Authentication of inside users ASA (EasyVPN)

Similar Messages

• "Authentication failed. User is already authenticated as a different user."

  Hello,
  Initially I was not able to log into the Visual Admin. When I logged into the Visual Admin, I got authenication failed. I reset the password of Administrator in the User Administration on the portal. Now I can log into the Visual Admin using the password I just changed on the portal .
  I am not able to logon to the portal using "Administrator". I get this message: "Authentication failed. User is already authenticated as a different user."
  The URL is somewhat different as this is a production portal: "http://host.com/sld" (/irj/portal)
  Does any one have a clue.
  Thanks
  Srinivas

  There were no relevant roles assigned.

• Authentication failed: invalid user/password.

  After uploading a new RPD in obiee( 11.1.1.5), my obiee has started failing with following error in nqserver.log. I have verified that BISystemUser password is the same in console and EM. I have also verified that I am entering correct RPD password while uploading it through EM. What else may be wrong ?
  [2011-08-23T03:52:39.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b38396d0] [36007] Loading repository /product/obiee_11.1.1.5/instances/instance1/bifoundation/OracleBIServerComponent/coreapplication_obis1/repository/iipreports_BI0038.rpd.
  [2011-08-23T03:52:40.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b0923b90] [14055] Loading subject area: AIP ...
  [2011-08-23T03:52:40.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b0923b90] [14056] Finished loading subject area: AIP.
  [2011-08-23T03:52:40.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b38396d0] [85003] MDX Member Name Cache subsystem started successfully.
  [2011-08-23T03:52:40.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b38396d0] [85004] MDX Member Name Cache subsystem recovered entries: 0, size: 0 bytes.
  [2011-08-23T03:52:40.000+00:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b38396d0] [13026] Error in getting roles from BI Security Service: 'Error Message From BI Security Service: [nQSError: 46164] HTTP Server returned 404 (Not Found) for URL .'
  [2011-08-23T03:52:40.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b38396d0] nqsserver:     Clustered Oracle BI Server started. Version: 11.1.1.5.0.110427.0846.000.
  [2011-08-23T03:52:44.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b0923b90] [43071] A connection with Cluster Controller xxx.us.oracle.com:9706 was established.
  [2011-08-23T03:52:46.000+00:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 004emGWtbaWAtHd5Tf^Ayc0000K3000001] [tid: b00beb90] Error Message From BI Security Service: [nQSError: 46164] HTTP Server returned 404 (Not Found) for URL .
  [2011-08-23T03:52:46.000+00:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 004emGWtbaWAtHd5Tf^Ayc0000K3000001] [tid: b00beb90] [nQSError: 43126] Authentication failed: invalid user/password.
  If I run opmnctl status then BIServer is up but the presentation services is down.
  Following error is observed in sawlog0.log
  [2011-08-22T22:52:46.000-05:00] [OBIPS] [ERROR:10] [] [saw.security.odbcuserpopulationimpl.initialize] [ecid: ] [tid: ] Authentication Failure.
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 43126] Authentication failed: invalid user/password. (08004)[[
  File:odbcuserpoploaderimpl.cpp
  Line:292
  Location:
       saw.security.odbcuserpopulationimpl.initialize
       saw.catalog.local.loadCatalog
       saw.subsystems.catalogbootstrapper.loadcatalog
       saw.webextensionbase.init
       saw.sawserver
  ecid:
  [2011-08-22T22:52:46.000-05:00] [OBIPS] [NOTIFICATION:1] [] [saw.sawserver] [ecid: ] [tid: ] Oracle BI Presentation Services are shutting down.[[
  File:sawserver.cpp
  Line:712
  Location:
       saw.sawserver
  ecid:

  Hi,
  I have upgraded a existing OBIEE 10G file EBSAnalyticMaster.rpd to 11G using ua (upgrade assistant) and getting the same error while upgrading the catalog.
  Presentation service is not starting. Do you have a solution yet.

• Cisco ISE (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out)

  Hi,
  I have a setup ISE 1.1.1. Users are getting authenticate against AD. Everything is working fine except some users report disconnection. I see in the ISE that (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out). Users are using Windows 7 OS.
  Error is enclosed & here is the port configuration.
  Port Configuration.
  interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30 interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30
  Please help.

  The error message means that Active Directory server Reject the authentication attempt
  as for some reasons the user account got locked.I guess, You should ask your AD Team to check in the AD
  Event Logs why did the user account got locked.
  Under Even Viewers, You can find it out
  Regards
  Minakshi (Do rate the helpful posts)

• NoMachine(freenx) Authentication failed for user (MYUSERNAME)

  Hi all,
  I have quite a few experience with freenx on other linux distributions, but this is my first time setting up freenx on archlinux. After following the instructions in the wiki, authentication keeps failing no matter what I do.
  Stuff I've done from the wiki:
  1. install freenx
  2. add RSAAuthentication yes AllowUsers someuser nx to sshd_config
  3. add md5sum to node.conf
  4. pacman -S xdialog xterm
  5. run "/usr/bin/nxsetup --install --setup-nomachine-key"
  6. modify /etc/nxserver/node.conf so that "USER_X_STARTUP_SCRIPT=.xinitrc"
  7. pick the right configurations when connecting to my server
  I have "exec startxfce4" in .xinitrc.
  It always goes up to "Waiting for authentication" and then "Authentication failed for user (MYUSERNAME)" pops up. I think it should not be a XFCE issue since authentication itself didn't even pass. I assume if it is a X window problem, what I would get is something like a blank screen.
  I'm using public key, so I didn't really copy anything from the server to my client.
  I couldn't think of a second reason why this wouldn't work. Is there any thing obvious that I missed? (If so, please move this thread to the newbie corner. lol)
  Any thoughts would be highly appreciated.
  Thanks
  Aweather

  Hi,
  I did update the password in the properties file but still I get the error
  BUILD FAILED
  C:\product\10.1.3.1\OracleAS_1\bpel\samples\utils\CreditRatingService\build.xml:
  79: Authentication failed for user "oc4jadmin" on host
  I am able to deploy from JDEV. and could configure as per documentation
  Thanks in advance,
  Anand
  I had to update the <OH>/bpel/utilities/ant-orabpel.properties file for the password and now I can deploy successfully...information was there in the readme file...
  Anand
  Message was edited by:
  AnandP

• Essbase Error 1051440 - Authentication fails for user admin

  We are facing a very unique problem...
  The application is up & running.. even I can login into the application, can perform member addition, editing & mamage database from planning.... but I get this error while retreiving from excel addin or running scripts.
  What I analysed is that this problem is Actually coming when a particular set of members are called anywhere either in scripts or during retreival thru Addin.
  Recently we had added one dimension in one of the database of our application. After that that this problem started.
  There were fewer Xref functions used to pull data from other cubes.... The problem is cominng with only those set of members where this Xref function has been used.
  Even I had changed the formulas & incorporated member of new dimension in the formulas to point to target members....
  Can you guys ever had faced such kind of issue....
  Please help in resolving....
  Complete Error is: msg fromremote site[date n time] Local////Error(1051440) Essbase user[admin] Authentication fails against shared services serverwith Error[30:1005:Authentication failed for user admin. Enter valid credentials.]]

  Hi,
  are you sure that user "admin" has all necessary rights to run your scripts? I have to ask because we sometimes had problems with our admin user... There is an "native essbase server admin" and the admin user in shared services.
  We dont had any idea how this could happen but sometimes our admin user changed to the mentioned "native essbase server admin" - you can see it if you are connected as "admin (internal)".
  If you are logged in as "admin (internal)" you have to "externalize" this user.
  Hope this helps and my bad english is not so much confusing... :-)
  Kind regards
  André

• Defining an Authentication Scheme for user ID and password and client certi

  Hi,
                  I do need to define an Authentication Scheme for user ID/Password and client certificate,, both at the same time, so whenever the end user access the SAP Portal he/she will be asked to provide user and password as well digital certificate,
                  Despite of the whole idea behind o f the concept of digital certificate, my client sill wants to keep the user ID and password to complies with business requirements.
       I found a documentation that discuss Authentication Scheme with example using both ID and Digital certificate, but the priority was set different for each authentication method.
  http://help.sap.com/saphelp_nw04s/helpdata/en/d3/1dd4516c518645a59e5cff2628a5c1/content.htm
       So I am wondering with I can accomplish User ID/Pwd plus digital certificate just by making the priority the same value. Anyone had a similar requirement?
  Best Regards
  Claudio Rocha

  Hi
  Did you get an answer for this Query ?
  Regards
  Priyanka

• Authentication Fault: Invalid User Session Token

  Hi,
  I am trying to protect a call to third party webservices using OWSM and OAM. I followed the steps mentioned in Oracle Web Services Manager
  Deployment Guide to integrate OAM in OWSM, but not able to make any break through. I am getting following error if I test my web service using OWSM's inbuilt test tool:
  <SOAP-ENV:Envelope
  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Body>
  <SOAP-ENV:Fault>
  <faultcode
  xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">p:Client.AuthorizationFault</faultcode>
  <faultstring>Authentication Fault: Invalid User Session Token</faultstring>
  null</SOAP-ENV:Fault>
  </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
  In gateway.log file, I get following oneliner message:
  security.SimpleXMLCredsExtractor - SimpleXMLCredsExtractor failed to Extract creds.
  I am using standalone OWSM installation.
  Installed OAM SDK on the same machine of OWSM.
  Added OAM SDK libraries into OWSM's path.
  Please advise as I have already wasted 3-4 weeks into it.
  .. Paresh
  Edited by: user10301925 on Sep 29, 2009 2:24 AM
  Edited by: user10301925 on Sep 29, 2009 2:24 AM

  Hi,
  Yes, I have registered the service in OWSM and calling that service through OWSM testing tool only...
  Following is the request message:
  <?xml version="1.0" encoding="UTF-8" ?>
  - <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  - <soap:Header>
  - <wsse:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  - <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:Username>owsmuser</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">welcome11</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </soap:Header>
  - <soap:Body xmlns:ns1="http://service/">
  <ns1:getDateTime />
  </soap:Body>
  </soap:Envelope>
  Please advise.
  .. Paresh

• [nQSError: 43126]Authentication failed:invalid user/password, how to avoid?

  Hi,
  I encountered following error: [nQSError: 43126] Authentication failed: invalid user/password.
  when I was starting weblogic server, and server used to shutdown.
  After snooping around on net, came across this blog: http://obiee11gqna.blogspot.com/2011/09/obiee-11g-errors-nqserror-43113.html
  Found that password for MDS & BIPLATFORM was 'expired', was able to solve my problem and my Presentation Services were up & running.
  My question is, how to avoid password of MDS & BIPLATFORM from getting expired in future??
  Regards,
  Jitendra

  Dpka,
  Thanx for the link, it shows the way to avoid expiry of password.
  I also found another link, in comment section which is equally useful: http://www.artofbi.com/index.php/2011/03/mds-or-biplatform-schema-password-change-considerations/
  PS: Thanx to Deva as well for replying to my query.
  Regards,
  Jitendra

• Internal Web Authentication + Local Net User

  Hi all,
  I'm trying to setup the WLC with internal web authentication + local net user account. I've setup a WLAN for this local net user configure the user profile map to this WLAN.
  When the laptop get associated with the designated WLAN, and user tried to browse to the internet, the internal web authentication page doesn't appear on the browser.
  I'm just curious is there any DNS server require in order to direct the user entered URL request to the virtual interface?
  regards.

  Well if you are using webauth for guest users, you really want to have an open ssid and wither have a username and password on the wlc or use a passthrough webauth where the guest users just have to click submit or accept. If you are using this for internal users, then you really shouldn't use webauth since this will not be single sign on. Again, you can if you want your internal users to sign on again. There is wpa/wpa2 PSK and then there is wpa/wpa2 8021.x in which this will require either using local EAP or a Radius Server. Ther radius server will either have the local user accounts or you can point this to AD. Depending on if you use EAP-PEAP (certificate on the radius server only) or EAP-TLS (certificate on both the radius and clinet) you will need a certificate.
  For webauth only, you do not need a certificate on the user or radius server, a certificate will be required on the wlc if you don't want users to be promted with a certifcate error message. 5.1 supports unchained certificates, but I always use RapiddSSL for a root ca cert just to make deployment mush simpler for the client. So webauth and EAP will require certifcates with webauth being optional.

• Authenticated = HttpContext.Current.User.Identity.IsAuthenticated is not working in IE browsers only

  Hi,
  Login of my application is not working on testing server only.
  It is working fine on Google chrome and firefox, On few machine's which is having IE11, it is working.
  but not on IE10,IE9 and all lower version,it's not working.
  While Login, we use custom membership provider.
  After checking the code, its giving problem with below code.
  authenticated = HttpContext.Current.User.Identity.IsAuthenticated;
  The above authentication is not working for IE only.(The code is working fine on production server but not working on testing server)
  Please guide us on the same.
  Thanks,
  Gayatri

  "HttpContext.Current.User.Identity.IsAuthenticated" is false after successfully login on IE version only.
  The code was working before but suddenly it is not working on IE on testing server only. On chrome and firefox its working.
  I moved the code on production and integration server, and it is working properly on other server's. I am not getting the issue with testing server. only
  on testing server the value of "HttpContext.Current.User.Identity.IsAuthenticated" is getting false after successfull login.
  Can someone please reply on above

• VNC not working in All Authenticated mode of User

  Hello,
  I have TMG installed in my environment through which user access filtered internet. A rule in which i have enabled URL filtration is in Authenticated mode of user and proxy address is also added in all internet explorer of user. when ever user try to VNC
  a computer it says "connection timed out" and when i add " all user" instead of Authenticated mode in TMG rule. its is able to connect.

  Hi,
  if your force user / group authentication in Firewall Policy rules, the clients must be TMG clients for protocols other than HTTP and HTTPS:
  http://technet.microsoft.com/en-us/library/bb794762.aspxThis guide is also valid for TMG and the ISA Firewall client is now called the TMG client
  regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3570

• ASA EasyVPN with Secure unit authentication issues

  Hi everyone,
    We have a VPN setup with EasyVPN with a requirement of secure unit authentication.  We are having intermittent issues with it.  Sometimes the client ASA will boot up and appears to attempt negotiate the VPN connection. Other times, it comes up fine and the credentials can be entered to connect.  I also noticed that when we tried user authentication, the Cisco phone behind the ASA would never work, even though we had it's mac address in the bypass list on the client ASA.  If someone has an example configuration, would appreciate it. Since it works sometimes, I wouldn't think a firewall would be blocking the connection.  I can upload snippets of the configuration later if needed.
  Thanks,
  Bill Hendrix

  Found the issue.  Problem was in configuration of the IPSec IKEV1 connection profiles under:
  Remote Access VPN>Network (Client) Access IPSec Connection profiles.
  In the profile config under Advanced>IPsec>IKE Authentication.
  We had to uncheck the setting SEND "Enter Username and Password" prompt in XAUTH request.

• ASA enable authentication for AD user by ACS TACACS fails

  In order to authorize command on ASA8.x for different users, I have to put 'aaa authentication enable console TACACS' into ASA configuration, and in ACS - user setup - TACACS+ enable password - Use separate password, I set an enable password.
  It works fine for ACS local users, they are able to get into priv EXEC mode by entering 'enable' command and use my pre-set password, however, the password doesn't work for AD user.
  So, how to setup enable authorization for AD user?
  Or is there a way to drop a user directly into level 15 on ASA just like it on router?
  below is the debug info.(I'm sure the password is the one I set in ACS)
  LABASA1(config)# AAA API: In aaa_open
  AAA session opened: handle = 884
  AAA API: In aaa_process_async
  aaa_process_async: sending AAA_MSG_PROCESS
  AAA task: aaa_process_msg(d45bd5c8) received message type 0
  AAA FSM: In AAA_StartAAATransaction
  AAA FSM: In AAA_InitTransaction
  Initiating authentication to primary server (Svr Grp: TACACS)
  AAA FSM: In AAA_BindServer
  AAA_BindServer: Using server: 192.168.1.221
  AAA FSM: In AAA_SendMsg
  User: fostco\user1
  Resp:
  callback_aaa_task: status = -1, msg =
  AAA FSM: In aaa_backend_callback
  aaa_backend_callback: Handle = 884, pAcb = d5b193e0
  aaa_backend_callback: Error:
  Incorrect password.
  AAA task: aaa_process_msg(d45bd5c8) received message type 1
  AAA FSM: In AAA_ProcSvrResp
  Back End response:
  Authentication Status: -1 (REJECT)
  AAA FSM: In AAA_NextFunction
  AAA_NextFunction: i_fsm_state = IFSM_PRIM_AUTHENTICATE, auth_status = REJECT
  AAA_NextFunction: authen svr = TACACS, author svr = <none>, user pol = , tunn pol =
  AAA_NextFunction: New i_fsm_state = IFSM_DONE,
  AAA FSM: In AAA_ProcessFinal
  AAA FSM: In AAA_Callback
  user attributes:
  None
  user policy attributes:
  None
  tunnel policy attributes:
  None
  Auth Status = REJECT
  aaai_internal_cb: handle is 884, pAcb is d5b193e0, pAcb->tq.tqh_first is d441d1d8
  AAA API: In aaa_close
  AAA task: aaa_process_msg(d45bd5c8) received message type 3
  In aaai_close_session (884)

  I have run into a similar situation. I just want to authenticate via TACACS to enable mode in an ssh session. After using the "aaa authentication enable console TACACS LOCAL" command on the ASA, the ACS server rejects the password.
  I have tried everything I can think of on the ACS as far as "TACACS+ enable password" using both a windows database or a separate password, and PIX/ASA command sets. I cannot go into enable mode unless I set the ASA to LOCAL authentication, which just uses the globally defined enable password.

• LDAP authentication in AD (users from other trusted domain)

  Hi
  I have two domain: my - DOMAINA.LOCAL and other trusted - DOMAINB.LOCAL
  I use LDAP authentication in AD for authentication users (AnyConnect).
  Now, I need to authenticate few users from other trusted domain (DOMAINB.LOCAL).
  I do not want direct connect with the domain contoller in the trusted domain.
  My domain controller (DOMAINA.LOCAL), can authenticate users from other trusted domain (if I use username "DOMAINB\userindomainb"), if I try to connect by RDP client to some server (for example, to my domain controller).
  But if I try to test aaa-server authentication from ASA
  I get error.
  I think, I must use username like "DOMAINB\userindomainb" but this not work.
  Help me please.
  Thanks!
  My config:
  aaa-server ADA protocol ldap
  aaa-server ADA (inside) host 10.0.0.1
   ldap-base-dn dc=domaina, dc=local
   ldap-scope subtree
   ldap-naming-attribute sAMAccountName
   ldap-login-password *****
   ldap-login-dn cn=Cisco ASA, ou=ServiceAccounts, ou=Services, dc=domaina, dc=local
   server-type microsoft

  Hello!
  I see in console (debug LDAP):
  Request for [email protected] returned code (10) Referral
  Does ASA support authentication via LDAP referrals?
  I read old thread:
  https://supportforums.cisco.com/discussion/11132591/cisco-asa-and-ldap-authentification
  And see: CSCsj32153  Symptom:the ASA/PIX doesn't currently support LDAP Referall searches. 
  But I use:
  Cisco Adaptive Security Appliance Software Version 9.2(3)
  Device Manager Version 7.3(3)
  Compiled on Mon 15-Dec-14 05:10 PST by builders
  System image file is "disk0:/asa923-smp-k8.bin"
  Thanks!