Authenticate Users

Similar Messages

• How to use CSACS 3.3 to authenticate users from multiple windows domain?

  Can Cisco Secure ACS 3.3 be used to authenticate users from another Windows domain that is not a child nor a trusted domain???
  hello, here is my scenario:
  ACS 3.3 was installed on a member server on domain1. I need to authenticate and ultimately populate the users into ACS from another domain. The service already works perfect on just domain1, but now I need to authenticate users from another domain.
  And adding those domains as trusted domains in domain1 is not an option.
  Is Generic LDAP my only other option? Any config guides that you guys know with regard to doing this?
  Any input is much appreciated.

  Hi Betcy,
  I am not familiar with sharepoint solutions, but as you mentioned about windows credentials I believe it refers to kerberos tokens. On this case you can take advantage of SPNego authentication.
  You can find more details on following SAP note:
  #[1488409|https://service.sap.com/sap/support/notes/1488409] - New SPNego Implementation
  I hope it helps.
  Kind regards,
  Lisandro Magnus

• OC4J Security fails to authenticate users on a 64 bit solarisx86 machine

  Hi,
  I am using a database login module to authenticate users. The login module I use is DBTableLoginModule. On 32 bit windows based machine, the module functions perfectly fine. When I deployed my project on a 64 bit solarisx86 machine, users are no longer able to login. On debugging the DBTableLoginModule, the authentication shows success and the commit method is return true to the OC4J security. But OC4J is redirecting to error page and I have no clue as to why it is doing so. The problem is I am not able to debug OC4J security for I have no source code for that. My question is how can i turn on debugging for OC4J Security
  so I can watch out for any errors or anything that OC4J complains about so I can have better chances to overcome this problem.
  Thanks
  Sam

  Hi,
  sounds like a OC4J bug to me (or issue at least). You may want to check
  OC4J
  Frank

• Mac os x wiki server can't authenticate user password from active directory recently after we upgraded to windows 2008 server.

  after upgraded to windows 2008 server, our  mac os x wiki server can't authenticate user password anymore. How can I re-bind the wiki server to the AD again? thanks in advance.

  Solved it by deleting the user and creating a new one with the same userID.
  Maybe it occured because I marked the "user has to change password after first login" box when resetting the password but didn't yet allow him to do so in the webpages menu?!?

• Scipt to prompt and authenticate users to AD and then map 2 next available drive letters to 2 network shares

  Hi,
  So I have been trying to write some code that will
  prompt users to authenticate to AD and use that authentication to map the next 2 available drive letter to two network shares.
  I have adopted using the HAT format as this provides me with the ability to prompt for a username and password and authenitcate to AD.
  <script language="vbscript">
  Function setSize()
  window.resizeTo 350,300
  Window.moveTo (screen.width-240)/2, (screen.height-600)/2
  End Function
  Function cmdSubmit_OnClick()
  Dim strUser 'User Name variable
  Dim strPW 'User Password variable
  if auth.username.value = "" Then
  msgbox ("ERROR: No User account information provided. Please Try Again!")
  cmdSubmit_OnClick = False
  Elseif auth.password.value = "" Then
  msgbox ("ERROR: No User account information provided. Please Try Again!")
  cmdSubmit_OnClick= False
  Else
  strUser = auth.username.value
  strPW = auth.password.value
  Authenticate strUser, strPW
  End If
  End Function
  Public Sub Authenticate (Byref strUser, Byref strPW)
  On Error Resume Next
  Const ADS_SECURE_AUTHENTICATION = &H1
  Const ADS_SERVER_BIND = &H200
  Dim strPath 'LDAP path where the Users accounts are listed
  Dim LDAP 'Directory Service Object reference variable
  Dim strAuth 'Parses the User Name and Password through the DSObject
  strPath = "LDAP://fanzldap.au.fjanz.com/rootDSE"
  Set LDAP = GetObject("LDAP://company/rootDSE")
  Set strAuth = LDAP.OpenDSObject(strPath, strUser, strPW, ADS_SECURE_AUTHENTICATION Or ADS_SERVER_BIND)
  If Err.number <> 0 Then
  intTemp = msgbox(strUser & " could not be authenticated", vbYES)
  if intTemp = vbYes Then
  'window.location.reload()
  End If
  Else
  For Each obj in strAuth
  If obj.Class = "user" Then
  If obj.Get("samAccountName") = strUser Then
  msgbox ("Success! " & strUser & " has been authenticated with Active Directory")
  window.close()
  Set wShell = CreateObject("Wscript.shell")
  wShell.run "Firstletterali.vbs"
  End If
  End If
  Next
  End If
  End Sub
  </script>
  <head>
  <body style="background-color:#B0C4DE">
  <img src=Title.jpg><br>
  <HTA:APPLICATION
  APPLICATIONNAME="User Login"
  BORDER="thin"
  SCROLL="no"
  SINGLEINSTANCE="yes"
  WINDOWSTATE="normal">
  <title>NAS Authentication</title>
  <body onload="vbs:setSize()">
  <div class="style2">
  <h3>NAS Archive Authentication</h3>
  </div>
  <form method="post" id="auth" name="auth">
  <span class="style3"><strong>User Name:&nbsp; </strong></span>
  <input id="Username" name="Username" type="text" style="width: 150px" /><br>
  <span class="style3">
  <strong>Password:&nbsp;&nbsp;&nbsp;&nbsp; </strong></span>
  <input id="password" name="password" type="password" style="width: 150px" /><br><br>
  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  <input type="submit" value="Submit" name="cmdSubmit" />
  <input type="button" value="Exit" onclick="self.close()">
  </form>
  </body>
  </html>
  using the above I can succefully authenticate users but I cant work out how to then use that authenticattion to map the next to available drive letters to a network source.
  The code I have for that is
  Option Explicit
  Dim strDriveLetter, strRemotePath, strRemotePath1, strDriveLetter1
  Dim objNetwork, objShell
  Dim CheckDrive, DriveExists, intDrive
  Dim strAlpha, strExtract, intAlpha, intCount
  ' The section sets the variables
  strRemotePath = "\\mel\groups\Team\general"
  strRemotePath1 = "\\mel\groups\Team\specific"
  strDriveLetter = "B:"
  strDriveLetter1 = "H:"
  strAlpha = "BHIJKLMNOPQRSTUVWXYZ"
  intAlpha = 0
  intCount = 0
  err.number= vbEmpty
  ' This sections creates two objects:
  ' objShell and objNetwork and then counts the drives
  Set objShell = CreateObject("WScript.Shell")
  Set objNetwork = CreateObject("WScript.Network")
  Set CheckDrive = objNetwork.EnumNetworkDrives()
  ' This section operates the For ... Next loop
  ' See how it compares the enumerated drive letters
  ' With strDriveLetter
  On Error Resume Next
  DriveExists = False
  ' Sets the Outer loop to check for 24 letters in strAlpha
  For intCount = 1 To 24
  DriveExists = False
  ' CheckDrive compares each Enumerated network drive
  ' with the proposed drive letter held by strDriveLetter
  For intDrive = 0 To CheckDrive.Count - 1 Step 2
  If CheckDrive.Item(intDrive) = strDriveLetter _
  Then DriveExists = True
  Next
  intAlpha = intAlpha + 1
  ' Logic section if strDriveLetter does not = DriveExist
  ' Then go ahead and map the drive
  'Wscript.Echo strDriveLetter & " exists: " & DriveExists
  If DriveExists = False Then objNetwork.MapNetworkDrive _
  strDriveLetter, strRemotePath
  call ShowExplorer ' Extra code to take you to the mapped drive
  ' Appends a colon to drive letter. 1 means number of letters
  strDriveLetter = Mid(strAlpha, intAlpha,1) & ":"
  ' If the DriveExists, then it is necessary to
  ' reset the variable from true --> false for next test loop
  If DriveExists = True Then DriveExists = False
  Next
  WScript.Echo "Out of drive letters. Last letter " & strDriveLetter
  WScript.Quit(1)
  'Sub ShowExplorer()
  'If DriveExists = False Then Wscript.Echo strDriveLetter & " Has been mapped for archiving"
  'If DriveExists = False Then objShell.run _
  '("Explorer" & " " & strDriveLetter & "\" )
  'If DriveExists = False Then WScript.Quit(0)
  'End Sub
  On Error Resume Next
  DriveExists = False
  ' Sets the Outer loop to check for 24 letters in strAlpha
  For intCount = 1 To 24
  DriveExists = False
  ' CheckDrive compares each Enumerated network drive
  ' with the proposed drive letter held by strDriveLetter1
  For intDrive = 0 To CheckDrive.Count - 1 Step 2
  If CheckDrive.Item(intDrive) = strDriveLetter1 _
  Then DriveExists = True
  Next
  intAlpha = intAlpha + 1
  ' Logic section if strDriveLetter1 does not = DriveExist
  ' Then go ahead and map the drive
  'Wscript.Echo strDriveLetter1 & " exists: " & DriveExists
  If DriveExists = False Then objNetwork.MapNetworkDrive _
  strDriveLetter1, strRemotePath1
  call ShowExplorer ' Extra code to take you to the mapped drive
  ' Appends a colon to drive letter. 1 means number of letters
  strDriveLetter1 = Mid(strAlpha, intAlpha,1) & ":"
  ' If the DriveExists, then it is necessary to
  ' reset the variable from true --> false for next test loop
  If DriveExists = True Then DriveExists = False
  Next
  WScript.Echo "Out of drive letters. Last letter " & strDriveLetter1
  WScript.Quit(1)
  Sub ShowExplorer()
  If DriveExists = False Then Wscript.Echo strDriveLetter & " Has been mapped for archiving"
  If DriveExists = False Then objShell.run _
  ("Explorer" & " " & strDriveLetter & "\" )
  If DriveExists = False Then WScript.Quit(0)
  End Sub
  Now the above script will find the next availabe letter and map one location to it...I still havent worked out to create another loop for it to do it again. It obviously also requires that you already be authenticated to map to that location.
  I looking for some help on how to marry these to scripts together.
  Thanks
  Ali

  Hi Ali
  Here is some code that will enumerate two free adjacent drive letters. It starts searching from "C" all the way to "Z" for two drives letters that are adjacent and returns the results in an array then echos the results. You can easily adapt this code to
  map your network drives to each drive letter. Hope that helps
  Cheers Matt :)
  Option Explicit
  Dim objFSO
  On Error Resume Next
  Set objFSO = CreateObject("Scripting.FileSystemObject")
  ProcessScript
  If Err.Number <> 0 Then
  WScript.Quit
  End If
  On Error Goto 0
  'Functions Processing Section
  'Name : ProcessScript -> Primary Function that controls all other script processing.
  'Parameters : None ->
  'Return : None ->
  Function ProcessScript
  Dim driveLetters, driveLetter
  If Not GetFreeDrives(driveLetters) Then
  Exit Function
  End If
  For Each driveLetter In driveLetters
  MsgBox driveLetter, vbInformation
  Next
  End Function
  'Name : GetFreeDrives -> Searches for a pair of free adjacent drive letters.
  'Parameters : adjacentDrives -> Input/Output : variable assigned to an array containing the first two free adjacent drives.
  'Return : GetFreeDrives -> Returns True if Successful otherwise returns False.
  Function GetFreeDrives(adjacentDrives)
  GetFreeDrives = False
  Dim drive, driveLetter, drivesDict, i
  Set drivesDict = NewDictionary
  driveLetter = "C"
  'Add the drives collection into the dictionary.
  For Each drive In objFSO.drives
  drivesDict(drive.DriveLetter) = ""
  Next
  'Check drive letters C: to Z: for two free adjacent drive letters and set the "driveLetter" variable to the first one.
  For i = Asc(driveLetter) To Asc("Z")
  If Not drivesDict.Exists(Chr(i)) And Not drivesDict.Exists(Chr(i + 1)) Then
  driveLetter = Chr(i)
  Exit For
  End If
  Next
  'If two free adjacent drive letters were not found then exit.
  If driveLetter = "" Then
  Exit Function
  End If
  adjacentDrives = Array(driveLetter, Chr(Asc(driveLetter) + 1))
  GetFreeDrives = True
  End Function
  'Name : NewDictionary -> Creates a new dictionary object.
  'Parameters : None ->
  'Return : NewDictionary -> Returns a dictionary object.
  Function NewDictionary
  Dim dict
  Set dict = CreateObject("scripting.Dictionary")
  dict.CompareMode = vbTextCompare
  Set NewDictionary = dict
  End Function

• How to authenticate user when accessing a servlet in WLS6.0

            In my current project , i need to authenticate user when accessing(executing) a
            servlet deployed in WLS6.0. I tried to add
            <auth-method>
            BASIC
            </auth-method>
            in the web.xml.
            Also in the default fileRealmProperties file, i set up the ACL for
            acl.execute.weblogic.Servlet.myServlet = the user
            also i have disabled guest access in my config.xml.
            after all these, the servlet can still be accessed freely.
            do i miss something ? what is the right way to set up it in wls6.0
            thanks a lot
            hyliu
            

  The steps required are documented at:
            http://e-docs.bea.com/wls/docs60/quickstart/quick_start.html
            mark
            narendra wrote:
            > hi all,
            > I had written a simple servlet. I would like to know the steps to
            > be followed to run the servlet.
            > What i did is i kept that servlet class file in the default directory
            > and added the servlet path in the web.XML.
            > but when i try to run the servlet its giing me 404 error.
            > Can any one help me out by giving the detailed steps to be followed as I
            > am new to Weblogic6.0
            >
            > Thanks in Advance,
            

• Install Sun ONE Directory Server 5,2 & how to use it for authenticate user

  Good afternoon, Excuse, are newbie in the scope I am learning and putting desire to him, this in my situation I am trying to install Sun ONE Directory Server 5,2 since I understand that this it is application LDAP for Solaris, ok I want to install it to authenticate user against the system, that is to say, to be able to acces the server entering with a created user from the data base of LDAP and make think user that his created in the system. But the documentation that I finds indicates the installation of Sun ONE Directory Server 5,2 but it not clearly about how to use it for authentication. Some one have any manual step by step of Sun ONE Directory Server 5,2 installation and how to make it for authentication systems users.
  I read the forum seeking for anwser and i get confuse
  Thanks for the help and sorry for any inconvenient
  Message was edited by:
  Aku_28
  Message was edited by:
  Aku_28

  I think that I found the Sun endorsed book locations for using LDAP accounts that don't use authentication besides "crypt". I now can use an account with a "ssha" password. It can be more than 8 characters long.
  Chapter 14 System Administration Guide: Naming and Directory Services
  Read page 201 which is the pam.conf file pam_ldap setups. I edited my "/etc/pam.conf" file to reflect this
  Chapter 7 Directory Server 5.2 2005Q4 - Administration Guide
  Read page 316-318 which has a graphical technique to specify password syntax. I set it up and then tried the password by running "su - brahms". It now requires a longer password than 8 characters and it is set up to use "ssha" for that UID entry "brahms".

• DAC 10.1.3.4.1 Services not starting up|| Error "cannot authenticate user"

  Hi,
  We have installed DAC server in Linux machine and client on windows. By using DAC client we restored the backup of DAC repository, DAC client was working fine still restoration and after restoring it’s not logging in. It throws error like "Can't authenticate user"
  while starting DAC services in Unix server it throws an error like
  ANOMALY INFO An exception occurred. Shutting down server...
  MESSAGE:::/u01/DAC/jdk/jre/lib/i386/xawt/libmawt.so: libXext.so.6: cannot open shared object file: No such file or directory
  EXCEPTION CLASS::: java.lang.UnsatisfiedLinkError
  Note: since DAC client is not separately available for windows we have installed dac server also and while installing and after installing we never configured to connect to the dac server which is in Linux, we have configured only DB.
  we have successfully installed OBIEE, Informatica, and DAC version is 10.1.3.4.1.
  How to start the DAC services?
  How to configure dac client to connect to DAC server and how to solve this "Can't authenticate user" issue?
  Pls help in this regard.

  After your config try to restart dac11g server
  dac10g is only desktop mode
  ~ http://cool-bi.com

• Can you authenticate users from 2 different AAA-servers for one specific tunnel-group?

  I need to authenticate users from two separate AD LDAP databases on the same tunnel-group. I would like them to use the same tunnel-group and thereby using the  same group-alias. I tried creating a new aaa-server group and putting both LDAP servers into group but apparently the ASA does not roll through the separate servers in the aaa-server group and will stop if the first server states that the authentication failed.
  I also tried assigning multiple aaa-server groups into the tunnel-group authentication-server-group but that also did not work. I finally tried to create a separate tunnel-group and assigning it the same group-alias but the ASA will not allow me to assign the same group-alias to different tunnel-group. What is the best way to accomplish this without having to create a new group-alias that will show up and possible confuse the dumb users requiring this access? Please help.

  If you don't want ANY drop down I believe you can do it in a kludgy sort of way.
  Eliminate all the group aliases (which are used to populate the dropdown) and make a local database of the users for the sole purpose of assigning / restricting them to a non-default tunnel-group which authenticates to the secondary LDAP server. 
  You can also send out a non-published URL that points to a second tunnel-group not in the dropdown.
  Of course, we can accomplish this if the AAA server is ISE. ISE 1.3 can authenticate users to multiple AD domains (with or without trust relationships) or a single domain with multiple join points in the Forest.
  The ISE answer makes me wonder - could you establish trust between the domains and authenticate users that way?

• Cisco WLC 2504 and ways to authenticate users

  Hi All,
       What is the ways to make user authenticate to WLC 2504 and what is the best and simple way and what is the differences btw each method _i mean for example need radius server or something else to be exist_ ?
       and any one can give me case study for this issue
  System consist of Cisco 2504 and Cisco LAP 1140
  Thanks

  To implement radius based authentication is the best practice for the small & enterprise environment.
  Information About RADIUS
  Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that provides centralized security for users attempting to gain management access to a network. It serves as a backend database similar to local and TACACS+ and provides authentication and accounting services:
  •Authentication—The process of verifying users when they attempt to log into the controller.
  Users must enter a valid username and password in order for the controller to authenticate users to the RADIUS server. If multiple databases are configured, you can specify the sequence in which the backend database must be tired.
  •Accounting—The process of recording user actions and changes.
  Whenever a user successfully executes an action, the RADIUS accounting server logs the changed attributes, the user ID of the person who made the change, the remote host where the user is logged in, the date and time when the command was executed, the authorization level of the user, and a description of the action performed and the values provided. If the RADIUS accounting server becomes unreachable, users are able to continue their sessions uninterrupted.
  RADIUS uses User Datagram Protocol (UDP) for its transport. It maintains a database and listens on UDP port 1812 for incoming authentication requests and UDP port 1813 for incoming accounting requests. The controller, which requires access control, acts as the client and requests AAA services from the server. The traffic between the controller and the server is encrypted by an algorithm defined in the protocol and a shared secret key configured on both devices.
  You can configure multiple RADIUS accounting and authentication servers.For example, you may want to have one central RADIUS authentication server but several RADIUS accounting servers in different regions. If you configure multiple servers of the same type and the first one fails or becomes unreachable, the controller automatically tries the second one, then the third one if necessary, and so on. 
  For more Information : http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_security_sol.html#wp2149947

• DAC server start-up error and Can't authenticate user

  HI,
       we have installed DAC server in Linux machine and client on windows. By using DAC client we restored the backup of DAC repository, DAC client was working fine still restoration and after restoring it’s not logging in. It throws error like "Can't authenticate user"
  while starting DAC services in Unix server it throws an error like
  ANOMALY INFO An exception occurred. Shutting down server...
  MESSAGE:::/u01/DAC/jdk/jre/lib/i386/xawt/libmawt.so: libXext.so.6: cannot open shared object file: No such file or directory
  EXCEPTION CLASS::: java.lang.UnsatisfiedLinkError
  Note: since DAC client is not separately available for windows we have installed dac server also and while installing and after installing we never configured to connect to the dac server which is in Linux, we have configured only DB.
  we have successfully installed OBIEE, Informatica, and DAC version is 10.1.3.4.1.
  How to start the DAC services?
  How to configure dac client to connect to DAC server and how to solve this "Can't authenticate user" issue?
  Pls help in this regard.
  Thanks in advance.

  EddyLau wrote:
  Hi,
  I encounter the "Can't authenticate user" error in DAC first setup after installation when it prompt up to ask for setting up administrator id and password.
  here's my sql statement to create database schema for dac in oracle database.
  grant dba, connect, resource, create view, create session to SSE_ROLE;
  create user DEV_DAC identified by "password";
  grant DEV_DAC to SSE_ROLE;
  grant dba, connect, resource, create view, create session, grant any role to DEV_DAC;
  I tried dropping the data schema and create it again but still fail to authenticate.
  did I grant enough privileges to the database schema?
  Please help.
  Thanks,
  EddyLogin to DEV_DAC using the credentials from SQL Developer or sql
  Then do select * from W_ETL_USER -- here you will see 2 Administrator id's listed
  now run the command Delete From W_ETL_USER
  Now login to dac client with Administrator and pwd which you have set earlier.
  Mark as helpful or correct if it helps
  Thanks,
  RM

• JBO-33021: Failed authenticate user null

  I am trying to set security on the application module Using jDeveloper 10.1.2 and oracle db 9.2.
  Currently testing from the embedded oc4j and a standalone oc4j.
  Created an application module to a db table and named it AppModule.
  The application module successfully tested using the projects default Business Component Name.
  The application module also tested successfully using the Business Component Name "AppModuleLocal".
  I then set the jbo.security.enforce application module property to "Auth".
  The application module is re-tested using the Business Component Name "AppModuleLocal".
  A dialog window prompts for user and password.
  Then login using the default admin/welcomr and the below error is generated:
  JBO-30003: The application pool (Cuma.model.cumaStateModuleLocal) failed to checkout an application module due to the following exception:oracle.jbo.JboException: JBO-29000: Unexpected exception caught: oracle.jbo.JboException, msg=JBO-33021: Failed authenticate user null
  what does mean?
  help!!

  repost

• JBO-33021: Failed authenticate user null HELP!!

  I am trying to set security on the application module Using jDeveloper 10.1.2 and oracle db 9.2.
  Currently testing from the embedded oc4j and a standalone oc4j.
  Created an application module to a db table and named it AppModule.
  The application module successfully tested using the projects default Business Component Name.
  The application module also tested successfully using the Business Component Name "AppModuleLocal".
  I then set the jbo.security.enforce application module property to "Auth".
  The application module is re-tested using the Business Component Name "AppModuleLocal".
  A dialog window prompts for user and password.
  Then login using the default admin/welcomr and the below error is generated:
  JBO-30003: The application pool (Cuma.model.cumaStateModuleLocal) failed to checkout an application module due to the following exception:oracle.jbo.JboException: JBO-29000: Unexpected exception caught: oracle.jbo.JboException, msg=JBO-33021: Failed authenticate user null
  what does mean?

  repost

• How do i authenticate users directly in AD from the Controller?

  I have a 4402 Controller and want to authenticate users in our Microsoft AD, is it possible? Im using a IAS server today but it would be great to do the authentication directly in AD.
  Regards Oystein

  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml

• When WLC authenticate users with secondary RADIUS server?

  Hi Sir,
  I'm configuring a WLC4404-100. One of the WLANs points to two RADIUS Servers for Authentication and Accounting (please see attached).
  I'd like to know, under what circumstances will the WLC authenticate users against the secondary RADIUS Server (in my case, the ACS with IP address 10.200.67.84)?
  Please advise.
  Thank you.
  B.Rgds,
  Lim TS

  Hi,
  I navigated to the following on the WLC:
  MANAGEMENT -> SNMP -> Trap Logs
  I noticed the following SNMP trap:
  Fri Dec 8 11:23:21 2006 No Radius Servers Are Responding
  I checked the 2nd ACS server, and true, at around the same time 11:23, the 2nd ACS server was authenticating users.
  I checked the 1st ACS server; at around the same time 11:23, there wasn't any service suspension or database replication going on. What's the cause of this WLC authenticating with the 2nd ACS server? The network is robust and I don't expect any latency issue. The two RADIUS servers are serving only wireless users, the number is about 120.
  On the WLC, I used the default of 2 seconds Retransmit Timeout for both the RADIUS Authentication Servers. Should I fine-tune it to higher value?
  Retransmit Timeout - Specify the time in seconds after which the RADIUS authentication request will timeout and a retransmission will be taken up by the controller. You can specify a value between 2 to 30 seconds.
  There are Passed Authentications logged on the 1st ACS server after during & after 11:23. So, I suspect the WLC is doing a kind of load-balancing across the two RADIUS servers.
  Please advise.
  Thank you.
  B.Rgds,
  Lim TS

• Authenticate users by Windows group using ACS

  Currently we are using Windows IAS/RADIUS to authenticate users onto out wireless network and it is set to allow users in a certain Windows group to connect.
  Is there a way to do this with ACS?
  Please note that we are using ACS Solution Engine, not ACS for Windows.
  Thanks.

  Use Remote Agent for Windows user authentication feature or configure Windows AD as the LDAP on ACS SE.
  then configure group mapping, and put the restrictions accordingly.
  Regards,
  Prem
  Please rate if it helps!