4402 PEAP w/ACS3.3 using Novell NDS.

I am trying to configure WPA2 with 802.1x authentication through ACS 3.3. Having issue with using PEAP authentication through ACS 3.3 configured for Novell NDS as External Database. Client is stuck "Verifying credentials". Controller sends authentication requests to ACS, but it is not getting any response back from ACS. ACS is on the same subnet, no firewalls of any kind in between. Under Failed Authentication on ACS nothing gets logged if I have PEAP enabled under Global Authentication Setup (EAP-MSCHAPv2). If I uncheck PEAP options under Global Authentication, then ACS will log under Failed Attempts error message saying that "EAP type not configured. Check Global Authentication Setup". Correct IP address of ACS and secret key is entered in Wireless Controller. I have also tried using port 1645 and 1812 with the same result.
Any ideas would be appreciated. Thanks.

If you are authenticating against Novell eDirectory/NDS, you should use EAP-GTC. Also, when you create your database configuration, be sure to enter all contexts (separated by commas) in which your user accounts reside.

Similar Messages

  • PEAP EAP-MSCHAP and Novell(NDS)

    We have several 350/1220/1131 ap's and would like to implement a 802.1x solution. We have a ACS 4.0 and are running Novell(NDS) as userdatabase.
    As far as I have understood, PEAP MSCHAP only support Microsoft databases, and only EAP-GTC can be used with NDS/LDAP databases.
    Is this correct ?
    Johann Folkestad

    PEAP uses TLS to encrypt any subsequent CHAP exchanges. Yes, MSCHAP uses a hashing algorithym. But it runs within a server-side cert TLS tunnel for server-side authentication and encryption.
    peter

  • PEAP with Novell NDS and LDAP?

    I was reading this Cisco Q&A doc (http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item0900aecd801764fa.shtml) that contained the following question and answer:
    Q. Can I use PEAP with LDAP or Novell NDS databases?
    A. Yes. PEAP provides interoperability with both LDAP and Novell NDS.
    I was under the impression that LDAP and Netware only supported EAP-GTC, EAP-Fast (phase 2 only), or EAP-TLS???
    Can anyone comment?

    Getting 802.1x to work with novell using PEAP w/ GTC is a slam dunk with some exceptions. I'm using Cisco ACS with Backend connection to NDS. If you have XP clients you can easily use the Cisco PEAP supplicant to allow connecting with EAP-GTC. I ran into problems with the mixture of cards and Client OS. I turned to Funk Odyssey Client to solve all my problems on the clients.

  • JAVA library for authen. RADIUS or Novell NDS?

    Probably certainly to me not here...
    The question consists in the following:
    What libraries (if are available) for JAVA for authentication through RADIUS and/or Novell NDS are available?
    Please at presence of such libraries to write to me on E-mail: [email protected]
    Thank for attention.
    K$V

    Does that mean that you are not going to come back here and check any answers and expect someone to email you the answer. I doubt that happening.
    I think there is a product called Radiator for Radius and Novell provides a Java toolkit for its directory servers. You might be able to use these.
    Anyways, I did not have a right answer.
    Sorry, could not help being arrogant.

  • JNDI to access Novell NDS LDAP

    Hi,
    I'm using WLS 5.1 on Solaris.
    I would like to use an NDS LDAP server instead of the internal WLS JNDI
    directory.
    Has anyone done this?
    I think you simply specify the LDAP server when getting the initial
    context. Does anyone have any sample code I could see?
    many thanks
    Alan

    Hi
    I am attaching a sample code below. Replace LDAP URL with the URL of your
    LDAP server.
    I have created entry in LDAP server with uid=LPraful.
    import javax.naming.*;
    import javax.naming.directory.*;
    import weblogic.jndi.WLContext;
    import java.util.*;
    import java.util.Hashtable;
    * Demonstrates how to retrieve selected attributes of a named object.
    * usage: java Getattrs
    class Getattrs {
    public static void main(String[] args) {
    // Set up the environment for creating the initial context
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,
    "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL,
    "ldap://leena.eaitech:389/ou=People,o=eaitech");
    env.put(Context.SECURITY_PRINCIPAL,"cn=Directory Manager" );
    env.put(Context.SECURITY_CREDENTIALS,"netscape" );
    Hashtable h = new Hashtable();
    h.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.jndi.WLInitialContextFactory
    h.put(Context.PROVIDER_URL,"t3://localhost:7010");
    h.put(WLContext.DELEGATE_ENVIRONMENT,env);
    try {
    // Create initial context
    DirContext ctx = new InitialDirContext(h);
    System.out.println("ctx = "+ctx);
    System.out.println("performing lookup ");
    Object obj = ctx.lookup("cn=Ravi Pinto");
    System.out.println("lookup = "+obj);
    // Specify the ids of the attributes to return
    String[] attrIDs = { "telephonenumber", "mail"};
    // Get the attributes requested
    Attributes answer = ctx.getAttributes("uid=LPraful");
    System.out.println("test1");
    // Print the answer
    for (NamingEnumeration ae = answer.getAll(); ae.hasMore();)
    Attribute attr = (Attribute)ae.next();
    System.out.print("attribute: " + attr.getID());
    // Print each value
    for (NamingEnumeration e = attr.getAll(); e.hasMore();
    System.out.println(" value: " + e.next()));
    System.out.println();
    // Close the context when we're done
    ctx.close();
    } catch (Exception e) {
    e.printStackTrace();
    Thanks,
    Leena Praful
    EAI Technologies.
    Alan Mangroo <[email protected]> wrote in message
    news:[email protected]...
    Hi,
    I'm using WLS 5.1 on Solaris.
    I would like to use an NDS LDAP server instead of the internal WLS JNDI
    directory.
    Has anyone done this?
    I think you simply specify the LDAP server when getting the initial
    context. Does anyone have any sample code I could see?
    many thanks
    Alan

  • EAP-TLS with Novell NDS

    I configured EAP-TLS for the wireless LAN in the Novell 6 environment. However encountered a problem on the ACS with Novell NDS. Attached is the error messge, any advice on how to overcome ? I have generated the server key and the client key from Windows 2000 server. The error message is 'AUth type not supported by Ext DB'

    EAP-TLS is not supported with Novell NDS as per the compatability matrx shown in the following document,
    http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/o.htm

  • Using Novell Netware

    Does anyone know how to use the novell netware with java?
    esp. read out all connected users and send messages to them

    Novell has 'LDAP Classes for Java' that may be of interest to you.
    http://developer.novell.com/ndk/ldap-index.htm
    With them you can authenticate to the NDS server and retrieve user information via LDAP. However, I don't know if this will contain a list of users that are currently logged into Novell.

  • Question on deploying 10g & Apex on Linux/Apache. Plus help on Novel NDS.

    After see what Apex can do, my management is interesting in bring Apex in house. We have a sever that has Linux and Apache install. We want to deploy Oracle 10g (or 11g whichever most suitable) and the last Apex (version 3.1 right?) on the current platform.
    We also want to be to leverage Novel Directory Sever as for authentication and authorization for the Apex application.
    We are absolutely new to Oracle and Apex. Would someone please verify that above can done? Possibility provide some pointer on 10g and apex install on Linux/Apache, and on how using NDS with Apex.
    Any suggestion or pointer will be Greatly Appreciated.
    Susie

    Did those references lead you to this?:
    http://www.oracle.com/technology/products/ias/ohs/htdocs/php_ohs.htm
    -- CJ

  • SharePoint 2010 with LDAP authentication, using NOVELL eDirectory

    One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
    Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
    I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
    In the Membership provider name text box I entered "LdapMember"
    In the Role provider name  text box I entered "LdapRole"
    In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="((ObjectClass=group)"
    userFilter="((ObjectClass=person)"
    scope="Subtree" />
    </providers>
    </roleManager>
    I modified the SecurityTokenServiceApplication web.config with these details
    <system.web>
    <membership>
    <providers>
    <add name="LdapMemebr"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true">
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    </system.web>
    I modified the web.config of the test application I created with these details
    <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
    <providers>
    <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="cn"
    dnAttribute="dn"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    <membership defaultProvider="i">
    <providers>
    <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    useDNAttribute="true"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
    The server could not sign you in. Make sure your user name and password are correct, and then try again.
    I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
    8306 - SharePoint Foundation - The security token username and password could not be validated.
    in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
    then this:
    Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
    at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
    I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
    The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
    The LDAP server tells the SharePoint server it is ready to communicate
    the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
    The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
    The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
    The SharePoint server acknowledges the connection is closing
    ... and then nothing happens, except the error on SharePoint
    What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
    specified in the web.config). That part does not seem to be happening.
    I am at a standstill on this and any help would be greatly appreciated.

    OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
    is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
    for enabling Forms Based Authentication:
    "ASP.NET Membership provider name"
    "ASP.NET Role manager name"
    We entered a name for Membership provider, and left Role manager blank.
    In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword="validpassword"
    useDNAttribute="false"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager>
    <providers>
    </providers>
    </roleManager>
    useDNAttribute="false" turned out to be important as well.
    So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
    leave anything related to the role provider blank
    configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
    Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
    Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
    a non-existent role manager.

  • Using an NDS statement for a SQL stament run only once in a proceudure

    Hi,
    We're using Oracle 11.1.0.7.0.
    I'm going through code written by someone else. In this package they're using NDS for every SQL call whether it gets called multiple times or just once. Is that a good thing?
    I thought NDS was only reserved for SQL statements that get called over and over again in a procedure with possible varying 'WHERE clause' variables and so on...
    Is there ANY benefit to using NDS for SQL queries called only once in a procedure?
    Thanks

    There is no benefit unless you want to turn PL/SQL into SQL*Plus (parse once, run once)
    Procedures exist to make sure : parse at compile time, run many times.
    The code is shooting itself in its own foot.
    Or the developer must have got hold of Tom Kyte's unpublished one chapter book 'How to write unscalable applications'.
    Sybrand Bakker
    Senior Oracle DBA

  • Using Novell Portal Services in Oracle Portal

    Hi,
    We're currently looking into several Portal solutions and I'd therefore like to know if the gadgets provided by Novell can be used in Oracle Portal?
    Regards,
    Henrik Neumann

    While there is no direct integration between the two, it is possible that you could write Oracle portlets that "wrap" the results of a Novell gadgets.

  • CiscoSecure ACS using Novell Database for 802.1x

    I am using user authentication to validate users on the network. I am running ACS 3.2 on a Windows 2000 server. The customer is running Novell 6.1. I have set up an external database within ACS. This is a generic LDAP configuration.
    The problem is that I get a message that states that LDAP Server NOT reachable.
    The LDAP service is running on the Novell box.
    Any ideas?? There is network connectivity between the two servers.
    Thanks,
    Robert Chachere

    The "GroupClass" will be bty default set to "groupOfUniqueNames".Try setting it to "groupOfNames".

  • Disable Windows 7 Administrator Accounts using Novell Script

    Hello, is there a command line I can place in my log in script that will disable the windows 7 administrator account. Or auto log into the administrator account so that I can update the Zimbra connector for 600 users who are using Outlook 2007 and Outlook 2010. The script worked to update the Zimbra connector on 50 of the machines on the network that the users are administrators
    Here are my scripts.
    Zimbra Script
    MAP DISPLAY OFF
    MAP ERRORS OFF
    #msiexec /quiet /i \\ARTEMIS\sys\zimbra32\ZimbraConnectorOLK_7.1.3.63 47_x86.msi
    MAP DISPLAY ON
    END
    User Container_Script
    WRITE "This is container login script"
    WRITE "Good %GREETING_TIME: %CN"
    WRITE "The Time is %HOUR24: %MINUTE"
    DOS SET MAPROOTOFF="1"
    ;MAP F:=ARTEMIS\SYS:
    MAP G:=ARTEMIS\COMMON:
    MAP H:=ARTEMIS\USERS:%CN
    MAP I:=ARTEMIS\APPS:
    IF MEMBER OF "adminReset" THEN
    #NET USE R: \\141.217.157.17\software\vmview5\client T3chsRc00l /user:lrctech
    END
    #G:\LoginScriptInstalls\Admin\changeAP.bat
    IF MEMBER OF "Faculty_OSA_DB" THEN
    #NET USE O: \\selene.nursing.wayne.edu\osa faculty /user:faculty
    @O:\ePOW\k1ePOW.bat
    ;#command /c copy O:\ePOW\k1ePOW.mdb C:\ePOW\k1ePOW.mdb
    ;#command /c copy O:\ePOW\k1ePOW-L.mdb C:\ePOW\k1ePOW-L.mdb
    END
    IF MEMBER OF "osa" THEN
    MAP ROOT J:= ARTEMIS\COMMON:\OSA_COMMON
    #NET USE O: \\selene.nursing.wayne.edu\osa nursing06 /user:osa
    @md C:\OSA2k8
    @O:\OSA2k8\OSA2k8.bat
    ;#command /c copy O:\OSA2k8\osa2k8-L.mdb C:\OSA2k8\osa2k8-L.mdb
    ;#command /c copy O:\OSA2k8\osa2k8.mdb C:\OSA2k8\osa2k8.mdb
    END
    IF MEMBER OF "CoN_Calendar" THEN
    #NET USE X: \\selene.nursing.wayne.edu\web_datashare faculty /user:faculty
    @\\artemis\common\CLASSLISTS\Room_Sch\Calendars.ba t
    END
    REM Novell SP5 Upgrade
    regread "HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName"
    if "%99" = "Microsoft Windows XP" then
    write "Checking for latest version of Novell Client..."
    IF PLATFORM = "WNT" THEN
    @\\artemis\sys\NwCLIENT\WINNT\i386\acu.exe
    IF "@ERROR_LEVEL" = "1" THEN
    EXIT
    END
    END
    END
    REM TimeSync
    regread "HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Da teTime\Servers,0"
    if "%99" = "time.wayne.edu" then
    regread "HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Da teTime\Servers,"
    if "%99" = "0" then
    write "Time is synced with Wayne Time!"
    else
    @\\artemis\common\LoginScriptInstalls\TimeSync\Tim eSync.bat
    endif
    else
    @\\artemis\common\LoginScriptInstalls\TimeSync\Tim eSync.bat
    endif
    REM WSUS
    regread "HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName"
    IF "%99" = "Microsoft Windows XP" then
    regread "HKLM,SOFTWARE\Policies\Microsoft\Windows\WindowsU pdate,WUServer"
    IF "%99" = "http://141.217.157.19:8530" then
    write "WSUS is up-to-date!"
    else
    @\\artemis\common\LoginScriptInstalls\WSUS\zoewsus XP.bat
    write "WSUS was just connected to the new and IMPROVED update server!"
    END
    END
    regread "HKLM,SOFTWARE\Policies\Microsoft\Windows\WindowsU pdate,WUServer"
    if "%99" = "http://141.217.157.19:8530" then
    write "WSUS is up-to-date!"
    else
    @\\artemis\common\LoginScriptInstalls\WSUS\zoewsus NEW.bat
    write "WSUS was just connected to the new and IMPROVED update server!"
    endif
    REM SAV temp
    @\\artemis\common\LoginScriptInstalls\Symantec\sav-parent.bat
    REM Novell Server - Artemis default; LDAP Athena
    @\\artemis\common\LoginScriptInstalls\NovellServer \artemis.bat
    REM SAV
    regread "HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Un install\{50E125D1-88E5-48CE-80AE-98EC9698E639},DisplayVersion"
    if "%99" = "10.1.6000.6" then
    regread "HKLM,SOFTWARE\Intel\LANDesk\VirusProtect6\Current Version,Parent"
    if "%99" = "SOPHIA" then
    write "Symantec Antivirus is connected to SOPHIA!"
    else
    @\\artemis\common\LoginScriptInstalls\Symantec\sav-parent.bat
    write "Symantec Antivirus was updated to connect to SOPHIA!"
    endif
    else
    regread "HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Un install\{2085C617-589C-40F8-BE40-EDBC9E2CA2EB},DisplayVersion"
    if "%99" = "10.1.7000.7" then
    regread "HKLM,SOFTWARE\Intel\LANDesk\VirusProtect6\Current Version,Parent"
    if "%99" = "SOPHIA" then
    write "Symantec Antivirus is connected to SOPHIA!"
    else
    @\\artemis\common\LoginScriptInstalls\Symantec\sav-parent.bat
    write "Symantec Antivirus was updated to connect to SOPHIA!"
    endif
    else
    regread "HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Un install\{AD8A1013-4E46-4E02-85C2-3168C3328432},DisplayVersion"
    if "%99" = "10.1.8000.8" then
    regread "HKLM,SOFTWARE\Intel\LANDesk\VirusProtect6\Current Version,Parent"
    if "%99" = "SOPHIA" then
    write "Symantec Antivirus is connected to SOPHIA!"
    else
    @\\artemis\common\LoginScriptInstalls\Symantec\sav-parent.bat
    write "Symantec Antivirus was updated to connect to SOPHIA!"
    endif
    else
    regread "HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Un install\{2EFCC193-D915-4CCB-9201-31773A27BC06},DisplayVersion"
    if "%99" = "11.0.5002.333" then
    write "Symantec EndPoint Antivirus is installed!"
    else
    write "YOUR ANTIVIRUS IS OUT OF DATE!!!"
    write "CONTACT 577-8604 TO HAVE THIS RESOLVED!"
    @\\artemis\common\LoginScriptInstalls\Symantec\sen dmail.bat
    endif
    END

    Ad1082,
    > MAP DISPLAY OFF
    > MAP ERRORS OFF
    > net user administrator /active:yes
    > #msiexec /quiet /i \\ARTEMIS\sys\zimbra32\ZimbraConnectorOLK_7.1.3.63
    > 47_x86.msi
    > MAP DISPLAY ON
    > END
    That should activate the administrator account, yes and then run ine
    installer.
    > Also can you elaborate more on your statement here? "so if you have
    > (another) service login you can try runas or psexec it" I'm confused as
    > to what you mean sorry my expertise is limited when it comes to
    > scripting.
    A command run from the login script, unlike something that is fired off
    by ZCM, has no special rights, ie the net use command above will fail,
    unless the user is a local administrator equivalent.
    One way to get around that is if you have a predefined, local, account
    for service and stuff, in that case you could create a batchfile that
    pushes down psexec
    (http://technet.microsoft.com/en-us/s.../bb897553.aspx)
    Then runs it to run the command, ie:
    #psexec -u user -p password net user administrator /active:yes
    I have done stuff like that in the past, but it is generally a royal pain
    to set up.
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)
    Have an idea for a product enhancement? Please visit:
    http://www.novell.com/rms

  • Pass Through Auth Not Using Novell eDirectory Over RDP - Virtual Desktop

    Hi,
    I have installed and configured SGD and the Virtual Desktop Adapter to a Virtual Center server. So far that whole side of things is working great. Machines are cloned, prepped and connected to by users through the My Desktop link in SGD. Now that I am attempting to perfect the master template I have encountered some issues. The network here is Novell eDirectory and at the moment when the desktop is launched the username and password used to authenticate to the SGD webtop are passed through to the Virtual Machine, but it seems that they are passed through to the Windows Authentication System/GINA even though the Novell client is in place.
    The virtual machines are Windows XP and by default none of the user accounts exist locally, so of course the login fails. This drops the user back to the login box where it can be seen that the Workstation Only tick box is checked. Settings in the Novell client to always default to eDirectory authentication, forget last setting used etc has all been set properly. Even when hiding the Workstation Only tickbox the username and password are passed to local system authentication still.
    I need to get the username and password sent to the Novell eDirectory authentication system/GINA in order for Zenworks to create the user on the local system. When dropping back to the login box and manually unticking the Workstation Only box login proceeds normally. Drives are mapped and the local user account is created by the Zenworks agent.
    Is SGD specifically targeting an authentication subsystem within the virtual machine, regardless of your installed authentication handler/GINA preference order? Can I get SGD to pass the details to the Novell client? Barring that is there some way I can prevent SGD passing the details? I tried turning off some of the authentication details caching etc but some of that is needed to rename the virtual machines after the user connecting. For the time being having users authenticate twice would be acceptable, having them login in, then get an error message, then manually unticking Workstation Only then relogging in is not acceptable.
    I have been searching these forums, Novell forums, Terminal Server forums for answers but so far nothing has been of any help. Please note that the login box is not the cut down/windows only login box that users are seen when they connect over RDP to a machine that already has a user logged in locally. There is no user logged in locally and the full login box is presented once the login failed message is cleared.
    Any help, or even a nudge in the right direction would be great.
    Thanks
    Russ

    Hi,
    Thanks for taking the time to respond. I tried the full context user name path as well, but its defiantly just being passed to a different GINA. The only credentials that determine if you have RDP access to a server is the local machines credentials, so Microsoft have the service pass authentication straight to the Microsoft GINA non-interactively instead of honouring the installed GINA's. So it will fail no matter what I put in since the account doesn't exist locally yet. People have implemented solutions that depend on Active Directory domains, but that's what I am trying to avoid.
    In that situation the AD Domain would allow access to the local machine based on Windows permissions, and a registry setting TSAutoLogin or something would trigger the Novell log in in parallel to map the Netware shared volumes. With no domain you can't get the initial log in triggered for the Novell client to kick in.
    Connecting to the virtual machine using an RDP client without pre-entering authentication information does show the Novell Login (NWGINA) with all the right settings in place, so I have modified the expect (login) script for SGD not to automatically pass log in information through with the RDP connection it makes. The result is a clean Novell login box without any errors that a user can just enter their details into a second time.
    Russ

  • Deployment of Acrobat 7.0 Pro using Novell Console1

    I'm trying to use Zenworks to deploy my MST file .... it's save on my network drive ...I want to use UNC coding... can anyone help me? ..
    if possible, Please provide all entries ... My novell Object requires three lines under ... Run options > Applications.
    Path to file:
    Parameters:
    Working Directory:

    what does sitekeeper need to know in order to uninstall software? can it take standard command line stuff?

Maybe you are looking for

  • Web items not visable in PDF.

    Hi all, I'm using a generic "display"-web template in WAD. Printing, "Print Version" button, this template from a browser the standard analysis and chart are displayed in the PDF output file. If a add a new web item, like Analysis, the browser is sho

  • Finder issue on Lion

    Hi, I have a Mac Book Pro 13" bought at the beginning of the year (so installed with Snow Leopard). I used to use Mission Control (early named Spaces) with 4 desks. I upgraded to Lion about a month ago. First all was ok, but for about two weeks, all

  • [CATS] Exit CATS0002 and message handling

    Hi, In CATS regular (CATS Web Dynpro), I implemented CATS0002 for defining values when the user does not fill them himself/herself and I able to do it fine! My requirements are to dispay a warning message that the system had to do so (because in some

  • Can i-tunes display fIle names in the columns

    i-tunes has a vast list of columns to choose from right from album, artist,genre ,rating etc.. However, how can I display the original file name in a column?

  • Sql for top sql

    Dear DBAs Application team has asked me to provide TOP Sql statements in testing database which can help them to improve code. Developer gave OEM top sql example from his last job. Currently I do not have OEM installed. I am on 10.2.0.1.0 . I was thi