ACS configuration for NAC authentication
Hello,
I've been trying to configure my ACS server to allow user authentication via the cisco NAM, but it does not seem to work anytime i try to log in with my configured username/password on the ACS server.
I need someone to guide me through how to get this resolved.
Regards,
I am assuming you are having the NAM authenticate NAC Agent login requests against ACS.
This can be done via RADIUS or LDAP.
Check out the Cisco NAC Chalk Talks, particularly 'Configuring Authentication, Roles, and SSO'
Chalk Talk Series
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/prod_presentation0900aecd80549168.html
Similar Messages
-
The driver is not configured for integrated authentication
my code is :
String connectionUrl = "jdbc:sqlserver://169.254.35.45:1486;" +
"databaseName=ipec;"+"integratedSecurity=true";
Connection con = null;
Statement stmt = null;
try
// Establish the connection to the principal server.
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
System.out.println("driver loaded");
con = DriverManager.getConnection(conne ctionUrl);
System.out.println("Connected to the principal server.");
but this throws an SQL exception that : Driver is not configured for integrated authentication.
I've placed the sqljdbc_auth.dll in
catalina_root/common/lib where the driver jar file is placed....
but its still givin the same error............
replies are welcomed.............
thank you,
shibhsshibhs wrote:
but this throws an SQL exception that : Driver is not configured for integrated authentication.
I've placed the sqljdbc_auth.dll in
catalina_root/common/lib where the driver jar file is placed....
but its still givin the same error...........I know this is an old message but I have just had the same problem and it seemed to mean that the driver couldn't find the auth dll. When I put in the windows\system32 directory, the integrated authentication worked fine.
Rgrds
Peter
Edited by: P_Tootill on Jul 3, 2008 3:26 AM -
Hi All,
We recently migrated to SP 2013 from SP 2010. We are using most of the OOB features, with a few custom code. We have implemented a custom ASP.NET Membership Provider that authenticates against a web service. This was working fine on SP 2010.
The entire code base was migrated to SP 2013 (with .net fw 4.5, etc) and any issues Compile / Runtime were fixed. However, we are stuck at one bug, which seems to be occuring only while trying to login with Windows Authentication. When a user tries to login
with Forms Authentication, the error is never noticed.
Scenrio: Login as Windows Authentiction.
Result: The user is signed into the system and is authenticated against the AD. For random page loads - it throws access denied (even though he is a site collection admin). While attaching a debugger, we found that, at times the SPWeb.CurrentUser is null (weird).
At the same time, the HttpContext.Current.Request.IsAuthenticated returns true. Which means the User is Authenticated, but not available in the SPWeb.CurrentUser object.
Attached are couple of ULS Logs that we found. The line which says IsAuthenticated=True, UserIdentityName=, ClaimsCount=0 is a little disturbing. Can you please let me know what is happening here? I am not able to access the root site (http://win2012d2:1234/)
however, i am able to access (http://win2012d2:1234/SitePages/Home.aspx) just fine, without any issues.
Please note, this error is only when the user is logged into sharepoint as a windows user. The forms user faces no such issues.
ULS Logs:
Name=Request (GET:http://win2012d2:1234/)
Non-OAuth request. IsAuthenticated=True, UserIdentityName=, ClaimsCount=0
Application error when access /, Error=Exception of type 'System.ArgumentException' was thrown. Parameter name: encodedValue
at Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String encodedValue)
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String loginName)
at Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestExecuteAppHandler(Object oSender, EventArgs ea)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Getting Error Message for Exception System.ArgumentException: Exception of type 'System.ArgumentException' was thrown. Parameter name: encodedValue
at Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String encodedValue)
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String loginName)
at Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestExecuteAppHandler(Object oSender, EventArgs ea)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
[Forced due to logging gap, Original Level: Verbose] Looking up {0} site {1} in the farm {2}
Unknown SPRequest error occurred. More information: 0x80070005
SPRequest.GetPageListId: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://win2012d2:1234/
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace:
at Microsoft.SharePoint.SPContext.get_ListId()
at Microsoft.SharePoint.SPContext.get_List()
at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
Boolean ignoreFileNotFound)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer)
at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
Boolean ignoreFileNotFound)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)
at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride)
at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm)
at System.Web.HttpServerUtility.Transfer(String path)
at Microsoft.SharePoint.Utilities.SPUtility.TransferToErrorPage(String message, String linkText, String linkUrl)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorHandler(HttpApplication app, Boolean errorIsOnErrorPage)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Web.HttpApplication.RaiseOnError()
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
SPRequest.OpenWeb: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://win2012d2:1234/
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace:
at Microsoft.SharePoint.SPWeb.InitWeb()
at Microsoft.SharePoint.SPWeb.get_WebTemplateConfiguration()
at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
Boolean ignoreFileNotFound)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer)
at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
Boolean ignoreFileNotFound)
at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)
at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)
at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride)
at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm)
at System.Web.HttpServerUtility.Transfer(String path)
at Microsoft.SharePoint.Utilities.SPUtility.TransferToErrorPage(String message, String linkText, String linkUrl)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorHandler(HttpApplication app, Boolean errorIsOnErrorPage)
at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Web.HttpApplication.RaiseOnError()
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)Hi Mohamed,
According to your description, my understanding is that the error occurred when users login with Windows Authentication.
From the error message, I recommend to check if the anonymous access is enabled for the web application.
And please also make sure that the users all are available and have permission to access the site.
Here is a similar thread for you to take a look:
http://social.technet.microsoft.com/Forums/en-US/28623bdc-a2f0-4876-9be4-9a764f106366/getting-spwebcurrentuser-as-null-with-windows-authentication-ad-when-configured-for-claims?forum=sharepointdevelopment
Best regards.
Thanks
Victoria Xia
TechNet Community Support -
Purchase order driver program and configuration for nace
i have copied the medruck in script and i need to write the driver program for that and need to configure to nace can any one tell me how to do this.
Hi Rocky,
Below are steps to configure:
1. Go to transaction NACE
2. Select EF application, click on output types
3. Select Output type NEU and double click on processing routines
4. Here you can give ur driver program name and script name
Hope it will solve the problem.
Regards
Krishnendu -
ACS SE setup for windows authentication
Dear All,
I'm trying to install an ACS Solution Engine in My network for access control (AAA). I succeed in setting up authentication using the internal database and that works fine. Now My boss want users to be authenticated through an external database (windows AD). I tried achieving this but kept getting different errors.(like EAP-TLS or PEAP authentication failed during SSL handshake) or (Authen session timed out: Challenge not provided by client).
Please I need someone who has done this setup successfully before to give Me a step by step procedure on how I can setup ACS SE for windows authentication using My domain windows authentication.
ThanksDear All,I'm
trying to install an ACS Solution Engine in My network for access
control (AAA). I succeed in setting up authentication using the
internal database and that works fine. Now My boss want users to be
authenticated through an external database (windows AD). I tried
achieving this but kept getting different errors.(like EAP-TLS or PEAP
authentication failed during SSL handshake) or (Authen session timed
out: Challenge not provided by client).Please
I need someone who has done this setup successfully before to give Me a
step by step procedure on how I can setup ACS SE for windows
authentication using My domain windows authentication.Thanks
Hi,
Check out the belwo link on your query,Hope that help !!
https://supportforums.cisco.com/docs/DOC-5542
If helpful do rate
Ganesh.H -
Dear All,
I'm trying to install an ACS Solution Engine in My network for access control (AAA). I succeed in setting up authentication using the internal database and that works. now My boss want users to be authenticated through an external database (windows AD). I tried achieving this but kept getting different errors.(like EAP-TLS or PEAP authentication failed during SSL handshake) or (Authen session timed out: Challenge not provided by client).
please I need someone who has done this before to give Me a step by step procedure on how I can setup ACS SE for windows authentication.
ThanksHello mate,
first you have to configure an external identity store pointing to your active directory
then you need an access policy for your wireless service with
an Identity Policy where you define the identity result as your Active Directory store
an Network access Authorization Policy where you define a rule with a compound condition, where you set the dictionary ( AD-AD1) to match any active directoy users.
regards
Alex -
MAC Exception for Web Authentication
Hello folks. I currently have a guest network setup using guest tunneling and an anchor controller. I have it configured for web authentication. So basically, a client associates to the SSID, obtains an DHCP IP from the guest anchor controller, and then when the browser is launched the client is redirected to 1.1.1.1 and receives the splash page where they are required to click "OK" to proceed and begin surfing the internet.
I am being told from a vendor that it's possible to use a mac-address exception method so specific clients (based on mac address) will not have to web authenticate. So basically they bypass the splash screen and can immediately begin surfing the internet.
From what I can tell it's all or nothing per SSID.
Has anyone ever heard of this and if so do you know how it is accomplished.
Thanks
ChuckI've seen people ask for something like this for like an XBOX in a dorm (appearently XBOX doesn't have a browser?).....
Bottom line though is that on the WLC, all wireless clients on a WebAuth/WebPassthrough SSID must pass layer3 authentication. There is no way around this on this SSID. You'd have to create a different SSID as Scott suggested, which I'd probably suggest doing some kind of PSK on it, so only a few priveledged devices can associate.... you could even through in mac-filtering if you really wanted to complicate it....
Now, I understand that switches may have such a feature called mac-bypass, but it isn't on the WLC. -
Problems Oracle 9iDB and ASO Configuration for Cybersafe
Oracle 9iDB installation on Solaris with ASO option
Objective
My objective is to configure Oracle 9iDB, Release 9.0.1 ASO on Solaris for external authentication using Cybersafe ActiveTRUST, which is a Kerberos, based authentication product.
Question
Getting ORA-12641: Authentication Service failed to initialize when trying to connect to Oracle 9iDB using sqlplus from a Oracle 9i Client machine, when ASO is configured for Cybersafe authentication on both Oracle 9iDB and Oracle 9i client
Can anyone help me setup Oracle 9iDB and Oracle 9i client for ASO using Cybersafe Authentication?
Environment
1. I have a Solaris box as my Oracle 9iDB server
2. I have an NT Server as my Authentication server and Oracle 9i Client.
Installation Procedure
I installed as per the steps given in the doc, Oracle Advanced Security Administrators Guide, Release 9.0.1
Authentication Server / Oracle Client setup (NT Server)
I installed on the NT Server the following
1. CyberSafe ActiveTRUST 4.0 Security Server on the NT Server, which acts as an Authentication server.
2. CyberSafe ActiveTRUST 4.0 Security Client
3. Cybersafe Application Security Toolkit (GSS runtime libraries) as needed by Oracle ASO setup procedures.
4. Oracle 9i Client, custom installations with ASO option.
Oracle 9iDB Server Setup (Solaris Server)
I installed on the Solaris Server the following
1. CyberSafe ActiveTRUST 4.0 Security Client
2. Cybersafe Application Security Toolkit (GSS runtime libraries)
3. Oracle 9iDB server, custom installation, with ASO option selected.
Installation of all the above components is successful.
Note: Installation of Oracle 9iDB server with ASO option never prompted me to choose a Authentication mechanism like Cybersafe, or Kerberos or Radius etc..,
Note: Oracle 8.1.7 DB installation on NT actually prompted for Authentication mechanism selection.
ASO Configuration:
I configured ASO on the Oracle server and client side as mentioned in chapter 5 of Oracle Advanced Security Administrators Guide, Release 9.0.1
I created an external user in Oracle, [email protected] as mentioned in http://download-uk.oracle.com/otndoc/oracle9i/901_doc/network.901/a90150/1004747
I configured the NT server, Oracle 9i client for ASO using Net8 Assistant and I have the sqlnet.ora file.
ASO Problems:
Once I have configured both Oracle 9i client and 9iDB server for ASO, I am not able to log in to the database using sqlplus /@cybr.
It returns with an error ORA-12641, saying Authentication Services Failed to Initialize.
I could not get much help from questions posted on metalink on ORA-12641.
It looks like Solaris 9iDB could not recognize cybersafe even though, Cybersafe is listed as one of the installed adapters, when I ran # $ORACLE_HOME/bin/adapters. From this, it looks like Cybersafe adapter is linked to ASO.
Oracle Server is not able to initialize authentication services and call the authentication server at all.
Can anyone help me setup Oracle 9iDB and Oracle 9i client for ASO using Cybersafe Authentication?The problem has been resolved after providing cn=orcladmin instead of orcladmin for the OID user admin user. Now the overall sso solution is working fine with ADF applications.
Regards,
S R Prasad -
Initial configuration of ACS 5.1 for EAP authentication for Wireless clients
Hi,
I have set-up with below devices :
Wireless LAN controller 5508
LAP 3302i
and ACS 5.1
since i am new in ACS 5.1 configuration , I need so information to go ahead to configure ACS 5.1.
which EAP method to use for wireless client authentication ? what is the best practice ?
I have gone through some cisco documents and it shows that best practice is to configure PEAP but for the same , I need to install certificate in ACS server as well in client PC. is that so ?
I have no clear picture for this certificate ?
from where i can get this certificate or do i need to purchase this certificate separately from cisco. how to install it in ACS server ?
I will be obliged to get atleast initial configuration for ACS 5.1 to enable the EAP method,
I need GUI based initial configuration for ACS 5.1
This mentioned ACS 5.1 is installed on ACS 1121 hardware appliance.Hi,
which EAP method to use for wireless client authentication ? what is the best practice ?
-> I would advise the most widely spread EAP method, which has the best ratio security/easy to deploy: PEAP with MSCHAPv2, which is available by default by all windows machines.
I have gone through some cisco documents and it shows that best practice is to configure PEAP but for the same , I need to install certificate in ACS server as well in client PC. is that so ?
-> You will always need to install a server certificate, however, there is no need for client certificate because the authentication is based on the MSCHAP credentials exchange, not certificate based. The only requirement on the client regarding certificates is the following.
If you want to validate the server certificate, you have to install the server certificate under the trusted CAs of the clients.
If you do not require to trust the server certificate, you can simply disable the option of server certificate validation.
I have no clear picture for this certificate ?
from where i can get this certificate or do i need to purchase this certificate separately from cisco. how to install it in ACS server ?
-> The server certificate can be a simple self signed certificate that you generate and install on the ACS GUI.
Please feel free to follow this step-by-step guide on
PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server:
http://www.cisco.com/en/US/partner/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml or in pdf
http://www.cisco.com/image/gif/paws/112175/acs51-peap-deployment-00.pdf.
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
I need to autheticate my clients connecting via wireless.
clients have user certificate installed on them, i need help configuring the ACS to do the authentication.
can some one please help me with the steps.
ThanksTwo primary steps
- define the trust certificates needed to verify the clients user certificates
Users and Identity Stores > Certificate Authorities
- change result of identity policy to select a certificate authorization profile. If have the defautl config
Access Policies > Access Services > Default Network Access > Identity
by default can select the "CN Username" as a result -
Cisco ACS for Unix authentication
My company is looking for a single sign on for all the windows and unix servers mainly for admins. I was wondering if Cisco ACS will work for this.
Basically the authentication will be all for the servers and routers ofcourse. I am thinking if I specifies windows AD in ACS config, Can I get the unix boxes to get authenticated against Radius?
Any help will be appreciated.
MannyHi,
Authentication of unix servers via ACS over radius protocol can be achiveable,check out the below link client end configuration needs to be done for radius authentication
Hope that helps out your query !!
http://www.ibm.com/developerworks/library/l-radius/
Regards
Ganesh.H -
Hello
I am looking to deploy a NAC device in our office and currently have an ACS server that handles wireless authentication.
I would like to know if the ACS is capable of authenticating users on a LAN with both 802.1x and device detection (such as MAC address and ID)?
If I can do the latter how do you set that up on an ACS?
Thanks in advance
PaulSo my answer is correct ...
ACS is an authentication server. It can authenticate devices.
NAC Profiler, that is now replaced with ISE Profiling Engine, analyzes real-time the behavior of devices to identify them. ACS will use that as a device database.
If using ISE, you only need ISE, it profiles and authenticates as well (it combines ACS+Profiler+other services).
What you seem to be uncomfortable with is the way the Profiling works, I would suggest you to read Profiler or ISE documentation to know more about it.
It identifies a device through his behavior. Then it authorizes the mac address. You are forced to trust on a mac address basis because the system is made for non-802.1x devices so you can't "talk" to the device or assign it any ID or whatever.
However, it's not a static list of mac address. The mac address is allowed only if it's online and it corresponds to an allowed type of device.
It can for example differentiate a phone, from an XBOX, from a laptop by looking at the fields of the DHCP request of the device, etc ... it can also do polling on the switch to check for CDP information etc ... -
In our java web application trying establish the connection for sharePoint 2013
using Windows claims authentication (NTLM ), I am getting error message "Server was unable to process request. ---> Site is not configured for Claims Forms Authentication". But In the Sharepoint 2013 our Site is is configured for Windows
claims only.
In the Sharepoint 2013 server in the IIS manager settings for authentication it is enabled for both Windows claims and Forms authentication,
but if I disable Forms authentication that I will be able to connect it through my application but with the direct access i.e., by running the URL in the browser I am not able to connect getting error message "sorry this site has not been shared with
you" in the browser Kindly help me on this.Hi,
This issue is always caused that you had missed FBA configuration in web config of your web application.
You can configure the FBA authentication then check whether it works.
http://technet.microsoft.com/en-us/library/ee806890(v=office.15).aspx
http://chrisbarba.com/2013/07/16/sharepoint-2013-forms-based-authentication-fba/
more reference:
http://stackoverflow.com/questions/5686378/sharepoint-2010-claim-base-authentication-error
http://social.msdn.microsoft.com/Forums/sharepoint/en-US/2d82dcd4-0e57-4de5-81bc-60ffc3cb9a9f/sharepoint-2010-claim-authentication-and-authenticationasmx?forum=sharepointgeneralprevious
Thanks & Regards,
Jason
Jason Guo
TechNet Community Support -
NACE Configuration for Purchase order output "Title Text"
Hello Gurus,
I have a small question, Is it possible to make dynamic Document title when sending purchase order email to vendor.
I have checked configuration in NACE where for each output type where you can maintain "Mail title and Texts". For example if your output type is Email then you can maintain document title text as "Purchase order Email".
Our requirement is to put purchase order name in document title i.e. when vendor receive email in their inbox it says purchase order number.
Please advise.
Thank you
RiteshThanks Jurgen. This note helped us.
Best Regards
Ritesh -
Site is not configured for Claims Forms Authentication
Hi All
I have one custom login page for my Sharepoint 2013 site where i am trying to use
SPClaimsUtility.AuthenticateFormsUser(uri, strUserName, strPwd);
But i am getting this exception ---> Site is not configured for Claims Forms Authentication
I checked ULS long and there it is --> Not in claims forms auth for url 'https://domain/sitecollection/'.
Web.config enteries are
<authentication mode="Forms">
<forms loginUrl="/_layouts/TarsForwardLogin.aspx" />
</authentication>
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="membership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" connectionUsername="cn=sharepointadmin,ou=GSP,ou=Applications,o=TOYOTA"
connectionPassword="spad1n2" server="10.100.5.119" port="389" useSSL="false" userDNAttribute="entryDN" userNameAttribute="cn" userContainer="o=toyota" userObjectClass="Inetorgperson"
userFilter="(ObjectClass=Inetorgperson)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn,fullname,language,mail" enablePasswordReset="false" enablePasswordRetrieval="false" passwordFormat="Clear"
requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
</providers>
</membership>
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="rolemanager" connectionUsername="cn=sharepointadmin,ou=GSP,ou=Applications,o=TOYOTA" connectionPassword="spad1n2" type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=15.0.0.0,
Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="10.100.5.119" port="389" useSSL="false" groupContainer="ou=groups,ou=GSP,ou=Applications,o=toyota" groupNameAttribute="cn" groupMemberAttribute="member"
userContainer="o=toyota" userNameAttribute="cn" userDNAttribute="entryDN" dnAttribute="entryDN" groupFilter="(ObjectClass=groupOfNames)" userFilter="(ObjectClass=Inetorgperson)" scope="Subtree"
/>
</providers>
</roleManager>
Can
someone please help/Guide
Manoj Gangwar | Sharepoint MCPD | Sharepoint MCTS |Hi All
I tried like this and it worked...
SPIisSettings iisSettings = SPContext.Current.Site.WebApplication.IisSettings[SPUrlZone.Internet];
SPFormsAuthenticationProvider formsClaimsAuthenticationProvider = iisSettings.FormsClaimsAuthenticationProvider;
SecurityToken token = SPSecurityContext.SecurityTokenForFormsAuthentication(new Uri(SPContext.Current.Web.Url),
formsClaimsAuthenticationProvider.MembershipProvider, formsClaimsAuthenticationProvider.RoleProvider, strUserName, "", SPFormsAuthenticationOption.PersistentSignInRequest);
if (null != token)
base.EstablishSessionWithToken(token, SPSessionTokenWriteType.WriteSessionCookie);
base.RedirectToSuccessUrl();
Manoj Gangwar | Sharepoint MCPD | Sharepoint MCTS |
Maybe you are looking for
-
Absolute Header Discount for Purchase Orders
Hi SAP Gurus, Good day! The scenario that I am testing is that I want to apply an absolute discount of USD1000 for a purchase order having 3 line items. When I use the available standard absolute header condition types and indicate the said amount, t
-
Conditional display in the row template!
Hi, I created a report template and my report shows like this: col1 col2 col3 col4 col5 a 4 5 6 7 b 4 8 7 2 Total 8 13 13 9 I am able to display all the above, but the column name should be "Total" at the end of the report when i am displaying the to
-
Default text for html:textarea..
Hi All. How to populate a textarea in struts(<html:textarea>) with some default text. Waiting for your suggestion in this regard.
-
Please give me a solution asap.
-
Problem while generating hindi pdfs
Hi, This is Dasaradh. I have one problem while generating pdfs in HIndi. Here i have used two properties files, one is English and another one is Hindhi. If the user selects English PDF is generates Suceesfully. But if the user selects hindhi then pd