Cisco 3600 using windows authentication

I recently took over the network manager possition. The win2003 server that was set up to handle dialin authentication from our cisco 3600 crashed and had to be replaced. restoring from backup was not a good option , so I started completely over.
The cisco 3600 was set to authenticate to the windows server but I can not seem to get IAS to accept anyones login. can anyone point me to a setup guide that covers setting up a cisco 3600 to authinticate to a windows2003 server?
Thanks
JT

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a0080094501.shtml

Similar Messages

Deploying the Cloud service using Windows Authentication

Hi,
I have a VPN Connectivity established to other VM Server where the DB is also installed. Now I a have created an application with DB connectivity
I am able to connect the DB server using SQL authentication but how can I connect using Windows Authentication?
What configuration changes I have to do in web.config or I have to modify any more changes else where?
Thanks & Regards,
Suresh Sahu

Hi,
Based on your description, you have connected to DB server using SQL authentication, I suggest your read the following link, and do some change in SQL that installed in the VM, hope it helps. If I misunderstand, please feel free to let me know.
#http://msdn.microsoft.com/en-us/library/dd787978.aspx
Best Regards

Database access using windows authentication

We are updating our Applications to use single sign on and are running into a problem with database access. We are using CF11 Enterprise and SQL Server 2008 on IIS 7.5.
We have set up the ColdFusion Application Service to run under an AD service account and have created the data sources in CFAdmin leaving the username and password blank. The data sources verify and all seems good. The problem comes when running a query. The credential passed to the database is the service account and not the windows authenticated user. As such the query fails. What are we missing to get CF to pass the Windows Authenticated user credential instead of the service account?
Thanks
Tim

ColdFusion does not pass user's credentials to the database connections by default, and cannot pass Windows Authentication credentials that way. It only sends the service account's credentials (if you leave username/password blank as you have done). The only way to pass user credentials is to put them into the individual query calls themselves, and even then you can't pass Windows Authentication credentials. You would have to use SQL Server Logins, and create accounts for each user.
I think most people are using either a dedicated SQL Server login for ColdFusion and run all queries under that account, or they do as you have already done and use Windows Authentication along with the ColdFusion service account. If you need an audit trail, then pass usernames into the insert/update queries and store them manually along with the other data you are inserting/updating.
-Carl V.

Impersonate user when accessing Microsoft SQL Server from powershell using Windows Authentication

Hi All,
Below is the powershell script to connect a SQL DB using windows authentication by impersonating a user. The user should have login access to the server. Script can be highly useful when service id is used to access DB using powershell.
[reflection.assembly]::LoadWithPartialName("Microsoft.SqlServer.Smo") | Out-Null
$ds=$null
$conn = New-Object -typeName Microsoft.SqlServer.Management.Smo.Server -argumentList "Servername"
$db = New-Object Microsoft.SqlServer.Management.Smo.Database
$conn.ConnectionContext.ConnectAsUser = $true
$conn.ConnectionContext.LoginSecure=$true
$conn.ConnectionContext.ConnectAsUserName = "username"
$conn.ConnectionContext.ConnectAsUserPassword ="password
$conn.Loginmode
$db = $conn.Databases.Item("dbname")
$ds = $db.ExecuteWithResults("select top 10 Name from Tablename")
Foreach ($t in $ds.Tables)
Foreach ($r in $t.Rows)
Foreach ($c in $t.Columns)
Write-Host $c.ColumnName "=" $r.Item($c)

That is OK when you want to manage the instance biut it wojn't work if the tools are not installed.
This works from anywhere all of the time and is simpler:
$datasource='MyServerInstance'
$database='NorthWind'
$connStr='Data Source={0}; Database={1}; Trusted_Connection=True;' -f '$datasource,$database
$conn=New-Object System.Data.SQlClient.SQlConnection($connStr)
$conn.Open()
$cmd=$conn.CreateCommand()
$cmd.CommandText='select * from products'
$rdr=$cmd.ExecuteReader()
0..($rdr.FieldCount-1) | %{$rdr.GetName($_)}
$conn.Close()
If you want credentials just add them.
$connStr='Data Source={0}; Database={1}; Trusted_Connection=True;UID={2};PWD={3};' -f $datasource,$database,uid,$pwd
¯\_(ツ)_/¯

Claims Authentication Error connecting to BCS - but we're using Windows Authentication

We currently have an External List with a SQL Server SProc as a source in a SharePoint 2010 site. It has been working great for months now. I need to make a change to the External Content Type - and I have made changes in the past - but now strange things
are happening.
I can't view the external content type (or any) in SPD. I can create a new Secure Store Service Target Application in SPCentralAdmin and everything seems fine, but I can't consume the application in SPD. I get an error that BCS has rejected the
request. This is new and curious; I'm a Farm Administrator.
Looking at the logs, I find I get a Claims Authentication error that my ID can't be found (the error is below). This is also new and is very, very curious as we're not using Claims authentication for any of our sites. They all use Windows authentication.
I am also getting recent reports from users who are repeatedly challenged for credentials and wonder if this is related.
In my research, I've found suggestions from starting the CWTS Service (I was dubious, I can start the service, and it doesn't resolve the problem) to setting Metadata Store Permissions in SPCentralAdmin (I was again dubious as I'm a farm administrator -
and I get the same error when I try to make this assignment!) So I'm at a loss.
Here is the error (the X'd out information was correct in the trace):
SPSecurityContext.WindowsIdentity: Could not retrieve a valid windows identity for NTName='XXXXX\XXXXXX', UPN='[email protected]'. UPN is required when Kerberos constrained delegation is used. Exception: System.ServiceModel.EndpointNotFoundException:
There was no endpoint listening at net.pipe://localhost/s4u/022694f3-9fbd-422b-b4b2-312e25dae2a2 that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.IO.PipeException:
The pipe endpoint 'net.pipe://localhost/s4u/022694f3-9fbd-422b-b4b2-312e25dae2a2' could not be found on your local machine. --- End of inner exception stack trace --- Server stack trace:
at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeNam...
We're not using Kerberos at all. We're using good, old-fashioned Windows Authentication. The only changes made to the platform recently have been updates. The error could, of course, be erroneous and I may be charging down the wrong path.
But although I find many links when I Bing the error, all the links pertain to sites using Claims authentication - even the Error Category in my log is "Claims Authentication" - but we're not using Claims Authentication...
Again, any help at all will be appreciated. Thanks!

Hi Kevin,
From the error message, we might be missing user permissions to the BCS Metadata Store. Please perform the steps below and test the issue again:
1. Open the SharePoint Central Administration website with either a Farm administrator account or an account that has been delegated permissions to administer the Business Data Connectivity Service Applications.
2. On the Quick Launch, click Application Management.
3. On the Application Management page, under Service Applications, click Manage service applications.
4. In the list of services, select the row of the Business Data Connectivity Service Application that you created in Create the Business Data Connectivity service application and then click Manage and then Set Metadata Store Permissions.
5. Enter the Farm Administrator account and any other delegate administrators if you have them and then click Add.
6. For each account or group that you added that is an administrator of the Business Data Connectivity Service Application, select the Edit, Execute, Selectable In Clients, and Set Permissions checkboxes.
7. Select the Propagate permissions to all BDC Models, External Systems and External Content Types in the BDC Metadata Store. Doing so will overwrite existing permissions checkbox.
8. Click OK.
Also, make sure your account is added as local administrator.
Regards,
Rebecca Tu
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]

How can I connect to oracel-10 using windows authentication?

Hi,
in Oracle 9 I could do this:
Put the windows user in the group ORA_DBA, then:
set ORACLE_SID=MySID
sqlplus /nolog
connect / as sysdba
With oracle 10 it always seems to ask for username and Password.
Is there a way around this?
Can I log in thru windows authentification somehow like this
set ORACLE_SID=MySID
sqlplus /nolog
connect as sysdba
without now being asked for username and password now?
How can I accomplish this?
I would not want to specify the password in an sql file; this would be much worse than being able to connect thru windows authentication.
Thank you for letting me know.
Sincerely
Andreas

Hi,
thank you all for answering first of all.
I thought that connecting with the slash as sysdba:
connect / as sysdba
was an old syntax of oracle9.
But you are right, obviously it is not.
However, oracle10 gives me now the message:
SQL> connect / as sysdba
ERROR:
ORA-01031: insufficient privileges
How come you don't get this message?
Are you using Oracle-9 or oracle-10?
I was logged on as user oracle; and this user is member of the administrators group and also the group ORA_DBA.
How come then that it still throws the insufficient privileges message?
Could you please let me know, what you do differently or what I forgot?
Regards
Andreas

Users using Windows Authentication unable to login after upgrade to SQL Server 2012 SP2 CU1

We upgraded from SQL Server 2008 R2 to SQL Server 2012 SP2 CU1. Upgrade was successful. Users that have SQL Server Management Studio 2012 can successfully log in via Windows Authentication, but users with an older version of SQL Server Management
Studio are unable to log in via Windows Authentication.
The error they receive is listed below:
Connect not connect to XXXXXXX
Login Failed. The login is from an untrusted domain and cannot be used with Windows Authentication.
(Microsoft SQL Server, Error: 18452)
If we switch to Mixed authentication, users can log in via SQL Server Authentication.
Our security policy prohibits SQL Authentication.
Outside of having the staff upgrade to SQL Server 2012 SQL Server Management Studio, is there any setting I can set/unset to allow older version of SQL Server Management studio to connect to SQL Server 2012?
Thanks.
DJ

Glad to see that you were able to resolve the issue yourself, but for the curious, could you explain what this
Extended Protection is?
Erland Sommarskog, SQL Server MVP, [email protected]

IOS 8 Safari not working with sites using Windows Authentication (again)

A testbed of iPhones and iPads were updated to iOS 8 today. When trying to access intranet sites in our company that use Windows (IIS) Authentication, it challenges for the login and password 2 or 3 times, then nothing - just hangs. These sites work fine on iOS 7 devices - and worked on the same devices that were upgraded.
Windows Authentication was broken in iOS 7.0 also and not fixed until a later update. Why does this keep getting broken?

This was a thread that discussed this when it was broken in iOS 7.0...
https://discussions.apple.com/thread/5327078?start=0&tstart=0
I just tested with Chrome on the iPhone upgraded to iOS 8 and it works fine. It is Safari that is broken again.
Of course, Apple won't give us a way to make Chrome the default browser when links are clicked in emails, so it's not exactly a solution.

Can I use Windows authentication with Firefox?

My company has a website that I need to login to on a daily basis. With IE I can set up Windows Authentication to have a "single sign-on" for this website and it automatically logs me in when I open the site. I do not see any options for authentication under the Tools menu. Using Firefox's password memory does not give the same functionality.

You can do it by adding the server host name to a list of trusted host names. Obviously you need to be very careful about not adding untrustworthy servers to the list. See this article for how: [http://support.mozilla.com/en-US/kb/Firefox%20asks%20for%20user%20name%20and%20password%20on%20internal%20sites Firefox asks for user name and password on internal sites | Troubleshooting | Firefox Help].

How to use windows authentication to MSSQL2008 from oim running in Linux

Hi All,
We have developed the code (in eclipse) in local windows machine to call sample stored procedures in MSSQL.The code works fine from client and are able to create, update users in MSSQL from windows.
We have OIM 11g R2 installed in Linux 6 on local VM. The question is while building the jar from the code and placing it in Java task directory of OIM, calling thr Code we need sql.dll file to implement the windows authentication(no user name & pwd) to connect to MSSQL, but this is not possible in Linux since the jar don't support.
Can any one please give suggestions on this to implement windows authentication from Linux through OIM server.
Edited by: 970422 on Nov 8, 2012 11:39 PM

I have no idea, but you might find it helpful to read Redhat's documentation concerning this subject:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-ldap.html

EP6.0 : Custom workset/Role dosen't work when using Windows authentication

Hi
We have implemented EP6.0 with Windows integrated logon with Active directory.
To create a custom "Transport' role, we copied ( not the delta link) the "Export" workset and put into the custom role. we assigned this role to one user.
When this user logon through the integrated login( without needed the user id/password) although the new menu is visible, the export workset dosen't work( page can not be found).
The same work set work when the user logs in with the userid/password combination.
Also the default SAP provided workset always work.
Thanks
Arunabha

Maybe try OSS #734462 - urlmaxsegmentlength issues.
Had similar problems - pages work w/ userid/password
(same pages don't work w/ NTLM authentication).

Windows Authentication by using HTMLDB and Active directorty (AD)

Is it possible to write an application by using HTMLDB to use windows authentication by using Active Directory (AD) ?
Thanks!

Hi Tanya,
The IS_MEMBER routine won't necessarily work with AD since it actually checks for the sort of user/group relationship that is stored in OID (AD can store the relationship in a different way).
To check group membership you will need to write your own code which checks the group and/or user to determine whether they are in a specific group or not. I believe there are already some examples of that code in this forum, if you search for 'group and ldap' you should be able to find some examples.
If not, then post back and I'll try and dig something out.

SQL Server connections using SSPI (Windows Authentication)

v1.1 now has the ability to connect to third party databases. I have found a small bug with connecting to SQL Server though. Here are the steps to reproduce -
1. Download the jTDS JDBC Driver driver
2. Extract jtds-1.2.jar from the zip file to sqldeveloper\jdbc\
3. Extract Sso\ntlmauth.dll from the zip file to C:\Windows\System32\
4. In SQL Developer, go to Tools > Preferences > Database > Third Party JDBC Drivers, and click Add Entry...
5. Select sqldeveloper\jdbc\jtds-1.2.jar
6. Click OK
7. Right click on the Connections node and select New Connection...
8. Set the following values -
* Connection Name: SERVER_NAME
* Username: LEAVE BLANK (to use Windows Authentication)
* Password: LEAVE BLANK (to use Windows Authentication)
* Save Password: TICKED
* SQLServer > Hostname: SERVER_NAME
9. Click Test. You get a "Success" message.
10. However when you click Connect, it refuses to let you continue without providing a Username/Password. It should allow blank username/password because I have explicitly ticked "Save Password", and a blank username/password combination indicates that I wish to use SSPI (Windows Authentication)

Windows authentication is not supported in this release.

Using the windows authentication

In my application , I would like use Windows authentication .Currently I am using basic authentication in which the application will get the user details from a file.The file will contains users password and access right(read write permissions). I would like to enhance it with windows authentication in which my application take the windows user and allows him to use the application. Is it possible? If possible , can I set some attributes(like for xxxx value is 1, yyyy value is 2 ) for windows users. Kindly help me if it is possible in Java.

Apart from transfer logins scripts Ashwin and Stan mentioned, I usually run following script in order to re-establish orphan users to establish if any SQL logins.
set nocount on
declare @username    sysname,
        @errcode     int
select @errcode = 0
select @username = min(name)
from sysusers (nolock)
where uid <> gid and
      name not in ('guest', 'sys', 'INFORMATION_SCHEMA') and
      suser_sname(sid) is null and
      issqlrole = 0
while @username is not null
begin
   if exists (select 1
              from master.dbo.syslogins (nolock)
              where name = @username)
   begin
      exec sp_change_users_login @Action = 'Update_One',
                                 @UserNamePattern = @username,
                                 @LoginName = @username
      select @errcode = @@error
      if @errcode = 0
         print 'The user ''' + @username + ''' was re-established in database!'
      else
         print 'Failed to re-establish user ''' + @username + ''' in database!'
   end
   else
   begin
      print 'The user ''' + @username + ''' does not have login ID. So, drop it from database!'
      exec sp_dropuser @username
   end
   select @username = min(name)
   from sysusers (nolock)
   where uid <> gid and
         name not in ('guest', 'sys', 'INFORMATION_SCHEMA') and
         suser_sname(sid) is null and
         issqlrole = 0 and
         name > @username
end
go

How can I use Windows IAS to validate WLC management users?

I am having a problem using my Windows IAS radius server to validate management users for my 2112 Wireless Lan Controller.
I have defined the radius server and it works ok with the policy for validating wireless clients but not for WLC management users.
The Remote access policy seems to be set up correctly as the event viewer on the server shows:-
Event Type: Information
Event Source: IAS
Event Category: None
Event ID: 1
Date: 09/02/2011
Time: 11:06:06
User: N/A
Computer: UK01DC07
Description:
User xxxxxx was granted access.
Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxx
NAS-IP-Address = 10.10.45.210
NAS-Identifier = UK03NM01
Client-Friendly-Name = UK03NM01
Client-IP-Address = 10.10.45.210
Calling-Station-Identifier = <not present>
NAS-Port-Type = <not present>
NAS-Port = <not present>
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = UK03NM01 - login
Authentication-Type = PAP
EAP-Type = <undetermined>
But, the WLC log shows:
*Feb 09 11:06:06.612: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed. User:xxxxxx. Service-Type is not present or it doesn't allow READ/WRITE permission..
The WLC just returns the login screen
Any thoughts?
Thanks in advance
Richard

Event viewer shows :
Event Type: Information
Event Source: IAS
Event Category: None
Event ID: 1
Date: 10/02/2011
Time: 08:49:39
User: N/A
Computer: UK01DC07
Description:
User xxxxxxxx was granted access.
Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx
NAS-IP-Address = 10.10.45.210
NAS-Identifier = UK03NM01
Client-Friendly-Name = UK03NM01
Client-IP-Address = 10.10.45.210
Calling-Station-Identifier =
NAS-Port-Type =
NAS-Port =
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Policy-Name = UK03NM01 - login
Authentication-Type = PAP
EAP-Type =
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....
and IAS log shows:
"UK01DC07","IAS",02/10/2011,08:49:39,1,"xxxxxxxx","TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,"UK03NM01","10.10.45.210",,0,"10.10.45.210","UK03NM01",,,,,,7,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"UK01DC07","IAS",02/10/2011,08:49:39,2,,"TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,,,,0,"10.10.45.210","UK03NM01",,,,,,2,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
It appears to me that IAS checks and passes the username/password as being valid but this response is ignored by the WLC
Richard

Cisco 3600 using windows authentication

Similar Messages

Maybe you are looking for