Configuring ISE to proxy Authentications based on email address

Similar Messages

• ISE Guest Authentication only with email address

  Hi,
  I want to know is there an option to use ONLY the email address as an authentication credential for Guest user authentication using Guest Protal and this should be done only with Self Registration not with Sponsored accounts.
  Appreciate if someone has done this and advise us how to achieve this.?
  thanks

  The exact scenario explained above is unachievable , however a little different from that can be achieved , see below
  New Features in Cisco ISE Version 1.2.0.899—Cumulative Patch 2
  Support for Guest Self-Registration Based on Email Domain Whitelist
  You can allow guests to create their own accounts by enabling the self-service feature by choosing: Administration  > Web Portal Management > Settings > Guest > Multi-Portal  Configurations > Operations > Guest users should be allowed to do  self service. When you enable this feature, the account credentials  display on the screen, and they are also emailed to the email address  used to create the account.
  You can restrict this feature by limiting guests' ability to create  their own accounts based on their email domain. By creating an email  domain whitelist, you can ensure that only guest users with email  accounts on those domains can create guest accounts.
  To prevent the account credentials from displaying on the screen, you  must create a custom portal when using an email domain whitelist. These  steps provide an overview:
  1. Create a custom portal, following these guidelines:
  –Add  a required email field and an acceptable use policy (AUP) page to the  Self-Registration html file. See the "Sample Code for Sponsor and Guest  Portal Customizations" appendix in the Cisco Identity Services Engine User Guide, Release 1.2 for a sample file.
  –Add  text to refer users to their email for their login credentials on the  Self-Registration Results html file. See the "Sample Code for Sponsor  and Guest Portal Customizations" appendix in the Cisco Identity Services Engine User Guide, Release 1.2 for a sample file.
  –Map the Login file to the Self-Registration page. See the "Mapping HTML Files to Guest Portal Pages" section in the Cisco Identity Services Engine User Guide, Release 1.2 for detailed instructions.
  2. Configure the SMTP server to support notifications (Administration > System > Settings > SMTP Server).
  3. Specify  the default e-mail address from which to send all guest notifications.  (Administration > System > Settings > SMTP Server and choose Use Default email address).
  4. Create the email domain whitelist. See the "Restricting Self-Registration Based on Email Domain" section.
  5. Customize the self-registration credentials email message. See the "Customizing the Self-Registration Credentials Email" section.
  6. Customize the self-registration failure message. See the "Customizing the Self-Registration Failure Message" section

• Query Builder not locating emails based on email address, only the display name will work.

  I am trying to set up some search folders for Outlook 2010 for emails either to or from a specific domain name.  I am using the Query Builder to set up the logic for the search criteria.  
  Here's an example of what I am trying to do.
  I have three people from a specific company that I want all emails I either send them or they send me to go to.  Their email address are as follows:
  Jane Doe <[email protected]>
  John Doe <[email protected]>
  Mary Smith <[email protected]>
  Here is the issue I am having.  When I set up the criteria for the search folder, entering From --> Contains --> [email protected] (or any of the other addresses mentioned above) will return no results.  Entering From ---> Contains
  --> companyxyz.com will yield no results.  Only entering From ---> Contains --> Jane Doe will yield any results. 
  If I use the From field in the standard Messages Tab of the Search Folder Criteria window then just entering companyxyz.com will give me all the messages.  The problem that I have is that I cannot set up any OR conditionals with this standard field
  which is why I am using the Query Builder.
  My question is why doesn't the actual email address work for a search criteria in Query Builder and how can I set up a criteria for a domain name (@companyxyz.com) so that I can see all communication with a particular company?

  Hi,
  This is the expected behavior of Outlook.
  The Search Folder Criteria dialog has two From fields. One From field is under Messages tab and another From field is under the Advanced (or Query Builder) tab. The From field under Message tab uses email address while
  the From field under Advanced or Query Builder tabs uses the display name. So, when we want to use Query Builder to create a Search folder that filters by email address, the Query Builder ignores the email address and uses the display name instead.
  Regards,
  Steve Fan
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Route mail based on email address (full address, not just host or domain)

  I'm trying to test sending all mail outbound from IMS 5.2 to our email gateway that will scan the messages. I would like to first test with just one IMS email address to make sure it works. So, how would I configure IMS so that outbound mail from [email protected] is sent to a tcp_firewall channel, but all other mail from @mydomain.com is handled normally. Also, which files and configuration commands do I need to look at so that custom tcp_firewall channel works. Thanks!

  Not shure why you want to route one user's mail. That's much more difficult that making the one, easy, change to route all your mails through the gateway.
  Locate your imta.cnf file. Open it with a text editor.
  Scroll down to the Channel Definitions section, and locate your "tcp_local" channel.
  There should be three lines, starting with
  !tcp_local
  a bunch of stuff
  tcp_daemon
  add to the end of the second line:
  daemon <the fully qualified name of your gateway>
  like:
  daemon some.machine.at.your.domain
  save the file
  run:
  imsimta cnbuild
  imsimta restart job_controller
  and now, all mail going out the tcp_local channel will be routed thorugh the gateway.

• Search based on email address

  Oracle 10.2.0.4:
  We have an indexed column "email_address" in one of the tables. So far we have been performing backend validation on the "email_address" column that doesn't impact the front end customer response times. Now we have a requirement to do some validation on email_address on a synchronuous front end request from customers for eg: Allow only 5 request per email address. My question is normal index sufficient for "text" based search such as email_Address or is there any other better way of performing such kinds of search? I just want to make sure that this email_address search doesn't become point of contention even though it's indexed.

  Assuming that you are always looking for the exact email address that is stored in the table, a standard b*-tree index should be fine. If you start wanting to look for components of email addresses (i.e. show me all oracle.com addresses) or show me all email addresses with "jcave" in them or show me all addresses that have more than three characters in the top-level domain (i.e. [email protected] rather than bar.com), you may want to look into using Oracle Text to index the field. If you want to apply functions to the email address before searching (i.e. doing an UPPER(email_address) before searching to do a case-insensitive comparison), you may want to look into using a function-based index.
  Justin

• I am trying to configure iMessage and I get the infamous "email address already in use".

  I use this emaill address as my Apple ID.  I am able to use iMessage for my AOL email address but I hardly ever use that email and want to use my GMail acct.  I am ready to throw this iPod in the garbage and start using a Droid device.  I certainly won't be buying an iPad with issues like this.  I love my MacBook Pro and I am trying to embrace the Apple World.  Just the whole Apple ID password security is giving me fits.  Who the heck wants to have to have such unique passwords?

  Try:
  iOS: FaceTime is 'Unable to verify email because it is in use'
  https://discussions.apple.com/message/18264361#18264361
  https://discussions.apple.com/message/18502891#18502891
  https://discussions.apple.com/message/16513824#16513824
  https://discussions.apple.com/message/16503340#16503340

• How to extract email address from Outlook friendly name cache

  Hi guys,
  A while ago, somebody wrote a little VBA utility to help us to log CRM events. Whenever a user sends an email to a customer, it logs the fact in our CRM database. This is the programmatic process:
  1. Grab the email address from ActiveInspector.CurrentItem.To
  2. If it's a valid email address, all well and good. Proceed to Step 8.
  3. If not a valid email address (it must be a friendly name, perhaps located in Exchange), look for the address in:
  ActiveInspector.CurrentItem.Recipients.Item(1).AddressEntry.GetExchangeUser.PrimarySmtpAddress
  4. If it's a valid email address, all well and good. Proceed to Step 8.
  5. If not a valid email address (it must be in the user's Contact list), look for the address in:
  ActiveInspector.CurrentItem.Recipients.Item(1).AddressEntry.GetContact.Email1Address
  6. If it's a valid email address, all well and good. Proceed to Step 8.
  7. If not a valid email address, then crash!!!         <<------------------------------------------------- Here's where I'm stuck!
  8. Get the CustomerID from the CRM, based on email address.
  9. Do a bunch of other stuff (for example, send the email, and log the event in the CRM).
  I'm a former Access MVP, and am highly experienced with VBA, but my forte is clearly not Outlook. What I'd like to do is find the email address by looking in the local cache, and make sure I get the actual email address rather than the friendly name.
  I'm not sure if 'local cache' is the right word; I know Outlook stores frequently used email address in some sort of cache, even if the user has not explicitly stored it as a Contact. I just don't know how to find it. Can anyone point me in the right
  direction, maybe with a method name?
  Also, while mucking about with it, I found the following. Would it be useful in this scenario?
  ActiveInspector.CurrentItem.Recipients.Item(1).AddressEntry.GetExchangeDistributionList
  Many thanks,
  Graham R Seach
  Regards, Graham R Seach Sydney, Australia

  Hi Graham,
  This might help you to figure things out a bit.
  The contact cache you are looking for is called the nickname cache, also known as the "autocomplete stream."
  The nickname files (.nk2) used by older versions of Outlook (2007 and below).
  Outlook 2010 and 2013 does not use the NK2 file; it stores the autocomplete cache in the mailbox or data file and caches the addresses in an autocomplete stream at C:\Users\username\AppData\Local\Microsoft\Outlook\RoamCache. The cache is stored in a file
  named Stream_Autocomplete_0_[long GUID].dat.
  For applications that interact with Outlook 2010 or Outlook 2013, the autocomplete stream is stored as a MAPI property and can be modified using the MAPI or the
  PropertyAccessor object of the message. The PropertyAccessor object is exposed in the Outlook 2010 or Outlook 2013 object models.
  Outlook 2010 or Outlook 2013 reads the autocomplete stream from a message in the Associated Contents table of the Inbox of the mail account’s delivery store. This hidden message has a message class and subject of IPM.Configuration.Autocomplete. The autocomplete
  stream is stored on this message in the PR_ROAMING_BINARYSTREAM property (PidTagRoamingBinary Canonical Property).
  References:
  How to import .nk2 files into Outlook 2013
  Some Application which can read the Nickname Cache
  Interacting with the Autocomplete Stream
  Autocomplete Stream
  https://msdn.microsoft.com/en-us/library/office/ff625291.aspx
  Regards,
  Satyajit
  Please “Vote As Helpful”
  if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• EPrint Portal Feature Request - Discarded Messages Email Address

  When a user has the ePrint Center site configured to only allow printing from allowed email addresses, the site displays emails that have been discarded because they are not on the approved sender list. 
  Feature Request:
  Please consider changing the listing of discarded messages to include the sender's email address in addition to the subject you already show.  Even better, have an option to click on the email address to add it to the approved senders list. 
  While one might wonder how you wouldn't know the sender's address, in my case, my wife would send recipes from a recipe site and they would be blocked.  To get around this (other than turning off the address list feature), we can send them first to our own email address to find the sending email but what I mentioned would simplify things.  Users' technology patience can vary and while I am quite patient for the sake of technology and gadgetry my wife is less patient which, in this case, led to her abandoning the feature.

  Good news.
  To the top right is a link that says View Job History.
  Click on this link and it will show the e-mail address.
  I confirmed this by logging into my eprintcenter.com account, changing to allowed senders only and then sent an e-mail from a blocked e-mail address.
  The short summary did not show the e-mail address, but the full history did show the specific e-mail address.
  You can then copy and paste this e-mail address into your list.
  Additionally, changing from allowed to everyone and then back will re-add all recent e-mail addresses that successfully printed though it won't add anything that hasn't recently printed.
  ↙-----------How do I give Kudos?| How do I mark a post as Solved? ----------------↓

• I've got 2 email addresses but sent items from the 2nd one arrive at the recipient from the 1st address.

  Both SMTP servers are loaded but both seem to use default when sending mail.

  What do you have for the Outlook server under Tools/Account Settings/Outgoing Server (SMTP), select the Outlook server in the right pane? [https://support.office.microsoft.com/en-ca/article/Settings-for-POP-and-IMAP-access-for-Office-365-for-business-or-Microsoft-Exchange-accounts-7fc677eb-2491-4cbc-8153-8e7113525f6c?CorrelationId=942b5865-6b6b-47b4-aae4-c6add2524a51&ui=en-US&rs=en-CA&ad=CA You should have] smtp.outlook365.com on port 587, STARTTLS security, normal password authentication, and full email address for User name.

• SAML-based claims authentication in SharePoint: how to show Display Name instead of email address?

  Hello,
  I followed the following step by step guide for SAML-based claims authentication with ADFS:
  http://technet.microsoft.com/en-us/library/hh305235.aspx
  The authentication works well; however, Sharepoint shows the users’ email everywhere including at the top right suite-bar. I rather to see users’ display name instead of email. Is there any way to have SharePoint shows user’s display name instead of email
  address when the primary SAML claim is email address?
  Thank you,

  You need to be able to import the identity store into the UPA. See http://sharepointobservations.wordpress.com/2013/08/06/sharepoint-2013-configure-user-profile-service-for-adfs-provider/ for
  a good step-by-step on how this is configured.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Cisco ISE - radius proxy

  Hi,
  Is the following possible:
  - let the ISE do the authentication and then proxy to another radius server which does the authorization.
  At the moment we have a freeradius server that does the following:
  1) authenticates 802.1x requests (eap-tls)
  2) during authorization the server checks an external database that determines the vlan that should be returned (in radius attribute) based on originating switch and/or mac address.
  I am checking if I can migrate to ISE but then the above would have to work.
  For MAB I can easily do authentication/authorization on freeradius so I will proxy MAB requests to there.
  regards
  Thomas

  ISE acts as a RADIUS proxy server by proxying the requests from a network access  device (NAD) to a RADIUS server. The RADIUS server processes the request and  returns the result to Cisco ISE. Cisco ISE then sends the response to the  NAD
  FYI
  you can use the RADIUS server sequences to proxy the requests to a  RADIUS server.
  The RADIUS server sequence strips the domain name from the  RADIUS-Username attribute for RADIUS authentications. This domain stripping is  not applicable for EAP authentications, which use the EAP-Identity attribute.  The RADIUS proxy server obtains the username from the RADIUS-Username attribute  and strips it from the character that you specify when you configure the RADIUS  server sequence. For EAP authentications, the RADIUS proxy server obtains the  username from the EAP-Identity attribute. EAP authentications that use the  RADIUS server sequence will succeed only if the EAP-Identity and RADIUS-Username  values are the same.

• Oracle Proxy Authentication and WLS 8.1/CMP

  Hey folks,
  Is there any way to configure WLS 8.1 to automatically set the Oracle CLIENT_IDENTIFIER
  variable or use Oracle Proxy Authentication on JDBC connections? I'm interested
  in using Oracle auditing with my CMP entity beans, but would like to capture the
  app tier user identity, instead of the data source pool user.
  Thanks.

  "Brent Smith" <[email protected]> wrote in message
  news:3fa15807$[email protected]..
  >
  Hey folks,
  Is there any way to configure WLS 8.1 to automatically set the OracleCLIENT_IDENTIFIER
  variable or use Oracle Proxy Authentication on JDBC connections? I'minterested
  in using Oracle auditing with my CMP entity beans, but would like tocapture the
  app tier user identity, instead of the data source pool user.
  I would ask in the weblogic.developer.interest.jdbc newsgroup.

• ASA - cut through proxy authentication for RDP?

  I know how to set this up on a router (dynamic access-list - lock and key)... But, I'm having trouble understanding how to setup OUTSIDE to INSIDE cut through proxy authentication for RDP.
  OUTSIDE to INSIDE RDP is currently working.
  I have 2 servers I want RDP open for..
  [*]OUTSIDE 1.1.1.1 to INSIDE 10.10.70.100
  [*]OUTSIDE 1.1.1.2 to INSIDE 10.10.50.200
  What's required for OUTSIDE users  to authenticate on the ASA before allowing port 3389 opens? I was hoping for is a way to SSH into this ASA, login with a special user, then have the ASA add a dynamic ACE on the OUTSISE interface to open 3389 for a designated time limit. Is this possible?
  Here is my current config.
  [code]
  ASA Version 8.2(5)
  hostname ASA5505
  names
  name 10.10.0.0 LANTraffic
  name 10.10.30.0 SALES
  name 10.10.40.0 FoodServices
  name 10.10.99.0 Management
  name 10.10.20.0 Office
  name 10.10.80.0 Printshop
  name 10.10.60.0 Regional
  name 10.10.70.0 Servers
  name 10.10.50.0 ShoreTel
  name 10.10.100.0 Surveillance
  name 10.10.90.0 Wireless
  interface Ethernet0/0
  description TO INTERNET
  switchport access vlan 11
  interface Ethernet0/1
  description TO INSIDE 3560X
  switchport access vlan 10
  interface Ethernet0/2
  shutdown
  interface Ethernet0/3
  shutdown
  interface Ethernet0/4
  shutdown
  interface Ethernet0/5
  shutdown
  interface Ethernet0/6
  shutdown
  interface Ethernet0/7
  shutdown
  interface Vlan1
  no nameif
  security-level 50
  no ip address
  interface Vlan10
  description Cisco 3560x
  nameif INSIDE
  security-level 100
  ip address 10.10.1.1 255.255.255.252
  interface Vlan11
  description Internet Interface
  nameif OUTSIDE
  security-level 0
  ip address 1.1.1.1 255.255.255.224
  ftp mode passive
  clock timezone PST -8
  clock summer-time PDT recurring
  dns domain-lookup OUTSIDE
  dns server-group DefaultDNS
  name-server 8.8.8.8
  name-server 4.2.2.2
  domain-name test.local
  access-list RDP-INBOUND extended permit tcp any host 1.1.1.1 eq 3389
  access-list RDP-INBOUND extended permit tcp any host 1.1.1.2 eq 3389
  pager lines 24
  logging enable
  logging timestamp
  logging trap warnings
  logging device-id hostname
  logging host INSIDE 10.10.70.100
  mtu INSIDE 1500
  mtu OUTSIDE 1500
  ip verify reverse-path interface OUTSIDE
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-645.bin
  no asdm history enable
  arp timeout 14400
  global (OUTSIDE) 1 interface
  nat (INSIDE) 1 LANTraffic 255.255.0.0
  static (INSIDE,OUTSIDE) tcp interface 3389 10.10.70.100 3389 netmask 255.255.255.255
  static (INSIDE,OUTSIDE) tcp 1.1.1.2 3389 10.10.50.200 3389 netmask 255.255.255.255
  access-group RDP-INBOUND in interface OUTSIDE
  route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
  route INSIDE LANTraffic 255.255.0.0 10.10.1.2 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication ssh console LOCAL
  aaa authentication http console LOCAL
  http server enable
  http Management 255.255.255.0 INSIDE
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet timeout 5
  ssh 10.10.70.100 255.255.255.255 INSIDE
  ssh Management 255.255.255.0 INSIDE
  ssh 0.0.0.0 0.0.0.0 OUTSIDE
  ssh timeout 5
  ssh version 2
  console timeout 0
  threat-detection basic-threat
  threat-detection scanning-threat shun
  threat-detection statistics access-list
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  webvpn
  username scott password CNjeKgq88PLZXETE encrypted privilege 15
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:1e9d278ce656f22829809f4c46b04a07
  : end
  [/code]

  You're running ASA 8.2(5). In 8.4(2) Cisco added support for what they call Identity Firewall rules. That is, you can make access-lists entries specific to users (or object groups containing users).
  There's an overview document on this posted here. It's a bit dated but I believe the only change is that Cisco is now preferring use of the more current Context Directory Agent (CDA) - a free VM they provide - vs. the deprecated AD agent (software service that runs on your DC).

• OSB Proxy Service not Polling Email

  Hi Guys,
  I am facing a strange problem in OSB.I have created a OSB Proxy which polls for new emails and based on some logic write attachments to shared file location.
  Everything is working fine.But after sometime when there is no new mail in the mailbox, and after say 3 to 4 hrs new mail comes,my proxy service doesn't poll those mails.
  But when I disable and then enable the proxy Service again ,it starts polling again.Its happening consistently now.Cant understand what the issue is why it stops polling mailbox after sometime and start polling again after disabling and enabling PS.
  Plesae help.

  Maybe you run into an MS Exchange server bug (for MS Exchange 2007 and 2010). See http://www.oracle.com/technetwork/java/faq-135477.html :
  Q: I'm having trouble logging into my Microsoft Exchange server, even though I'm sure I'm using the correct username and password, what could I be doing wrong?
  A: When logging in to Exchange you need to use a username that's more than your simple login name. For example, if your email address is "[email protected]", your Windows NT login name is "juser", your NT domain name is "dom", and your Exchange mailbox name is "Joe User", then you would need to use a username of "dom\juser\J.User" when logging in using JavaMail.
  Note also that there's a bug in Exchange 2007. The Exchange server advertises that it supports AUTH=PLAIN, even though this Exchange documentation claims that it's not supported. This causes JavaMail to choose PLAIN authentication, which will always fail. To work around this Exchange bug, set the session property "mail.imap.auth.plain.disable" to "true". (Change "imap" to "imaps" if you're using the "imaps" protocol.)
  We have this problem. No idea how to set these properties in OSB. Maxbe to write our own transport provider...
  Regards, Horst

• Proxy Authentication Support

  All,
  Just figured I'd share this workaround.
  We've been trying to use 10.1.0.4's proxy authentication functionality with our ISA Proxy servers and it just doesn't work with ISA servers due to well...Microsoft's inability to conform to industry standards... :-/
  Anyway, Came up with create and stable workaround. We stood up a copy of this:
  http://ntlmaps.sourceforge.net/
  Which is basically a NTLM Authentication - Proxy Forwarder. Extremely simple Python based daemon.
  Figured this might save you some trouble if you're company forces NTLM Proxy based auth to get to the net and you're wondering how to hook OEM up to Metalink.

  Actually, there's quite a bit more to it than that.
  proxyHost= IP address of the proxy server
  proxyPort= port number of the proxy server
  proxyUser= User name for proxy server authorization
  proxyPwd= password for proxy server authorization
  proxyRealm= proxy server realm
  proxyPropsEncrypted= flag indicating whether proxyUser and proxyPwd are encrypted values.
  However, when configuring for proxy auth by specifying the realm user and pwd for the authentication user, it doesn't work with an Microsoft ISA Proxy despite the fact that both the ISA Proxy is configured for basic auth support and httpclient.jar supports basic auth as well.
  It has "issues" in the negotiation phase. The issue's being worked with Oracle Development. Hence, the reason for my original post. Those who run into the problem will appreciate finding a solution in the search engine. :)