=true

#how often that a web server request should be sent while the warning message is displayed. This is important for synchronization of the warning dialog across applications.
pinger.warningPeriod.pingIncrementsInSeconds=15

#how many minutes before the session expiry that the warning dialog should be displayed, ie, give the user a 5 minute warning that the session will expire.
pinger.warningPeriod.lengthInMinutes=5

# Logoff all applications' Enterprise Sessions on web session expiry.
# You may wish to turn this off if your web servers run in a clustered environment.
logoff.on.websession.expiry=true

pinger.enabled=true

# Max number of JCo destinations cached.
system.com.sap.bip.jcomanager.destinations.maxsize=1000

# HTTP proxy server user name and password
httpproxy.username=
httpproxy.password=

# Embed secret (enter your own)
# A shared secret between a portal embedding BOE applications and the BOE application server which is used to
# determine whether BOE applications can be safely embedded in other pages.
# Make sure you change in both places.
logon.embed.secret=

# Embed timeout
# Number of seconds after which BOE applications like BI Launchpad will reject being
# embedded into a portal. Make sure the system clocks on the BOE web server and portal server machines
# are within this number of seconds of each other.
logon.embed.timeout=300

File BIlaunchpad.properties

# application name
app.name=BI launch pad
app.name.greeting=BusinessObjects
app.name.short=BI launch pad

# the name in the URL. It must start with a '/', and it must contain exactly 1 '/'.
app.url.name=/BI

# You can specify the default Authentication types here. secEnterprise, secLDAP, secWinAD, secSAPR3
authentication.default=secSAPR3

# Choose whether to let the user change the authentication type. If it isn't shown the default authentication type from above will be used
authentication.visible=true

# You can specify the default CMS machine name here
cms.default=VORANGE:6400

# Choose whether to let the user change the CMS name
cms.visible=true

# Set to true to prompt when navigating away from a writable page in a modal dialog. Default is false
dialog.prompt.enabled=false

# Set to false to disable logon with token.
logontoken.enabled=false

# Shared Destination From Field. Enables or Disables the From field when scheduling a object to a destination. When the value is set to false the From field will not be rendered and the system will first attempt to get the email value from the report default, if report default is not available it will attempt to get the value from the email address on user profile of the logged on user and lastly if the user profile email address in not available it will use the job server default
SMTPFrom=true

#The URL that a logout will redirect to if the logon was an external logon (i.e. via start.do). This is optional.
url.exit=

# If the locale preference is disabled (only english languages will be used/allowed)
disable.locale.preference=false

# Allow or disallow logoff on web session expiry for external logon.
# Has no effect if the global logoff.on.websession.expiry value is false
extlogon.allow.logoff=true

File OpenDocument.properties

app.name=BusinessObjects OpenDocument
app.name.short=OpenDocument

# You can specify the default Authentication types here. secEnterprise, secLDAP, secWinAD, secSAPR3
authentication.default=secSAPR3

# Choose whether to let the user change the authentication type. If it isn't shown the default authentication type from above will be used
authentication.visible=true

# You can specify the default CMS machine name here
cms.default=VCHOUX:6400

# Choose whether to let the user change the CMS name. If it isn't shown the default System from above will be used
cms.visible=true

# Set to false to disable logon with token.
logontoken.enabled=true

# Allow or disallow logoff on web session expiry for external logon.
# Has no effect if the global logoff.on.websession.expiry value is false
extlogon.allow.logoff=true