Cannot get iLOM to authenticate against Active Directory
I'm hoping it is some sort of configuration mistake, I'll happily take the fall for misconfiguration, if it solves my issue.
We have a number of different Sun systems we just purchased, and LOVE the iLOM capabilities. Unfortunately, we have not been able to configure the Active Directory authentication properly. We've gotten the RADIUS auth to work, but since it doesn't have any extensible groups, there's no way to cleanly divide folks up. Have read the User's Guide extensively, and tried multiple variations on the LDAP configuration of the Active Directory AdminGroup settings, with no luck.
I have verified the iLOM unit is reaching the AD server, I have captured communications, but sine it's encrypted, I can't see where the fault lies. The clocks are certainly within 5 minutes of each other, so it's not a kerberos time issue. The 'Trace' level of logging doesn't seem to include much info to me, but here is what is captured:
2008-07-29 14:26:14 Local0.Warning 10.40.5.7 logmgr: ID = 1366 : Tue Jul 29 14:27:42 2008 : ActDir : Log : minor : (ActDir) module loaded, MOD-VER:Tue Jun 3 07:53:02 CST 2008
2008-07-29 14:26:14 Local0.Critical 10.40.5.7 logmgr: ID = 1367 : Tue Jul 29 14:27:42 2008 : ActDir : Log : critical : (ActDir) _BindAUser: bind error. -1:-1, Can't contact LDAP server. Check cert-file, network connectivity, local date/time
2008-07-29 14:26:14 Local0.Critical 10.40.5.7 logmgr: ID = 1368 : Tue Jul 29 14:27:42 2008 : ActDir : Log : critical : (ActDir) _BindAUser: bind error. -1:-1, Can't contact LDAP server. Check cert-file, network connectivity, local date/time
2008-07-29 14:26:14 Local0.Error 10.40.5.7 logmgr: ID = 1369 : Tue Jul 29 14:27:42 2008 : ActDir : Log : major : (ActDir) ServerUserAuth - Error 0, error binding user to ActiveDirectory server
2008-07-29 14:26:15 Local0.Error 10.40.5.7 logmgr: ID = 1370 : Tue Jul 29 14:27:42 2008 : ActDir : Log : major : (ActDir) server-authenticate: auth-error idx 0 server x.x.x.x
2008-07-29 14:26:15 Local0.Critical 10.40.5.7 logmgr: ID = 1371 : Tue Jul 29 14:27:42 2008 : ActDir : Log : critical : (ActDir) authentication status: auth-ERROR
2008-07-29 14:26:17 Local0.Warning 10.40.5.7 logmgr: ID = 1372 : Tue Jul 29 14:27:45 2008 : Audit : Log : minor : cleverlyc : Open Session : object = /session/type : value = www : error
We have no certificates, and do not plan on using any (for quite some time). I cannot find any errors, notifications, or other data on the AD server, showing any sort of error/misrepresented credentials etc.
Any ideas/help?
Thanks!!
Looks like this seems to be a common issue as I am having the same issue using current iLOM release.
SP Firmware Version 2.0.2.10
SP Firmware Build Number 35249
SP Firmware Date Wed Jul 23 22:40:58 PDT 2008
SP Filesystem Version 0.1.14
Addition information I can provide is when reviewing the security logs on the DC I see no attempt at of any creds being used.
Edited by: evil_bobster on Sep 22, 2008 10:50 AM
Similar Messages
-
Hi,
I have a setup ISE 1.1.1. Users are getting authenticate against AD. Everything is working fine except some users report disconnection. I see in the ISE that (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out). Users are using Windows 7 OS.
Error is enclosed & here is the port configuration.
Port Configuration.
interface GigabitEthernet0/2
switchport access vlan 120
switchport mode access
switchport voice vlan 121
authentication event fail action next-method
authentication event server dead action reinitialize vlan 120
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 60
spanning-tree portfast
ip dhcp snooping limit rate 30 interface GigabitEthernet0/2
switchport access vlan 120
switchport mode access
switchport voice vlan 121
authentication event fail action next-method
authentication event server dead action reinitialize vlan 120
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 60
spanning-tree portfast
ip dhcp snooping limit rate 30
Please help.The error message means that Active Directory server Reject the authentication attempt
as for some reasons the user account got locked.I guess, You should ask your AD Team to check in the AD
Event Logs why did the user account got locked.
Under Even Viewers, You can find it out
Regards
Minakshi (Do rate the helpful posts) -
Cannot find the object "CrossRef" in Active Directory
I am trying to install Lync 2013. I'm getting the following error: Error:
An error
occurred: "Microsoft.Rtc.Management.Deployment.ActiveDirectoryException" "Cannot
find the object "CrossRef" in Active Directory."
WARNING: Enable-CSAdForest failed.
This error is at "Step 3: Prepare Current Forest" of the install.I've tried to run the forest prep as a local domain and I get the following:
Creating new log file "C:\Users\administrator.xxx\AppData\Local\Temp\2\Enable-CSAdForest-052cfe14-7f42-4969-88da-83279413ab8c.xml".Enable the Active Directory forest to host Lync Server 2013 deployments.
Prepare Forest Active Directory settings execution failed on an unrecoverable error.Creating new log file "C:\Users\administrator.xxx\AppData\Local\Temp\2\Enable-CSAdForest-[2013_05_30][13_25_56].html".WARNING:
Enable-CSAdForest failed.WARNING: Detailed results can be found at "C:\Users\administrator.xxx\AppData\Local\Temp\2\Enable-CSAdForest-[2013_05_30][13_25_56].html".Command
execution failed: Container CN=Microsoft,CN=Program Data,DC=xxx,DC=local not found -
Hi,
Since we implemented Cisco ISE we receive the following failure on several Notebooks:
Authentication failed : 24408 User authentication against Active Directory failed since user has entered the wrong password
This happens 2 or 3 times per Day. So basically the authentications are working. But when the failure appears, the connection is lost for a short time.
The Clients are using PEAP(EAP-MSCHAPv2) for Authentication. We've got a Cisco Wireless Environment (WLC 5508).
Why is this happening?
Thanks,
MarcThe possible causes of this error message are:
1.] If the end user entered an incorrect username.
2.] The shared sceret between WLC and ISE is mismatched. With this we'll see continous failed authentication.
3.] As long as a PSN not receiving a response from the supplicant within this limit during an EAP conversation, it will throw this error code. In majority of cases it says eap session timed out.
In your cases, the 3rd option seems to be the most closest one.
Jatin Katyal
- Do rate helpful posts - -
How to authenticate using Active directory!
Hi all!
at present im using a code given below, its working fine! currently we are using mixed mode active directory! we are going to migrate that to Native mode!
import java.util.Properties;
import javax.naming.*;
import javax.naming.directory.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.Vector;
import com.aigss.codegene.utils.PropertyDispatcher;
public class LdapAuthentication//Servlet extends HttpServlet
private java.util.Hashtable cache = new java.util.Hashtable();
* @param loginid
* @param passwrd
* @return boolean
public boolean authenticate(String loginid, String passwrd) {
if(passwrd.trim().equalsIgnoreCase(""))
return false;
Properties props = new Properties();
String ldapHost = "ldap://HDCQ3Q5CDOM01:389";
String DN =
"CN="
+ loginid.trim()+"DN=,CN=Users,DC=pslsdc,DC=legacy,DC=r5,DC=websi,DC=net";
System.out.println("DN: "+DN);
props.put(Context.INITIAL_CONTEXT_FACTORY,com.sun.jndi.ldap.LdapCtxFactory);
props.put(Context.SECURITY_AUTHENTICATION, "simple");
props.put(Context.SECURITY_CREDENTIALS, passwrd);
props.put(Context.SECURITY_PRINCIPAL, DN);
props.put(Context.PROVIDER_URL, ldapHost);
try {
DirContext ctx = new InitialDirContext(props);
System.out.println("successfully authenticate DN: " + DN);
return true;
} catch (Exception ex) {
System.out.println(ex+loginid);
try{
throw new Exception("login failure : "+ex+loginid);
}catch(Exception e){
e.printStackTrace();
return false;
}when i try to connect into Active directory the new one, im unable to get authenticate, user not found error is coming! (data 525)
im unable to continue!
i tried changing the DN to : [email protected]
also DN: mydomain\vijayvignesh
then im getting error:
java.lang.Exception: istar login failure : javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vecei almost tried everything!
if any one can find a solution pls do come forward!
remember my code works fine in Mixed mode active directory, when we shift that to native mode, it is not working!If you would read the Active Directory error message, it actually gives you a hint:
"The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection"
There was a security feature introduced in Windows Server 2003 that would allow administrators to only allow connections over encrypted sessions (eg. SSL/TLS or Kerberos signing and sealing). This setting is configured somewhere in the Domain Controller's Group Policy, called something like "LDAP Server signing"
One solution is to use SSL/TLS. Refer to my previous post titled "JNDI, Active Directory & Authentication (part 2) (SSL)" at
http://forum.java.sun.com/thread.jspa?threadID=581425&tstart=50 -
How to set up authentication against Active Directory using custom account
Hi All,
Our development BPC server (version 7.0.112, MSSQL Server 2005) was installed using a local user in domain X. It is a single-server installation (meaning all services were installed on that server). The dev server always has the latest data/users by restoring the production backup on the dev server. For testing purpose, I need to allow a user of domain X to log in and do a testing.
Is there a way to configure the dev server to authenticate against an Active Directory in domain X using a special user in the domain X? If yes, how can I configure the dev server?
Thanks.The installation user must be a domain user with rights to browse domain X.
Otherwise you are not able to add users fom domain.
In your case installation was done with a local user which means you willnot be able to use domain users.
It can be an workaround if you will change the identity for 2 COM+ components to be a domain user instead to be that local user.
Any way I don't advice you to do this. It will be better to reinstall the dev using a domain user.
The COM+ which has to be changed are:
OsoftAdminServer
OsoftUserManage
Attention domain user used must be added into administartor group of BPC server and also to have sys admin right to SQL Server.
I hope this will help you.
Regards
Sorin Radulescu -
Can OS X 10.9 Authenticate An Active Directory User From A Different Trusted Forest
I am able to authenticate with an AD account from a different trusted domain in the same forest as the domain the client is bound to on OS X 10.9. An AD account from a trusted domain in a separate forest cannot authenticate on the same client. The same AD account from the same external trusted domain in the same external forest can authenticate to a Windows 7 client bound to the same domain as the Mac client. It seems that OS X is incapable of cross forest authentication. It seems as though the directory services search path only includes the forest of the domain the client is bound to. Windows clients seem to be able to handle the referral process to a different forest, but a Mac client does not. Am I correct in this assumption? Has anyone accomplished cross forest authentication on an OS X client? If so, how? If not, what is the reason this can't be done?
Well, I’ve made some encouraging progress.
I’ve managed to log on!
I deleted /var/db/.AppleSetupDone while booted into the recovery volume. I then created a new local admin user and, after a much longer than usual delay, got through the account creation stuff and arrived at last in the Finder, which was sluggish as heck.
Checked user accounts, and according to system prefs they’re all there. Fired up Activity monitor and found that opendirectoryd was consuming 365%-405% CPU.
I unbound the system from our Active Directory domain, not really expecting it to work but it did. cpu load dropped to nothing.
I rebooted, was able to log in as the original local admin user (woohoo! Progress!)
Re-bound it to AD and boom CPU shot right back up.
I unbound it again and am currently backing up the drive with CCC (conversation with professor yesterday “Time Machine? What’s Time Machine?”)
If CCC dies, I’ll run DW on the original, but I’m now pretty sure my issue is a borked opendirectory database.
Plan going forward:
I’ll nuke&pave the iMac, restore the apps, but NOT users and computer settings from the CCC during the re-install, create a new local admin, re-bind to AD see what happens.
If it doesn’t go nutz again, I’ll have him log on so it creates the local directory, copy over his original user directory from the backup drive, make it his actual home on the disk again and in theory he should be ok.
It’s amazing how often just laying my problem out in public makes my brain think of new things to try :-)
I don't know if this is directly applicable to an OpenDirectory-bound system rather than Active Directory, but it might work for you. -
Authentication against Active Directory Forest
Hello Everyone,
I am new to JNDI programming and would appreciate any help in the following problem.
I am planning to write a program using JNDI APIs to authenticate users against an Active Directory (AD) forest.
Target AD forest contains multiple domains with two-way transitive trust between them. There are several users created in each of these domains.
I would like to know what should be the general approach for authenticating users against such a topology.
I have a working program which uses JNDI APIs to authenticate users against single Domain.
A sample topology would contain domains like these.
- abc.corp.net
- xyy.corp.net
- pqr.xyz.corp.net
- hrdev.xyz.corp.net
- lmn.corp.net
Thanks in advance for any help
SandeepHi,
How does this relate to Sun Directory Server ?
Regards,
Ludovic -
Getting User Attributes from an Active Directory LDAP
Hello all.
I want to extract attributes assigned to a user in the Active Directory LDAP and make them available through the getPropertyValue property in Javascript. I know that a user's System Attributes can be accessed with getPropertyValue but I have not found a way to get specific attributes from the LDAP and make them available as specific attributes in xMII. System attributes like "EmailAddress1" seem to transfer from the LDAP but others don't. Anyone have any ideas?
Thanks.
...SparksSparks,
If you're using 11.5 or 12 actually they should all map into the system as session properties. You can use the following URL to verify your session properties:
http://<xMIIServer>/Lighthammer/PropertyAccessServlet?Mode=List
If you are not seeing the attributes you expect then your Attribute Query for User or Role is incorrect for your LDAP system and you need to change the LDAP configuration queries.
-Sam -
Advice needed for WAP4410n to authenticate using active directory ?
Hello,
We have a couple of Cisco WAP4410n newly purchased for our organisation.
1)We already have a windows 2003 active directory with domain and users.
2)We have installed a machine with ubunto linux.It has freeradius configured
in it.we have also installed the certificate server in this machine.
3)we have given the linux machine's ip to the freeradius settings in wap4410n.
4)Our logic is that when a wireless users tries to connect to wap4410n the linux
free radius server will communicate with the windows active directory and grant
access to the wireless user.
However when we try to connect a wireless user we are getting certificate related
errors.
Can someone advice us on the settings (PEAP and certificate issues) with respect to freeradius and wap4410n
so that the active directory users can be authenticated.
Thanks & regards.....Hi Sabeesh,
if you get a certificate warning, then you should check what it is complaining about.
-If you go for PEAP, you're supposed to install a certificate on the radius server and to have the clients to trust it.
-Usually people configure the windows peap client to NOT validate the server certificate, which bypass this problem. However a certificate still has to be installed on the Radius server but it can be invalid.
Hope this helps
===
Don't forget to rate answers that you find useful -
Cannot Bind Leopard Server to Windows Active Directory
Trying to Bind new Leopard Server but keep getting an Unknown error. it there an issue with the new Server OS?
This is the error
12/10/07 6:36:37 PM com.apple.launchd[1] (0x0-0x2c02c.com.apple.ServerAdmin4479) Exited abnormally: Segmentation fault
12/10/07 6:37:08 PM Directory Utility236 Step 1 of 6: Searching for Forest/Domain information
12/10/07 6:37:08 PM Directory Utility236 Binding failed with error -14120
12/10/07 6:37:29 PM DirectoryService4626 * +NSCFArray shouldAttemptCheck: unrecognized selector sent to class 0xa0101740
12/10/07 6:37:30 PM com.apple.launchd[1] (com.apple.DirectoryServices4626) Exited abnormally: Bus errorOkay, I have now managed to setup up the server. I did this by creating a Open Directory Master and then binding that to our Active Directory. I have setup Active Directory and LDAP binding on the client Macs.
I then added a user from AD into Workgroup Manager and applied a few preferences. They worked brilliantly. However, the computer Workgroup Manager preferences are not working at all! Is there a different way to add computers to Workgroup Manager (I added them by using the + sign and dragging them in from AD) and is there a way to automatically add a computer once it's joined to the domain, like it goes in to AD? -
What is the powershell command to get the user count in Active Directory
What is the powershell command to get the user count in Active Directory
Get-ADuser
REF: http://blogs.technet.com/b/heyscriptingguy/archive/2012/10/30/powertip-single-line-powershell-command-to-list-all-users-in-an-ou.aspx
This post is provided AS IS with no warranties or guarantees, and confers no rights.
~~~
Questo post non fornisce garanzie e non conferisce diritti -
Josso not able authenticate against sun directory configuration
I trying configure josso-1.5 and jboss 4.x to sun directory server.
I getting error in the screen: Invalid Authentication Information
It works against openldap
Please let me know, i need do any special configuration for sun directory server
console log.
12:12:33,453 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
ull=true
12:12:33,468 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
ull=true
12:12:33,468 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.util.LocalStrings', returnNull=tru
e
12:12:33,531 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
ull=true
12:12:33,531 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
ull=true
12:12:33,531 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.bean.LocalStrings', returnN
ull=true
12:13:02,171 INFO [TilesRequestProcessor] Tiles definition factory found for request processor ''.
12:13:02,250 INFO [ConfigurationFactory] Trying to load configuration josso-gateway-config.xml
12:13:02,265 INFO [ComponentKeeperImpl] SSO Config from [file:/C:/Jboss405/jboss-4.0.5.GA/jboss-4.0.5.GA/server/default
/./tmp/deploy/tmp36339josso.ear-contents/josso-exp.war/WEB-INF/classes/josso-config.xml]
12:13:02,281 INFO [STDOUT] THe crendentials are ->[Lorg.josso.auth.Credential;@b65a68
12:13:02,281 INFO [STDOUT] THe SSO context is org.josso.gateway.SSOContextImpl@1e99db4
12:13:02,281 INFO [STDOUT] THe gateway is ->org.josso.gateway.SSOGatewayImpl@70cdd2
12:13:02,281 INFO [STDOUT] THe scheme is ->basic-authentication
12:13:02,312 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@3
12:13:02,312 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@7
12:13:02,312 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@9
12:13:02,312 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@10
12:13:02,312 INFO [STDOUT] THE ENV BEFORE LOGGING IN TO LDAP IS -> {java.naming.provider.url=ldap://192.168.1.225:2389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=admin,cn=Administrators
,cn=config, java.naming.security.authentication=simple, java.naming.security.credentials=test, java.naming.security
.protocol=}
12:13:02,312 INFO [STDOUT] THE ENV BEFORE LOGGING IN TO LDAP IS -> {java.naming.provider.url=ldap://192.168.1.225:2389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=admin,cn=Administrators
,cn=config, java.naming.security.authentication=simple, java.naming.security.credentials=test, java.naming.security
.protocol=}
12:13:07,000 INFO [STDOUT] ################################ LOGGED in TO LDAP SERVER ############# javax.naming.ldap.In
itialLdapContext@142c63f
12:13:07,000 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@12
12:13:07,046 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@3
12:13:07,046 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@7
12:13:07,046 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@9
12:13:07,046 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@10
12:13:07,046 INFO [STDOUT] THE ENV BEFORE LOGGING IN TO LDAP IS -> {java.naming.provider.url=ldap://192.168.1.225:2389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=admin,cn=Administrators
,cn=config, java.naming.security.authentication=simple, java.naming.security.credentials=test, java.naming.security
.protocol=}
12:13:07,062 INFO [STDOUT] THE ENV BEFORE LOGGING IN TO LDAP IS -> {java.naming.provider.url=ldap://192.168.1.225:2389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=admin,cn=Administrators
,cn=config, java.naming.security.authentication=simple, java.naming.security.credentials=test, java.naming.security
.protocol=}
12:13:11,640 INFO [STDOUT] ################################ LOGGED in TO LDAP SERVER ############# javax.naming.ldap.In
itialLdapContext@a14fed
12:13:11,656 INFO [STDOUT] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@12
12:13:11,718 INFO [SSO_AUDIT] Sat Aug 11 12:13:11 PDT 2007 - sso-user - info - user1 - authenticationFailed=failure - r
emoteHost=127.0.0.1,authScheme=basic-authentication - ERROR:user1:org.josso.auth.exceptions.AuthenticationFailureExcepti
on
12:13:11,812 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
ull=true
12:13:11,828 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.taglib.html.LocalStrings', returnN
ull=truear, mine was a mistake.
I changed password to plain and my ldap data to none crypt password.
Also I commented out
<!--
<hashAlgorithm>MD5</hashAlgorithm>
<hashEncoding>HEX</hashEncoding>
-->
<!-- Strong Authentication Scheme
<authentication-scheme>
<name>strong-authentication</name>
-->
lines.
INFO: Trying to load configuration josso-gateway-config.xml
2008/01/30 23:12:33 org.josso.ComponentKeeperImpl loadConfig
INFO: SSO Config from [file:/opt/apache-tomcat-6.0.14_josso-1.6/bin/josso-config.xml]
2008/01/30 23:12:33 org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler handle
INFO: Wed Jan 30 23:12:33 JST 2008 - sso-session - info - - createSession=success - ssoSessionId=3BD8CB4222046B3ECA68A29DCC54FD44
2008/01/30 23:12:33 org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler handle
INFO: Wed Jan 30 23:12:33 JST 2008 - sso-user - info - user1 - authenticationSuccess=success - remoteHost=192.168.100.200,authScheme=basic-authentication,ssoSessionId=3BD8CB4222046B3ECA68A29DCC54FD44
2008/01/30 23:12:33 org.josso.gateway.signon.LoginAction login
WARN: No 'BACK TO' URL received or configured ... using default forward rule ! -
OS 10.4.7 mounting against Active Directory on 2003 Server
Hi,
I downloaded all documentation regarding mounting OSX clients to our Windows 2003 Server network. I can bind to the server but everytime I try to connect to a server (under the network), I get the following error . . . "the alias could not be opened, because the original item cannot be found". What else do I need to do?
Many thanks,
-KHi,
I downloaded all documentation regarding mounting OSX
clients to our Windows 2003 Server network. I can
bind to the server but everytime I try to connect to
a server (under the network), I get the following
error . . . "the alias could not be opened, because
the original item cannot be found". What else do I
need to do?
Many thanks,
-K
one thing i found out when trying to do the same, but on a win2000 server, is to connect to the server by "Go -> Connect to Server" and use the IP... have not tried it with 2k3 yet. otherwise, upgrade your mac to 10.4.8... it should work fine, 10.4.8 has windows fixes, as well as AFP fixes... -
How do I configure a cisco 1131 AP to use WPA2 enterprise and authenticate to Active Directory
I have a Win2008 server set up as a radius server (192.168.32.71) and a stand alone AP (192.168.201.9) The AP is config is below:
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
enable secret 5 $1$IdUV$UvE2IJTNzHX6mW6Mmh3At0
ip subnet-zero
ip domain name TKGCORP.local
ip name-server 192.168.32.71
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap1
server 192.168.201.9 auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 ssid ka_test
vlan 201
authentication open eap eap_methods1
authentication network-eap eap_methods1
guest-mode
power inline negotiation prestandard source
username Cisco password 7 112A1016141D
username tkgadmin privilege 15 password 7 022D167B06551D60
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 201 mode ciphers aes-ccm tkip
encryption key 1 size 128bit 7 673B0AA56FCB4E630D8E4856427E transmit-key
encryption mode wep mandatory
broadcast-key change 150
ssid ka_test
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
bridge-group 201 subscriber-loop-control
bridge-group 201 block-unknown-source
no bridge-group 201 source-learning
no bridge-group 201 unicast-flooding
bridge-group 201 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption key 1 size 128bit 7 B711059074E30B1E1D4E3EC038BB transmit-key
encryption mode wep mandatory
broadcast-key change 150
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
interface FastEthernet0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
no bridge-group 201 source-learning
bridge-group 201 spanning-disabled
interface BVI1
ip address 192.168.201.9 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server local
no authentication eapfast
no authentication mac
nas 192.168.201.9 key 7 010703174F
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.32.71 auth-port 1645 acct-port 1646 key 7 0835495D1D
radius-server host 192.168.201.9 auth-port 1812 acct-port 1813 key 7 0010161510
radius-server vsa send accounting
control-plane
bridge 1 route ip
line con 0
line vty 0 4
endSorry for the late reply Steve. The link you provided was extremely helpful here is what my config looks like now:
ersion 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
enable secret 5 $1$7vHS$YWCMbrlAgDUayKlOHhMlF1
ip subnet-zero
ip domain name TKGCORP.local
ip name-server 192.168.32.71
aaa new-model
aaa group server radius rad_eap
server 192.168.32.71 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 ssid wap_test
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
guest-mode
infrastructure-ssid optional
power inline negotiation prestandard source
username Cisco password 7 047802150C2E
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
ssid wap_test
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
interface BVI1
ip address 192.168.201.9 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.32.71 auth-port 1645 acct-port 1646 key 7 071B245F5A
radius-server vsa send accounting
control-plane
bridge 1 route ip
line con 0
line vty 0 4
end
I get a login screen but it will not let me connect, on my radius server I have it set to allow a group that my username is in. Here are some debugs from when I try to connect to the AP:
ap#debug aaa authentication
AAA Authentication debugging is on
ap#
*Mar 2 01:11:53.284: AAA/BIND(00000006): Bind i/f
*Mar 2 01:11:53.355: AAA/AUTHEN/PPP (00000006): Pick method list 'eap_methods'
*Mar 2 01:11:54.556: %DOT11-7-AUTH_FAILED: Station c0cb.3835.a102 Authentication failed
*Mar 2 01:11:55.280: AAA/BIND(00000007): Bind i/f
*Mar 2 01:11:55.404: AAA/AUTHEN/PPP (00000007): Pick method list 'eap_methods'
*Mar 2 01:11:56.349: AAA/BIND(00000008): Bind i/f
*Mar 2 01:11:56.525: AAA/AUTHEN/PPP (00000008): Pick method list 'eap_methods'
*Mar 2 01:11:57.300: AAA/BIND(00000009): Bind i/f
*Mar 2 01:11:58.070: AAA/BIND(0000000A): Bind i/f
*Mar 2 01:11:58.812: AAA/BIND(0000000B): Bind i/f
*Mar 2 01:12:15.470: AAA/AUTHEN/PPP (0000000B): Pick method list 'eap_methods'
*Mar 2 01:12:15.492: %DOT11-7-AUTH_FAILED: Station c0cb.3835.a102 Authentication failed
ap#undebug all
All possible debugging has been turned off
Maybe you are looking for
-
Anyone know when Apple will bring out a patch to fix the volume problem you get on mac mini after downloading OS 10.8.5?
-
Hi guys, How to clear a GR/IR account manually? Our requirement is that we have already arranged the payment to vendor by JV. We want to clear this balance amount from GR/IR a/c. thanks in advance chintu
-
HT1567 error pops up saying to re-install itunes, can u help me?
note says the registry not found, and I have to re-install, can you help me?
-
Attribute data load fails for 0RPA_MARM Infoobject
Hi BW experts, Attribute data load to the infoobject 0RPA_MARM(not a infoprovider) is on yellow status for long time and after it is throwing the below error Runtime Errors :UNCAUGHT_EXCEPTION Except : CX_RSR_X_MESSAGE I checked the f
-
Oracle GL/APPS Database Connection Information
Hi I have just resfreshed our GL Test DB from our Production DB for the first time. The DB restore and recover went smoothly with no problems. Getting the GL application working is another thing! I realised that the problem had to be related to the d