Configuring user login on spa504g

Hello, I am editing spa504 configuration files for adding a user level logins. We want to password protect the user level GUI. However, when doing so, the softkey functions on the phone are locked and require passwords to use. Is there a way to password protect the GUI without changing the softkey functionality?
There are three command strings for web access:
<Enable_Web_Admin_Access ua="na">Yes</Enable_Web_Admin_Access>
<Admin_Passwd ua="na">xxxxx</Admin_Passwd>
<User_Password ua="rw">yyyyy</User_Password>
Creating password xxxxx works to protect access for the advanced settings in the GUI. Creating password yyyyy works to protect access for the basic settings. However, the undesired locking softkey effect takes place. Are there other settings that might help?

Hi Dan,
Thanks for your reply. Why isn't this seen as a problem? If the user level GUI isn't password protected, the phones are subject to malicious activity. If administrators add passwords, the level of complexity for users becomes a big negative. The best available option is to disable the GUI altogether, which becomes a big pain for customer support personnel when troubleshooting problems. Does this have visibility with Cisco engineers?

Similar Messages

How to configure Email notification for User login's in Exchange Infrastructure?

How to configure Email notification for User login's in Client Machines?

Hi ,
Based on the description , you need to assign logon scripts to the end users via group policy and also use your exchange server as the smtp server in that logon script to relay emails to the internal recipients.
Thanks & Regards S.Nithyanandham

Dynamically configure different DNS server based on user login.

I've got two young sons and I'm looking to reconfigure the 'Family' desktop to give the older son his own user account.
I've only recently started with Arch on my personal netbook so the family desktop is still running Ubuntu. That will likely change next clean install though.
I'd like to set the DNS to OpenDNS 'family shield' for his usage but allow full access via a different DNS server such as google DNS (for example) for parental use without filtering.
I'd like this to switch auto magically based on the user login credentials if possible.
I understand the limitations of DNS filtering but my oldest son has never even heard of DNS much less being able to figure out how to circumvent it yet. I'll deal with that in several years when it becomes an issue...
Can anyone point me in the right direction?

bergersau wrote:Thanks,
It looks like I might have to set up a squid proxy with Dan's Guardian. I was hoping for a simpler solution though.
Dan's Guardian is going to be a whole lot simpler than hacking the system resolver to use different servers for different users.
You MIGHT be able to hack something with iptables, the NAT table and a DNAT in conjunction with the 'owner' module... Something like:
Set your "unrestricted" DNS server in /etc/resolv.conf and a rule like below...
I'll assume you set the Google servers; 8.8.8.8 and 8.8.4.4 and your son's usernames are 'brad' and 'tony'
iptables -t nat -A POSTROUTING -d 8.8.8.8 -m owner --uid-owner brad -j dnat --to 208.67.222.222
iptables -t nat -A POSTROUTING -d 8.8.4.4 -m owner --uid-owner brad -j dnat --to 208.67.220.220
iptables -t nat -A POSTROUTING -d 8.8.8.8 -m owner --uid-owner tony -j dnat --to 208.67.222.222
iptables -t nat -A POSTROUTING -d 8.8.4.4 -m owner --uid-owner tony -j dnat --to 208.67.220.220
Untested and I don't guarantee that will work. You could tidy it up and bit using subchains etc, but I'll leave that as an exercise for the reader.... And I'd still recommend a filtering proxy over the above....

Using Session Variables for User Login - sometimes they don't persist... what am I doing wrong?

Hi all,
I'm running a site that requires user login. I approached the building of this site as almost a complete newb to CF (and dynamic coding in general), and it's been a great learing experience (with lots of help from you guys).
However, I guess I never learned the correct way to handle a user login. It seemed to me that I could just test the user-entered credentials against those stored in a database, then set a session variable containg that user's record number. Then, not only would I have an easy way of knowing who this user was and therefore what info to serve him, but I could test for the existence of a valid login on every page in the protected folder, by adding this code to my application.cfc in that folder:
<cfset This.Sessionmanagement=true>
<cfset This.Sessiontimeout="#createtimespan(0,8,0,0)#">
   <cfif NOT isDefined ("session.username") or NOT isDefined ("session.password") or NOT isDefined ("session.storeID")>
     <cflocation url="../index.cfm" addtoken="no">
   </cfif>
...and it goes on to run a query and verify that the session.username and session.password match for the store defined by session.storeID. If not, all session variables are cleared and it bounces you back to the login page. When the user clicks Logout, all I do is delete all the session variables.
This seemed to work great for like a year, but lately I've been getting reports that the login doesn't seem to persist for longer than approx. 20 minutes of inactivity. You can see I specified session variables to remain active for 8 hours (I know that seems like a drastically long login, but it's what's necessary for this application). I've only gotten this report from a few people, and I myself can't seem to duplicate it... I've tested an inactive login for 45 minutes now and it held.
SO: any reason you can think of why session variables would be spontaneously clearing for some people? Would having your router reset its IP address invalidate the session or something? Also, the problem seemed to begin appearing after my host upgraded all their servers to CF9... could there be any relation?
And on a more general note... did I go about this completely the wrong way to begin with? If so, what's the standard way to manage a login?
Lots of questions, I know... thanks very much for any answers or suggestions!
Joe

Ian,
Thanks very much - very helpful information.
Sounds like passing the tokens in every request is probably the way to go for this. I don't think it's likely that any users will be sharing links, unless they actually intend for the recipient to see their info anyway.
Is that all I would have to do, is add the tokens to every path? Would that guarantee that all the session variables would remain valid until timeout or being cleared?
Again, thanks, you've been really helpful.
Joe
On Jun 23, 2010 4:37 PM, Ian Skinner <[email protected]> wrote:
Unfortunately this is the nature of HTTP web applications. There is NO state maintained from HTTP request to request. This is by design in the HTTP protocol specifications.
ColdFusion provides two methods to circumvent this limitation. Each method has limitations and caveats. They both rely on the passing of tokens between the client and the server with every request. These tokens can be passed as cookies OR URL (GET) variables. You are using the cookie method, which is the simpler and most common. You may be experiencing the limitation of this method. If something happens to the cookies the session can be lost.
You could pass the (CFID & CFTOKEN) OR JESSIONID tokens through the URL query string with every request. This requires one to add these values to every link, form action, cflocation or other request path in our application. ColdFusion provides the session.urltoken variable to make this easier to do. The tokens will be visible to the user. Also if the links with an individual token is share with other users, via e-mail, chat, social networks, etc and one of these users utilize the link during the life of a session (8 hours apparently in your case). Then that user will access the session of the original user.
Cookie session management is by far the most common choice by CF developers. If these methods do not meet your needs you would need to go beyond the HTTP limitations of web applications. One might be able to accomplish this with a Flex|Air|Flash applications that can be configured to use a continuous connection to the server. Thus not suffer the stateless nature of the normal HTTP request-response cycle.
I do not know if a router resetting would cause cookies to be discarded or otherwise invalidated. But I would not think it is beyond the relm of possibilities.

How to get an alert when user login with "DDIC" in any of the systems?

Hi all,
Can it be possible when ever the user login with DDIC user in any of the satellite system,can we we get an alert -as DDIC login attempt in any system?
Is this possiblem in CCMS or BPM or...?
Regards,
Neni

Hi Srikrishna,
Link which you have give is good.But when i login with DDIC i am not geting alerts and i am not able to add any satllites system to
under Security node
My configuration:
Miximum values for list                               1 min
When should an alert be triggered?
From value                   Red               Severity      2
Max. number of alerts for each message ID             50
Max. number of lines to be saved                      50
SM19
Client     *                                                     Events
User       DDIC selected -Dailog logon         Alll
                                       systmem
Please help me.
Regards,
Swaroop

802.1X wirelss restriction on User Login policies

Hi all,
Seeking some technical idea on Wireless 802.1x setup.
Business requirement is:
"User login policy: to limit the number of concurrent login by a single user only apply to one device at any given time. "
There is no problem on PEAP/MSCHAPv2 login, only thing is the same user credential able to be use and login on multiple device, in the same time.
On the NAD part, we configure these on WLC but still cannot achieve our objective
- advanced eap max-login-ignore-identity-response disable
- netuser maxuserLogin 1
Seeking technical solution on this case, please advice. Is there anything need to tweak on the directory server or ACS part?
The components using as below:
Supplicant 1: Window 7, authentication method using PEAP/MSCHAPv2
Supplicant 2: iPhone iOS version 6.x
Authenticator: Cisco Wireless Controller 5800 Series on code version 7.2
Authentication server: Cisco secure server ACS 5.3.0.40
Identity Source : Microsoft server 2008 R2 ADDS, single forest single domain.
attached the network diagram: topo1.png

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112175-acs51-peap-deployment-00.html

GRC AC 10.1 - End User Login - Request issue

Hi experts!
Im working in GRC AC 10.1 SP07. I have configured END USER LOGIN services; the idea is that end user from ECC system could submit request without having user in GRC box, this is working fine but i´m experimenting next problem.
When i go to search request, those request submited by end user appears like created by Z_END_USER, this is the user in GRC that i have configured in services GRAC_UIBB_END_USER_LOGIN and GRAC_OIF_REQUEST_SUBMISSION_EU.
¿Is possible to configure that request appears "Created By" the requester and not the service´s user? I don´t think so, but if not, ¿is there any way to add the column User ID in Result screen? because it is avaible in parameters search but im not being able to add this in result screen (it´s not like hidden neither).
Parameters "Created by user ID" would be service´s user and "User ID" would be the requester.
Thanks!
Emiliano

Hi Emiliano,
Your understanding is correct, request created by UserID will always show GUEST UserID configured in the End User Logon service.
In search requests there is option to search requests by UserID but the same field has not been enabled to be available in Search Request result screen. This is as per standard functionality. You can check with SAP or can work with ABAPer to make the UserID column as display field in Search Request results.
Regards,
Madhu.

Anonymous User Login

Hi All,
I have an issue with 'Forgot Password' button in the end user login. When a Forgot Password button is clicked, a Question Login workflow will trigger (I think I am right?) .Now I would like to customize the 'Question Login' workflow as per my requirements, but unfortunately I am not, I modified the system configuration object, but still with no luck I am not able to customize that workflow.
So I thought of using anonymous login page and I can launch my own workflow as per my requirements. I have registered my workflow at 'anonymous end user tasks'. and I try to launch the anonymous login page using the url 'http://localhost:8080/idm/user/anonlogin.jsp'. I am getting the following errors.
An unrecoverable error has occurred processing the request. Contact your system administrator.
Syslog ID = LG-1111-024933.
Only the Reset Administrator may access this view.
I don't know, where I am doing wrong. For the first time I am trying to use anonymous login page.
Did anybody faced similar problems?
Can anybody please post some points, like what is the procedure to use a Anonymous login page?
Thanks in advance

Well, first, I visited Configure > User Interface, and enabled Anonymous Enrollment.
Next, I went to user/login.jsp, and saw "Request Account". I clicked on it, and up popped the user/anonEnrollment.jsp page. (I was looking at using this for one of our requirements; turned out I didn't need it, and did something else).
Anyway, a quick check with Live HTTP Headers for Firefox shows that the post was directly to anonEnrollment.jsp; anonEnrollment.jsp has this at the top:
String anonUser = LoginHelper.getAnonymousUser(session);
if (anonUser == null) {
    String url = "user/login.jsp";
    LoginHelper.redirect(req, out, url);
    return;
}Not a huge amount of help. However, it does establish that there is an "getAnonymousUser" method, which is documented to return "the currently registered anonymous user name if any". And reading the Workflows, Forms, and Views manual, it states that the anonymous main page is for "... when a user who does not have a Identity Manager account logs in, an Identity Manager user object is created ...". Basically, if you're using pass through auth, and have a source system that will let a user authenticate, they can then set themselves up.
So, I visited "anonmain.jsp" after clearing all cookies, and up popped "anonlogin.jsp", with a login box. I entered "anonymous", and lo!, I was logged in, and saw the anonymous user menu. In other words, I was "provisionally" logged in with an account that doesn't really exist (anonymous).
However, I had to provide that extra bit of information, namely, my "fake" user name of "anonymous". I don't know how you'd do that without JSP customization.
Basically, "anonymous" means "has a username, but we don't have an account", rather than "truely anonymous" as near as I can tell. The system will do it for you in the case of "Request Account" (the generated login page has some Javascript code to redirect to anonEnrollment.jsp), but it doesn't seem to be an exposed API.
You might get somewhere with customizing the "Request Account" string in the messages catalogue, and then customizing the anonymous enrollment workflow.

End User Login Message

Hi Folks,
Our production IDM setup has 3 IDM instances sharing the same repository. The IDM End user is used for setting passwords in IDM and LDAP.
Recently, couple of users have reported this error while trying to log in into IDM end user login page.
"Your password has expired for account xxxxxx. Please change it now.
Item User:xxxxxx was not found in the repository, it may have been deleted in another session."
I had seen an earlier posting on this but there were no answers. Does any have a clue why this happens?
Any lead will be greatly appreciated.
Thanks in advance!
Suvesh

Hi shivjansi,
This is normal behavior for the service desk. It gives end-users a limited UI compared to the ticket processors. Unfortunately the features of the limited UI are hardcoded so you cannot configure the UI so that end-users get two tabs while a ticket processor gets all six tabs. This may change in SolMan 7.1, let's hope so
SolMan determines if a user is an end-user by checking the auth object
CRM_TXT_ID
Activity <ACTVT>: 02
Text ID <TEXTID>: SU15
If the auth check for this auth object fails, then the user is considered to be an end-user and they get the limited UI.
Good luck!
Jon

How to determine Organizational Data based on User Login

Dear all,
How to determine organizational data based on user login in Activity transaction, currently org determination is happening after entering customer number in the transaction.
We have used 'Responsibility' determination rule for this configuration. Now the requirement is to determine org data based on user login.
In Org model we have assigned user to org data through a business partner. But still org data is not getting determined in the transaction.
Please help me to trace out the problem.. your suggestions will be highly appreciated.
Best regards
Raghu ram

You just have to use other organization determination rule. In your case this would be rule 10000194 (ORGMAN_12). This determination rule delivers the responsible organizational unit of the user
User is defined as a business partner in the container attribute 'PARTNER'. If not, the system user (sy-uname) is used.
So you have to do the following:
- use this determination rule
- in BP link username with employee
- assign in PPOMA_CRM employee or user to organizational unit
This should solve your problem.

User login records on Hyperion Financial Reporting

Hi all,
We understand we can turn on audit to capture the user login (authentication) in Hyperion Planning. Can we have the same option/feature for Financial Reporting to turn on audit so that we know that which reports in one day was generated by end users?

jts wrote:
I think so..take a look at what I found below on page 301 of the financial reporting user guide under the administrative tasks section, report server tasks subsection:
Log File Output Management
Financial Reporting uses the log4j logging mechanism to manage log file output. Logging
settings can be configured and are set in the fr_repserver.properties file for each Financial
Reporting server component.
This code is an example of Financial Reporting Server default settings in the
fr_repserver.properties file. Settings you might modify are shown in bold text.
# log4j.rootLogger=ERROR,dest1
# log4j.appender.dest1=org.apache.log4j.RollingFileAppender
# log4j.appender.dest1.ImmediateFlush=true
# log4j.appender.dest1.File=C:/hyperion/BIPlus/logs/FRReportSrv.log
# log4j.appender.dest1.Append=true
# log4j.appender.dest1.MaxFileSize=512KB
# log4j.appender.dest1.MaxBackupIndex=5
# log4j.appender.dest1.layout=org.apache.log4j.PatternLayout
# log4j.appender.dest1.layout.ConversionPattern=%d{MM-dd
HH:mm:ss} %-6p%c{1}\t%m%n
Note:
See fr_global.properties for details on logging levels (FATAL, ERROR, WARN, INFO,
DEBUG) and formatting options. The Financial Reporting logging settings can be changed
without restarting the servers. The .properties files are monitored for changes to the logging
setting every minute. The frequency is set in fr_global.properties. This can be very handy
if you want to set the logging levelThanks a lot! So the login/logout information will be captured in which log file?

Limit a Windows 7 machine to 1 user login at a time

I've searched everywhere for a solution to this but have not found anything outside of restarting the machine.
I need to limit a Windows 7 computer to only allow one user logged in at a time. This machine has applications only allow one user to run them at a time. So if a user locks this machine and walks off and if the next user switches user and logs in, none of
the programs will work because the first user's session is now suspended.
Is there anything that will kick the suspended user off? So if a user forgets to log out and the screen is locked, the second user's login would force the first user to log off?

I know this was 1.5 year ago, but people search the web for these solutions for years and for years these solutions continue to help others, but not when people are so very much OFF TRACK with what the OP asked for. It shouldn't surprise me, but it is astounding
at how people do not communicate well and instead of reading what the OP asked for carefully the proposed answer here does NOT address the OP's question... it got the "BREEZE BY ANSWER".
NOW - TO the OP Cherickson HERE's the BEST answer I've been able to determine on my OWN since ALLLLLLLLL of the other posts online I read ALSO were answered OFF TOPIC:
DISABLE FAST USER SWITCHING (speaking from a Windows 7 environment)
Here's the GPO to do it (Open Group Policy Management Editor on a DOMAIN or Active Directory server):
Default Domain Policy [ServerNameHere] > Computer Configuration > Administrative Templates > System > Logon > Hide entry points for Fast User Switching
Set Hide entry points for Fast User Switching to Enabled.
FOR non-DOMAIN non-Group-Policy controlled PC's use "Local Group Policy Editor" via gpedit.msc
(NOT NOT NOT "Local Security Policy" via secpol.msc) and visit:
Local Computer Policy > Computer Configuration > Administrative Templates > System > Logon > Hide entry points for Fast User Switching
Set Hide entry points for Fast User Switching to Enabled.
Now, to be "EXACTING" here, this does not "PREVENT" multiple users from logging into the same PC at one time "per say", but it ends up having that effect on "PEOPLE" because "PEOPLE" are very predictable
in a network environment and they aren't worried about saving PC resources for themselves or others... they just use the PC.
Setting Hide entry points for Fast User Switching to Enabled REMOVES the option for users to "SWITCH USER" while they are logged into Windows (fat client) and it also removes the "SWITCH USER" from the Welcome/Logon screen,
thereby forcing them to "LOG OFF" themselves (or whomever is logged in) manually and thereby then they are presented with an option to Log In using their own Windows user account. This is great, because it keeps the PC resources for just 1 logged
in user at a time instead of you being called to examine a slow PC only to find that the lazy users out there left 2 or 3 or MORE users logged in at once despite being told 100 times or more that they shouldn't do that. :) EXPERIENCE??? :)
Now, if you have an advanced user, doing things with other users logging in the background of their own user session (IE: RUN-AS on some shortcut lets say) then they should still be able to do all that jazz too even though Fast User Switching is turned off.....
but this is usually pretty unlikely and usually that would be someone amongst the IT staff.
So to summarize:
Set policy "Hide entry points for Fast User Switching" to Enabled in order to have only 1 user logged on any given PC "at one time" - IE: Prevent concurrent Windows user Logins
NOW.... I elect MYSELF and MY ANSWER as BEST ANSWER in this THREAD, because its the ONLY ANSWER that addresses the OP's request.

WLC 4400 issue on "user login policies" parameter.

Hi,
I'm using a Cisco Wireless controller in my company.
(the model is a AIR-WLC4402-50-K9 in 4.2.207.0 version).
The WLAN is configured with WPAv2 AES and 802.1X (PEAP MS-CHAPv2) authentication on an external Microsoft IAS server (2003 R2).
the authentication rely on Active Directory login and password.
The user authentication works fine and the WLAN too.
But it's possible for a single user to log on different laptops with the same AD login and password and use the wireless network.
And it has to be forbiden by "user login policies" parameter set to 1 on the WLC (in security parameters).
Does anybody says if it's a known issue and how to solve this problem?
thanks,
raphael Paviot.

Dancampb,
Many thanks , you're right, I have to find the solution on IAS server side.
In fact, I have also applied these commands on the controller and the max-user login works (in the case of an externan radius server).
I have seen it in the "message logs".
(Cisco Controller) config>advanced eap max-login-ignore-identity-response disable
(Cisco Controller) config> netuser maxuserLogin 1
But the problem still remain , because the IAS server is not case sensitive for user logins instead of the Wireless Controller.
For exemple:
raphaelpaviot login and RaphaelPAVIOT login are:
-one user for the IAS server.
-two different users on the WLC.
cordially.

Cisco WLC 5508 simultaneous Web Auth Users logins?

Hi there,
We have 2 WLC5508 (7.2.111.3) with several SSID's.
One of them is configured as Passthrough with an external splash server. Works fine.
Now we want to use the "On MAC Filter failure".
If the client MAC-adresse is configured under MAC Filtering on the WLC, the authentication is done without WebAuth.
If MAC-adress is not known, the client will be redirect to the external WebAuth server for authentication.
To keep the Passthrough functionality for the user, we hardcoded an username&password in the splash-page.
So, every client WebAuth uses the same username&password for authentication against the WLC.
User Login Policies is set to unlimited.
So far so good, it seems to work, but I have read, that Cisco 5500 controllers supports only 150 simultaneous Web Auth Users logins.
The two WLC's have abount 100-170 clients connected.
Question:
- Will these be an issue with the 150 simultaneous logins, despited when usin only one user for all Wifi-clients?
- Can the user WebAuth be done with a Cisco ISE like Passthrough, no username&password should be entered by the user.
If yes, some guide information wolud be great.
- When successfully authenticated, a logout screen shows on the Windows client. Can this be hidden some how?
Thanks for the answers ;-)
Kind regards,
Norbert

Question:
- Will these be an issue with the 150 simultaneous logins, despited when usin only one user for all Wifi-clients?
> I believe this means at the same time... I have clients doing the same thing with hundreds or more of guest users
- Can the user WebAuth be done with a Cisco ISE like Passthrough, no username&password should be entered by the user.
If yes, some guide information would be great.
> ISE is really used to login with a username and password and to be able to profile. You would need to ask that on the Security forum to get their input if this is something then would do or just leave it on the WLC
- When successfully authenticated, a logout screen shows on the Windows client. Can this be hidden some how?
> Not really... some machines with popup blocker does block this and you don't see the logout, but you can't remove this.
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****

BOXIR3.1- Users, Auditing DB statistics of Report Refresh,users login info

Hi All,
I need to create BOXI R 3.1 DeskI reports for the statistics related to the user login information,Scheduling Reports info,user properties and other statistics .
Any suggestion to resolve this issue , It helps me greatly.
Thanks in advance..
mahesh

Have you tried auditing?
That way you can get information about different kinds of information. You can install the example reports with some useful reports (average of users logged in, and so on)
For more information, read the BOE Administrator Guide 3.1 chapter 12.
In BOE 3.1 you have to configure the connection to your database (create a new repository from the
CMC), to install the auditing universe and you can install some example auditing reports.
You can get the universe (if depends on the database you are using) and the example reports (webi) in this folder from the server:
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\Samples

Configuring user login on spa504g

Similar Messages

Maybe you are looking for