ISE 1.0.4 & Windows Active Directory
We are planning to add a NAC sollution in our network and we are a little confused with ISE. Can ISE support signle sign on with Windows Active Directory in this version 1.0.4? If yes how we can do it?
Thank you
Thanks for prompt answer,
Something more, i can't find in the following page which is the correct licence in order to install a DEMO ISE in my network. https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y
Can you help me?
Similar Messages
-
How can I authenticate a User In Windows Active Directory?
I need to authenticate a user in Windows Active Directory, but I found use the code below will return true if the user name and password are both correct and false if one of them is wrong. But when I input a user name which is not exist in Active Driectory with a blank password, it will also return true. What shall I do? Ask every user must input a password withnot blank?
Please give me some help to solve this problem. Thanks a lot.
Code:
private Context ctx = null;
Hashtable env = new Hashtable ();
boolean isValid = false;
try {
this.setEnvironmentProperties();
String domainName = AuthenticateResources.getString("mydomain.com");
//set the name of domain with the user name
String fullName = name + "@" + domainName;
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,"ldap://mydomain:389");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
//set user related information
env.put(Context.SECURITY_PRINCIPAL, fullName);
//set user password
env.put(Context.SECURITY_CREDENTIALS, password);
//validate user
ctx = new InitialDirContext(env);
isValid = true;
}catch (AuthenticationException ex){
isValid = false;
catch (NamingException ex) {
throw ex;
}finally{
this.freeContext();
return isValid;This is usually a problem if Anonymous Binding is enabled. I have faced this in other Directory Servers, but I am not familiar with Active Directory.
I think by default Active Directory disables Anonymous Binding, but you may want to check. -
How to create mailboxes under mac os x 10.6.4 either using ldapv3 or windows active directory?
hi,
i'm working on the mail server of our company. the plan is to implement the built in mail server feature of mac mini OS X 10.6.4 using either ldapv3 or preferably our existing window active directory users.
i was able to set the open directory and can view the user accounts from AD. my problem is i do not have any clear documentation or manual on how to create mailboxes using either AD accounts or MAC LDAPv3. i already checked the manual of mac os x mail service administration and have found none pertaining to this case.
i would really appreciate if someone can give me reference on how to do this. as of now im quite desperate because i have a deadline for this project.
thank you in advance for your help.You said, "A 2014 iMac can't run either Snow Leopard or Lion." I know that. What I want to know is how I can install Lion or Snow Leopard on a peripheral hard drive, NOT on my iMac.
– Larry -
SAP User Authentication via Windows Active Directory
The non-profit company I work for as an SAP Security Admin has been using SAP since 1999. We are currently running ECC 6.0, BI 7.0, and CRM 7.0. With fewer than 300 SAP users, we have not implemented CUA, so each of our multiple clients in these systems is managed independently.
The company recently licensed and implemented some non-SAP software to be used by all of our employees (~1200) in keeping track of & catagorizing their work time; a very handy feature of this software is that it depends upon Windows Active Directory for user authentication. Therefore, each employee logs into this time-keeping package by entering his/her standard PC userID & password. If you can log onto your PC, you can log into the time-keeping software.
That got me thinking & researching, because our SAP users - especially those who have access to three or more SAP clients - must maintain their passwords independently in each SAP client that they hope to access in the future. I'm certainly not the first person who has thought of how nice it would be to permit SAP users to log into all SAP clients across the landscape in which they have defined userIDs, using the same password that they are using to log into their PCs (i.e., the password that is stored & maintained in Windows Active Directory). My quest has led me to find presentations on this topic that typically involve modules we aren't using & very complicated configurations that we really lack the time & resources to employ; or, to third-party solution providers who claim to be certified SAP partners who would love to sell us more software to provide this convenience, usually irelated to single sign-on, LDAP, etc. The lowest pricing tier for such software usually would cover many times the number of SAP users we have to serve here - and it feels like trying to push in a tack using a sledgehammer. It is true that we have not used the same userID for our PCs that we have defined in SAP, so there would need to be some way to translate from one to the other, but our PC password rules are consistent with those we have configured in SAP clients, so it seems to me it should be very simple. Can anyone lead me to a more straightforward solution? If not, can you articulate why this has to be so complicated using SAP software when it seems so simple using relatively inexpensive timekeeping sotware?>
Gagan Deep Kaushal wrote:
> Hi Tim,
>
> Its nice to see video.
>
> Is that mean using different username on OS and SAP level still we can achieve SSO.
>
> Correct if if am wrong.
> The only thing we need to maintain SNC name.
Once installed, yes. This is all you need to maintain when users are added. You can even use LDAP if you like to sync all user info between SAP and MS AD domain, but this cannot sync the password, so using SNC authentication instead of using SAP passwords is ideal.
>
> So for user test1 i can manage name as p:test2..... ??
Yes, that is correct. The mapping is maintained using standard SAP user management, such as su01. The user in AD domain might have long account name, e.g. "firstname.verylonglastname" which is too big for use as a SAP username so you can map this long AD account name onto a SAP user called FIRSTLAST in one or more SAP clients.
>
> I think that is what Ronald is also looking, user name need not to be same.
>
> Regards,
> Gagan Deep Kaushal -
Oracle database and Windows Active directory authentication
Hello,
Our developers have created a couple of web apps which look at our oracle database. Presently they use the APPS user and the user/password is hard coded into the config files.
Is it possible to authenticate these using Windows Active Directory instead? Is it possible to use AD authentication for all developer access to the database?
I'm trying to research this on the web but getting very confused. Would a lot of work be involved to get this up and running?
Is anyone able to offer and advise?
Thank you very much
SarahI don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
Perhaps the following links are useful:
http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
http://www.linuxmail.info/active-directory-integration-samba-centos-5/
http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/ -
Oracle Linux and Windows Active Directory
I am looking for a good article on joining an Oracle Linux server to a Windows Active directory domain.
We are primarily a Windows shop but need to bring up a couple of Oracle Linux servers (VM Server and VM Manager). I would like to use the existing Windows domain controller for user authentication.I don't have experience in joining a Linux system with Windows AD, and it generally does not sound like the best idea to me, but since Oracle Enterprise Linux is a clone of Red Hat Enterprise Linux, the solution you are looking for could be called Winbind.
Perhaps the following links are useful:
http://spiralbound.net/blog/2007/04/11/rhel-winbind-authentication-against-active-directory
http://www.linuxmail.info/active-directory-integration-samba-centos-5/
http://magazine.redhat.com/2007/11/12/tips-and-tricks-how-can-i-configure-winbind-to-synchronize-user-and-group-ids-across-multiple-red-hat-enterprise-linux-hosts-on-active-directory-accounts/ -
JNDI Realm for ADS (Windows Active Directory)
Hi,
Does anybody know how to connect to the windows active directory? I have to proof,
that java can do this and I don't know how. Please help, otherwise we will start
using .NET!!!!!
sincerly
Gabriel"gabriel" <[email protected]> wrote in message
news:[email protected]..
>
Hi,
Does anybody know how to connect to the windows active directory? I haveto proof,
that java can do this and I don't know how. Please help, otherwise we willstart
using .NET!!!!!
We certainly don't want that.
With WLS 6.x, you can use the ldap realm v2 to access active directory.
With WLS 7.x and 8.x, you can use the External LDAP Authentication provider
to access
active directory.
If you have to use JNDI to access Active Directory, then you can write your
own authentication
security provider and hook it up with WLS. -
Hello everyone,
I'm learing OIA and trying to create namespace for Window Active Directory.
Created name space using administration-->Configuration-->resource types--> Windows Active Directory
then Created Attribute category. Now I want to create attributes, but I dont know attribute names for the same.
Can any one help me on this.
Thanks in advance
Regards,
Krish.Hi Krish,
All the attribute values are all the entitlements you are intending to populate into OIA.
Note, endpoint, domain,name, statuskey don't need to be registered as a attributes within the attribute page
Read from the 'Understanding the Schema File for Accounts' down
http://docs.oracle.com/cd/E24179_01/doc.1111/e23369/oiaimporting.htm
Regards,
Daniel -
Hi, i want to write a windows application in LV which can have a single Sign-on concept. I want the users to be able to log into the application (exe located on the desktop) with-out any log-in prompts.
However, if the user wants to switch his/her role in between, the application must go to the login screen and prompt for a user name and password. This username and password must be in sync with the "windows active directory". can anyone help?
RegardsI'm confused! You want a user to login into your application without login prompt or you want him to be able to startup the application without login? The first seems highly contradictory to me.
The requirments about using the login credentials of a Windows domain setup are most easily met by using .Net functionality. I have used in the past Windows API functionality for this which has some extra features that seem not available in .Net at all, but that is a very complicated and cumbersome interface that I can't recommend to use to anyone.
Rolf Kalbermatter
CIT Engineering Netherlands
a division of Test & Measurement Solutions -
Windows Active Directory only ABAP?
Hi experts,
I configure a JAVA system with SSO by kerberos and Active Directory...
Now, i want configure a only ABAP system (in Windows) with Windows Active Directory, is it possible ? Are there any manual or blog?
Thanks in advance,
Regards,Victor,
Yes, this is possible and very common.
It is implemented using an interface known as SNC (Secure Network Communications) that is available in SAP ABAP and SAP GUI. You need an SNC library that supports Kerberos, and if you are running SAP ABAP on UNIX you need to get this SNC library from a SAP partner, so there will be additional cost considerations. If your SAP ABAP system is on Windows, then you have the option to use an SNC library from SAP which has basic SSO functionality. Some of the SAP partners provide more than SSO. I work for one of the SAP partners which I am describing.
Also, if you search in this forum for SNC Kerberos keywords you will find many references to this subject.
Thanks,
Tim -
Windows active directory integeration with sap user mangement
Hi All
I have installed sap as local installation now my client wants to integerate sap user management with windows active directory.we have ECC,BI,PI ,SCM and ep system in our landscape.kindly suggest hoe to do that and what will be the best strategy to do that in a simple scenario.
Regards
Pranavpranav kumar wrote:
Hi Kenneth
>
> I jst want to integerate the sap with windows active directory.
>
>
> Regards
> Pranav
Hi Pranav,
Check the article, http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/c00464ce-c974-2e10-f5be-f8f4c6dce31c
Then, take e a look at SSO solutions at http://ecohub.sap.com/
You can find many solutions there.
Best regards,
Orkun Gedik -
Hi,
We are using Windows active directory to manage our users. Another company has configured the same for us.
Currently we don't have permissions to create a new user. They have given us one account and by using that account, we are able to create new groups in AD, add users to the groups, etc. We would like to get the logs for each user removal or addition to the
AD groups. How do we enable the same. We would like to know who and when each user is getting added to the AD groups. Please help us in this.Hi Kewpin,
To enable the complete details on user account account changes including group membership, you need enable the following audit settings,
1. Open GPMC console, click Start --> Administrative Tools --> Group Policy Management.
2. Right click the Default Domain Controllers Policy, and then click Edit.
3. Navigate to Audit Policy node, “Computer Configuration/ Policies/ Windows Settings/ Security Settings/ Local Policies/ Audit Policy”.
4. Now enable the Success auditing for - Audit Account Management and Audit Directory Service Access.
5. Execute the command “GPUPDATE /FORCE” in the Domain Controller to force apply the GPO settings.
For Windows Server 2008 R2 and later versions, additional configuration is required in “Advanced Audit Policy Configuration” section in Default Domain Controller Policy.
For additional auditing configuration of,
1. AD Changes
Go to the node DS Access (Computer Configuration/Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Audit Policies/DS Access.)
Enable Success auditing for the following settings
- Audit Directory Service Changes
2. Account Management
Go to the node Account Management (Computer Configuration/Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Audit Policies/Account Management.)
Enable Success auditing for the following settings
- Audit User Account Management
- Audit Security Group Management
- Audit Distribution Group Management
Once you have enabled the above audit settings, you can set an auditing SACL for the AD object.
Checkout the below screenshot for setting the auditing SACL,
Checkout the below link on Security Event id list for auditing AD changes,
http://www.morgantechspace.com/2013/08/active-directory-change-audit-events.html
Regards,
Gopi
JiJi Technologies -
Windows active directory for Weblogic
Can anyone help me how to configure the Windows Active Directory to use for the authentication of Weblogic server. Is this possible? If yes can give me any documentation for doing the same.
Thanks in advanceHi,
Please refer to the following article:
http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/
Thanks
Ravish Mody -
Windows Active directory group policy objects
Like many small to medium businesses, we use Firefox in addition to Internet Explorer. The Windows Active Directory group policy objects we have for IE works nicely in all versions of IE. Firefox on the other hand has stopped playing ball. Any policy files I have found on the Internet simply does not fire when used in Windows Group Policy. We have Windows 2008 R2 servers with Windows 7 clients.
Does Mozilla have official group policy objects that will work with Windows Active Directory group policy and is supported in Firefox versions 27 onwards? A lot of the material on the Internet are simply workarounds to achieve something simple.
I believe this may have been asked several times already, but no definitive answer has been supplied to
resolve the issue to my knowledge.
Thanks and regardsTo my knowledge, Firefox historically has not had integration with group policy, and third party tools have been required to bridge the gap. You may have found templates that work in one of those tools.
These threads have links to third party tools, articles, mailing lists, and other resources:
* [https://support.mozilla.org/questions/980567 i need to include the Firefox Browser Configuration in my Group Policy and Control Proxy and Browsing Settings]
* [https://support.mozilla.org/questions/978874 Is it possible to configure firefox using group policy]
Please report back if you find a solution. Thanks. -
Windows Active Directory replacement
Hello All,
My company is using Windows Active Directory and now we are going to replace it with Novell solution. Is there any product from Novell to replace Windows Active Directory for 2 main features?
- Group Policy
- Windows users and workstations authentication and administration
I did some researches on Domain Service for Windows, Identity Manager, ZENworks. Could you give me advice on which product meet my requirement?
Thanks in advance.
Best regards,
Khiet Manh.ab wrote:
> Domain Services for Windows (DSfW) is meant to emulate MAD to a large
> degree, and is probably what you need more than the other two
> products.
Well, that depends. If there's a need to still supply AD functionality
after MAD is gone, then yes DSfW is a replacement. However, if that's
not a requirement, then ZENworks Configuration Management is likely a
better choice since it will provide much more Windows desktop
administration capabilities than DSfW (or MAD) alone.
Your world is on the move. http://www.novell.com/mobility/
Supercharge your IT knowledge. http://www.novell.com/techtalks/
Maybe you are looking for
-
This problem occurs intermmitently, but becomes more prevalent the longer I stay in the window and resumes when I move into another website. Occasionally, I seem to be able to stop the rolling by right-clicking the mouse while hovering the pointer ar
-
File Upload and Download based on user login
I have a feature wherein the application user can upload a file. I had initially created this using the straightforward process suggested in the Apex tutorial, using the APEX_APPLICATION_FILES view. However, now, I need to have a feature where I have
-
Performance of the query incresed to 1 hour 15 mins....
the view is working, but the performance of the query is horrible. Our pull time has increased from 25 minutes to 1 hour and 15 minutes.
-
ITunes Movie/TV Show Description Gets Cut Off
I stream TV Shows from my Mac to Apple TV2, but in the "Description" part of Apple TV, the description that I have written in iTunes gets cut off. Now I realise that iTunes does cut it off, but i'd like to know if there is any way around this? My Des
-
Simple question concerning "persisting JTable data?"
Hi fellow bloggers, I couldn't find this info in the Sun JTable tutorial. The tutorial explains how to update a cell in a JTable, but it doesn't suggest a method for persisting the "row" once it has been modified. Furthermore, the JTable tutorial sta