BBSM 5.3 using RADIUS Authentication and ISA Logging

I have a BBSM 5.3 that is configured to authenticate users via an RSA RADIUS Server and uses the transparent proxy setting which is all working.
I was looking at the ISA Server logs and noted that all the log entries were using anon as the user, is it possible to get the RADIUS user account used to authenticate to appear in the ISA logs?

The packet inactivity timer sees each packet coming from the client and will reset each time it sees one. It sounds to me like you still have traffic resetting the inactivity timer if the clients are staying connected.

Similar Messages

Manually start RADIUS, Authentication and groups for Cisco ASAs

I am testing moving a 10.7 server to 10.8.
We have used RADIUS to authenticate VPN traffic on our Cisco ASAs in the past. In the past Server Admin allowed for our ASAs to be added manually to the list of devices using the service. With Server Admin being removed and the limited funtionality of automated addition of Airports to the system I have no GUI method to get our ASAs into the service. The ability to tell RADIUS which groups are using the service is no longer available in the GUI as well.
I have found the clients file in /etc/raddb and added our ASAs to the clients list. I believe I have done this correctly in accordance with the instructions on the freeRADIUS website.
I need help with:
1- I was hoping someone knows how to manually tell RADIUS which groups are permitted to use the service.
2- Can anyone tell me how to turn on RADIUS? radiusconfig -start appears to only tell the system to keep it on after a restart if i understand the manual page.
Thanks

With David's suggestion I was able to get RADIUS running. The following assumes that you are comfortable with Terminal and would be able to back up any files you edit. Here is what I did to our fresh installation of 10.8 Server:
In Terminal enter "sudo radiusd -Xx" which tries to turn RADIUS on and runs it with full logging of activity in the window. The last line after this entry should be something similar to "Ready to process records." In our new installtion there were errors relating to "instantiating" sql and the ready message never came.
In Terminal enter "sudo pico /etc/raddb/radiusd.conf" and authenticate as needed. Scroll down in the file to the section where there are "instantiate" items. I commented out the SQL setup, by putting a # before the line that says "sql". Save the file by pressing Control-O, press return to save in the default location, and press Control-X to get out of the editor. I redid step number 1 twice and eventually RADIUS was running. Removing SQL from RADIUS will assure that problems will arise if you plan to use Server.app to add AirPorts to the network in the future. OS X Server adds its clients in an SQL database according to the programming notes in the .conf files. I will only be using our Cisco ASAs so SQL is not relevant to our setup.
Testing the running RADIUS server was easy as well. In Terminal enter "sudo pico /etc/raddb/users" and authenticate as needed. This file contains details for users if you wanted to add them manually to the RADIUS server. For testing purposes I removed the # before a line referring to a user "steve." I had to get RADIUS restarted to take up the new information about Steve. I killed the process using Activity Monitor and reran step number 1.
In Terminal I opened a new tab and entered "sudo radtest steve testing localhost 0 testing123 -t". You should get back a positive authentication message. Switching back to the original tab will show the output of the RADIUS server.
Reverse the entry in step 3 by adding back the # to comment out the line about steve in the users file.
RADIUS is now running and authenticating against its own users file.
Now we need to add our ASAs to the RADIUS server so it knows that it can authenticate for them. In Terminal enter "sudo pico /etc/raddb/clients.conf". We added lines for our ASAs, following the samples in the code. The information in the lines we added included a generic name for each ASA or device needing RADIUS type authentication, its IP address, and the shared secret for device authentication.
Following David's advice from above I created the RADIUS sacl by entering in Terminal "sudo dseditgroup -q -o create -u <admin user> -P <admin password> -n . com.apple.access_radius". This created the sacl for the service. Editing of the associated users and groups permitted to use the service was able to be done in Server. Be sure to select from the View menu "Show system accounts". Selecting "Groups" from the left margin of the Server window will show all of the SACLs along with any groups you have created. The RADIUS sacl can then have groups and users added to it.
To ensure that RADIUS is running and stays running enter the following in Terminal. First, "sudo radiusd.conf" will start RADIUS without logging in the Terminal window. Then, "sudo radiusconfig -start" to tell the system to keep it running and also run after a reboot.
I made no changes to our ASA settings and found that I was able to authenticate the "Steve" user from the RADIUS test in the ASA. I was also able to authenticate a user which had been added to the "Users" in Server. It appears that the ASA will be permitted to authenticate Open Directory users without additional setup.
I now need to set up our user groups to match those we use in our 10.7 server and add them to the RADIUS SACL and we should be set.
Once I have everything running properly, I will add a post here to close this discussion.
If anyone can shorten this procedure please let us know what you suggest.
-Erich

Use of Description and Messages-Log windows in Reports.

Hi All,
I recently started using SQL Developer and found it to be a great tool.
Is it possible to add notes in User Defined Reports? I could see the description textbox but apart from it being there, it doesn't look too much useful. It would be great if one could add hints into the Description area and it gets displayed everytime a report is run.
By the same token, what's the purpose of Messages-Log window while you run a perfectly valid query? Could it be used to display report description?
-Thanks for reply.

Hi Bill;
I was just at a client using ECC 5, and it was fine in that version. It was okay in the production environment, but we had it not encrypt in the testing environments (for the purpose of confirming the testing results of course).
Good Luck!

How do I know WinRM uses Kerberos for authentication, and does not fall-back to NTLM?

Hi,
How do I know WinRM uses Kerberos for authentication, and does not fall-back to NTLM?
/SaiTech

Hi SaiTech,
Kerberos will be selected by default in an AD domain, The default (assuming the client is in a domain, and is not connecting to itself via 127.0.0.1 or ::1 addresses) is to use Kerberos authentication, and not to fall back to NTLM.
Please also Note that you may have to take some other steps as well to get non-Kerberos authentication working. Specifically, you'd have to set up an HTTPS listener on the remote host, or modify the client's TrustedHosts list.
Refer to:
WINRM kerberos & Negotiate
Authentication for Remote Connections
In addition, you can also use Network Monitor to check the authentication method.
If there is anything else regarding this issue, please feel free to post back.
If you have any feedback on our support, please click here.
Best Regards,
Anna Wang
TechNet Community Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Radius authentication for the browser-based webtop

Hiya all,
With help of the radius-authentication module for apache (http://www.freeradius.org/mod_auth_radius/) and web-authentication it is possible to use radius-authentication for the classic-webtop. Has anyone got Radius authentication working for the browser-basedwebtop?
SSGD version:
Sun Secure Global Desktop Software for Intel Solaris 10+ (4.30.915)
Architecture code: i3so0510
This host: SunOS sgd1.<removed> 5.10 Generic_118855-36 i86pc i386 i86pc
I have the radius-module running for authentication of a single directory with the apache-config-lines:
SetEnvIf Request_URI "\.(cab|jar|gif|der)$" sgd_noauth_ok
<LocationMatch "/secure">
Order Allow,Deny
Allow from env=sgd_noauth_ok
AuthName "Radius authentication for SGD"
Authtype Basic
AuthRadiusAuthoritative on
AuthRadiusCookieValid 540
AuthRadiusActive On
Require valid-user
Satisfy any
</LocationMatch>
When changing the line <LocationMatch "/secure"> to <LocationMatch "/sgd"> the browser asks for a authentication and then a 'Not Found' page is being displayed.
When using the config-lines from http://docs.sun.com/source/819-6255/webauth_config_browser.html the login-page is being displayed normally and SSGD works.
The main difference I can find between the location /secure and /sgd is: /secure is a simple directory and /sgd is a JkMount to Tomcat.
Changing the JkLogLevel to debug gives the following info in the JkLogFile:
Radius authentication:
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (449): Attempting to map URI '/sgd' from 5 maps
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/examples/*'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/axis/*'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/sgd/*'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/axis'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/sgd'
[Wed Jun 06 09:31:20 2007] [22647:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (486): Found an exact match tta -> /sgd
With the password-authentication file:
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (449): Attempting to map URI '/sgd/' from 5 maps
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/examples/*'
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/axis/*'
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context URI '/sgd/*'
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] map_uri_to_worker::jk_uri_worker_map.c (475): Found a wildchar match tta -> /sgd/*
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_get_worker_for_name::jk_worker.c (111): found a worker tta
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_maintain::jk_worker.c (301): Maintaining worker axis
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_maintain::jk_worker.c (301): Maintaining worker tta
[Tue Jun 05 13:55:29 2007] [12123:0000] [debug] wc_maintain::jk_worker.c (301): Maintaining worker examples
It seems that the JkMount is not being evaluated correctly after using the radius-authentication.
Any help will be usefull since I am allready stuck on this problem for a couple of days :(
Thanks,
Remold | Everett

I got response from the Fat Bloke on the mailing list.
Adding the following line in the apache httpd.conf seams to help and resolved my problem:
Alias /sgd "/opt/tarantella/webserver/tomcat/5.0.28_axis1.2final_jk1.2.8/webapps/sgd"
Thanks The Fat Bloke !!
- Remold
These instructions are for a 4.2 SGD installation using SGD's third
party web authentication with mod_auth_radius.so (www.freeradius.org).
With 4.2 Sun didn't distribute enough of the Apache configured tree
to enable the use of axps to build the mod_auth_radius module, 4.3 is
better - Sun now install a modified axps and include files, I haven't
tried this with 4.3 yet though.
I built the mod_auth_radius module for Apache 1.3.33 (shipped with 4.2)
So, this is how we got this working with Radius (tested with SBR
server and freeradius.org server.)
Install SGD in the usual way.
Enable 3rd party authentication:
According to:
http://docs.sun.com/source/819-4309-10/en-us/base/standard/
webauth_config_browser.html
Configure the Tomcat component of the Secure Global Desktop Web
Server to
trust the web server authentication. On each array member, edit the
/opt/tarantella/webserver/tomcat/version/conf/server.xml file. Add the
following attribute to the connector element (<Connector>) for the
Coyote/JK2 AJP 1.3 Connector:
tomcatAuthentication="false"
# cat /opt/tarantella/webserver/tomcat/5.0.28_axis1.2final_jk1.2.8/
conf/server.xml

<Connector port="8009" minProcessors="5" maxProcessors="75"
tomcatAuthentication="false"
enableLookups="true" redirectPort="8443"
acceptCount="10" debug="0" connectionTimeout="0"
useURIValidationHack="false"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
"By default, for security reasons, Secure Global Desktop
Administrators can't
log in to the browser-based webtop with web server authentication.
The standard
login page always displays for these users even if they have been
authenticated
by the web server. To change this behavior, run the following command:"
# tarantella config edit --tarantella-config-login-thirdparty-
allowadmins 1
Without this, after authenticating via webauth, the user will be
prompted for a
second username and password combination.
# /opt/tarantella/bin/tarantella objectmanager &
# /opt/tarantella/bin/tarantella arraymanager &
In Array Manager:
Select "Secure Global Desktop Login" on left side and click
"Properites" at bottom
Under "Secure Global Desktop Login Properties"
cd /opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/conf
edit httpd.conf:
### For SGD Apache based authentication
Include conf/httpd4radius.conf
at the end of httpd.conf add:
Alias /sgd "/opt/tarantella/webserver/tomcat/
5.0.28_axis1.2final_jk1.2.8/webapps/sgd"
# cat httpd4radius.conf
LoadModule radius_auth_module libexec/mod_auth_radius.so
AddModule mod_auth_radius.c
# Add to the BOTTOM of httpd.conf
# If we're using mod_auth_radius, then add it's specific
# configuration options.
<IfModule mod_auth_radius.c>
# AddRadiusAuth server[:port] <shared-secret> [ timeout [ : retries ]]
# Use localhost, the old RADIUS port, secret 'testing123',
# time out after 5 seconds, and retry 3 times.
AddRadiusAuth radiusserver:1812 testing123 5:3
# AuthRadiusBindAddress <hostname/ip-address>
# Bind client (local) socket to this local IP address.
# The server will then see RADIUS client requests will come from
# the given IP address.
# By default, the module does not bind to any particular address,
# and the operating system chooses the address to use.
# AddRadiusCookieValid <minutes-for-which-cookie-is-valid>
# the special value of 0 (zero) means the cookie is valid forever.
AddRadiusCookieValid 5
</IfModule>
<LocationMatch /radius >
Order Allow,Deny
AuthType Basic
AuthName "RADIUS Authentication"
AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusCookieValid 5
AuthRadiusActive On
Require valid-user
Satisfy any
</LocationMatch>
SetEnvIf Request_URI "\.(cab|jar|gif|der)$" sgd_noauth_ok
<LocationMatch /sgd >
Order Allow,Deny
Allow from env=sgd_noauth_ok
AuthType Basic
AuthName "RADIUS Authentication"
AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusCookieValid 5
AuthRadiusActive On
Require valid-user
Satisfy any
</LocationMatch>
Put appropriate mod_auth_radius.so into
/opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/libexec
# mkdir /opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/htdocs/radius/
# cat /opt/tarantella/webserver/apache/
1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/htdocs/htpasswd/index.html
<HTML>
<HEAD>
<TITLE> Test Page for RADIUS authentication </TITLE>
</HEAD>
<BODY>
<B> You have reached the test page for RADIUS authentication.
</BODY>
</HTML>
I hope this helps!
-FB

RADIUS authentication SF300-24P

RADIUS authentication SF300-24P
We have just purchased 20x SF300-24P switches to be installed at our remote offices and we are unable to get RADIUS authentication to work. We already use RADIUS on all our primary network CISCO switches (e.g. 4506s¸ 3560s, 3750s, AP1231Gs,etc) and these work fine so we know the RADIUS server is working.
We are trying to use RADIUS authentication to gain management access onto these switches. Quite simply although we can see that the RADIUS server is accepting the username and password being sent, however the switch says “authentication failed” when to receives the response. We are using Microsoft NPS RADIUS Clients for authentication purposes.
We have upgrade the switches to the latest firmware 1.1.2.0, via the console it seems to have a very cut down IOS version so we cannot use the typical CISCO command set to configure the RADIUS as we normally would. Looking at the web GUI there seems to be a number of options missing including the Accounting port. When debugging is switch on there is no indication to say that any of the settings have been misconfigured.
Any advice you could offer would be gratefully received.
Mike Lewis

Here is the documentation excerpt-
For the RADIUS server to grant access to the web-based switch configuration
utility, the RADIUS server must return cisco-avpair = shell:priv-lvl=15.
User authentication occurs in the order that the authentication methods are
selected. If the first authentication method is not available, the next selected
method is used. For example, if the selected authentication methods are RADIUS
and Local, and all configured RADIUS servers are queried in priority order and do
not reply, the user is authenticated locally.
If an authentication method fails or the user has insufficient privilege level, the user
is denied access to the switch. In other words, if authentication fails at an
authentication method, the switch stops the authentication attempt; it does not
continue and does not attempt to use the next authentication method.
Of course the point of interest here is the second paragraph. The initial wording is the behavior you want. The second portion is very open for interpretation (I do agree it is somewhat ambiguous but consistent with the switch behavior). When I read the example and it says the Radius is busy or not responding then you will authenticate locally. Which seems fair enough. But what it doesn't say, is if you can use one or the other, but instead it seems based on preference failure.
-Tom
Please rate helpful posts

RADIUS Authentication for Enable PW

Hi Everyone,
I have my RADIUS authentication working for login passwords but not for the enable password. My config is below;
aaa new-model
aaa authentication login default group radius local
aaa accounting network default start-stop group radius
When I add the command;
aaa authentication enable default group radius enable
I would expect it to allow me to enter my RADIUS pw for the enable one to, but it doesnt. Nor does it allow me to enter the locally configured one?
Any help would be great,
Thanks,
Dan

Thanks for your reply Rick,
The debug output is below;
L2-SW01>
00:03:02: RADIUS: Authenticating using $enab15$
00:03:02: RADIUS: ustruct sharecount=1
00:03:02: RADIUS: Initial Transmit tty0 id 3 x.x.x.x:1812, Access-Request,
len 72
00:03:02: Attribute 4 6 AC14024F
00:03:02: Attribute 5 6 00000000
00:03:02: Attribute 61 6 00000000
00:03:02: Attribute 1 10 24656E61
00:03:02: Attribute 2 18 524FB069
00:03:02: Attribute 6 6 00000006
00:03:02: RADIUS: Received from id 3
x.x.x.x:1812, Access-Reject, len 20
00:03:02: RADIUS: saved authorization data for user E49424 at 93C6DC
L2-SW01>
L2-SW01>
I am using IAS for RADIUS authentication and I cannot find any option to say "allow enable access".
Any ideas?
Cheers,
Dan

RADIUS authentication for SGE2010 switch

I am trying to configure a SGE2010 switch to use RADIUS authentication. At the moment, the NPS (Windows Server 2008r2 RADIUS) server is receiving the access request and is returning an access accept.
The switch does not let us log in.
Cisco-sw1(config)# 09-Nov-2009 21:10:35 %AAA-W-REJECT: New telnet connection for
user P@ssw0rd, source 192.168.10.213 destination REJECTED
Note: It is printing the user's password instead of the username.
I suspect it is something to do with the cisco-AV-pair attribute. I have tried the following values but nothing works:
Shell:priv-lvl=15
Shell = 15
Level = 15
Relevant lines from switch configuration:
radius-server host 192.168.1.23 key P@llssw0rd88
aaa authentication enable default none
aaa authentication login default radius
Any help would be more than greatly appreciated.

The problem isn't that it is rejecting me. Using network monitor I can see it is accepting the request but for some reason just won't log me in.
A link was sent to me to another website where it show that you have to go into the settings tab of the policy and change the radius attribute
to Service-Type Administrative.
After doing that, I was able to log into the switch with any of the windows domain users I had specified.
This is the link that gave me the answer
http://wiki.freeradius.org/Linksys

AAA Authentication and VRF-Lite

Hi!
I've run into a strange problem, when using AAA Radius authentication and VRF-Lite.
The setting is as follows. A /31 linknet is setup between PE and CE (7206/g1 and C1812), where PE sub-if is a part of an MPLS VPN, and CE uses VRF-Lite to keep the local services seperated (where more than one VPN is used..).
Access to the CE, via telnet, console etc, will be authenticated by our RADIUS servers, based on the following setup:
--> Config Begins <---
aaa new-model
aa group server radius radius-auth
server x.x.4.23 auth-port 1645 acct-port 1646
server x.x.7.139 auth-port 1645 acct-port 1646
aaa authentication login default group radius-auth local
aaa authentication enable default group radius-auth enable
radius-server host x.x.4.23 auth-port 1645 acct-port 1646 key <key>
radius-server host x.x.7.139 auth-port 1645 acct-port 1646 key <key>
ip radius source-interface <outside-if> vrf 10
---> Config Ends <---
The VRF-Lite instance is configured like this:
---> Config Begins <---
ip vrf 10
rd 65001:10
---> Config Ends <---
Now - if I remove the VRF-Lite setup, and use global routing on the CE (which is okey for a single-vpn setup), the AAA/RADIUS authentication works just fine. When I enable "ip vrf forwarding 10" on the outside and inside interface, the AAA/RADIUS service is unable to reach the two defined servers.
I compared the routing table when using VRF-Lite and global routing, and they are identical. All routes are imported via BGP correctly, and the service as a whole works without problems, in other words, the AAA/RADIUS part is the only service not working.

Just wanted to help future people as some of the answers I found here were confusing.
This is all you need from the AAA perspective:
aaa new-model
aaa group server radius RADIUS-VRF-X
server-private 192.168.1.10 auth-port 1812 acct-port 1813 key 7 003632222D6E3839240475
ip vrf forwarding X
aaa authentication login default group RADIUS-VRF-X local
aaa authorization exec default group X local if-authenticated
Per VRF AAA reference:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/12_2b/12_2b4/feature/guide/12b_perv.html#wp1024168

SSH & RADIUS Authentication

Hi all,
I need some advice on the authentication of my switches.
I have a network set up where every switch uses telnet only for the transport input method. I need this to change to SSHv2 only.
I also have a RADIUS server backing off to Active Directory that I can use for AAA authentication against users of the switches.
Once I use SSH to login, I am in User EXEC mode. I would like to use RADIUS authentication to authenticate users to enter Privileged EXEC mode.
Is this possible to do?
I have been working on this for a while, now I have got to the point where I have to give in and ask for help.
Thank you.

@Gurpreet Puri
That's true, but I think Simon does not have an ISE neither.
Simon, are you using NPS, IAS or any other vendor?
If so, we would need to check the vendor's documentation to see how to send the privilege level 15 to the SW.
You can check this one:
Cisco Privilege Level Access with Radius and NPS Server
Also:
How-to : Integrating Cisco devices CLI access with Microsoft NPS/RADIUS
HTH.

Query regarding database access segregation using os authentication in windows environment

Hi ,
I have a query regarding database access segragation using os authentication (like sqlplus "/ as sysdba") in windows environment.Let me briefly explain my requirement:-
Suppose you have two DBA`s viz DBA1 and DBA2 and 4 databases resideds in a windows server say A,B,C & D.Now I want to set up such a way if DBA1 logs into the server then he can login to database A and B only using OS authentication and DBA2 can login to database C and D only using OS authentication.
Please let me know how to do setup for this requirement.
Database version is 11.2.0.3

1494629, I am not a Windows person but if there is any way to do this I suspect some additional information is necessary:
Are the DBA users members of the Administrators Group ?
Do all 4 database share the same $ORACLE_HOME ?
I suspect if either answer above is yes then this is not possible, but like I said I am not a Windows person. I would just ask for two servers and the associated licensing to be acquired. The requirement to spend money to do something management wants usually elimanates the request in my world.
HTH -- Mark D Powell --

How to configure the applet use Kerberos authentication

Hi all:
I know few about the java or applet security and hope someone can help me.
I have a MS IIS Web server named win2003stdbase1 and it use Kerberos authentication, and the
web server host a jar file.The client machine has jdk1.5 installed.When the client visit a html page which contains a java applet,the jre starts the applet and a dialog "Password Needed -Networking" popups.Then we input the right user name and the password,but the dialog popup again.The dialog display these message:
Server: win2003stdbase1/192.168.0.43
Scheme: ntlm
UserName:
Password:
Domain:
I suspect that the applet use the ntlm authentcation method which different from the web server,and I want it to use Kerberos authentication.How can I achieve this?
Any suggestion or idear will be appreciated.Thanks.

Are there anyone can help on this? It is a urgent issue. Also if I did not explain it clearly, please let me know.Thanks.

Invalid Login Using Trusted Authentication

My productive database server always report "Invalid Login Using Trusted Authentication" in udump. Could you tell me what is mean? would it influent oracle running?

Can we test a single connection using SQL authentication and If still persist, you have to double check that credential
if it is still trying to connect SQ Server and identify if it is hitting the
same DB on the same server or other DBs since I do think this errors is related to other DBs
Kindly work out it and please let know me your feedback
Shehap (DB Consultant/DB Architect) Think More deeply of DB Stress Stabilities

Peoplesoft Authentication and Authorisation

Hi
I'm working on an APEX reporting project on Peoplesoft data, and need to authenticate Peoplesoft users and selectively display information to them according to the PS roles that they have been granted.
Has anyone done any work with using the Authentication and Authorisation of Peoplesoft?
Thanks
Mike

On the OTN is a very good example (including description and the application itself) , see : http://www.oracle.com/technology/oramag/oracle/06-may/o36apex.html
You need more authentication schemes (three in your example).
If you download OFD form sourceforge.net or analyze the demo-application you will find some working examples.
I've built an application for volunteers having assignments and an assignments related to a role. I have defined some attributes in the user-table (persons) to simply maintain the responsibilities (and used the ODF-application as my guide).
Hope this helps.
Leo

How to log out using BASIC authentication

Hi,
we are using JSC and Sun Appserver8.
To authenticate we are using BASIC authentication and it works well.
Now we need to do a log out function because of new demands.
Is it possible to log out when using BASIC authentication ?
If so, how?
/Regards Krister

If you are using Basic Authentication, you may not be able to force log out. In that case you may have to use form based authentication.
Please read more details here
http://httpd.apache.org/docs/1.3/howto/auth.html
(Look at the topic How do I log out?)
- Winston
http://blogs.sun.com/winston

BBSM 5.3 using RADIUS Authentication and ISA Logging

Similar Messages

Maybe you are looking for