使用Oracle資料庫在ISE 2.3上配置ODBC

下載選項

  • PDF     (624.8 KB)
    在多種裝置上使用 Adobe Reader 檢視
  • ePub     (633.8 KB)
    在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上的各種應用程式中檢視
  • Mobi (Kindle)     (1.0 MB)
    在 Kindle 裝置或多部裝置的 Kindle 應用程式上檢視
已更新: 2018 年 5 月 25 日
文件 ID:211581

無偏見用語

本產品的文件集力求使用無偏見用語。針對本文件集的目的,無偏見係定義為未根據年齡、身心障礙、性別、種族身分、民族身分、性別傾向、社會經濟地位及交織性表示歧視的用語。由於本產品軟體使用者介面中硬式編碼的語言、根據 RFP 文件使用的語言,或引用第三方產品的語言,因此本文件中可能會出現例外狀況。深入瞭解思科如何使用包容性用語。

關於此翻譯

思科已使用電腦和人工技術翻譯本文件,讓全世界的使用者能夠以自己的語言理解支援內容。請注意,即使是最佳機器翻譯,也不如專業譯者翻譯的內容準確。Cisco Systems, Inc. 對這些翻譯的準確度概不負責,並建議一律查看原始英文文件(提供連結)。

    簡介

    本文檔介紹如何使用Oracle資料庫配置身份服務引擎(ISE),以便使用開放資料庫連線(ODBC)進行ISE身份驗證。

    開放式資料庫連線(ODBC)身份驗證要求ISE能夠獲取純文字檔案使用者密碼。密碼可以在資料庫中加密,但必須通過儲存過程解密。

    必要條件

    需求

    思科建議您瞭解以下主題:

    • 思科身分識別服務引擎2.3
    • 資料庫和ODBC概念
    • Oracle 

    採用元件

    本文中的資訊係根據以下軟體和硬體版本:

    • 身分識別服務引擎2.3.0.298
    • Centos 7
    • Oracle資料庫12.2.0.1.0
    • Oracle SQL Developer 4.1.5

    設定

    附註:將本文檔中介紹的SQL過程視為示例。這不是正式推薦的Oracle DB配置方式。確保您瞭解提交的每個SQL查詢的結果和影響。

    步驟1. Oracle基本配置

    在此示例中,Oracle配置了以下引數:

    • 資料庫名稱:ORCL
    • 服務名稱:orcl.vkumov.local
    • 連接埠:1521(預設)
    • 已使用使用者名稱ise為ISE建立帳戶

    配置Oracle資料庫,然後繼續操作。

    步驟2. ISE基本配置

    Administration > External Identity Source > ODBC處建立ODBC身份源並測試連線:

    附註: ISE使用服務名稱連線到Oracle,因此[資料庫名稱]欄位應填寫Oracle中存在的服務名稱,而不是SID(或資料庫名稱)。 由於存在錯誤CSCvf06497 dots(.),無法在[資料庫名稱]欄位中使用。此錯誤已在ISE 2.3中修正。

    步驟3.配置使用者身份驗證

    ODBC的ISE身份驗證使用儲存過程。可以選擇過程型別。在本示例中,我們使用記錄集作為返回。


    有關其他步驟,請參閱思科身份服務引擎管理員指南2.3版

    提示:可以返回命名引數而不是resultSet。它只是一種不同型別的輸出,功能是相同的。

    1.使用使用者憑據建立表。請確保在主鍵上設定身份設定。

    --------------------------------------------------------
--  DDL for Table USERS
--------------------------------------------------------

  CREATE TABLE "ISE"."USERS" 
   (	"USER_ID" NUMBER(*,0) GENERATED ALWAYS AS IDENTITY MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER  NOCYCLE  NOKEEP  NOSCALE , 
	"USERNAME" VARCHAR2(120 BYTE), 
	"PASSWORD" VARCHAR2(120 BYTE)
   ) SEGMENT CREATION IMMEDIATE 
  PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255 
 NOCOMPRESS LOGGING
  STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
  PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
  BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
  TABLESPACE "USERS" ;
--------------------------------------------------------
--  DDL for Index USERS_PK
--------------------------------------------------------

  CREATE UNIQUE INDEX "ISE"."USERS_PK" ON "ISE"."USERS" ("USER_ID") 
  PCTFREE 10 INITRANS 2 MAXTRANS 255 
  STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
  PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
  BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
  TABLESPACE "USERS" ;
--------------------------------------------------------
--  Constraints for Table USERS
--------------------------------------------------------

  ALTER TABLE "ISE"."USERS" MODIFY ("USER_ID" NOT NULL ENABLE);
  ALTER TABLE "ISE"."USERS" MODIFY ("USERNAME" NOT NULL ENABLE);
  ALTER TABLE "ISE"."USERS" MODIFY ("PASSWORD" NOT NULL ENABLE);
  ALTER TABLE "ISE"."USERS" ADD CONSTRAINT "USERS_PK" PRIMARY KEY ("USER_ID")
  USING INDEX PCTFREE 10 INITRANS 2 MAXTRANS 255 
  STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
  PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
  BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
  TABLESPACE "USERS"  ENABLE;

    或者從SQL Developer GUI:

    2.新增使用者

    INSERT INTO "ISE"."USERS" (USERNAME, PASSWORD) VALUES ('alice', 'password1')
INSERT INTO "ISE"."USERS" (USERNAME, PASSWORD) VALUES ('bob', 'password1')
INSERT INTO "ISE"."USERS" (USERNAME, PASSWORD) VALUES ('admin', 'password1')

    3.建立純文字檔案密碼身份驗證過程(用於PAP、EAP-GTC內部方法、TACACS)

    create or replace function ISEAUTH_R 
(
  ise_username IN VARCHAR2, 
  ise_userpassword IN VARCHAR2 
) return sys_refcursor AS 
BEGIN
  declare 
    c integer;
    resultSet SYS_REFCURSOR;
  begin
    select count(*) into c from USERS where USERS.USERNAME = ise_username and USERS.PASSWORD = ise_userpassword;
    if c > 0 then
      open resultSet for select 0 as code, 11, 'good user', 'no error' from dual;
    ELSE 
      open resultSet for select 3, 0, 'odbc','ODBC Authen Error' from dual;
    END IF;
    return resultSet;
  end;
END ISEAUTH_R;

    4.建立純文字檔案密碼提取過程(用於CHAP、MSCHAPv1/v2、EAP-MD5、LEAP、EAP-MSCHAPv2內部方法、TACACS)

    create or replace function ISEFETCH_R 
(
  ise_username IN VARCHAR2
) return sys_refcursor AS 
BEGIN
  declare 
    c integer;
    resultSet SYS_REFCURSOR;
  begin
    select count(*) into c from USERS where USERS.USERNAME = ise_username;
    if c > 0 then
      open resultSet for select 0, 11, 'good user', 'no error', password from USERS where USERS.USERNAME = ise_username;
      DBMS_OUTPUT.PUT_LINE('found');
    ELSE 
      open resultSet for select 3, 0, 'odbc','ODBC Authen Error' from dual;
      DBMS_OUTPUT.PUT_LINE('not found');
    END IF;
    return resultSet;
  end;
END;

    5.建立檢查使用者名稱或電腦存在的過程(用於MAB、PEAP快速重新連線、EAP-FAST和EAP-TTLS)

    create or replace function ISELOOKUP_R 
(
  ise_username IN VARCHAR2
) return sys_refcursor AS 
BEGIN
  declare 
    c integer;
    resultSet SYS_REFCURSOR;
  begin
    select count(*) into c from USERS where USERS.USERNAME = ise_username;
    if c > 0 then
      open resultSet for select 0, 11, 'good user', 'no error' from USERS where USERS.USERNAME = ise_username;
    ELSE 
      open resultSet for select 3, 0, 'odbc','ODBC Authen Error' from dual;
    END IF;
    return resultSet;
  end;
END;

    6.在ISE上配置過程並儲存

    7.返回「連線」頁籤,然後按一下「測試連線」按鈕

    步驟4.配置組檢索

    1.建立包含使用者組和用於多對多對映的另一使用者組的表

    --------------------------------------------------------
--  DDL for Table GROUPS
--------------------------------------------------------

  CREATE TABLE "ISE"."GROUPS" 
   (	"GROUP_ID" NUMBER(*,0) GENERATED ALWAYS AS IDENTITY MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER  NOCYCLE  NOKEEP  NOSCALE , 
	"GROUP_NAME" VARCHAR2(255 BYTE), 
	"DESCRIPTION" CLOB
   ) SEGMENT CREATION IMMEDIATE 
  PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255 
 NOCOMPRESS LOGGING
  STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
  PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
  BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
  TABLESPACE "USERS" 
 LOB ("DESCRIPTION") STORE AS SECUREFILE (
  TABLESPACE "USERS" ENABLE STORAGE IN ROW CHUNK 8192
  NOCACHE LOGGING  NOCOMPRESS  KEEP_DUPLICATES 
  STORAGE(INITIAL 106496 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
  PCTINCREASE 0
  BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)) ;
--------------------------------------------------------
--  DDL for Table USER_GROUPS_MAPPING
--------------------------------------------------------

  CREATE TABLE "ISE"."USER_GROUPS_MAPPING" 
   (	"USER_ID" NUMBER(*,0), 
	"GROUP_ID" NUMBER(*,0)
   ) SEGMENT CREATION IMMEDIATE 
  PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255 
 NOCOMPRESS LOGGING
  STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
  PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
  BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
  TABLESPACE "USERS" ;
--------------------------------------------------------
--  DDL for Index GROUPS_PK
--------------------------------------------------------

  CREATE UNIQUE INDEX "ISE"."GROUPS_PK" ON "ISE"."GROUPS" ("GROUP_ID") 
  PCTFREE 10 INITRANS 2 MAXTRANS 255 
  STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
  PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
  BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
  TABLESPACE "USERS" ;
--------------------------------------------------------
--  DDL for Index USER_GROUPS_MAPPING_UK1
--------------------------------------------------------

  CREATE UNIQUE INDEX "ISE"."USER_GROUPS_MAPPING_UK1" ON "ISE"."USER_GROUPS_MAPPING" ("USER_ID", "GROUP_ID") 
  PCTFREE 10 INITRANS 2 MAXTRANS 255 COMPUTE STATISTICS 
  STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
  PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
  BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
  TABLESPACE "USERS" ;
--------------------------------------------------------
--  Constraints for Table GROUPS
--------------------------------------------------------

  ALTER TABLE "ISE"."GROUPS" MODIFY ("GROUP_ID" NOT NULL ENABLE);
  ALTER TABLE "ISE"."GROUPS" MODIFY ("GROUP_NAME" NOT NULL ENABLE);
  ALTER TABLE "ISE"."GROUPS" ADD CONSTRAINT "GROUPS_PK" PRIMARY KEY ("GROUP_ID")
  USING INDEX PCTFREE 10 INITRANS 2 MAXTRANS 255 
  STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
  PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
  BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
  TABLESPACE "USERS"  ENABLE;
--------------------------------------------------------
--  Constraints for Table USER_GROUPS_MAPPING
--------------------------------------------------------

  ALTER TABLE "ISE"."USER_GROUPS_MAPPING" MODIFY ("USER_ID" NOT NULL ENABLE);
  ALTER TABLE "ISE"."USER_GROUPS_MAPPING" MODIFY ("GROUP_ID" NOT NULL ENABLE);
  ALTER TABLE "ISE"."USER_GROUPS_MAPPING" ADD CONSTRAINT "USER_GROUPS_MAPPING_UK1" UNIQUE ("USER_ID", "GROUP_ID")
  USING INDEX PCTFREE 10 INITRANS 2 MAXTRANS 255 COMPUTE STATISTICS 
  STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
  PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
  BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
  TABLESPACE "USERS"  ENABLE;

    在 GUI 上:

    2.新增組和對映,以便alicebob屬於組Users,而admin屬於組Admins

    -- Adding groups
INSERT INTO "ISE"."GROUPS" (GROUP_NAME, DESCRIPTION) VALUES ('Admins', 'Group for administrators')
INSERT INTO "ISE"."GROUPS" (GROUP_NAME, DESCRIPTION) VALUES ('Users', 'Corporate users')

-- Alice and Bob are users
INSERT INTO "ISE"."USER_GROUPS_MAPPING" (USER_ID, GROUP_ID) VALUES ('1', '2')
INSERT INTO "ISE"."USER_GROUPS_MAPPING" (USER_ID, GROUP_ID) VALUES ('2', '2')

-- Admin is in Admins group
INSERT INTO "ISE"."USER_GROUPS_MAPPING" (USER_ID, GROUP_ID) VALUES ('3', '1')

    3.建立組檢索過程。如果使用者名稱是「*」,則返回所有組

    create or replace function ISEGROUPSH 
(
  ise_username IN VARCHAR2, 
  ise_result OUT int
) return sys_refcursor as
BEGIN
  declare 
    c integer;
    userid integer;
    resultSet SYS_REFCURSOR;
  begin
    IF ise_username = '*' then 
      ise_result := 0;
      open resultSet for select GROUP_NAME from GROUPS;
    ELSE
      select count(*) into c from USERS where USERS.USERNAME = ise_username;
      select USER_ID into userid from USERS where USERS.USERNAME = ise_username;
      IF c > 0 then
          ise_result := 0;
          open resultSet for select GROUP_NAME from GROUPS where GROUP_ID IN ( SELECT m.GROUP_ID from USER_GROUPS_MAPPING m where m.USER_ID = userid );
      ELSE 
          ise_result := 3;
          open resultSet for select 0 from dual where 1=2;
      END IF;
    END IF;
    return resultSet;
  end;
END ;

    4.將其對映到提取組

    5.獲取組並將其新增到ODBC身份源

    選擇所需的組並按一下「確定」,這些組將顯示在「」頁籤上

    步驟5.配置屬性檢索

    1.為了簡化此示例,將平面表用於屬性

    --------------------------------------------------------
--  DDL for Table ATTRIBUTES
--------------------------------------------------------

  CREATE TABLE "ISE"."ATTRIBUTES" 
   (	"USER_ID" NUMBER(*,0), 
	"ATTR_NAME" VARCHAR2(255 BYTE), 
	"VALUE" VARCHAR2(255 BYTE)
   ) SEGMENT CREATION IMMEDIATE 
  PCTFREE 10 PCTUSED 40 INITRANS 1 MAXTRANS 255 
 NOCOMPRESS LOGGING
  STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
  PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
  BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
  TABLESPACE "USERS" ;
--------------------------------------------------------
--  DDL for Index ATTRIBUTES_PK
--------------------------------------------------------

  CREATE UNIQUE INDEX "ISE"."ATTRIBUTES_PK" ON "ISE"."ATTRIBUTES" ("ATTR_NAME", "USER_ID") 
  PCTFREE 10 INITRANS 2 MAXTRANS 255 
  STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
  PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
  BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
  TABLESPACE "USERS" ;
--------------------------------------------------------
--  Constraints for Table ATTRIBUTES
--------------------------------------------------------

  ALTER TABLE "ISE"."ATTRIBUTES" MODIFY ("USER_ID" NOT NULL ENABLE);
  ALTER TABLE "ISE"."ATTRIBUTES" MODIFY ("ATTR_NAME" NOT NULL ENABLE);
  ALTER TABLE "ISE"."ATTRIBUTES" ADD CONSTRAINT "ATTRIBUTES_PK" PRIMARY KEY ("ATTR_NAME", "USER_ID")
  USING INDEX PCTFREE 10 INITRANS 2 MAXTRANS 255 
  STORAGE(INITIAL 65536 NEXT 1048576 MINEXTENTS 1 MAXEXTENTS 2147483645
  PCTINCREASE 0 FREELISTS 1 FREELIST GROUPS 1
  BUFFER_POOL DEFAULT FLASH_CACHE DEFAULT CELL_FLASH_CACHE DEFAULT)
  TABLESPACE "USERS"  ENABLE;

    在 GUI 上:

    2.為使用者建立一些屬性

    INSERT INTO "ISE"."ATTRIBUTES" (USER_ID, ATTR_NAME, VALUE) VALUES ('3', 'SecurityLevel', '15')
INSERT INTO "ISE"."ATTRIBUTES" (USER_ID, ATTR_NAME, VALUE) VALUES ('1', 'SecurityLevel', '5')
INSERT INTO "ISE"."ATTRIBUTES" (USER_ID, ATTR_NAME, VALUE) VALUES ('2', 'SecurityLevel', '10')

    3.建立過程。與組檢索相同,如果使用者名稱是「*」,它將返回所有不同的屬性

    create or replace function ISEATTRSH 
(
  ise_username IN VARCHAR2, 
  ise_result OUT int
) return sys_refcursor as
BEGIN
  declare 
    c integer;
    userid integer;
    resultSet SYS_REFCURSOR;
  begin
    IF ise_username = '*' then 
      ise_result := 0;
      open resultSet for select DISTINCT ATTR_NAME, '0' as "VAL" from ATTRIBUTES;
    ELSE
      select count(*) into c from USERS where USERS.USERNAME = ise_username;
      select USER_ID into userid from USERS where USERS.USERNAME = ise_username;
      if c > 0 then
          ise_result := 0;
          open resultSet for select ATTR_NAME, VALUE from ATTRIBUTES where USER_ID = userid;
      ELSE 
          ise_result := 3;
          open resultSet for select 0 from dual where 1=2;
      END IF;
    END IF;
    return resultSet;
  end;
END ;

    4.將其對映到Fetch屬性

    5.提取屬性

    選擇屬性並按一下確定。

    步驟6.配置身份驗證/授權策略

    在此示例中,配置了以下簡單授權策略:

    SecurityLevel = 5的使用者將被拒絕。

    步驟7.將Oracle ODBC新增到身份源序列

    導航到Administration > Identity Management > Identity Source Sequences,選擇序列並將ODBC新增到序列:

    儲存它。

    驗證

    現在,您應該能夠根據ODBC驗證使用者並檢索其組和屬性。

    RADIUS即時日誌

    執行一些身份驗證並導航到操作> RADIUS >即時日誌

    您可以看到,使用者Alice的SecurityLevel = 5,因此訪問被拒絕。

    詳細報表

    按一下相關會話的Details列中的Detail報告以檢查流。

    使用者Alice的詳細報告(由於安全級別低而被拒絕):

    疑難排解

    如果在ISE上連線不成功,請在嘗試連線時使用命令show logging application prrt-management.log tail

    使用的憑據不正確

    2017-08-08 16:50:47,851 WARN   [admin-http-pool11][] cisco.cpm.odbcidstore.impl.OracleDbAccess -:admin::- Connection to ODBC DB failed. Exception: java.sql.SQLException: ORA-01017: invalid username/password
; logon denied

java.sql.SQLException: ORA-01017: invalid username/password; logon denied

        at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445)
        at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:389)
        at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:382)
        at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:600)
        at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:445)
        at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:450)
        at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:192)
        ...

    錯誤的資料庫名稱(服務名稱)

    2017-08-08 10:53:12,002 WARN   [admin-http-pool2][] cisco.cpm.odbcidstore.impl.OracleDbAccess -:admin::- Connection to ODBC DB failed. Exception: java.sql.SQLException: Listener refused the connection with
the following error:
ORA-12514, TNS:listener does not currently know of service requested in connect descriptor

java.sql.SQLException: Listener refused the connection with the following error:
ORA-12514, TNS:listener does not currently know of service requested in connect descriptor

        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:419)
        at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:536)
        at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:228)
        at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
        at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
        at java.sql.DriverManager.getConnection(DriverManager.java:664)
        at java.sql.DriverManager.getConnection(DriverManager.java:208)
        at com.cisco.cpm.odbcidstore.impl.OracleDbAccess.connect(OracleDbAccess.java:42)

    排除使用者身份驗證故障

    為了對DB操作進行故障排除,請在管理>系統>日誌記錄>調試日誌配置下啟用日誌記錄元件odbc-id-store到DEBUG級別。

    日誌放在prrt-management.log檔案中。

    alice的輸出示例:

    2017-08-08 16:56:32,403 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Authenticate Plain Text Password. Username=alice, SessionID=0a301a36RUXmaX9ttCZfrQI3ItQf
96x6eiTpiEMIfkUBybDj7jY
2017-08-08 16:56:32,409 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24852
2017-08-08 16:56:32,409 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - get connection
2017-08-08 16:56:32,409 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - use existing connection
2017-08-08 16:56:32,409 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 1
2017-08-08 16:56:32,409 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Authenticate plain text password
2017-08-08 16:56:32,409 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Call function instead of procedure
2017-08-08 16:56:32,409 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Prepare stored procedure call, procname=ISEAUTH_R
2017-08-08 16:56:32,410 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Using recordset to obtain stored procedure result values
2017-08-08 16:56:32,410 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24855
2017-08-08 16:56:32,410 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Text: {? = call ISEAUTH_R(?, ?)}
2017-08-08 16:56:32,410 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Setup stored procedure input parameters, username=alice, password=***
2017-08-08 16:56:32,410 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Execute stored procedure call
2017-08-08 16:56:32,412 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Process stored procedure results
2017-08-08 16:56:32,412 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Obtain stored procedure results from recordset
2017-08-08 16:56:32,413 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Received result recordset, number of columns=4
2017-08-08 16:56:32,413 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Results successfully parsed from recordset
2017-08-08 16:56:32,413 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - release connection
2017-08-08 16:56:32,413 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 0
2017-08-08 16:56:32,413 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- Call to ODBC DB succeeded
2017-08-08 16:56:32,413 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.OdbcAuthResult -:::- Authentication result: code=0, Conection succeeded=false, odbcDbErrorString=no error, odbcStoredProcedureCusto
merErrorString=null, accountInfo=good user, group=11
2017-08-08 16:56:32,413 DEBUG  [Thread-47197][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24853
2017-08-08 16:56:32,425 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Username=alice, SessionID=0a301a36RUXmaX9ttCZfrQI3ItQf96x6eiTpiEMIf
kUBybDj7jY
2017-08-08 16:56:32,431 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Fetch user groups. Username=alice, SessionID=0a301a36RUXmaX9ttCZfrQI3ItQf96x6eiTpiEMIfkU
BybDj7jY
2017-08-08 16:56:32,431 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24869
2017-08-08 16:56:32,431 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - get connection
2017-08-08 16:56:32,431 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - use existing connection
2017-08-08 16:56:32,431 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 1
2017-08-08 16:56:32,431 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Fetch user groups
2017-08-08 16:56:32,431 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Call function instead of procedure
2017-08-08 16:56:32,431 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Prepare stored procedure call, procname=ISEGROUPSH
2017-08-08 16:56:32,431 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Text: {? = call ISEGROUPSH(?,?)}
2017-08-08 16:56:32,431 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Setup stored procedure input parameters, username=alice
2017-08-08 16:56:32,431 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Execute stored procedure call
2017-08-08 16:56:32,434 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Process stored procedure results
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Received result recordset, total number of columns=1
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- According to column number expect multiple rows (vertical attributes/groups retured result)
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Fetched data: ExternalGroup=Users
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Results successfully parsed from recordset
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Result code indicates success
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - release connection
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 0
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- Call to ODBC DB succeeded
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24870
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Got groups...
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Got groups(0) = Users
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Setting Internal groups(0) = Users
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user groups. Username=alice, ExternalGroups=[Users]
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Fetch user attributes. Username=alice, SessionID=0a301a36RUXmaX9ttCZfrQI3ItQf96x6eiTpiEM
IfkUBybDj7jY
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24872
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - get connection
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - use existing connection
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 1
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Fetch user attributes
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Call function instead of procedure
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Prepare stored procedure call, procname=ISEATTRSH
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Text: {? = call ISEATTRSH(?,?)}
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Setup stored procedure input parameters, username=alice
2017-08-08 16:56:32,435 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Execute stored procedure call
2017-08-08 16:56:32,437 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Process stored procedure results
2017-08-08 16:56:32,437 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Received result recordset, total number of columns=2
2017-08-08 16:56:32,437 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- According to column number expect multiple rows (vertical attributes/groups retured result)
2017-08-08 16:56:32,437 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Fetched data: SecurityLevel=5
2017-08-08 16:56:32,437 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Results successfully parsed from recordset
2017-08-08 16:56:32,437 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Result code indicates success
2017-08-08 16:56:32,437 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - release connection
2017-08-08 16:56:32,437 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 0
2017-08-08 16:56:32,437 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- Call to ODBC DB succeeded
2017-08-08 16:56:32,437 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24873
2017-08-08 16:56:32,438 DEBUG  [Thread-47198][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Get all user attrs. Username=alice, Setting OracleDB.SecurityLevel to 5
2017-08-08 16:56:35,292 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- ODBC ID Store Operation: Lookup. Username=alice, SessionID=ise23-3:userauth7
2017-08-08 16:56:35,292 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24865
2017-08-08 16:56:35,292 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - get connection
2017-08-08 16:56:35,292 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - use existing connection
2017-08-08 16:56:35,292 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 1
2017-08-08 16:56:35,292 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Lookup
2017-08-08 16:56:35,292 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Call function instead of procedure
2017-08-08 16:56:35,292 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Prepare stored procedure call, procname=ISELOOKUP_R
2017-08-08 16:56:35,292 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Using recordset to obtain stored procedure result values
2017-08-08 16:56:35,292 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24855
2017-08-08 16:56:35,292 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Text: {? = call ISELOOKUP_R(?)}
2017-08-08 16:56:35,292 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Setup stored procedure input parameters, username=alice
2017-08-08 16:56:35,292 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Execute stored procedure call
2017-08-08 16:56:35,294 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Process stored procedure results
2017-08-08 16:56:35,294 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Obtain stored procedure results from recordset
2017-08-08 16:56:35,295 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Received result recordset, number of columns=4
2017-08-08 16:56:35,295 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnection -:::- Results successfully parsed from recordset
2017-08-08 16:56:35,295 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - release connection
2017-08-08 16:56:35,295 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcConnectionPool -:::- OdbcConnectionPool - connections in use: 0
2017-08-08 16:56:35,295 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcIdStore -:::- Call to ODBC DB succeeded
2017-08-08 16:56:35,295 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.OdbcAuthResult -:::- Authentication result: code=0, Conection succeeded=false, odbcDbErrorString=no error, odbcStoredProcedureCusto
merErrorString=null, accountInfo=good user, group=11
2017-08-08 16:56:35,295 DEBUG  [Thread-47187][] cisco.cpm.odbcidstore.impl.CustomerLog -:::- Write customer log message: 24866
  

    參考資料

    TAC Authored

    由思科工程師貢獻

    • Vitaly Kumov
      Cisco TAC工程師

    這份文件是否有所幫助?

    Feedback意見

    讓思科協助您

    本文件適用於這些產品