Access to ACS 4.2 with Domain Credentials

Similar Messages

• Run a powershell script with domain credentials during task sequence

  I have a powershell script that adds the computer it is run on to a security group.  If I log onto the computer with a domain account it works perfectly.  However, if it is run while logged on as the local admin account it fails with an error message
  that says the domain either doesn't exist or cannot be reached.
  This is a problem because when a computer is being imaged the process runs with the local admin account.  Is there a way to run this script with domain credentials in the task sequence?
  Thanks,
  Andy

  How are you running the Powershell script? If you use a Run Command Line step, you can specify an account to run as. Something like "powershell %scriptroot%\psscript.ps1" where the psscript.ps1 is located in your Scripts folder in your deployment
  share.
  -Nick O.

• ACS any Version with Domain Controller on Windows Server 2008 R2 64bit

  Hi All
  Is there currently any ACS version working with Windows Server 2008 R2 domain controllers?
  Our server stuff has recently upgraded the Domain Controllers to 2008r2 and turned off the 2003 servers. This didn't make our ACS 4.1.4 really happy.
  I've read now serveral posts regarding issues with ACS and Server 2008r2 and hope to find a solution (besides switching to LDAP, yukk).
  Thanks
  pato

  Hi AllIs there currently any ACS version working with Windows Server 2008 R2 domain controllers?Our
  server stuff has recently upgraded the Domain Controllers to 2008r2 and
  turned off the 2003 servers. This didn't make our ACS 4.1.4 really
  happy.I've read now serveral posts regarding issues with ACS and
  Server 2008r2 and hope to find a solution (besides switching to LDAP,
  yukk).Thankspato
  Hi Pato,
  Just check out the below link hope that help.
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/release/notes/ACS42_RN.html
  As per the link it says The support for Windows Server 2008 is applicable for ACS 4.2 Patch 4 onwards.
  Hope to Help !!
  Remember to rate the helpful post
  Ganesh.H

• Logging on to Win 8.1 workstation with domain credentials

  Hi All.
  I been on Windows 8 Pro(now 8.1 update 1) for over a year now. Until now, I've always logged on to my workstation with my MS account. I recently decided to join my workstation to a domain where the Primary DC is running Server 2008 r2. I joined the domain
  without a hitch, but when I try to log on to the workstation using domain credentials, the logon screen seems to insist on a MS account. It wants user name to be in email form only. When I tried to use my domain credentials in that format ([email protected])
  it told me that the password is wrong and I should make sure to use my MS account password.
  I tried disconnecting my MS account from my local account, but it didn't help.
  Any ideas?

  I'm not sure if what you are doing is supported, to have a local MS sign-in account as well as a corporate domain account residing side by side, you might have to give up your MS sign-in and use a local ID for the domain logon to work
  you may however consider setting this up using the Workplace Join feature in 8.1 which should work much better
  http://blogs.technet.com/b/keithmayer/archive/2013/11/08/why-r2-step-by-step-solve-byod-challenges-with-workplace-join.aspx

• Login with domain credentials

  I have a mini version 10.6.3 I have it bound to my domain. I have checked the box 'create mobile account at login' but I can't login with my domain credentials. I tried my username and password, I also tried it in the format domain\username password. I was able to get this work 10.5. Any ideas?

  If the time is off on the client and server, it won't let you log in. Make sure that you have the Mac setup to sync to the time server the domain controllers are on.
  If that's not it, try to unbind and rebind and see if that fixes it.

• ISE and AD.. Users Cant login with domain credentials after changing password

  Hello guys,
  I have ISE 1.2 running in a live environment. I have a problem that users cant login after password has expired and changed. i have enabled password change under AD settings and have also checked the allow password change in the allowed protocols settings for PEAP with retries set to 3. 
  thanks for any help i can get in resolving this issue.

  You have the option to allow guests to change password in the portal settings?

• Slow logon with domain credentials when not on company network

  Hello,
  I have my MacBook Pro bound to the domain. When I am connected to the company network via a network cable, login is at normal speed. If I unplug the network cable, reboot, then try to login it takes minutes to get to my desktop. I'm guessing that it's looking for a domain controller or something. I'm doing this to simulate what it would be like if someone was away from the office.
  I have another MacBook Pro that acts the same way.
  Our domain is a .local domain. If this is the reason it's taking so long, is there a work around? Or a way to make it go through this process a little faster? Sometimes it takes as long at 2.5 minutes.
  Thanks,
  Josh

  I called into Apple support since no one has responded on this.
  He had two suggestions.
  1) Input our domain servers as the DNS servers in Network preferences. This works great except for when I'm wanting to use the Internet. It, of course, doesn't resolve any names to be able to go to websites. (EDIT: What I mean is that when I'm at another location it doesn't resolve names. If I manually input the DNS servers on my ethernet adapter, it will only resolve the name if those servers are available. When I'm not in the office, they aren't available. This speeds the login time up, but causes other issues.)
  2) Change our domain to something different than .local. We just can't do that at this time.
  I tried something that appears to work on this MacBook, but on the other one that is having the same problem it doesn't work. I manually input our domain.local in the Search Domains right by the DNS options in network settings. To be honest, I'm not 100% sure what that effects. So maybe it's completely happenstance? I'm not sure why it appears to work on one and not the other. When I say 'work' I mean that it only takes a few seconds to log in rather than minutes.
  The only difference between the two is processor speed.
  Any thoughts or can someone explain to me what affect manually filling out the Search Domain field would have?
  Message was edited by: Josh_P

• ISE EAP-Chaining with machine, certificate and domain credentials

  Good morning,
  A customer wants to do the following for their corporate wireless users (all clients will be customer assets):
  Corp. wireless to authenticate with 2-factor authentication:
  •1. Certificate
  •2. Machine auth thru AD
  •3. Domain creds
  When client authenticates, they want to match on 2 out of the 3 conditions before allowing access.
  Clients are Windows laptops and corporate iPhones.
  Certs can be issued thru GPO and MDM for iPhones
  Client supplicant on laptops is native Windows - which I understand is a compatibility issue from this thread: https://supportforums.cisco.com/thread/2185627
  My first question is: can this be done?
  Second question: how would i implement this from an AuthC/AuthZ perspective?
  Thanks in advance,
  Andrew

  You can do this configuring anyconnect with NAM modules on endpoints! But I don't make sense configure some clients with certificate and others with domains credentials...
  For your information, I'm actually configuring EAP-Chaining on ISE 1.2 and i'm gotting some problems. The first one I got with windows 8, for some reason windows was sending wrong information about the machine password but I solved the problem installing a KB on windows 8 machines (http://support.microsoft.com/kb/2743127/en-us). The second one I got with windows 7 that are sending information correctly about domain but wrong information about user credentials, on ISE logs I can see that windows 7 are sending user "anonymous" + machine name on the first longin... after windows 7 start if I remove the cable and connect again the authentication and authorization happen correctly. I still invastigate the root cause and if there is a KB to solve the problem as I did with windows 8.
  Good luck and keep in touch.
  http://support.microsoft.com/kb/2743127/en-us

• My old appleID use email with domain already deactivate. So I changed my appleID and primary email and now I can not access iCloud with iOS7. ICloud shows my old appleID but I can't change it. How do I get iCloud to work with my updated ID?

  My old email that using register for apple ID cannot access/check any mail because that domain already deactivate.
  So I changed my appleID and primary email and now I can not access iCloud with iOS7. ICloud shows my old appleID but I can't change it. How do I get iCloud to work with my updated ID?

  Hi ccharat,
  Welcome to the Apple Support Communities! It sounds like you did a good job editing your Apple ID and primary email address, but you didn’t sign out of iCloud on your iOS device before hand. What you may need to do in this situation is go back to the Apple ID website and edit your Apple ID and primary email address back to the email address that is signed in with iCloud (there is no need to verify the account after editing it back to the old account, just changing it back is enough). Once your Apple ID is back to the original account, delete the iCloud account from the iOS device and be sure to keep all info on the device when prompted. After you delete the iCloud account, go back to the website and edit your Apple ID and primary email address back to the new address. Once it is back to the account you would like, you can sign into the iCloud on the iOS device with that new account and merge all of the data when prompted. Please use the following article as a reference.
  iOS 7: If you're asked for the password to your previous Apple ID when signing out of iCloud
  http://support.apple.com/kb/ts5223
  Change your Apple ID temporarily
  If signing out and back in to iMessage or FaceTime didn't help, try these steps:
  Change your Apple ID to the Apple ID you used previously. You shouldn't need to verify the email address.
  Go to Settings > iCloud. Complete these steps only if the Find My [Device] setting is turned on:
  Scroll down and tap Delete Account, then tap Delete to confirm.
  Tap “Keep on My [Device]” or “Delete from My [Device].” In either case, your data remains in iCloud and will be updated on your device when you sign in to iCloud again.
  Enter the password for your previous Apple ID.
  Change your Apple ID to the new email address that you want to use. You'll need to verify the email address.
  Return to Settings > iCloud and sign in with your new Apple ID.
  I hope this helps,  
  -Joe

• ISE Admin Access with AD Credentials fails after upgrade 1.2.1 to 1.3.0

  Hello,
  After upgrading ISE VM from 1.2.1 to 1.3.0.876, I can't connect on ISE with AD Credentials (Invalid Username or Password). It worked find before upgrading to 1.3.
  On another ISE VM in 1.3.0.876 version (w/o upgrade) with this kind of configuration, it's OK.
  I have double check the Post-upgrade tasks (particularly rejoining Active Directory). Everything worked find after this upgrade except the admin access with AD credentials.
  I don't use user certificate-based authentication for admin access. So I didn't execute application start ise safe CLI.
  My 802.1x wireless users passed authentication with AD credentials. So the ISE had correctly join my AD.
  I didn't find anything related to this admin access with AD credentials failure in the output of show logging application ise and show logging.
  I don't find anything related to this in bug search on Cisco tools.
  I tried to :
  - update the SID of my Admin AD Group, the result is still the same.
  - delete my admin access with AD credentials configuration then make this configuration again, but still the same error.
  Any ideas on this ? Could I find elements in another log ?
  Regards.

  Dear Markus,
  After logging as user "prdadm"
  su - prdadm
  bssltests% bash-3.00$ ls -a
  .                            .dbenv_bssltests.sh-old      .sapenv_bssltests.sh         startdb.log
  ..                           .dbenv_bssltests.sh-old10    .sapenv_bssltests.sh-new     startsap_.log
  .bash_history                .dbsrc_bssltests.csh         .sapenv_bssltests.sh-old10   startsap_DVEBMGS00.log
  .cshrc                       .dbsrc_bssltests.sh          .sapsrc_bssltests.csh        startsap_DVEBMGS01.log
  .dbenv_bssltests.csh         .login                       .sapsrc_bssltests.sh         stopdb.log
  .dbenv_bssltests.csh-new     .profile                     dev_sapstart                 stopsap_.log
  .dbenv_bssltests.csh-old     .sapenv_bssltests.csh        local.cshrc                  stopsap_DVEBMGS00.log
  .dbenv_bssltests.csh-old10   .sapenv_bssltests.csh-new    local.login                  stopsap_DVEBMGS01.log
  .dbenv_bssltests.sh          .sapenv_bssltests.csh-old    local.profile                trans.log
  .dbenv_bssltests.sh-new      .sapenv_bssltests.csh-old10  sqlnet.log
  bash-3.00$
  bash-3.00$
  I have changed envt settings in .dbenv_bssltests.csh & .dbenv_bssltests.sh
  .sapenv_bssltests.sh & .sapenv_bssltests.csh  [4 files]
  Regards,
  Ankita

• I set up a new user on my network today and am now in a location without access to that network. I just set her up as a user on her macbook but I can't log in with her credentials. Is that because I am not on the network and it is the initial setup?

  I set up a new user on my network today and am now in a location without access to that network. I just set her up as a user on her macbook but I can't log in with her credentials. Is that because I am not on the network and it is the initial setup?

  You need to set the option to create a mobile account using the Directory Utility app. 

• HELP! Slow logon with Cached Credentials off domain. Have xperf files.

  Having issues when you take a corporate laptop off domain and log in using cached credentials. Login times range from 2-4 minutes. This is with SSD. No problem logging in on network. Only way to speed up login off network is disable wireless. I ran
  xperf both on network and off network. I have xperf files that can be emailed. Anybody got an idea?

  When trying to log in with domain credential offsite, your laptop is trying to contact DC from public Internet before using cached credentials. Without network, it will try cached credentials directly. According with my knowledge, you can't force cached
  credentials, the process is Automatic.
  Therefore, the only solution is disconnecting the network cable or using a local user instead.
  And this tool in the following link can help you findout exactly what is holding up the login process. You can check the result by youself.
  http://blogs.technet.com/b/askpfeplat/archive/2012/06/09/slow-boot-slow-logon-sbsl-a-tool-called-xperf-and-links-you-need-to-read.aspx

• Strange profile when I access with Domain Administrator accout

  Hello,
  It's the first time that I got this issue (I used to install Windows 2008 Server R2 many times a month) :
  These are different steps :
  - Windows 2008 Server R2 installed normally
  - access with local administrator (account : administrator)
  - doing updates
  - creating new local user (account : admin)
  - add this user to local administrator group ( group : Administrators)
  - access with that new admin user
  - delete administrator profile and disable that user
  - restart
  - add the server to a domain and then restart
  - access to the server with domain administrator (account : domain\Administrator)
  - then there's no mention of the domain administrator name in the profile
  hatem

  I'd check it again in between each of the steps you mentioned to see where it happens. Can't make much from the last screen shot since its blacked out. It may have been a one-off and will not happen next time.
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• How to pass server/domain credentials when accessing SSRS report through SSRS Web service programmatically?

  I am trying to render SSRS Report located on my remote report server in my ASP.NET MVC 4 app through reporting services web service programmatically.
  how can i send the server (windows/domain credentials) at runtime?
  tried below but no success.
  ReportingService2010 service = new ReportingService();  service.Credentials = new System.Net.NetworkCredential("username", "password");    service.Url = "http://MyReportServer/ReportServer/";

  Why are you using window domain credential ?
  Simply "rs.Credentials =
  System.Net.CredentialCache.DefaultCredentials" should work.
  http://technet.microsoft.com/en-us/library/ms170088(v=sql.110).aspx
  Regards, RSingh

• Require cert and domain credentials to authenticate?

  Is there a way to require a machine certificate AND domain credentials to authenticate to a wireless network (Cisco LWAPP, ACS, AD)? 
  My objectives are:
  Permit access from corporate hardware ONLY, i.e., prevent users from logging from a personal laptop or PDA using their domain credentials.
  Validate that an employee is logging on to the network. 
  My current PEAP implementation only satisfies the second condition and from everything I have read EAP-TLS will only satisfy the first.  Is there a solution?
  thanks

  PEAP or EAP-TLS with machine auth will do  the first one then the user can log in as normal with their user credentials.