Move wifi users to guest, if not authenticated by RADIUS

Similar Messages

• How to use different (not local) user for NTLM auth in Authenticator?

  Hi All,
  I use custom authenticator to provide user / passwords to connect to .NET Web Services. I overloaded function getPasswordAuthentication() that returns right user / password combination for the requested URL. It all works perfectly for many kinds of HTTP connections: basic, ntlm, ntlm-v2, through proxy, ssl, etc.
  My problem is that during NTLM authentication from Windows computers JVM uses credentials of the currently logged in domain user instead of calling Authenticator to get other user / password provided by the user. In case when local user credentials fail to authenticate, JVM calls my Authenticator but in case authentication is successful it does uses local domain user and never calls my Authenticator. The issue is when this local domain user does not have enough permissions but authenticated correctly there is no way to supply JVM with another user to begin with.
  What can I do to force JVM to ignore local domain user and to use Authenticator to collect credentials during NTLM authentication requested by the server in case the software runs on a Windows box with currently logged in domain user?
  I am looking for the answer for a long time already but found only questions and suggestions to switch server from NTLM authentication which is not an option for me. From the developer's view it has to be pretty simple change for Sun to do in Java networking API. Is there any way to escalate it to Sun support? Maybe there is some property in some JRE patch level that allows to do this?
  Thank you very much!
  Mark

  Thank you for the reply. I have kind of an opposite problem. I can perfectly connect from Linux computers to Microsoft IIS servers using NTLM or even NTLMv2 authentication. My problem is connecting from Windows client computer joined to the same domain as IIS server with the domain user logged in to this computer. In this case this user account will be used in any HTTP connections I initiate to this IIS server instead of the one that I want to supply in my custom Authenticator.
  I have graphical interactive application that connects to IIS Server. When user runs it and connects to IIS server I want to prompt for the user/password regardless whether JRE may correctly authenticate using current user account credentials. The current user may not have enough permissions in IIS application so I want to use different user to login to IIS application.
  Thank you anyway,
  Mark

• Error Message For BISystemUser: User not authenticated

  We have migrated from DEV to PROD env.(11.1.1.1 -> 11.1.1.3). Along problems with bipublisher - there are some strange thingths: we successfully loging using weblogic account into AdminConsole и Enterprise Manager, but in Answers we get an error: invalid username or password.
  nqserver.log:
  ...[ERROR:1] [] [] ... [tid: 1090] Error Message For BISystemUser: User not authenticated.
  ...[ERROR:1] [] [] ... [tid: 1090] [nQSError: 43126] Authentication failed: invalid user/password.
  In oracle support we found such issue (Doc ID 1308389.1):
  OBIEE 11g Error: "Unable to Sign in. invalid username or password was entered" After Changing Repository, Deleting BISystem User, Adding it Back (Doc ID 1308389.1)
  Applies to: Business Intelligence Server Enterprise Edition - Version: 11.1.1.3.0 [1905] to 11.1.1.5.0 [1308] - Release: 11g to 11g
  Symptoms: In OBIEE 11.1.1.3.0 using default authenticator, it is not possible to log in to OBIEE after changing repository. To troubleshoot, BIsystemuser was removed from global roles and added back again.
  Getting error: Unable to Sign in. invalid username or password was entered
  Changes: Changed repository, deleted BISystemuser, added the user back
  Cause: Several changes e.g changing rpd, deleting bisystem user, adding the user back etc. occurred in the environment and caused log in to OBIEE to stop working
  Solution: After a lot of troubleshooting e.g re-starting system in the correct order, refreshing GUIDs, re-start OBIEE with default SampleAppLite.rpd and web catalog, the error persists. The system was uninstalled and re-installed to avoid further corruption and configuration problems in the new installation. This resolved the problem
  Does we have to 'reinstall or make a lot of troubleshooting e.g re-starting system ' to solve this error?
  It seem to be funny for PROD environment. How we cam resolve this problem?

  Are you saying you upgraded both dev and prod from 11.1.1.1 to 11.1.1.3 or that you migrated a dev 11.1.1.1 to a prod 11.1.1.3? What did you migrate?
  At a rough guess the BISystemUser password is different in dev and prod (created by system on install) and in your 'migration' you've moved the dev credential across to prod.
  If that's the case you need to change the bisystemuser password to something known and update the credential store password.
  Another possibility might just be that you need to regenerate the GUIDs:
  http://download.oracle.com/docs/cd/E21764_01/bi.1111/e10543/privileges.htm#BIESC721

• SCSFileDownloadServlet fails: User 'guest' does not have sufficient priv.

  Hi,
  We have an ADF application that is using SCSFileDownloadServlet to get documents from UCM. We added the servlet in web.xml and we are using this link to download the documents: /getfile?adapterName=our_adapter_name&dDocName=document12345&dID=12345
  The issue is that sometimes it works but sometimes it fails throwing this message in the logs:
  Event generated by user 'guest' at host 'CIS'. Unable to download 'COR-ER-421722'. User 'guest' does not have sufficient privileges. [ Details ]
  An error has occurred. The stack trace below shows more information.
  !csUserEventMessage,guest,CIS!$!csUnableToDownload,COR-ER-421722!csUserInsufficientAccess,guest
  intradoc.common.ServiceException: !csUnableToDownload,COR-ER-421722!csUserInsufficientAccess,guest
  *ScriptStack GET_FILE
  3:checkSecurity,dID=421317,dDocName=COR-ER-421722
  at intradoc.server.ServiceRequestImplementor.buildServiceException(ServiceRequestImplementor.java:2115)
  at intradoc.server.Service.buildServiceException(Service.java:2260)
  at intradoc.server.Service.createServiceExceptionEx(Service.java:2254)
  at intradoc.server.ServiceSecurityImplementor.validateSecurityPrivilegeLevel(ServiceSecurityImplementor.java:813)
  at intradoc.server.DocumentAccessSecurity.checkSecurity(DocumentAccessSecurity.java:170)
  at intradoc.server.DocumentAccessSecurity.checkSecurity(DocumentAccessSecurity.java:121)
  at intradoc.server.ServiceSecurityImplementor.checkSecurity(ServiceSecurityImplementor.java:371)
  at intradoc.server.Service.checkSecurity(Service.java:2829)
  at intradoc.server.FileService.checkSecurity(FileService.java:337)
  at intradoc.server.Service.checkSecurity(Service.java:2807)
  at sun.reflect.GeneratedMethodAccessor456.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  Is it possible to set a user/password to this servlet so it is able to download the documents everytime?
  Thanks,
  Josue

  Hi go9189,
  According to your description, you come across the error that User 'guest' does not have permission to run DBCC checkprimaryfile. This issue could happen when the login account doesn't have CREATE DATABASE, CREATE ANY DATABASE,
  or ALTER ANY DATABASE permission in SQL Server instance, or that the login account has no access to the mdf and ldf files when attaching database, so SQL Server recognize the login account as a "Guest".
  To solve the issue, you could pay attention to the points below.
  1. Ensure that the login account has at least CREATE DATABASE, CREATE ANY DATABASE, or ALTER ANY DATABASE permission. You could grant the fixed server role 'dbcreator' or 'sysadmin' to the login account following the steps below.
  a. Connect to SQL Server instance with the login account which has sysadmin fix server role.
  b. Expand the folder 'Security', right click the login, and select Properties.
  c. In the Server Roles tab, check the checkbox for 'dbcreator' or 'sysadmin'.
  2. Make sure that the the login account has full control permission on the mdf and ldf files. For how to grant the login account with full control permission on the mdf and ldf files, please refer to the steps in the following article:
  http://msdn.microsoft.com/en-us/library/bb727008.aspx
  There is a similar thread for your reference:
  https://social.technet.microsoft.com/Forums/en-US/e463df4c-8d26-46cf-aa2e-bddd97c7a9b8/user-guest-does-not-have-permission-to-run-dbcc-checkprimaryfile?forum=sqlgetstarted
  Regards,
  Michelle Li

• "user not authenticated" in Africa

  My missionary friend has an email account set up with africaonline, the service provider in Ghana. When he is at the africaonline office he can send and receive email fine. However, when he attempts to send email from any other location he gets a "user not authenticated" message. His connection is by modem. Thanks for the help!

  Hi Ernie,
  Here is the web site for Africa online: http://www.africaonline.com/index.php
  He is using the iBook modem. I am assuming it is the same ISP since he is not changing the information that he initially entered to set up the service. He lives in a rural village and drives to an internet "cafe" - a wooden shed that provides him with a phone cable and a dial up connection. There are no land lines in his area. The strange thing is that he had no email difficulties with his previous iBook.
  I don't know what kind of connection he is using at the africa online office - it is located in Accra which is a large fairly modern city.
  Kelly

• User domain\SPFservice is not authorized to perform request using authentication type Negotiate

  Hi,
  I have installed WAP/SPF in the same domain via express installation.  The SPF domain service account is sysadmin on the SPF database.  The SPF domain service account is running as identity in IIS application pool.  I have registered SPF in
  WAP via SPFcomputeraccount\LocalSPFaccount.  The LocalSPFaccount is member of the 4 local groups created by the SPF setup.  The domain SPF service account is member of the VMM administrators.
  When a new tenant want to subscribe to a hosting plan I get an error "One or more errors occurred while contacting the underlying resource providers. The operation may be partially completed. Details: Failed to create subscription".
  When I look in the eventviewer of the SPF server in ManagementODataService, I can see "User domain\SPFservice is not authorized to perform request using authentication type Negotiate".
  SPF/VMM are both on the latest update rollup.  The VMM console is also updated on the SPF server. 
  I can successfully reproduce the troubleshooting steps from http://blogs.technet.com/b/privatecloud/archive/2013/11/08/troubleshooting-windows-azure-pack-spf-amp-vmm.aspx.

  Hi,
  During the install it is also asking you to specify groups during the installation (4 x) Is the user you specified als spf runas account also member of those group in the AD?
  So you have 4 groups created on the local box by the installation. But also 4 specified during the installation. Check if the account is member of those group(s) as well, reboot the spf and you should be up and running.
  Best regards, Mark Scholman. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• New to the Apple and I want to set up a user account that will not delete the guest users files and allow and preserve their personal settings after log out. Is this possible?

  New to the Apple and I want to set up a user account that will not delete the guest users files and allow and preserve their personal settings after log out. Is this possible?

  The built-in guest user account will not do this. Simply create a new standard account and call it "Guest" or "Guest Users" or whatever you like.
  Go to System Preferences > Users& Groups, click "+" to make a new account.

• IPhone 4S wifi is gray and will not find any networks or move. I have hard reset network reset and safari reset. All other devices in my house connect to wifi. Any suggestions other than the 3 that do not work.

  iPhone 4S wifi is gray and will not find any networks or move. I have hard reset network reset and safari reset. All other devices in my house connect to wifi. Any suggestions other than the 3 that do not work.

  iPhone 4S wifi is gray and will not find any networks or move. I have hard reset network reset and safari reset. All other devices in my house connect to wifi. Any suggestions other than the 3 that do not work.

• Authenticated = HttpContext.Current.User.Identity.IsAuthenticated is not working in IE browsers only

  Hi,
  Login of my application is not working on testing server only.
  It is working fine on Google chrome and firefox, On few machine's which is having IE11, it is working.
  but not on IE10,IE9 and all lower version,it's not working.
  While Login, we use custom membership provider.
  After checking the code, its giving problem with below code.
  authenticated = HttpContext.Current.User.Identity.IsAuthenticated;
  The above authentication is not working for IE only.(The code is working fine on production server but not working on testing server)
  Please guide us on the same.
  Thanks,
  Gayatri

  "HttpContext.Current.User.Identity.IsAuthenticated" is false after successfully login on IE version only.
  The code was working before but suddenly it is not working on IE on testing server only. On chrome and firefox its working.
  I moved the code on production and integration server, and it is working properly on other server's. I am not getting the issue with testing server. only
  on testing server the value of "HttpContext.Current.User.Identity.IsAuthenticated" is getting false after successfull login.
  Can someone please reply on above

• HT203167 My movies will not download to my iPad. And I the downloads are not available for my computer. How do I cancel or get the movies to my iPad? I am on wifi and 3 g. Not happy

  My movies will not download to my iPad. And the downloads are not available for my computer. How do I cancel or get the movies to my iPad? I am on wifi and 3 g. Not happy

  Hi,
  For all people struggling with connecting their iPad to their router, constantly getting 'Incorrect Password' even though you have entered the correct one - this may be your solution as it just resolved my issue.
  In your router settings online (usually found at 198.168.1.1) change your security from WPA2 or WEP to WPA.  For my iPad it for some reason only accepts WPA but now it is running without problems.  Let me know if this helps.
  Cheers.

• Hiding prices for not authenticated users in Web Channel Web Shop

  Hi Experts,
  I have a requirement for hiding prices for all users who are not logged. The prices only will be shown once the users are authenticated into the system (Portal). Any ideas...?
  Best Regards
  David C

  Hi Hamendra,
  Thank you so much for all information... I already downloaded the guide but I could not find any information about getting status from users logged..... How to know if a user is logged or not into the system...?? We got WCEM 1.0 and I found a Post for WCEM 3.0 Early logon http://scn.sap.com/community/crm/web-channel/blog?start=15 for some excluded pages they used this tag for encapsulate content on JSP:
  <c:if test="#{wec:isEarlyLogonShopAndUserNotLoggedIn() == false}">
       <YOUR CONTENT/>
  </c:if>
  Do you think it might work...? Don't know if Early Logon is available for WCEM 1.0... I am still searching and testing...
  Best Regards
  David Cortés

• Log - hostapd trying to update accounting statistics, station not found , ] trying to deauthenticate to station, but not authenticated

  I am seeing log entries and want to see is security problem.
   Log Message from AP xxx.xxx.xxx.xxx
  TIME                Priority  Process Id                Message 
  Sep 18 2014 11:0       3        hostapd[941]            trying to update accounting statistics, station not found
  Sep 18 2014 11:0       3        hostapd[941]            trying to deauthenticate to station but not authenticated 

  Hi mbalbuena
  you are not mentioning what kind of authentication (WPA-Enterprise, WPA-PSK,..) are you using for your wifi network. That could be related to RADIUS accounting feature (in case of WPA-Enterprise with RADIUS accounting enabled/checked) but I am not sure.
  But nevertheless of that I hope this is just information that:
  Some client wanted to authenticate to your network, but it fails. This resulted to explicit deauthentication of that client by your WAP (regardless of fact if client was really authenticated or not at beginning). Forced deauthentication makes sense for example in case, that client was successfully connected to your Wifi, but it fails to reauthenticate (yes, every client is challenged to reauthenticate regularly after defined period of time) for some reason - in this case forced deauthentication ensures that user will get kicked off from your Wifi network. That's my explanation of second Log line.
  First line is just triggered action resulted "deauthentication" process - i.e. gather accounting statistics of that client. But in your case it fails, because that client was never really connected to your Wifi network and thus there are no records in statistics table for him.

• Keeping Internal Users off Guest Wireless

  Have a WLC 5508 running 6.x code with LAP's providing wireless for our internal laptops (WPA2 and EAP-TLS). I want to provide guest wireless which goes out a different port on the WLC to a guest firewall/cable modem. However, we want to prevent our internal laptops from being able to use the guest wireless. I have RADIUS (IAS) and LDAP for my AD available. We would prefer not to have use Lobby Ambassador and just have the guests use a simple password or web passthru. Guests may be laptops or smartphones.
  What options are available? I have tried a test setup using dynamic vlan assignments from RADIUS using the IETF flags, but can't seem to get it to work. Is there a way to identify the SSID is being used at the RADIUS server? Thanks.

  I'm closer. I have aaa override working for vlan assignment via RADIUS. On the RADIUS server, I have two access policies. The first is my normal authentication (EAP-TLS) for internal wireless clients where I included the condition member of Windows group Domain Computers. The RADIUS reply for the first policy assigns them to the "internal" vlan. The second RADIUS policy is for the visitor account (AD account with username/password) and the RADIUS reply from that assigns them to the "guest" vlan. The guest vlan exits my WLC on a seperate port to the guess firewall/cable modem, while the internal vlan exits to my internal lan.
  That way even if internal user connects to the Guest SSID with a company laptop they still end on the internal lan.
  Right now I have the Internal SSID authenticating off one group of RADIUS servers, and the Guest SSID authenticating off another set. My next step is to see if it can be done with only one SSID and one group of RADIUS servers, since assigning the vlan is what really matters.
  Are there any security considerations with using a single SSID?  I plan on turning on Peer to Peer Blocking if I do that.

• Guest SSID not working

  Hi all, im trying to configure the MSM760 to work with Guest SSID via HTML authentication.im facing the problem that i can get IP address, i can ping to outside, but i cant open anything in the broswer, it seems there is DNS resolving issue.anyway.i have disconnected this controller from teaming yesterday, and the team works with two SSID's1. NPS SSID which is used for Domain users authentication2. HTML uses authentication  the NPS SSID was always ok, but the Guest was not working, and as i understand from some reading in here that the Guest SSID will not work properly in Teaming.so i disconnected this Controller and and changed the management IP address to new range. and started to test but i didnt get success with browsing.also the NPS authentication on it stopped and i cant get it to work. any advice? thanks in advance.

  FYI this is for HP wireless product and networking not support another company product. For that you need to go to their support site and ask for further help from them.

• Guests are not getting IP & webpage

  Guests are not getting IP & webpage.
  I have a 4400  ( 6.0.199.4 ) WLC configured with a guest wlan using web authentication & DHCP is configured on ASA . & ADSL line is connected to ASA ( for internet)...this was working , from last 2 days it is not working. guest users are not to get the IP address & login web page. Error message is Limitted connectivty.
  My observation.
  ADSL linterent connetion is working fine & from ASA to switch connection is fine & VLAN is also up.
  from WLAN end, all parameter are looks good, nothing changed.

  please see the log, which I took from WCS ..it look WLC is receving request from client ...i think it is not getting responce from DHCP ...
  it make sence ?
  ime :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. processing DHCP DISCOVER (1)
  Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
  Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   xid: 0x41839660 (1099142752), secs: 5247, flags: 0
  Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   chaddr: d8:2a:7e:d2:d9:92
  Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
  Time :11/24/2011 13:27:11 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. processing DHCP DISCOVER (1)
  Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
  Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   xid: 0xd4b2de62 (3568492130), secs: 5251, flags: 0
  Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   chaddr: d8:2a:7e:d2:d9:92
  Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
  Time :11/24/2011 13:27:15 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information.   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
  Time :11/24/2011 13:27:17 CET Severity :INFO Controller IP :10.45.235.4 Message :Dhcp Information. processing DHCP DISCOVER (1)