CallbackHandler  - username and password token

Similar Messages

• Username and password token retrieval from SOAP web services

  We are implementing one JAX-WS Web services which requires to retrieve the username and password in SOAP header elements and use those for further use/processing.
  When we are retrieving username/password it’s coming as null. Please help ...
  if (Boolean.FALSE.equals(context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY))) {     
  try {
  SOAPMessage sm = context.getMessage();
  //SOAPEnvelope envelope = context.getMessage().getSOAPPart().getEnvelope();
  SOAPEnvelope envelope = sm.getSOAPPart().getEnvelope();
  SOAPHeader sh = envelope.getHeader();
  System.out.println("Message: "+envelope);
  System.out.println("Envelope: "+envelope);
  System.out.println("Header: "+sh.toString());
  Iterator it = sh.examineAllHeaderElements();
  while(it.hasNext()){
  System.out.println(it.next());
  String username;
  username = sh.getAttribute("Username");
  // username = sh.getAttributeValue("Username");
  //String password = sh.getAttribute("Password");
  System.out.println("uid:"+username);
  //System.out.println("pass: "+password);
  context.put("Username", username);
  //context.put("Passsword", password);
  // default scope is HANDLER (i.e., not readable by SEI
  // implementation)
  context.setScope("Username", MessageContext.Scope.APPLICATION);

  <S12:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu= "...">
  <S12:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>TestUser</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TestPassword</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </S12:Header>
  </S12:Envelope>

• Claims Based Authentication SPSecurityTokenService.Issue() failed: The security token username and password could not be validated.

  Please excuse the lousy table...Its late :-)
  I have a multi-server SP2010 farm.  Patched up to
  Configuration database version: 14.0.6106.5002
  My goal is to have a claims based web application that authenticated to ADAM for Extranet.  I have configured the servers exactly to MSDN and technet specs (following this spec to the
  letter (
  http://technet.microsoft.com/en-us/library/ee806882.aspx) to allow the forms side of the web app to authenticate to ADAM.
  IT WORKS IN DEV!!! , which is a single server farm.  However, it does not work in production.  I get the following:
  Claims Auth log entries:
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  f2ut
  Verbose
  Authenticated with login provider. Validating request security token.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Using membership provider 'ADAMProvider'.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Doing password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Failed password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)               
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Unexpected
  Password check on '[email protected]' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security
  token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  fo1t
  Monitorable
  SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password
  could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  fsq7
  High   
  Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)  
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)    
  at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  8306
  Critical
  An exception occurred when trying to issue security token: The security token username and password could not be validated..
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  f2un
  Verbose
  Form authentication failed.
  I have tried EVERYTHING (well, nt everything, I don’t have the fix I suppose). 
   I found plenty out there and nothing directly correlates with this issue. 
  I searched on all parts of the errors I got.
  This contains an interesting blurb about setting up access for the apppool id correctly. 
  That’s not the case for me.  It works in dev and the same id are used there. 
  http://sharepoint-2010-world.blogspot.com/2011/03/adam-forms-based-authentication-in.html
  This was good but it doesn’t give specs on what the environment looks like:
  http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/557143a6-4b36-4939-bb7f-d62a9335fd18
  The was interesting…but I am patched up beyond the June 2011 CU so it’s a moot point:
  http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/9b8368ef-c5e5-4ead-b348-7b2b5587cfc8
  Any and all help would be greatly appreciated!

  Hi.
  You say its a multiserver farm, do you have more than one web server then?
  If thats the case, have you tried accessing the site on each server directly?
  Found this for you, maybe that can help?
  Troubleshooting Exceptions: System.ServiceModel.FaultException`1
  http://msdn.microsoft.com/en-us/library/bb907220.aspx
  and this:
  SharePoint 2010 Claims Authentication - The security token username and password could not be validated reoccurring every morning
  http://social.technet.microsoft.com/Forums/pl-PL/sharepoint2010setup/thread/383f1f9b-5c4a-4e19-b770-2a54b7ab1ca1
  and
  This seems to be a good guide:
  http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
  Good luck
  Thomas Balkeståhl - Technical Specialist - SharePoint - http://blksthl.wordpress.com

• Reporting Services username and password prompting

  We have several branch office locations and one reporting services server. All of the branch office locations can access the reporting services server, but we have one location for the passed week, each time they make a connection to this server, it prompts
  them for a username and password and will not allow them to connect even if the correct username and password is correct.
  I have tried adding the server to the IE intranet/trusted site list. Set IE security on all zones to automatically logon with current username and password.
  What is strange is that this is the only branch office site that is having this issue. It is almost like kerberos is broken for this site location only.
  DOes anyone has any suggestions what could be causing this problem for all computers in this one location. Nothing has changed on their local servers nor have we pushed any updates to the machines.

  Hi bubba1984,
  As per my understanding, I think this issue is caused by Kerberos authentication. Kerberos is an authentication protocol that allows clients that create authentication tokens to associate a specific destination to that token. In the failure case, there is
  a mismatch between the destination specified in the token and the report server process configuration. Due to this mismatch, the underlying Kerberos authentication scheme supported by Windows prevents report server from authenticating the user.
  To fix this issue, please try to remove RSWindowsNegotiate and ensure RSWindowsNTLM is specified in the rsreportserver.config file. For more details, please take the following article as reference:
  http://blogs.msdn.com/b/lukaszp/archive/2008/03/26/solving-the-reporting-services-login-issue-in-the-february-ctp-of-sql-server-2008.aspx
  Hope this helps.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support

• Calling A Secured webservice using Username and password in the Soap header

  I want to call a secured webservice.
  The Username and password should be sent with the payload in the SOAP Header
  as
  <wsse:Security S:mustunderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken wsu:Id="SecurityToken-XXXXXXXXXXXXXXXXXXXXXXXXX" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>uname</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  Can you please send me the steps?
  I tried with giving the username and password under Service Account.
  I tried to create a wspolicy under business service. But nothing works...
  Please help me at the earliest.
  Also please give me steps in sequence.

  Now i made sure that the endpoint is available!
  Now am getting this error:
  <soapenv:Fault>
  <faultcode>soapenv:Server</faultcode>
  <faultstring>BEA-380002: localhost1</faultstring>
  <detail>
  <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
  <con:errorCode>BEA-380002</con:errorCode>
  <con:reason>localhost1</con:reason>
  <con:location>
  <con:node>RouteNode1</con:node>
  <con:path>request-pipeline</con:path>
  </con:location>
  </con:fault>
  </detail>
  </soapenv:Fault>
  Also in the invocation trace i can observe the following things:
  Under Invocation Trace:-
  ========================
       Receiving request =====> Initial Message context
       ===============================================
       under added header:-
       ==================
       <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
       </soap:Header>
       under RouteNode1
  ================
       Route to "TargetMyService_BS"
  $header (request):-
  <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  </soap:Header>
  Under Message Context changes:-
  *===============================*
  I can find this element also:-
  con:security>
  *<con:doOutboundWss>false</con:doOutboundWss>*
  *</con:security>*
  eventhough we enabled ws security, how the above tag can be false?
  I think its getting failed to populate the header with the required login credentials.
  The other doubt i have is:-
  =================
  I have chosen the service account type is static...is this right?

• Username and password do not get applied to WS Invocations in PS3 project

  I am running into a situation where username and password do not get applied to WS Invocations in PS3 project I am deploying using config plan, this is used to work correctly in PS2. Did the syntax for the deployment configuration plans for PS3 BPM have changed?
  This is the error that I am getting from the BPM soa_server.log file:
  <Feb 9, 2011 1:04:16 PM PST> <Error> <oracle.wsm.resources.enforcement> <WSM-07501> <Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=default, composite=SpringWorkflow, modelObj=ActivityService, policy=oracle/wss_username_token_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss-username-token.
  oracle.wsm.common.sdk.WSMException: WSM-00015 : The user name is missing.
  Caused by: oracle.fabric.common.PolicyEnforcementException: WSM-00015 : The user name is missing.
  at oracle.fabric.common.AbstractSecurityInterceptor.processResult(AbstractSecurityInterceptor.java:239)
  at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:95)
  I enabled ws logging for incoming and outgoing P6 web service requests, I see that the BPM server is not making an outgoing webservice call, looking more into the log file from soa_server.log I see that the exception is a PolicyEnforcementException confirming my suspicion that the username and password from the deployment config plan are not getting applied at runtime. This is used to work correctly in PS2. Any suggestions?
  Config-plan:
  <reference name="ActivityService">
  <!--Add search and replace rules for the binding properties-->
  <binding type="ws">
  <attribute name="port">
  <replace>http://xmlns.oracle.com/Primavera/P6/WS/Activity/V1#wsdl.endpoint(ActivityService/ActivityPort)</replace>
  </attribute>
  <attribute name="location">
  <replace>http://x.x.x.x:7001/p6ws/services/ActivityService?wsdl</replace>
  </attribute>
  <property name="weblogic.wsee.wsat.transaction.flowOption">
  <replace>WSDLDriven</replace>
  </property>
  <property name="oracle.webservices.auth.username">
  <replace>admin</replace>
  </property>
  <property name="oracle.webservices.auth.password">
  <replace>admin</replace>
  </property>
  </binding>
  </reference>
  Deployment Log from Jdev:
  [04:05:01 PM] ---- Deployment started. ----
  [04:05:01 PM] Target platform is (Weblogic 10.3).
  [04:05:01 PM] Running dependency analysis...
  [04:05:01 PM] Building...
  [04:05:11 PM] Deploying profile...
  [04:05:11 PM] Updating revision id for the SOA Project 'SpringWorkflow.jpr' to '1.0'..
  *[04:05:11 PM] Copying file:/E:/dev/bpm11g/springdemo/SpringWorkflow/SpringWorkflow_cfgplan.xml to soaconfigplan.xml*
  [04:05:11 PM] Adding soaconfigplan.xml to archive.
  [04:05:11 PM] Wrote Archive Module to E:\dev\bpm11g\springdemo\SpringWorkflow\deploy\sca_SpringWorkflow_rev1.0.jar
  [04:05:11 PM] Deploying sca_SpringWorkflow_rev1.0.jar to partition "default" on server soa_server1 [x.x.x.x:8001]
  [04:05:11 PM] Processing sar=/E:/dev/bpm11g/springdemo/SpringWorkflow/deploy/sca_SpringWorkflow_rev1.0.jar
  [04:05:11 PM] Adding sar file - E:\dev\bpm11g\springdemo\SpringWorkflow\deploy\sca_SpringWorkflow_rev1.0.jar
  [04:05:11 PM] Preparing to send HTTP request for deployment
  [04:05:11 PM] Creating HTTP connection to hostx.x.x.x port:8001
  [04:05:13 PM] Sending internal deployment descriptor
  [04:05:13 PM] Sending archive - sca_SpringWorkflow_rev1.0.jar
  [04:05:15 PM] Received HTTP response from the server, response code=200
  [04:05:15 PM] Successfully deployed archive sca_SpringWorkflow_rev1.0.jar to partition "default" on server soa_server1 [x.x.x.x:8001]
  [04:05:15 PM] Elapsed time for deployment: 14 seconds
  [04:05:15 PM] ---- Deployment finished. ----

  We should take a look at the log files to see what's really going on but if you haven't done anything with the installation yet then "reinstalling" is very easy.
  In the directory where you launched the jar file, you should find a directory named "crx-quickstart". Simply rename this directory to "crx-quickstart.old" and restart the jar file. Your new environment will be ready in a couple of minutes.  Keep the old directory and look into the [your directory]\crx-quickstart\logs directory for details on your original problem.

• Extracting username and password from security header

  Hey all,
  I'm writing a BPEL process that invokes two secured web services. One of them authenticates using Username Token and the other has a authenticate method in which the username and password are supplied as Strings. I have successfully propagated the credentials from the BPEL process to the web service using Username Token by doing the following:
  1) I secured my BPEL process
  2) I imported oasis-200401-wss-wssecurity-secext-1.0.xsd and from it created a variable of type Security
  3) I added the security variable to the Header Variables for the BPEL process input
  4) I added the security variable to the Input Header Variables for the web service's invoke operation
  This worked fine. However, I need to be able to extract out the username and password and supply them as Strings to the authenticate method of the other web service. How can this be done? If it can't, what are some alternatives?
  Environment:
  JDeveloper 11.1.1.6.0
  Thanks,
  Bill

  Hi Sri,
  If I understand your steps correctly, I think the problem I'm having rests with the second step. I don't know how to get a hold of the username and password to assign to the local variables you mention. The BPEL process itself uses Username Token for authentication. These credentials need to be passed to the web services invoked within the BPEL process. If I assign the security header variable directly to the string output for the BPEL process, the string returned will be the complete XML security header, which includes the username and password. However, the security header variable itself doesn't expose the username and password directly. In other words, I can't expand the security header variable node in the dialog for editing the Assign operation and get to the username and password. I think one solution is to parse out the username and password from the complete XML security header using string operations (substring, index-within-string, etc). Also, regarding step 4, I'm not sure if passing the credentials in the header will work for this web service. I think the web service is expecting the credentials as parameters to its authenticate method.
  Thanks,
  Bill

• BPM Process As a Web-Service Username and Password

  Hi all,
  We have exposed a Process as a Web-Service WSDL to another system . We use Username Token Profile to enter the username and password to connect to the Web-Service..
  Now what we do is we have a role in our project and we create a dummy Web-Service user and add the role to that user and then use its password and username to call the Web-Service.
  Can we change this?
  Can we have a dummy username and password not associated with any role in BPM used in our Web-Service?

  Did you use PAPI code inside your web service or did u just use PAPI Web Services ( like did u just pressed the button Launch PAPI Web Services ) and it created the WSDL for you and u used it to create the client?
  I am using the latest version of OBPM..
  Oracle 10.3.10
  Can you let me know what do u mean by PAPI interface.. Is it the PAPI code of is the PAPI Web Service which is built by BPM automatically and could be used?
  Edited by: user8707382 on Sep 10, 2009 9:00 AM

• Single sign-on and different usernames and passwords

  Hello,
  I am building a Portal with WLPS 3.5 and WLS 6.0. I tried to get
  information about the background of single sign-on.
  I understand, that I need a Realm (i.e. LDAP Realm) to authenticate the
  user for the first login to the portal (with username and password).
  Now I would like to integrate my webmail-programm (to get emails from
  Lotus Notes via Internet) as a portlet.
  For my understanding the user has to authorizate to get access to webmail.
  Therefore I create a ACL for webmail and this ACL is assigned to my
  security Realm.
  I would like the portlet to show after login the number of mails for the
  specific user. But where are the username and password for webmail stored
  and how are they received and forwarded?
  I understand that my ACL included all users that have access to webmail
  (i.e. all users). But I only want emails for the specific user.
  Does WLS get all usernames and passwords while the first login? Do I have to
  implement a algorithmen to get the specific username and password for the
  requested resource in my portlet?
  Has anyone solved a similar problem or can tell me where I can get more
  information. I read the WebLogic Security document but I cant find a
  answer to my questions.
  Thanks
  Lydia

  Lydia,
  I'm not an expert in this area, but I can give you a start.
  As for single sign-on, there are different levels. For single sign-on across web-apps,
  the servlet spec requires this (section 12.6 of th 2.3 spec) and therefore Weblogic
  does this.
  What you are talking about is single sign-on across back-end applications through
  a web-app. BEA has partnered with Securant (just acquired by RSA) to provide this
  kind of functionality. Browse to http://www.rsasecurity.com/products/ and look
  at the ClearTrust product. BEA has also partnered with Netegrity (www.netegrity.com)
  with their SiteMinder product. Neither is included in the Weblogic license. I'm
  sure either vendor would be excited to explain how their product will solve your
  problem if you give them a call.
  As for where the username and passwords are stored, that is up to the realm. If
  you are using the default WLPS RDBMSRealm, the username and encrypted password
  are stored in the WLCS_USER table. If you are using LDAPRealm, they are stored
  in your LDAP server.
  Hope this was useful!
  PJL
  [email protected] wrote:
  Hello,
  I am using PersonalizationServer 3.5 and WLS 6.0 SP 2.
  Now I try to unterstand the functionality of Single sign-on when a user
  has different usernames and passwords for different applications.
  Can someone explain where the usernames and passwords for a user are
  stored (all in the LDAP-realm or a RDBMS-realm?) When a user access the
  application how username and passwords are mapped? Or usernames and
  passwords for all applications are the same and will be equalized?
  Precisely I would like to get access to a mail-account for a specific
  user
  (webmail from Lotus Notes).
  Thanks for any help
  Lydia

• How do i send the username and password to yahoo web page through url

  how do i send the username and password to yahoo web page through url i.e as Query string so that my account in yahoo will open...

  If you don't mind using a library, then download and use the Apache HttpClient library. It takes care of all these details for you.

• I do not know my apple administrator username and password? How do I find out what it is? I am trying to download IBM Notes and Domino onto my MacBook Pro and I cannot download the software without verifying my apple administrator username/password

  I do not know my apple administrator username and password. How do I find out what it is? I am trying to download IBM Notes and Domino onto my MacBook Pro and I cannot download the software without verifying my apple administrator username and password.

  iOS is only for mobile devices, so:
  Resetting or changing a password:
  For Snow Leopard or earlier:  http://support.apple.com/kb/HT1274
  For Lion or later:  http://support.apple.com/kb/HT6022
  For Mavericks users:
  http://www.macworld.co.uk/how-to/mac-software/how-change-admin-password-mac-3535 328/
  This is also useful:
  http://www.macworld.co.uk/ipad-iphone/news/?newsid=3463233&olo=email
  If it's running Mac OS X 10.6.8 or earlier, insert a Mac OS X install DVD, restart with the Option key held down, click on it, and use the Reset Password utility.
  If it's running Mac OS X 10.7 or newer, restart with the Command and R keys held down, open the Terminal, and use the resetpassword command:
  https://discussions.apple.com/docs/DOC-4101

• I have a iphone 5 and I can login with my apple id to purchase music. However, when I try to login into icloud using the very same username and password that I use in the apple store it does not work to enter icloud, so what what gives???

  I have a iphone 5 and I can login with my apple id to purchase music. However, when I try to login into icloud using the very same username and password that I use in the apple store it does not work to enter icloud, so what what gives???

  I could do that, however when I select the icloud button (or whatever the heck it is) I am asked to enter the apple id and password. So if you are suppose to create another one for icloud you'd think it would give you the option at this point which would be logical.

• I cant get my iphone 4 tolog in to my company wifi. i updated to ios 6 and now it just goes to my companies login screen. i enter my username and password and it just sticks. however it will logon to wifi without a requirement for a user name and password

  I have to log onto my companies wifi by first going thru a log on page that equires a username and password. before i updated to ios 6. it worked fine now it just goes to the login page and when i hit enter it doesnt do anything just stays stuck on that page. however the phone will log onto a regular wifi router that doesnt require any kind of username or password. any ideas on how to fix it. i have tried everything including reseting all network settings.

  1. Settings>General>Reset>Reset Network Settings
  or
  2. Use "Forget This Network"

• Why do my firewalls only use the domain username and password for login and enable passwords, not a different enable password like my switches do? The RADIUS config looks the same...

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman","serif";}
  Issue:
  Cisco firewalls require only one level of password i.e. the domain username and password are used for both logging in as well as reaching global configuration mode.
  Background:
  We have multiple Cisco network devices set up which authenticate to our Windows domain controller using NPS (Windows 2008 R2). The switches we have set up all function exactly as we would hope as they require your domain username and password to login to the device. They then require a separate password when you use the enable command, this is stored in Active Directory:
  Switches:
  Username:domain-username
  Password:domain-password
  SWITCH>enable
  Password:enable-password-in-Active-Directory
  SWITCH#
  Firewalls (as they currently are):
  Username:domain-username
  Password:domain-password
  FIREWALL>enable
  Password:domain-password
  FIREWALL #
  With the firewalls however, they require your domain username and password first, and then your domain password again when using the enable command. I want the firewalls to use the enable level password that the switches currently use instead of the domain password again. The current configuration look like the following:
  Current switch configuration:
  aaa new-model
  aaa authentication login default group radius local
  aaa authentication enable default group radius enable
  aaa authorization exec default group radius local
  aaa session-id common
  radius-server host 192.168.0.1 auth-port 1645 acct-port 1646
  radius-server source-ports 1645-1646
  radius-server key 7 1234abcd
  Current firewall configuration:
  aaa-server DC01 protocol radius
  aaa-server DC01 (outside) host 192.168.0.1
  aaa authentication ssh console DC01 LOCAL
  aaa authentication enable console DC01 LOCAL
  key 1234abcd
  Any help would be great, thanks!

  Cisco ASA works that way by design. You could remove "aaa authentication enable" and then you could use the "enable password" command to set your enable password.
  But if you do that, then ASA would change your username to "enable_15". That would break Authorization and Accounting if you're using them. Let me clarify with an example
  Firewalls :
  Username:domain-username
  Password:domain-password
  FIREWALL>show curpriv
  Username : domain-username
  Current privilege level : 1
  Current Mode/s : P_UNPR
  FIREWALL>enable
  Password:enable-password-from-running-config
  FIREWALL #show curpriv
  Username : enable_15
  Current privilege level : 15
  Current Mode/s : P_PRIV
  If you're using Authorization and Accounting it's recommended to stick with your current behavior.

• Server 2003 VPN clients can't verify username and password

  Hi,
  Hoping someone can help or point me in the right direction. I have a Windows Server 2003 R2 standard SP2 running RRAS. It has Dual NIC's and is configured for PPTP VPN. I am using a BT Business Hub 5 for internet access and using the BT Static IP service.
  The BT Hub assigns the static IP address chosen to the Server using DHCP. The firewall is configured to port forward PPTP traffic to the 2003 server. This all works correctly.
  The 2003 server is on a domain where the DC is a 2008 R2 server. The DC also acts as the DNS and DHCP for the network.
  The default gateway for the domain is pointed towards our WinGate proxy server which also acts as a DNS server.
  The 2003 server LAN NIC is configured manually, usually I would not configure a deafult gateway on the LAN NIC as the WAN NIC needs the default gateway for the BT Hub.
  The problem I am having is if a default gateway is configured on the LAN NIC, I can connect to the VPN and it will logon to the network. Once connected everything works ok. If the connection drops, when trying to reconnect the client can no longer verify
  the user name and password against the domain and the connection is refused.
  If I do not have a default gateway configured in the LAN NIC the VPN clients can not verify the username and password for the domain at all and I get RPC failure errors in the event viewer with the source dnsapi.
  Once this error occurs the only way I can get the clients to reconnect is to disable the WAN NIC, restart the RRAS service and enable the WAN NIC again.
  Any insight will be much appreciated.

  Hello,
  for Networking configuration questions better ask in
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home#forum=winserverNIS&filter=alltypes&sort=lastpostdesc&content=Search
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter: