Authenticate against external windowsdb member server

I would like to know if anyone has been able to get the ACS appliance version to authenticate users against a Windows Member Server not a DC (no AD).

My bad, sorry.
When using the appliance you need to use the Remote Agent for Windows, the appliance will then talk to this agent to authenticate users in its SAM or AD database. You need this since the Appliance is not part of any domain, so it needs to pass off the usernames/passwords to a Windows server that can authenticate users.
You can read about it here:
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm
Basically install it on the member server and you should be good to go, it will automatically use the local SAM database to check for usernames/passwords. This is actually easier to set up than if you were trying to authenticate to a domain, since there's really nothing for you to do other than install the agent.

Similar Messages

  • How do you get OS X Lion to authenticate against LDAP?

    Need help getting OpenLDAP to authenticate against LDAP on  Linux server....please help!

    Go to the Users & Groups system preferences, click "Login Options:" and then click "Edit" next to "Network Account Server." Then click the plus button and add your LDAP authentication server. You can also click the Directory Utility button to further refine the settings for your server and the LDAP service.

  • Is Windows 2003 member servers still able to authenticate against Windows Server 2012 R2 AD after mirgation?

    Hi,
    We are planning to migrate Windows Server 2008 R2 AD to Windows Server 2012 R2 AD. But we have some Windows 2003 member servers (Running RADIUS for VPN user to authenticate their AD accounts). Does anyone know that existing Windows 2003 member
    servers still able to authenticate on Windows Server 2012 R2 AD after migration and function properly?  Just wanted to make sure Windows Server 2012 AD support Windows 2003 member server.
    Thanks.
    M

    Hi,
    Thanks for your post.
    Is there any Windows server 2003 domain controller in your domian?
    If yes, i think you could refer to this article:
    http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx
    Regards.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Authenticate OID against external LDAP v3 Directory

    Has anyone managed to get Oracle OID to authenticate
    against an external LDAP v3 directory such as Domino v5.12 or later?
    If so can you provide any assistance as to how this was achieved.
    Thank you.

    Bill,
    What documentation did you use to get this working. Our infrastructure team has really struggled figuring out how to have AD be the single signon source for our Oracle apps and technologies (Portal, Collab Suite, ...) Our EBS install is hosted at OOD.
    Doug Gabel
    School Specialty

  • Messaging Server authenticate against directory server

    Just wonder how to make messaging server authenticate against directory server? Basically I created users on the directroy server, and would like to let these users to access messaging server?
    Thanks for advice!

    I'm sorry, your question doesn't really make any sense.
    Messaging Server always authenticates to users in a Directory.
    How did you "create users"? That may be the problem. If you don't create the users with the provisioning tools provided with Messaging, then the users don't have the correct object classes and attributes to function as Messaging users.

  • Setting up ACS 3.3 on a member server / use external windows user db

    Hi,
    I´ve a question referring to setting up an ACS (Version 3.3(1)Build 17 ) on a member server to use windows external user db.
    In step 2 of the installation guide you have to create am computer account named CISCO.
    Is it possible to use an other name instead? If yes, how can I amnage this?
    Does ACS support a more detailed logfile than the "Failed Attempts" report?
    Any replies appreciated.
    Thanks in advance.
    Regards.

    Dr. Livingstone wrote:
    For Address, I enter 192.168.1.102/ipp/2 and I get 'invalid or incomplete address' for any text entered after 102.
    Like I said, it's been a while...but have you tried 192.168.1.102/ipp/port2 (not just /2) ?

  • ISE admin access, authentication against external radius

    Please don't ask me why,
    the customer insists and wants to be authenticated on ise (as admin) against an external (microsoft) radius server
    is it possible while retaining internal admin users database in a sequence Internal>external_radius or internal>AD ?
    thank you in advance for whatever may help

    According to Cisco:
    External Authentication AND external Authorisation for Admin acces son the ISE can only be done by using LDAP or AD.
    For Radius Servers there are a solution for external Authentication and internal Authorisation on the ise:
    External Authentication + Internal Authorization
    When configuring Cisco ISE to provide administrator authentication using an external RSA SecurID identity store, administrator credential authentication is performed by the RSA identity store. However, authorization (policy application) is still done according to the Cisco ISE internal database. In addition, there are two important factors to remember that are different from External Authentication + External Authorization:
    You do not need to specify any particular external administrator groups for the administrator.
    You must configure the same username in both the external identity store and the local Cisco ISE database.
    To create a new Cisco ISE administrator that authenticates via the external identity store, complete the following steps:
    Step 1 Choose Administration > System > Admin Access > Administrators > Local Administrators.
    The Administrators window appears, listing all existing locally defined administrators.
    Step 2 Follow the guidelines at Creating a New Cisco ISE Administrator to ensure that the administrator username on the external RSA identity store is also present in Cisco ISE. Be sure to click the External option under Password.
    Note Remember: you do not need to specify a password for this external administrator user ID, nor are you required to apply any specially configured external administrator group to the associated RBAC policy.
    Step 3 Click Save .

  • How to authenticate a Non domain member laptop with AAA

    Dear all,
    I do have problem in resolving issue for AAA, the scenario is like if a user connect his laptop with a cisco Switch, and the computer is not a member of domain, we do like to allow internet and get an ip from DHCP server only to those users who;s computers are member of active directory. do let me know how is it possible? support will be appreciated.
    Regards
    Ibrahim

    Hi Ibrahim,
    Do you use CiscoSecure ACS?
    If so, this is possible, using AAA/dot1X on the switch and configuring ACS to authenticate against Active Directory.
    There are lots of configuration examples available here:
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_configuration_examples_list.html
    Specifically the wired dot1x; nac: ldap integration with acs; cisco secure acs for windows with eap-tls machine authentication.
    Although some of these are for wireless, I can't see why the principle can not be applied to wired.
    Also there are posts on the learning network:
    https://learningnetwork.cisco.com/thread/2221
    https://learningnetwork.cisco.com/thread/12897
    Regards, Ash.

  • Two factor authentication ACS 5.x against external Radius and Active Directory

    On ACS 5.x I'd like to authenticate against two external Directories
    Active Directory
    Black Shield Token Server (via RADIUS)
    I found a description the meets mostly my requirements at
         http://blog.pbmit.com/digipass2
    Has somebody an Idea how this has to be implemented on Cisco ACS 5.3?
    In the identity store swwquence there's no way to implement a compound condition (if user authenticated against Directory 1 AND Directory 2 then success)
    Active Directory and Cisco ACS
          This solution attempts to solve the limitation described in Solution 1. Instead of letting the Identikey server communicate directly to the AD, we use the Identikey server only to strip the PIN and OTP from the password and loop the authentication request back to the Cisco ACS to utilize its Identity Store Sequence, which can now be set to both Internal Identity Store and AD.

    just following up to see if there was a solution to this.  I am also interested in setting this type of scenerio out.

  • Can't connect to external MS SQL server

    I have two primaries and an external db. The two primaries were updated from 11.2.3 to 11.3. Everything is working great and the upgrade was successful.
    My database runs on an external MS SQL server. It hosts both the zcm database and the audit database.
    When I installed ZRS 5 I pointed it at one of my primaries. The install says it was successful and it appears to have successful pulled in my configuration for both zcm and zcm_audit to /opt/novell/zenworks-reporting/conf/zrs-configuration.xml.
    I can log in to ZRS 5. When I try to create a report or run an existing report from the library I always get a connection error. It definitely looks like it can not connect to my external MS SQL db. I cranked all of the logging under Server Settings to DEBUG but I can not seem to find the logs.
    I also tried following the Cool Solution using the downloaded zip and pointed it at my external db. It would not connect either. I know the username and password is correct and I tried the username in different styles: username@server, server\username, username. The only thing I can think of is my sql password for both of my users contains an extended character ! and =.
    Any help as to where to look or what might be the issue is greatly appreciated.
    Thanks in advance,
    Jeff

    I'm not sure, but I may recall hearing that it requires SQL Server Auth
    Credentials.
    Again I'm only about 51% sure here.
    "jcrawfor" wrote in message news:[email protected]..
    I have two primaries and an external db. The two primaries were updated
    from 11.2.3 to 11.3. Everything is working great and the upgrade was
    successful.
    My database runs on an external MS SQL server. It hosts both the zcm
    database and the audit database.
    When I installed ZRS 5 I pointed it at one of my primaries. The install
    says it was successful and it appears to have successful pulled in my
    configuration for both zcm and zcm_audit to
    /opt/novell/zenworks-reporting/conf/zrs-configuration.xml.
    I can log in to ZRS 5. When I try to create a report or run an existing
    report from the library I always get a connection error. It definitely
    looks like it can not connect to my external MS SQL db. I cranked all
    of the logging under Server Settings to DEBUG but I can not seem to find
    the logs.
    I also tried following the Cool Solution using the downloaded zip and
    pointed it at my external db. It would not connect either. I know the
    username and password is correct and I tried the username in different
    styles: username@server, server\username, username. The only thing I
    can think of is my sql password for both of my users contains an
    extended character ! and =.
    Any help as to where to look or what might be the issue is greatly
    appreciated.
    Thanks in advance,
    Jeff
    jcrawfor
    jcrawfor's Profile: https://forums.novell.com/member.php?userid=3343
    View this thread: https://forums.novell.com/showthread.php?t=476344

  • ADF Security against external source

    HI. I want to manage my users and roles in the custom table in Oracle DB, but still use all security features of ADF. I mean I will not define user and roles in  ADF, but ADF will be able to authenticate against my table and populate all security attributes (e.g #{securityContext.userName}) . Can it be done?

    I think I found  the problem not the solution.
    First of all I do see in WL the user "test" and group "EnterpriseAdmin".
    And of course  "EnterpriseAdmin". assigned to  "test" user.
    But after I run the login page I go back to WL I  see that "EnterpriseAdmin" group was unassigned from "test" user!!!!!
    If I assign in again (after the application is loaded , but before I click the login button) I can use the application as I designed it (access the page which is protected by EnterpriseAdmin)
    But at some point the following error message appears in the Jdeveloper console
    [Another instance of application Sec3 is running on the server.  JDeveloper will redeploy the application.]
    [Running application Sec3 on Server Instance IntegratedWebLogicServer...]
    [07:09:59 AM] Web Module ViewControllerWebApp.war recognized in project ViewController.jpr
    [07:09:59 AM] ----  Deployment started.  ----
    [07:09:59 AM] Target platform is  (Weblogic 10.3).
    [07:09:59 AM] Retrieving existing application information
    [07:09:59 AM] Running dependency analysis...
    [07:09:59 AM] Deploying 2 profiles...
    [07:10:00 AM] Wrote Web Application Module to C:\Users\mshapira04\AppData\Roaming\JDeveloper\system11.1.2.3.39.62.76.1\o.j2ee\drs\Sec3\ViewControllerWebApp.war
    [07:10:00 AM] Wrote Enterprise Application Module to C:\Users\mshapira04\AppData\Roaming\JDeveloper\system11.1.2.3.39.62.76.1\o.j2ee\drs\Sec3
    [07:10:00 AM] Redeploying Application...
    <FeatureUtils> <_resolveFeatures> Ignoring feature-dependency on feature "AdfDvtCommon".  No such feature exists.
    <FeatureUtils> <_resolveFeatures> Ignoring feature-dependency on feature "AdfDvtCommon".  No such feature exists.
    <FeatureUtils> <_resolveFeatures> Ignoring feature-dependency on feature "DvtDiagram".  No such feature exists.
    [07:10:09 AM] Application Redeployed Successfully.
    [07:10:09 AM] The following URL context root(s) were defined and can be used as a starting point to test your application:
    [07:10:09 AM] http://10.15.8.180:7501/Sec3-ViewController-context-root
    [07:10:09 AM] Uploading jazn-data roles.
    [07:10:09 AM] Removing existing group "EnterpriseAdmin".
    [07:10:09 AM] Creating group for role "EnterpriseAdmin".
    [07:10:09 AM] Elapsed time for deployment:  10 seconds
    [07:10:09 AM] ----  Deployment finished.  ----
    Run startup time: 9784 ms.
    [Application Sec3 deployed to Server Instance IntegratedWebLogicServer]
    Target URL -- http://127.0.0.1:7501/Sec3-ViewController-context-root/login.html
    <Aug 28, 2013 7:10:16 AM EDT> <Warning> <Socket> <BEA-000449> <Closing socket as no data read from it on 127.0.0.1:65,365 during the configured idle timeout of 5 secs>
    <Aug 28, 2013 7:10:16 AM EDT> <Warning> <Socket> <BEA-000449> <Closing socket as no data read from it on 127.0.0.1:65,362 during the configured idle timeout of 5 secs>
    <Aug 28, 2013 7:10:16 AM EDT> <Warning> <Socket> <BEA-000449> <Closing socket as no data read from it on 127.0.0.1:65,361 during the configured idle timeout of 5 secs>
    <Aug 28, 2013 7:10:16 AM EDT> <Warning> <Socket> <BEA-000449> <Closing socket as no data read from it on 127.0.0.1:65,366 during the configured idle timeout of 5 secs>
    <Aug 28, 2013 7:10:16 AM EDT> <Warning> <Socket> <BEA-000449> <Closing socket as no data read from it on 127.0.0.1:65,363 during the configured idle timeout of 5 secs>
    <Aug 28, 2013 7:10:16 AM EDT> <Warning> <Socket> <BEA-000449> <Closing socket as no data read from it on 127.0.0.1:65,364 during the configured idle timeout of 5 secs>
    <Aug 28, 2013 7:11:09 AM EDT> <Error> <Console> <BEA-240003> <Console encountered the following error weblogic.security.providers.authentication.DBMSSQLAuthenticatorDelegateException: [Security:090279]Error listing users *
      at weblogic.security.providers.authentication.DBMSSQLReadOnlyAuthenticatorDelegateImpl.listUsers(DBMSSQLReadOnlyAuthenticatorDelegateImpl.java:368)
      at weblogic.security.providers.authentication.ReadOnlySQLAuthenticatorImpl.listUsers(ReadOnlySQLAuthenticatorImpl.java:117)
      at weblogic.security.providers.authentication.SQLAuthenticatorMBeanImpl.listUsers(SQLAuthenticatorMBeanImpl.java:281)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
      at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
      at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
      at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
      at java.security.AccessController.doPrivileged(Native Method)
      at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
      at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:263)
      at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
      at java.security.AccessController.doPrivileged(Native Method)
      at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
      at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
      at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
      at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
      at java.security.AccessController.doPrivileged(Native Method)
      at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
      at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
      at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
      at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
      at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
      at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1367)
      at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
      at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
      at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
      at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
      at javax.management.remote.rmi.RMIConnectionImpl_1035_WLStub.invoke(Unknown Source)
      at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
      at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
      at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
      at $Proxy168.listUsers(Unknown Source)
      at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
      at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
      at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:82)
      at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
      at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
      at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
      at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
      at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
      at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
      at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
      at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
      at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
      at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
      at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
      at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:262)
      at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
      at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:134)
      at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
      at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
      at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
      at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
      at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
      at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
      at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
      at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
      at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
      at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
      at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
      at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
      at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
      at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:211)
      at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
      at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
      at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
      at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
      at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
      at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
      at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
      at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
      at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
      at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
      at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
      at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
      at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
      at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
      at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
      at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    Caused by: java.sql.SQLException: TBDI18N: Connection was not found for null
      at weblogic.security.providers.authentication.DBMSDatabaseConnectionPoolImpl.getRawConnection(DBMSDatabaseConnectionPoolImpl.java:136)
      at weblogic.security.providers.authentication.DBMSSQLDatabaseConnectionPoolImpl.checkoutConnection(DBMSSQLDatabaseConnectionPoolImpl.java:25)
      at weblogic.security.providers.authentication.DBMSSQLReadOnlyAuthenticatorDelegateImpl.getReadOnlyConnection(DBMSSQLReadOnlyAuthenticatorDelegateImpl.java:570)
      at weblogic.security.providers.authentication.DBMSSQLReadOnlyAuthenticatorDelegateImpl.listUsers(DBMSSQLReadOnlyAuthenticatorDelegateImpl.java:346)
      ... 119 more
    >
    It says something about listing the users, so I checked my "SQL List Users:" statement and it should be just fine:
    SELECT username FROM jhs_users WHERE username LIKE ?
    If fact I double checked all SQL statement that list something in the provider and they are all fine
    I have to remind that my application is empty and all pages (login , error , welcome) are autogenerated
    Thank you for you help. Can you see the problem?

  • Can the Design Console authenticate against the OID?

    Can the Design Console authenticate against the OID?
    In my setup the users authenticate against the OID server when logging to OIM Web Console.
    The OID has a plugin that redirects the authentication request to the Microsoft AD server.
    That way the users can login to OIM Web Console using their Microsoft network password.
    A small problem is that I have a handful of users that need to use the Design Console, and when they attempt to login it almost always fails at first.
    It fails because they forget that the password they have to type on the Design Console login screen actually resides within the OIM Server and as time goes by the password becomes different then the one used to login to the Microsoft network.
    So i wondered if it is somehow possible to configure the Design Console to authenticate against my OID server, then it would redirect the authentication request to the Microsoft AD Server and they would not have to bother about what is/was the password stored within the OIM.
    Thanks for any thought on the matter.
    Adriano.

    Design Console always authenticate against the OIM user credentials. I suppose this is due to the factor that this does not behave as an http request over web, so its almost impossible to redirect the login request to some other server(AD/OID etc).
    I also did not find this in the Oracle documentation, so I suppose its not possible. The AD Pass Syncwould work but just installing the AD Pass Sync for a handful of users (accessing design console) would not be recommended as it requires an agent to be installed on AD side. You might need to handle the OIM passwords for such users manually.

  • When WLC authenticate users with secondary RADIUS server?

    Hi Sir,
    I'm configuring a WLC4404-100. One of the WLANs points to two RADIUS Servers for Authentication and Accounting (please see attached).
    I'd like to know, under what circumstances will the WLC authenticate users against the secondary RADIUS Server (in my case, the ACS with IP address 10.200.67.84)?
    Please advise.
    Thank you.
    B.Rgds,
    Lim TS

    Hi,
    I navigated to the following on the WLC:
    MANAGEMENT -> SNMP -> Trap Logs
    I noticed the following SNMP trap:
    Fri Dec 8 11:23:21 2006 No Radius Servers Are Responding
    I checked the 2nd ACS server, and true, at around the same time 11:23, the 2nd ACS server was authenticating users.
    I checked the 1st ACS server; at around the same time 11:23, there wasn't any service suspension or database replication going on. What's the cause of this WLC authenticating with the 2nd ACS server? The network is robust and I don't expect any latency issue. The two RADIUS servers are serving only wireless users, the number is about 120.
    On the WLC, I used the default of 2 seconds Retransmit Timeout for both the RADIUS Authentication Servers. Should I fine-tune it to higher value?
    Retransmit Timeout - Specify the time in seconds after which the RADIUS authentication request will timeout and a retransmission will be taken up by the controller. You can specify a value between 2 to 30 seconds.
    There are Passed Authentications logged on the 1st ACS server after during & after 11:23. So, I suspect the WLC is doing a kind of load-balancing across the two RADIUS servers.
    Please advise.
    Thank you.
    B.Rgds,
    Lim TS

  • Make netatalk on FreeBSD authenticate against OD?

    Hello!
    I recently set up a ZFS file server running FreeBSD. I'm sharing the pool with netatalk, and it works just fine. What I really want to get working, though, is authentication against our central Xserve G5 running Leopard server. All of our services requiring authentication, goes through OD, so it would have been really nice to get this working on the file server too.
    I tried to follow this howto in the FreeBSD handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/ldap-auth/article.html#CLIEN T However, I really do not know very much about LDAP, and I can't seem to get it working. When running ldapsearch, I get this in response:
    # ldapsearch
    # extended LDIF
    # LDAPv3
    # base <dc=kreativsone,dc=no> (default) with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    # search result
    search: 2
    result: 32 No such object
    # numResponses: 1
    - What does this mean? Do I have to use SSL or TLS or something? Any help is appreciated! If you need some output or something, please ask!

    Thanks, but unfortunately this does not help. In order to get netatalk to authenticate against OD, I need to get FreeBSD authenticating against OD. That is my main problem.

  • Authenticate Users Using an LDAP Server

    Hi,
    I did implement 'Authenticate Users Using an LDAP Server' according the link blow below.
    [http://www.oracle.com/technology/products/database/application_express/howtos/how_to_ldap_authenticate.html]
    It works OK to specific DN String, example 'cn=%LDAP_USER%,OU=Menahel,OU=Cmp,DC=ho,DC=discount'.
    We have a lot of domain rules, mean the users not located at the same DN.
    Is it possibale to use general DN string (base root) like 'cn=%LDAP_USER%,*,*,DC=ho,DC=discount?
    Thanks in advance,
    Shay

    Augusto, one thing to check (since it caught me out) is that your LDAP entries conform to the right format, namely
    "cn=Bob" etc
    When I was integrating HTMLDB LDAP against a Sun One Directory Server, it had me scratching my head for ages, until I realised that the LDAP entries had been created in the format of -
    "uid=bob" rather than "cn=bob"
    This might not be your problem, but it's worth checking anyway ;)

Maybe you are looking for

  • Filter songs by rating (on the fly, without smart playlists)

    Is there any way (3rd party app maybe) that would allow you to live filter the displayed/played songs by rating? ie. if I have an artist selected, and all 200 songs are shown by that artist -- I would like to select on the fly to only display/play so

  • Example Finder Error- unsuccessful in sending a request to the NI Helpserver

    HI I have got a problem with Example Finder and when I double click on an example I get this error after about 3 or 4 minutes. An error occurred. The NI Example finder was unsuccessful in sending a request to the NI Helpserver Wud u plz let me know w

  • Verizon's Poor Business Practices

    Remove This is the beginning of a media blast and campaign to inform the public of how shabbily Verizon has deliberately treated one of their customers.  My daughter had service with them, and Verizon allowed a third party to order a phone on her acc

  • Can't find "effects" presets and need general direction.

    Hi all. I'm a moderately seasoned Logic Pro 7 and 8 user. But i am totally new to Soundtrack pro. I just loaded soundtrack pro because i didn't load it when i initially loaded logic pro and waveburner. thought i would try out some of the noise reduct

  • Using characters in Mountain Lion

    Hi Forum I'll like to use the characters shown in ~ show charater viewer.. in my programs I've tryed to incorporated them in Finale (notegraphic prg) but i'm unable to find out about the right fonrt or key combo How to ? yours B