Authenticate users using materialised veiw
Hi guys,
I'm wondering if i can authenticate users on login whether or not they exsist in a materialised view?? At the minute im authenticating whether they exist in active directory, but i want to authenticate whether they exist in a materialised view, can i do this so that it display the same error message in the same way.. 'invalid log in credentials' ??
Thanks
Stefan
Just on that note is there anywhere i can find an example of code that check AD groups, at the minute i have a custauthentication function to check if a user exists in LDAP but i havent narrowed it down to specific groups.. is there any hints you can give me or even a link to an example?
cheers guys
Similar Messages
-
Authenticate Users Using an LDAP Server
Hi,
I did implement 'Authenticate Users Using an LDAP Server' according the link blow below.
[http://www.oracle.com/technology/products/database/application_express/howtos/how_to_ldap_authenticate.html]
It works OK to specific DN String, example 'cn=%LDAP_USER%,OU=Menahel,OU=Cmp,DC=ho,DC=discount'.
We have a lot of domain rules, mean the users not located at the same DN.
Is it possibale to use general DN string (base root) like 'cn=%LDAP_USER%,*,*,DC=ho,DC=discount?
Thanks in advance,
ShayAugusto, one thing to check (since it caught me out) is that your LDAP entries conform to the right format, namely
"cn=Bob" etc
When I was integrating HTMLDB LDAP against a Sun One Directory Server, it had me scratching my head for ages, until I realised that the LDAP entries had been created in the format of -
"uid=bob" rather than "cn=bob"
This might not be your problem, but it's worth checking anyway ;) -
Unable to authenticate users using Custom plugins in OAM 11g
We are working on a requirement in which we have to write a custom authentication plugin in OAM 11g.
we were able to import and activate the plugin
we created a new authentication module with steps in the following order
1)UserIdentificationPlugin
2)UserAuthenticationPlugin
3)Our custom plugin to create custom responses(We just created the class with mandatory methods and process method returning success)
but finally when we try to authenticate,authentication fails resulting in OAM-2 error.We had entered valid credentials
Can somebody please help me on resolving this issue.
The plugin code,manifest file and Metadata XML is shared below.
Plugin Code
public class NewPlugin extends AbstractAuthenticationPlugIn {
private static final String CLASS_NAME = "FirstTestClass";
public ExecutionStatus initialize (PluginConfig config){
super.initialize(config);
if(LOGGER.isLoggable(Level.FINE)){
LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering initialize");
return ExecutionStatus.SUCCESS;
@Override
public String getDescription() {
// TODO Auto-generated method stub
return null;
@Override
public Map<String, MonitoringData> getMonitoringData() {
// TODO Auto-generated method stub
return null;
@Override
public String getPluginName() {
// TODO Auto-generated method stub
return null;
@Override
public int getRevision() {
// TODO Auto-generated method stub
return 0;
@Override
public ExecutionStatus process(AuthenticationContext context)
throws AuthenticationException {
if(LOGGER.isLoggable(Level.FINE)){
LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering process");
return ExecutionStatus.SUCCESS;
@Override
public void setMonitoringStatus(boolean arg0) {
// TODO Auto-generated method stub
@Override
public boolean getMonitoringStatus() {
// TODO Auto-generated method stub
return false;
MANIFEST.MF
Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: NewPlugin Plug-in
Bundle-SymbolicName: NewPlugin
Bundle-Version: 1.0.0
ImportPackage:org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api,oracle.security.am.common.utilities.principal,oracle.security.idm,javax.naming,javax.sql,javax.security.auth
Bundle-RequiredExecutionEnvironment: JavaSE-1.6
METADATA XML
<?xml version="1.0" encoding="UTF-8" ?>
<Plugin name="NewPlugin" type="Authentication">
<author>me</author>
<email>[email protected]</email>
<creationDate>11:40:20,2012-13-02</creationDate>
<version>1</version>
<description>Custom User Authentication Plugin</description>
<interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
<implementation>newplugin.NewPlugin</implementation>
<configuration>
<AttributeValuePair>
<Attribute type="String" length="20">DataSource</Attribute>
<mandatory>true</mandatory>
<instanceOverride>false</instanceOverride>
<globalUIOverride>true</globalUIOverride>
<value>jdbc/CISCO</value>
</AttributeValuePair>
</configuration>
</Plugin>Your search results show that the user "collini" was not found (nentries=0). This could be caused by a number of reasons.
1) The user doesn't exist under "ou=people,dc=our,dc=domain"
2) The user doesn't contain the posixAccount objectclass
3) The user account that performed the search doesn't have access rights to read/search that user account
What user account was used to BIND on the connection that the search was done on?
Try performing the same exact search with an account you know can retrieve the entry. For example:
ldapsearch -D "cn=Directory Manager" -w - -b ou=people,dc=our,dc=domain -s one "(&(objectClass=posixAccount)(uid=collini))"
If the entry doesn't return as a result of the search then either #1 or #2 above is the problem. If the entry does return then #3 is your problem. -
How to use CSACS 3.3 to authenticate users from multiple windows domain?
Can Cisco Secure ACS 3.3 be used to authenticate users from another Windows domain that is not a child nor a trusted domain???
hello, here is my scenario:
ACS 3.3 was installed on a member server on domain1. I need to authenticate and ultimately populate the users into ACS from another domain. The service already works perfect on just domain1, but now I need to authenticate users from another domain.
And adding those domains as trusted domains in domain1 is not an option.
Is Generic LDAP my only other option? Any config guides that you guys know with regard to doing this?
Any input is much appreciated.Hi Betcy,
I am not familiar with sharepoint solutions, but as you mentioned about windows credentials I believe it refers to kerberos tokens. On this case you can take advantage of SPNego authentication.
You can find more details on following SAP note:
#[1488409|https://service.sap.com/sap/support/notes/1488409] - New SPNego Implementation
I hope it helps.
Kind regards,
Lisandro Magnus -
Install Sun ONE Directory Server 5,2 & how to use it for authenticate user
Good afternoon, Excuse, are newbie in the scope I am learning and putting desire to him, this in my situation I am trying to install Sun ONE Directory Server 5,2 since I understand that this it is application LDAP for Solaris, ok I want to install it to authenticate user against the system, that is to say, to be able to acces the server entering with a created user from the data base of LDAP and make think user that his created in the system. But the documentation that I finds indicates the installation of Sun ONE Directory Server 5,2 but it not clearly about how to use it for authentication. Some one have any manual step by step of Sun ONE Directory Server 5,2 installation and how to make it for authentication systems users.
I read the forum seeking for anwser and i get confuse
Thanks for the help and sorry for any inconvenient
Message was edited by:
Aku_28
Message was edited by:
Aku_28I think that I found the Sun endorsed book locations for using LDAP accounts that don't use authentication besides "crypt". I now can use an account with a "ssha" password. It can be more than 8 characters long.
Chapter 14 System Administration Guide: Naming and Directory Services
Read page 201 which is the pam.conf file pam_ldap setups. I edited my "/etc/pam.conf" file to reflect this
Chapter 7 Directory Server 5.2 2005Q4 - Administration Guide
Read page 316-318 which has a graphical technique to specify password syntax. I set it up and then tried the password by running "su - brahms". It now requires a longer password than 8 characters and it is set up to use "ssha" for that UID entry "brahms". -
Authenticate SSAS user using ADFS
Hi,
We have developed some SSAS cubes, but client is not able to access then as the client is on a different domain. We need to expose our OLAP services over HTTPS and authenticate client using ADFS claims.
Please let me know if this is possible, and how to host/ setup OLAP services over HTTPS using IIS.
Regards,
RiteshHi Ritesh,
According to your description, the users and the SQL Server Analysis Service server are not on the same domain, what you want is that let user enable browse the cube data, right?
In this case, here is a blog which describe how to connecting to SQL Server Analysis Services using a Different Domain Account that the user currently log on (SSAS on Different Domain and the user logon to another Domain), please see:
http://blogs.technet.com/b/nraja/archive/2011/09/19/connecting-to-sql-server-analysis-services-using-a-different-domain-account-that-the-user-currently-log-on-ssas-on-different-domain-and-the-user-logon-to-another-domain.aspx
Regards,
Charlie Liao
TechNet Community Support -
Authenticate users by Windows group using ACS
Currently we are using Windows IAS/RADIUS to authenticate users onto out wireless network and it is set to allow users in a certain Windows group to connect.
Is there a way to do this with ACS?
Please note that we are using ACS Solution Engine, not ACS for Windows.
Thanks.Use Remote Agent for Windows user authentication feature or configure Windows AD as the LDAP on ACS SE.
then configure group mapping, and put the restrictions accordingly.
Regards,
Prem
Please rate if it helps! -
Authenticate partial SSO users using LDAP
Hi all,
Is it possible to authenticate a group of the Portal users using an LDAP server, i.e. not to authenticate all the users using the LDAP server. I want to do this because we have a large number of customers (over 100,000) which are already defined in the LDAP server and I donot want to re-create them into the Portal login server, also I have many Portal users defined normally using the Portal "Add User". And if there is no such option, then is it smooth to move from database authentication to the LDAP server authentication (reference for the steps is appreciated)? We are using iPlanet LDAP server which is LDAP v3 compliant.
Best to allOf course, Single Sign-On implies that you are using a portal, or a cunningly-configured BSP. NTLM is only an option if using a Windows-based IIS as a proxy to your Unix box. Otherwise, you need to use the SPNEGO login module, which is not on general release (it is available on a consulting basis only - see Michael Sambeth at SAP).
Until SAP use UME within the ABAP core, I don't see an elegant solution to this.
- Darren -
Deploy authenticate VPN using LDAP AD (with user group)
Hi,
I'm stucking in configuration of LDAP Server with authenticate for VPN user using group in Windows Domain. I would like to create a group like "vpn-group" in Domain. If someone want to vpn, I just have to add that user in the group "vpn-group" then I can connect to the company.
Here is my configuration
aaa new-model
aaa authentication login userauthen local group ldap
aaa authorization network groupauthor local
ldap attribute-map map1
map type sAMAccountName username
ldap server server1
ipv4 192.168.0.5
attribute map map1
bind authenticate root-dn cn=administrator,cn=users,dc=test,dc=local password 7 0235114B0E144E621518
base-dn cn=vpn-group,cn=users,dc=test,dc=local
Please advice me.I got it working by including the AD security group in the search-filter
search-filter user-object-type User)(memberOf=CN=vpn-group,OU=Security groups,OU=company,DC=test,DC=local -
OC4J Security fails to authenticate users on a 64 bit solarisx86 machine
Hi,
I am using a database login module to authenticate users. The login module I use is DBTableLoginModule. On 32 bit windows based machine, the module functions perfectly fine. When I deployed my project on a 64 bit solarisx86 machine, users are no longer able to login. On debugging the DBTableLoginModule, the authentication shows success and the commit method is return true to the OC4J security. But OC4J is redirecting to error page and I have no clue as to why it is doing so. The problem is I am not able to debug OC4J security for I have no source code for that. My question is how can i turn on debugging for OC4J Security
so I can watch out for any errors or anything that OC4J complains about so I can have better chances to overcome this problem.
Thanks
SamHi,
sounds like a OC4J bug to me (or issue at least). You may want to check
OC4J
Frank -
Hi,
So I have been trying to write some code that will
prompt users to authenticate to AD and use that authentication to map the next 2 available drive letter to two network shares.
I have adopted using the HAT format as this provides me with the ability to prompt for a username and password and authenitcate to AD.
<script language="vbscript">
Function setSize()
window.resizeTo 350,300
Window.moveTo (screen.width-240)/2, (screen.height-600)/2
End Function
Function cmdSubmit_OnClick()
Dim strUser 'User Name variable
Dim strPW 'User Password variable
if auth.username.value = "" Then
msgbox ("ERROR: No User account information provided. Please Try Again!")
cmdSubmit_OnClick = False
Elseif auth.password.value = "" Then
msgbox ("ERROR: No User account information provided. Please Try Again!")
cmdSubmit_OnClick= False
Else
strUser = auth.username.value
strPW = auth.password.value
Authenticate strUser, strPW
End If
End Function
Public Sub Authenticate (Byref strUser, Byref strPW)
On Error Resume Next
Const ADS_SECURE_AUTHENTICATION = &H1
Const ADS_SERVER_BIND = &H200
Dim strPath 'LDAP path where the Users accounts are listed
Dim LDAP 'Directory Service Object reference variable
Dim strAuth 'Parses the User Name and Password through the DSObject
strPath = "LDAP://fanzldap.au.fjanz.com/rootDSE"
Set LDAP = GetObject("LDAP://company/rootDSE")
Set strAuth = LDAP.OpenDSObject(strPath, strUser, strPW, ADS_SECURE_AUTHENTICATION Or ADS_SERVER_BIND)
If Err.number <> 0 Then
intTemp = msgbox(strUser & " could not be authenticated", vbYES)
if intTemp = vbYes Then
'window.location.reload()
End If
Else
For Each obj in strAuth
If obj.Class = "user" Then
If obj.Get("samAccountName") = strUser Then
msgbox ("Success! " & strUser & " has been authenticated with Active Directory")
window.close()
Set wShell = CreateObject("Wscript.shell")
wShell.run "Firstletterali.vbs"
End If
End If
Next
End If
End Sub
</script>
<head>
<body style="background-color:#B0C4DE">
<img src=Title.jpg><br>
<HTA:APPLICATION
APPLICATIONNAME="User Login"
BORDER="thin"
SCROLL="no"
SINGLEINSTANCE="yes"
WINDOWSTATE="normal">
<title>NAS Authentication</title>
<body onload="vbs:setSize()">
<div class="style2">
<h3>NAS Archive Authentication</h3>
</div>
<form method="post" id="auth" name="auth">
<span class="style3"><strong>User Name: </strong></span>
<input id="Username" name="Username" type="text" style="width: 150px" /><br>
<span class="style3">
<strong>Password: </strong></span>
<input id="password" name="password" type="password" style="width: 150px" /><br><br>
<input type="submit" value="Submit" name="cmdSubmit" />
<input type="button" value="Exit" onclick="self.close()">
</form>
</body>
</html>
using the above I can succefully authenticate users but I cant work out how to then use that authenticattion to map the next to available drive letters to a network source.
The code I have for that is
Option Explicit
Dim strDriveLetter, strRemotePath, strRemotePath1, strDriveLetter1
Dim objNetwork, objShell
Dim CheckDrive, DriveExists, intDrive
Dim strAlpha, strExtract, intAlpha, intCount
' The section sets the variables
strRemotePath = "\\mel\groups\Team\general"
strRemotePath1 = "\\mel\groups\Team\specific"
strDriveLetter = "B:"
strDriveLetter1 = "H:"
strAlpha = "BHIJKLMNOPQRSTUVWXYZ"
intAlpha = 0
intCount = 0
err.number= vbEmpty
' This sections creates two objects:
' objShell and objNetwork and then counts the drives
Set objShell = CreateObject("WScript.Shell")
Set objNetwork = CreateObject("WScript.Network")
Set CheckDrive = objNetwork.EnumNetworkDrives()
' This section operates the For ... Next loop
' See how it compares the enumerated drive letters
' With strDriveLetter
On Error Resume Next
DriveExists = False
' Sets the Outer loop to check for 24 letters in strAlpha
For intCount = 1 To 24
DriveExists = False
' CheckDrive compares each Enumerated network drive
' with the proposed drive letter held by strDriveLetter
For intDrive = 0 To CheckDrive.Count - 1 Step 2
If CheckDrive.Item(intDrive) = strDriveLetter _
Then DriveExists = True
Next
intAlpha = intAlpha + 1
' Logic section if strDriveLetter does not = DriveExist
' Then go ahead and map the drive
'Wscript.Echo strDriveLetter & " exists: " & DriveExists
If DriveExists = False Then objNetwork.MapNetworkDrive _
strDriveLetter, strRemotePath
call ShowExplorer ' Extra code to take you to the mapped drive
' Appends a colon to drive letter. 1 means number of letters
strDriveLetter = Mid(strAlpha, intAlpha,1) & ":"
' If the DriveExists, then it is necessary to
' reset the variable from true --> false for next test loop
If DriveExists = True Then DriveExists = False
Next
WScript.Echo "Out of drive letters. Last letter " & strDriveLetter
WScript.Quit(1)
'Sub ShowExplorer()
'If DriveExists = False Then Wscript.Echo strDriveLetter & " Has been mapped for archiving"
'If DriveExists = False Then objShell.run _
'("Explorer" & " " & strDriveLetter & "\" )
'If DriveExists = False Then WScript.Quit(0)
'End Sub
On Error Resume Next
DriveExists = False
' Sets the Outer loop to check for 24 letters in strAlpha
For intCount = 1 To 24
DriveExists = False
' CheckDrive compares each Enumerated network drive
' with the proposed drive letter held by strDriveLetter1
For intDrive = 0 To CheckDrive.Count - 1 Step 2
If CheckDrive.Item(intDrive) = strDriveLetter1 _
Then DriveExists = True
Next
intAlpha = intAlpha + 1
' Logic section if strDriveLetter1 does not = DriveExist
' Then go ahead and map the drive
'Wscript.Echo strDriveLetter1 & " exists: " & DriveExists
If DriveExists = False Then objNetwork.MapNetworkDrive _
strDriveLetter1, strRemotePath1
call ShowExplorer ' Extra code to take you to the mapped drive
' Appends a colon to drive letter. 1 means number of letters
strDriveLetter1 = Mid(strAlpha, intAlpha,1) & ":"
' If the DriveExists, then it is necessary to
' reset the variable from true --> false for next test loop
If DriveExists = True Then DriveExists = False
Next
WScript.Echo "Out of drive letters. Last letter " & strDriveLetter1
WScript.Quit(1)
Sub ShowExplorer()
If DriveExists = False Then Wscript.Echo strDriveLetter & " Has been mapped for archiving"
If DriveExists = False Then objShell.run _
("Explorer" & " " & strDriveLetter & "\" )
If DriveExists = False Then WScript.Quit(0)
End Sub
Now the above script will find the next availabe letter and map one location to it...I still havent worked out to create another loop for it to do it again. It obviously also requires that you already be authenticated to map to that location.
I looking for some help on how to marry these to scripts together.
Thanks
AliHi Ali
Here is some code that will enumerate two free adjacent drive letters. It starts searching from "C" all the way to "Z" for two drives letters that are adjacent and returns the results in an array then echos the results. You can easily adapt this code to
map your network drives to each drive letter. Hope that helps
Cheers Matt :)
Option Explicit
Dim objFSO
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
ProcessScript
If Err.Number <> 0 Then
WScript.Quit
End If
On Error Goto 0
'Functions Processing Section
'Name : ProcessScript -> Primary Function that controls all other script processing.
'Parameters : None ->
'Return : None ->
Function ProcessScript
Dim driveLetters, driveLetter
If Not GetFreeDrives(driveLetters) Then
Exit Function
End If
For Each driveLetter In driveLetters
MsgBox driveLetter, vbInformation
Next
End Function
'Name : GetFreeDrives -> Searches for a pair of free adjacent drive letters.
'Parameters : adjacentDrives -> Input/Output : variable assigned to an array containing the first two free adjacent drives.
'Return : GetFreeDrives -> Returns True if Successful otherwise returns False.
Function GetFreeDrives(adjacentDrives)
GetFreeDrives = False
Dim drive, driveLetter, drivesDict, i
Set drivesDict = NewDictionary
driveLetter = "C"
'Add the drives collection into the dictionary.
For Each drive In objFSO.drives
drivesDict(drive.DriveLetter) = ""
Next
'Check drive letters C: to Z: for two free adjacent drive letters and set the "driveLetter" variable to the first one.
For i = Asc(driveLetter) To Asc("Z")
If Not drivesDict.Exists(Chr(i)) And Not drivesDict.Exists(Chr(i + 1)) Then
driveLetter = Chr(i)
Exit For
End If
Next
'If two free adjacent drive letters were not found then exit.
If driveLetter = "" Then
Exit Function
End If
adjacentDrives = Array(driveLetter, Chr(Asc(driveLetter) + 1))
GetFreeDrives = True
End Function
'Name : NewDictionary -> Creates a new dictionary object.
'Parameters : None ->
'Return : NewDictionary -> Returns a dictionary object.
Function NewDictionary
Dim dict
Set dict = CreateObject("scripting.Dictionary")
dict.CompareMode = vbTextCompare
Set NewDictionary = dict
End Function -
DAC 10.1.3.4.1 Services not starting up|| Error "cannot authenticate user"
Hi,
We have installed DAC server in Linux machine and client on windows. By using DAC client we restored the backup of DAC repository, DAC client was working fine still restoration and after restoring it’s not logging in. It throws error like "Can't authenticate user"
while starting DAC services in Unix server it throws an error like
ANOMALY INFO An exception occurred. Shutting down server...
MESSAGE:::/u01/DAC/jdk/jre/lib/i386/xawt/libmawt.so: libXext.so.6: cannot open shared object file: No such file or directory
EXCEPTION CLASS::: java.lang.UnsatisfiedLinkError
Note: since DAC client is not separately available for windows we have installed dac server also and while installing and after installing we never configured to connect to the dac server which is in Linux, we have configured only DB.
we have successfully installed OBIEE, Informatica, and DAC version is 10.1.3.4.1.
How to start the DAC services?
How to configure dac client to connect to DAC server and how to solve this "Can't authenticate user" issue?
Pls help in this regard.After your config try to restart dac11g server
dac10g is only desktop mode
~ http://cool-bi.com -
Authenticating Guest Users Using External Database.
Folks, greetings.
Due to the limitations imposed by wlc's database size, we decided to go for an external authentication server.
Since this external database is for guest access, we are considering in using a Linux box with LDAP, along with a web-based application which will be presented to the user for authentication purposes. This way, the user would type in his/her credentials on this portal and the same box would process the authentication.
In such a scenario, we would buid an application for the "Lobby Amabassadors" input the guest data (for auditing purposes we need to enter the user's SSN, passport # or any other official ID), and this application would generate the password to be used during the authentication process.
I've used web-auth before, with the users database loaded on the WLC (local net users). Even using an external web-auth portal, the user is still authenticated by the controller that in turn, will control whether the traffic is to be allowed or not, based on the authentication results.
That's exactly where our question lies: how should we configure the WLAN so that the WLC would receive the access request and forward it to the authentication portal/server? Would it envolve radius?
This same Linux would be the DHCP server for this guest WLAN.
WLC vesion: 4.2.130.0
Regards,
ALUsing the Web Authentication feature on a Cisco wireless LAN controller, we can authenticate a guest user on the wireless LAN controller, on an external web server or on an external database on a RADIUS server. We can configure the wireless LAN used for guest traffic to authenticate the user from an external RADIUS server.
To enable an external RADIUS server to authenticate traffic using the GUI, follow this link.
http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1001207 -
Can you authenticate users from 2 different AAA-servers for one specific tunnel-group?
I need to authenticate users from two separate AD LDAP databases on the same tunnel-group. I would like them to use the same tunnel-group and thereby using the same group-alias. I tried creating a new aaa-server group and putting both LDAP servers into group but apparently the ASA does not roll through the separate servers in the aaa-server group and will stop if the first server states that the authentication failed.
I also tried assigning multiple aaa-server groups into the tunnel-group authentication-server-group but that also did not work. I finally tried to create a separate tunnel-group and assigning it the same group-alias but the ASA will not allow me to assign the same group-alias to different tunnel-group. What is the best way to accomplish this without having to create a new group-alias that will show up and possible confuse the dumb users requiring this access? Please help.If you don't want ANY drop down I believe you can do it in a kludgy sort of way.
Eliminate all the group aliases (which are used to populate the dropdown) and make a local database of the users for the sole purpose of assigning / restricting them to a non-default tunnel-group which authenticates to the secondary LDAP server.
You can also send out a non-published URL that points to a second tunnel-group not in the dropdown.
Of course, we can accomplish this if the AAA server is ISE. ISE 1.3 can authenticate users to multiple AD domains (with or without trust relationships) or a single domain with multiple join points in the Forest.
The ISE answer makes me wonder - could you establish trust between the domains and authenticate users that way? -
Cisco WLC 2504 and ways to authenticate users
Hi All,
What is the ways to make user authenticate to WLC 2504 and what is the best and simple way and what is the differences btw each method _i mean for example need radius server or something else to be exist_ ?
and any one can give me case study for this issue
System consist of Cisco 2504 and Cisco LAP 1140
ThanksTo implement radius based authentication is the best practice for the small & enterprise environment.
Information About RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that provides centralized security for users attempting to gain management access to a network. It serves as a backend database similar to local and TACACS+ and provides authentication and accounting services:
•Authentication—The process of verifying users when they attempt to log into the controller.
Users must enter a valid username and password in order for the controller to authenticate users to the RADIUS server. If multiple databases are configured, you can specify the sequence in which the backend database must be tired.
•Accounting—The process of recording user actions and changes.
Whenever a user successfully executes an action, the RADIUS accounting server logs the changed attributes, the user ID of the person who made the change, the remote host where the user is logged in, the date and time when the command was executed, the authorization level of the user, and a description of the action performed and the values provided. If the RADIUS accounting server becomes unreachable, users are able to continue their sessions uninterrupted.
RADIUS uses User Datagram Protocol (UDP) for its transport. It maintains a database and listens on UDP port 1812 for incoming authentication requests and UDP port 1813 for incoming accounting requests. The controller, which requires access control, acts as the client and requests AAA services from the server. The traffic between the controller and the server is encrypted by an algorithm defined in the protocol and a shared secret key configured on both devices.
You can configure multiple RADIUS accounting and authentication servers.For example, you may want to have one central RADIUS authentication server but several RADIUS accounting servers in different regions. If you configure multiple servers of the same type and the first one fails or becomes unreachable, the controller automatically tries the second one, then the third one if necessary, and so on.
For more Information : http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_security_sol.html#wp2149947
Maybe you are looking for
-
How to solve problem - " Safari cannot open page because it isn't connected to the internet" but the airport is ok. signal full and i have n IP address. and i m using Macbook pro. OS snow leopard and above...
-
Early 2011 Macbook external display issues after firmware update
I have a 2011 MBPro 15". After performing the firmware update in late April, I have continual issues when I connect my monitor. The screen is blank and I can move the mouse tap the keyboard etc. The display may come up for a scond and then it will cl
-
SAP Install Error: CJS-00030 Assertion failed:Component OraDatabaseTablespa
I am installing SAP ECC 6.0 IDES central system on RHEL4 x86_64 bit with Oracle 10g. Oracle db installation and create database steps have completed successfully. It is now on "Create/Check Tablespaces" of SAP installation and came across an error. B
-
Aspect ratios exporting to quicktime
Apologies if this is a hoary old newbie question and please do point me in the right direction if there are other threads on the same topic. I'm editing a short originally shot on digibeta 16:9, then dumped down onto DV for digitising in. I'm having
-
Hi, I tried to install oracle 11r2 in red hat. followings are missed gcc-4.1.2 libgomp-4.1.2 glibc-2.5-24 gcc-c++-4.12 @ libaio-devel-0.3.106 libcc-4.1.2 @ libstdc++-4.1.2 libstdc++-devel-4.1.2 sysstat-7.0.2 unixodbc-2.2.11 unixodbc-devel-2.2.11 some