ACS Authentication, multiple domains

Hi all,
I have the following problem
I have a Win 2003 domain (A) and a trust established with another Win
2003 domain (B). Domain A is the one with the CiscoSecure software.
We have many trusts with other domains (mostly Win 2000) and have
configured the mappings by using CiscoSecure.
But when trying to "add mappings" for this new 2003 Domain (B), I
continually am getting "failed to enumerate Windows groups. If you are
using Active Directory consult the installation guide for information."
I am not able to see domain B's users and groups from within the Cisco
Secure software.
However, if I use Active Directory Users and Computers from Domain A,
and "connect to domain" and choose Domain B, I am able to view all
users and groups just fine.
Do you know if there is a problem with configuring two 2003 domains in
this software? Do you have any other areas that I should investigate?
Some local policy on Domain B?

If ACS is installed on a DC of DOM1 and DOM1 has trust relationship to a remote domain DOM2
1) ACS Services (on DOM1 DC) run under a DOM1 Domain User (and Local Machine Administrator) - "acsacct"
2) This account (acsacct) has "Act as part of the OS" permission in Domain Security Policy and Domain Controller Security Policy
3) On DOM2 (The Remote Domain) , we Delegated Control to the acsacct User to the Custom Task of "Group Objects" and "User Objects".

Similar Messages

  • Cisco support LDAP Authentication - Multiple Domains

    Hi,
    I want to change the LDAP authentication as the multiple domains and my Windows AD environment is the child trust, that mean the root DC is the "abc.com", which have the two child DCs, e.g. "us.abc.com ", "uk.abc.com"
    Is it possible I just changed the LDAP auth. with user search space as the root DC is fine?
    OR
    I must use the "userPrincipalName" ?

    But it had the collision SAMAccountName, that would have the same account name between the us.abc.com and uk.abc.com. 
    If I changed the "userPrincipalName" LDAP sync to CM, how about the Jabber login?

  • LDAP Authentication - Multiple Domains

    I want to be able to use the built in LDAP Authentication scheme to allow authentication against multiple AD Domains... each with it's own separate Host IP/Server, and LDAP DN String. The User ID is formated the same among all Domains, so that is not a concern. I am currently authenticating against one Domain and it scans the tree successfully.
    Host: xx.xx.xx.xx
    DN String: %LDAP_USER%@amer.globalco.net
    (amer.globalco.net is the domain)
    How can this be accomplished? Is it possible all you guru's out there?
    I saw one forum thread discussing how to add a drop down list to the login page, then use the value of the page item in the DN String to specify Domain... That makes sense - HOWEVER - I also have to use a different Host Server / IP address for each domain as well.... Now that is 2 fields that need updating based on one select list.
    I can build the select list using "IP/Domain" - but how do I separate the two data bits in the ITEM Value into their own field values?
    Can I use the ldap_dnprep function to do text editing to create two field values from one ITEM value that I can use in the standard LDAP authentication form fields?
    As you can tell - I am not a SQL/PLSQL person... and I want to avoid creating my own LDAP scheme.
    Please include example/suggested SQL -
    Thanks in advance...
    Rich
    Apex v3.2.1
    Oracle 10G Express

    Based on prior post I had similar question and the result was to write custom auth scheme to read the values from the login page, perform auth against appropriate ldap, then return a valid session to proceed with login in apex app. In our case, the issue was having users is different branch nodes on the same ldap server but not being able to search from a common higher-level branch for some reason...
    Another option you could try, not recommended as it would mean multiple pages to maintain, would be a separate login page per ldap/domain, maybe would even have to multiple apps with just a login page and then redirect to the main app... been a really long time since i've tried anything like it, just giving some options to try.

  • Authentication - multiple domains with multiple accounts

    Dear All,
    Consider an environment where a user, Joe Bloggs, has an account on two Windows domains:  DOMA and DOMB.  DOMA is a domain that all users in the organisation are members of.  DOMB is a domain used by a smaller subset of users.  The user's
    machine is part of the DOMB domain.
    I'd like to deploy SharePoint 2013 on DOMA and have the user, logged on to their DOMB machine, seamlessly authenticate (through IWA) with SharePoint 2013.  
    So far, I've thought of the following solutions:
    1.  Build a trust between the two domains.  Possible, but the AD information in DOMA is more up-to-date than that in DOMB and I'd like to use that to populate SharePoint user profiles.  Also, DOMB is likely to be deprecated in the future.
    2.  Use WorkPlace Join.  Unfortunately, devices are running Windows 7 and WorkPlace Join only works for devices running Windows 8.
    I've wondered whether it's possible to map two accounts on separate domains together so that a user on DOMB can effectively masquerade as their corresponding user on DOMA when authenticating with SharePoint, but haven't come across a way of doing this, yet.
    Any ideas?  Or, am I completely mad?!
    Thanks in advance.

    1) Is your only option for seamless logon with IWA. It is not possible to map accounts "together" so-to-speak. SharePoint stores a reference to the user's SID, which must match the user making the request.
    An ADFS trust might be another option, although that increases your deployment footprint and complexity.
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • Authentication, Multiple domain,different forest lowercase domain.

    We have succesfully configured a BOXI 3.1 SP3 to use SSO using vintela,tomcat for our domain that is on 2000 native mode.
    Let's call this one Domain1.
    In our domain there is another separate domain sitting on a 2003 domain level. (Let's call this one Domain2). They have a 2 way trust, but not transitive.
    Here is the deal:
    1- Users from domain1, where the server is configured are able to access using SSO without issues.  Users from domain2 needs to do manual logon, but using the following format:
    useraccount at DOMAIN2.COM
    If we use the domain as lowercase, login does not work even if we use the domain_realm on krb5.ini  Why?
    2- Do you think that we have to move to domain1 to 2003 native mode and configure 2 way trust in order to have SSO working on both domain that are from different forest?
    Any help would be appreciated.

    Note 1206522 seems to answer my questions, but anyway still not satisfied.

  • How do I get certificate authentication working across multiple domains?

    Hi,
    I've got LC ES2 set up for certificate authentication and when there's only one domain (with a single certificate mapping set up), it works fine.
    However would like to have multiple domains (application specific), with a small set of administrator type users who manage all of the domains.
    To test, I've set up two domains, with the admin users in one and the normal users in the other.
    I've set up two certificate mapping rules (both for the same CA), one for each domain.
    However LC will only authenticate users who are matched using the first certificate mapping rule.
    Has anyone else seen/tried this?  Have I missed something obvious?
    For the moment I'm going to have to work with a single domain, which is a pain, but will have to do for now.
    Thanks
    Craig
    Here's the error I get when LC fails to match (or attempt to match?) on the second cert mapping rule:
    2010-05-11 11:23:41,331 WARN  [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
    2010-05-11 11:36:38,835 WARN  [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
    2010-05-11 11:36:38,885 ERROR [STDERR] 11/05/2010 11:36:38 AM com.adobe.rightsmanagement.webservices.rest.RestServlet doAction
    SEVERE: Unexpected exception in Rest Call
    com.adobe.idp.um.api.UMException| [com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16423 errorCodeHEX:0x4027 message:Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mappingcom.adobe.idp.common.errors.exception.IDPException| [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] errorCode:12805 errorCodeHEX:0x3205 message:Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping
    at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.java:251)
    at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.java:194)
    at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:338)
    at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:154)
    at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:162)
    at com.adobe.idp.um.dsc.util.dscservice.UserManagerUtilServiceImpl.authenticateWithWSHeaderE lement(UserManagerUtilServiceImpl.java:173)
    at sun.reflect.GeneratedMethodAccessor1065.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(DefaultPOJOInvokerImpl.jav a:118)
    at com.adobe.idp.dsc.interceptor.impl.InvocationInterceptor.intercept(InvocationInterceptor. java:140)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.interceptor.impl.DocumentPassivationInterceptor.intercept(DocumentPassi vationInterceptor.java:53)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor$1.doInTransaction(Transa ctionInterceptor.java:74)
    at com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionBMTAdapterBean.doRequiresNew (EjbTransactionBMTAdapterBean.java:218)
    at sun.reflect.GeneratedMethodAccessor363.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
    at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:237)
    at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:158)
    at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
    at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
    at org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxInterceptorBMT.java:1 73)
    at org.jboss.ejb.plugins.TxInterceptorBMT.invoke(TxInterceptorBMT.java:77)
    at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:169)
    at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
    at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
    at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
    at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
    at org.jboss.ejb.Container.invoke(Container.java:960)
    at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:430)
    at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
    at $Proxy179.doRequiresNew(Unknown Source)
    at com.adobe.idp.dsc.transaction.impl.ejb.EjbTransactionProvider.execute(EjbTransactionProvi der.java:145)
    at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor.intercept(TransactionInt erceptor.java:72)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.interceptor.impl.InvocationStrategyInterceptor.intercept(InvocationStra tegyInterceptor.java:55)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.interceptor.impl.InvalidStateInterceptor.intercept(InvalidStateIntercep tor.java:37)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.interceptor.impl.AuthorizationInterceptor.intercept(AuthorizationInterc eptor.java:165)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.interceptor.impl.JMXInterceptor.intercept(JMXInterceptor.java:48)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.engine.impl.ServiceEngineImpl.invoke(ServiceEngineImpl.java:121)
    at com.adobe.idp.dsc.routing.Router.routeRequest(Router.java:129)
    at com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.routeMessage(AbstractMessage Receiver.java:93)
    at com.adobe.idp.dsc.provider.impl.vm.VMMessageDispatcher.doSend(VMMessageDispatcher.java:22 5)
    at com.adobe.idp.dsc.provider.impl.base.AbstractMessageDispatcher.send(AbstractMessageDispat cher.java:66)
    at com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:208)
    at com.adobe.idp.um.dsc.util.client.UserManagerUtilServiceClient.authenticate(UserManagerUti lServiceClient.java:210)
    at com.adobe.edc.server.platform.UMHelper.authenticate(UMHelper.java:549)
    at com.adobe.rightsmanagement.webservices.rest.RestFacade.validateClientAuthenticationHeader (RestFacade.java:161)
    at com.adobe.rightsmanagement.webservices.rest.RestFacade.getBusinessHandler(RestFacade.java :206)
    at com.adobe.rightsmanagement.webservices.rest.RestFacade.getAuthenticationToken(RestFacade. java:226)
    at com.adobe.rightsmanagement.webservices.rest.RestDefaultRequestHandler.handleRequest(RestD efaultRequestHandler.java:29)
    at com.adobe.rightsmanagement.webservices.rest.RestSecureRequestHandler.handleRequest(RestSe cureRequestHandler.java:13)
    at com.adobe.rightsmanagement.webservices.rest.RestRequestRouter.routeRequest(RestRequestRou ter.java:10)
    at com.adobe.rightsmanagement.webservices.rest.RestServlet.doAction(RestServlet.java:50)
    at com.adobe.rightsmanagement.webservices.rest.RestServlet.doGet(RestServlet.java:37)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
    at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:179)
    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java: 157)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
    a
    2010-05-11 11:36:38,886 ERROR [STDERR] t org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja va:580)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Unknown Source)

    Craig,
    The certificate mapping works in the following manner,
    First the User's certificate is validated.
    If the certificate is valid, the related Certificate mapping information is fetched.
    From the Certificate Mapping information, the domain is determined.
    Following this, the user is searched in the domain and checked for it's current/deleted status.
    If user exists or is a valid one, then return an AuthResult corresponding to that is returned to the client.
    The error log below says, "Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping"
    1. Please check if the concerned user exists in the domain registered in the second cert mapping.
    2. Also check if the concerned user satisfies the attribute mapping specified in the second cert mapping.
    3. Could you confirm whether the admin Users and the normal users are distinct in both the domains and not duplicate in any of them??
       Because if same user exists in 2 domains, then there is no way to find out which domain you are referring to. In that case the first domain which declares the user as valid will return the AuthResult.
    4. You are using LC ES2, so there is a Test Certificate utlity on the same Certificate Mapping page, which can help you confirm the validity of the user's certificate and then you can proceed.

  • Sending mail through multiple domains with iMS

    I have iMS configured and working fine for multiple domains (users are
    members of multiple domains). I have done this with a main email address
    (main.com), and alternative email addresses to the other domains (alt1.com,
    alt2.com...) so that there is one central mail location at (main.com). This
    works great for receiving emails.
    However, when I send email I would like to be able to show the FROM address
    being from one of the alternate domains (alt1.com, alt2.com...) rather than
    the main domain (main.com) sometimes. I have authentication turned on for
    the sending messages, and users are logging in as ([email protected]). I assume
    there is something I can add that will allow this to happen as long as a
    valid address exists on my server. Any thoughts?
    main domain: main.com (All mail is addressed from this domain)
    alt domains: alt1.com, alt2.com...
    Thanks in advance, Chris

    BTW I am using iMS 5.1.
    -Chris
    I have iMS configured and working fine for multiple domains (users are
    members of multiple domains). I have done this with a main email address
    (main.com), and alternative email addresses to the other domains(alt1.com,
    alt2.com...) so that there is one central mail location at (main.com).This
    works great for receiving emails.
    However, when I send email I would like to be able to show the FROMaddress
    being from one of the alternate domains (alt1.com, alt2.com...) ratherthan
    the main domain (main.com) sometimes. I have authentication turned on for
    the sending messages, and users are logging in as ([email protected]). I
    assume
    there is something I can add that will allow this to happen as long as a
    valid address exists on my server. Any thoughts?
    main domain: main.com (All mail is addressed from this domain)
    alt domains: alt1.com, alt2.com...
    Thanks in advance, Chris

  • Problem with Windows 7 802.1x prompted for authentication multiple times

    I have setup a WLAN for users to bring in their own devices (devices are not on the domain).  It is setup for WPA2-Enterprise/AES and it doesn't require certificates.  We authenticate with a Cisco Secure Access Server 5.1.44 (setup with Active Directory).
    I have configure dthe Windows 7 wireless client:
    WPA-Enterprise/AES
    PEAP - removed "Validate server certificate"
    EAPMSCHAPv2 properties disabled "Automatically use my Windows login name and password
    Advanced settings 802.1x - ticked for "user authentication"
    My problem is when I connect to the WLAN, I'm prompted for authentication multiple times (x2).  On the second login prompt everything logs in OK.  No errors are received after the first login attempt.
    Thanks

    This doesn't have anything to do with eap settings?
    Are the current defaults the recommended settings:
    EAP-Identity-Request Timeout (seconds)........... 30
    EAP-Identity-Request Max Retries................. 2
    EAP Key-Index for Dynamic WEP.................... 0
    EAP Max-Login Ignore Identity Response........... enable
    EAP-Request Timeout (seconds).................... 30
    EAP-Request Max Retries.......................... 2
    EAPOL-Key Timeout (milliseconds)................. 1000
    EAPOL-Key Max Retries............................ 2
    EAP-Broadcast Key Interval....................... 3600
    I have seen this multiple times on varying drivers and systems. The first time you login until it is cached.
    Thanks,
    Andrew

  • Scanning Multiple Domains

    I'm trying to scan across multiple domains with the MAP toolkit.  I have a stand-alone computer not in any domain and I'm searching by IP address.  When I try to enter the credentials I use domain\username and I get an error that I the wizard can't
    authenticate to that domain.  I need a single database that collects data from several domains, so I either need this to work, or another option.
    Any help is greatly appreciated.  Thanks!

    As found in our Read Me's known issues section:
    If the MAP Toolkit is installed on a computer that is a member of a domain, log on to the computer using a domain user account. Use of a local computer account on a computer that is a member of a domain will result in authentication failures to remote computers,
    even if the correct domain credentials are provided to the Inventory and Assessment or Performance Metrics Wizards.
    Please remember to click "Mark as Answer" on the post that helps you, and to click
    "Unmark as Answer" if a marked post does not actually answer your question. Please
    VOTE as HELPFUL if the post helps you. This can be beneficial to other community members reading the thread.

  • Multiple domain issues.

    Hi,
    We have a issue,
    We are using multiple AD domains and we are able to see one of the AD domain users under u201Cusers and groups u201C in CMC but we are unable to see the second  domain users in users and group under CMC.
    We  are able to add the one of the AD domain users manually but when tried to add another domain users getting error message.
    There was an error while writing data back to the server: The secWinAD plug-in failed to look up the account for the user "tomorrow.
    We are using IIS.
    Environment Details -
    BOXIR2,
    AD authentication,
    Multiple AD domains,
    IIS as the application server
    We are using two way trust between 2 AD domains and also we added UseFQDNForDirectoryServers in registry editor, set as true.
    Is there any resolution for this issue?
    Thank you in advance,
    Thanks & Regards,
    Bill.

    If you view the trust in Microsoft management console (mmc) domains and trusts (typically available to all users) then what type of trust is listed between the 2 domains?
    Regards,
    Tim

  • SMB printer authentication by domain credentials

    On our network, the Macs are set up to authenticate with Active Directory. Our printers are accessible through SMB shares from our Windows print server. Our help desk recently brought up an issue with this, though.
    When users first try to print to a printer, they are shown a prompt asking for their username and password (http://imgur.com/j6fp7). Mac OS X fills in their pretty username ("John Smith") instead of their domain username ("smith"). Users assume this is correct, try to authenticate, and then call the help desk when the printer doesn't print their stuff.
    As we've learned, the correct format for authentication is "DOMAIN\username", but since it's unintuitive, it almost always leads to a help desk call. Even worse, because the authentication isn't visibly rejected (the printer just won't print), the keychain will now store the user's incorrect credentials, leading to even more confusion. When you pile on our 270-day mandatory password reset policy, now the users' keychains have multiple sets of invalid credentials for the same printer, and they're calling back every several months about the same issue.
    There are several ways to approach this, but I'm not sure which would be best. I've been trying to Google up a solution, but no luck. Is there any way to get Mac OS X to show the prompt with the domain field instead (http://students.jccc.edu/documents/images/osx-smb_login.jpg)?

    Hello and welcome to Apple Discussions.
    I don't have a solution but a suggested workaround. Instead of using SMB to connect to the Windows shared printers, you could enable Unix Print Services on the Windows print server and then use LPR for the Mac print queues. This avoids the need for the Mac users to authenticate when printing.
    With the Mac client the LPR queue would consist of entering the Windows server name or IP address for the host name and the Windows printer share name for the LPR queue.

  • Issuing Multiple MYSAPSSO2 tickets for Multiple Domains

    Hi,
    I am having a problem understanding the SAP documentation on how to go about issuing SAP login tickets in multiple domains. In the documentation it states that in order to do so, you require either a IRJ or the SAP ISAPI Web Filter installed in on a server in the target Domain. I have now setup the IIS_SSO.dll ISAPI filter in the domain I require the SSO ticket to be issued in however when I make a request to that webserver I do not see the MYSAPSSO2 cookie being created in my browser, I do see in the ISAPI logs that the request has been filtered and the portal username extracted and set to the configured HTTP Header, but no new Cookie created in the DOMAIN.
    Can anyone help? Has anyone done something like this before?
    Basically I have a portal in the domain <b>myportal.subdomain.domain.com</b> and an ITS in the domain <b>myits.domain.com</b>. With this configuration the MYSAPSSO2 cookie is not sent to the ITS server as it is in a Super Domain. So what I want is to configure the portal to issue a Cookie in the super domain (domain.com) rather then subdomain.domain.com. I thought I could do this with the parameter login.ticket_recieving_hosts in the usermanagment.properties file (EP5) and the IIS ISAPI filter to SSO (IIS_SSO.dll) configured on a website in the super domain (domain.com).
    Any help would be greatly appriciated.
    Simon.

    I believe we had to set the domain relax level (ume.logon.security.relax_domain.level) but needed to make sure this was secure since it changes the domain scope of cookies that are valid for the system.
    See the following:
    http://scn.sap.com/thread/1534863
    http://help.sap.com/saphelp_nw70ehp3/helpdata/en/5e/473d4124b08739e10000000a1550b0/frameset.htm
    Hope this helps.

  • Multiple Domain files, Multiple Sites, Publishing Problems

    I am frustrated beyond belief. I'm an old hand-coder, coming from BBEdit, but I've been using iWeb almost exclusively since its release, because it really is a great product for quick, easy, stylish designs.
    However.... In that year, my collection of sites has grown to 12. Discovering that iWeb becomes a major dog when dealing with that much material, I found and followed the instructions - today - to separate my sites into individual domain files, and edit them individually. iWeb is much snappier and publishing goes much more quickly.
    The problem? Well... after editing, "Publish to .Mac" rarely works. Only "Publish All to .Mac" will get the site online (something about an error with the index.html file). But "Publish All to .Mac", I've just discovered, DELETES the other websites that I have previous published. All day I've been doing updates and publishing my sites, only to discover that the uploads have all been wiped out by the most recent one!
    I'm a big enough fellow to admit that my knowledge isn't total nor perfect - so please, would someone out there with a better handle on iWeb than I (preferably someone who actually deals with multiple domain files rather than someone who thinks they can guess the problem) please clue me into how we make use of this program non-destructively?
    I suppose I could always publish everything to folders and upload it to my iDisk (which itself remains ridiculously slow after how many years now? Sheesh!), but that detracts from the elegance of the .Mac integration, the counter features, - not to mention the little fact that I'm a paying .Mac customer and this darn thing should just work, no?

    Mark:
    I was where you were also. You should give iWebSites a try. It's to iWeb what iPhoto Library Manager is to iPhoto.
    I use iWebSites to manage multiple sites.. It lets me create multiple sites and multiple domain files.
    If you have multiple sites in one domain file here's the workflow I used to split them into individual site files with iWebSites. Be sure to make a backup copy of your Domain.sites files before starting the splitting process.
    This lets me edit several sites and only republish the one I want. Just remember to put a copy of your current Domain.sites file somewhere else on your HD in case the splitting gets messed up. It went very smoothly for me and I now manage 19 or so sites.
    Do you Twango?

  • How do I host multiple domains on a single Messaging Server?

    How do I host multiple domains on a single Messaging Server?
    <p>
    To host multiple domains on one Messaging Server, use the
    mailAlternateAddress attribute. If you want to host two domains
    (customer1.com and customer2.com) on your server mail1.domain.com,
    make sure that:
    The various domains (in DNS) point to the installed mail server
    (you must have the MX records that
    points mail for customer1.com to mail1.domain.com and
    customer2.com to mail1.domain.com)
    That each person receiving mail at customer1.com and
    customer2.com has an appropriate mailAlternateAddress
    attribute describing the appropriate email address. For
    instance, John Doe can have an email address (i.e. the value
    of the 'mail' attribute for the John Doe LDAP entry) of
    [email protected] and receive his mail on
    [email protected] (the value of the mailAlternateAddress
    attribute)
    With Messaging Server 3.5, mailAlternateAddress can take the
    form of @mail1.domain.com. If jdoe's mailAlternateAddress is
    set to @mail1.domain.com, mail sent to [email protected]
    will be delivered to [email protected]

    jaygatsby1123 wrote:
    So what exactly am I doing with virtual hosts?  There is a place for Aliases...  What would I put in the "Aliases" box?
    Any other host name that you want to resolve to the specified virtual host.  It's quite literally an alias.
    if you want www.example.com and www.example.org to end up at the same web site and you already have a virtual host — Apple refers to virtual hosts as sites — configured for www.example.com in Server.app, then you'd add www.example.org as an alias for the www.example.com virtual host (site).
    Virtual hosts are implemented in a web server using some details of the HTTP or HTTPS protocol, and what the web browser (client) specified.  The client gets handed an IP address or a domain name by the user, and the client then fetches the associated IP address for the target web server from the client's DNS services or local host database, and the client then connects to the IP address and passes over the text string that the user had requested — the IP address or domain name or even some local shortcut set up in the client system — via the HTTP or HTTPS protocol.  The web server receives and processes this arriving text string from the client, and uses it to select which web site to render back to the web client.   One subtle detail lurks here, too: the server's own DNS configuration really isn't involved in the selection of the virtual host.

  • How to create a muse site in various languages with multiple domains

    I have been asked to create a website for a product. A very simple website with maybe one or two pages and one product for sale for which the client would like Paypal as the payment gateway. Simple right?
    No! This client would like to market their product into Europe, they would like to purchase multiple European domains ( .fr, .de for example).
    So how on earth can I do this? I will be using Muse for build and Business Catalyst for hosting.
    Bearing in mind the client will not want to pay for separately hosted sites. Is there a way of translating the text for each domain. Or could I assign multiple domains but direct them to different home pages within the same site?
    I haven’t a clue how to problem solve this.

    Hi,
    Some links that might be useful,
    how to set up a multilingual website with Adobe Muse and push it live to Adobe Business Catalyst
    Re: How can i create different languages for my page?
    How can i create a multilingual website?
    how to create a multilingual site
    Do let me know if you have any question.

Maybe you are looking for

  • Msi terrible standard of customer care

    please read my comunications with msi online help, after constantly being directed to sites to get contact details where both sites give the same telephone number to ring, which only redirects you back to the website you got their number from! i feel

  • Hiding a dimension column in report

    Hi, I want to use a dimension column in criteria with other columns. But i dont want to display it in the results. How can i hide this particular column in result. Please suggest.

  • How to retrieve the data from Website and Upload it in SAP table?

    Dear ABAPers,         I want to retrieve the data from website and upload the same in SAP Database Table is that possible.Please help me.It is very Urgent. Thanks & Regards, Ashok.

  • My ipod freezes after 30 seconds of use

    I have done both soft and hard resets and even put it in dfu mode and done a complete restore but it still freezes.  Is there anything else I can try?  I have had friends that have had this same problem and they have gotten theirs replaced even out o

  • I can not update OS X mavericks, my macbook OS X lion 10.7.5

    i can not update OS X mavericks, my macbook OS X lion 10.7.5, when i install that show me This copy of the Install OS X Mavericks application can't be verified. It may have been corrupted or tampered with during downloading. i did that againt many ti