CSS SSHD Authentication

I have currently a CSS 11501 that is configured to use only SSHD on the management interface for remote access.
I am also attempting to configure Solarwinds Cirrus for software revision management.
The problem that I am running into is that when using SSH, I get an extra login as: prompt that is breaking Cirrus.
Is there anyway to have the CSS work like with telnet and only prompt as such:
User Access Verification
Username:
Password:
Thanks in advance.

This URL should help you:
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_book09186a0080405403.html

Similar Messages

CSS - Radius authentication problem

Hi,
for a customer we need to configure Radius authentication working like this:
- CSS administrator login to device at user level
- then switch to "enable" mode using a superuser level account.
First login to CSS with a Radius account at user level works fine, but (after enable command) the login at superuser level doesn't work neighter with Radius account nor with local superuser account.
Ver.: 08.10.4.01
This is the configuration:
radius-server primary 10.113.212.17 secret XXX auth-port 1645
radius-server source-interface 10.113.212.32
sntp primary-server 10.113.205.1 version 3
date european-date
radius-server secondary 10.113.197.24 secret XXX auth-port 1645
radius-server dead-time 15
radius-server retransmit 15
radius-server timeout 15
virtual authentication primary radius
virtual authentication secondary local
username ZZZ des-password ZZZ superuser
Any idea?
Thanks in advance.

is your server correctly configured as described at :
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/security/guide/Radius.html#wp1108380
"From the Group Settings section of the Cisco Secure ACS HTML interface, click the IETF RADIUS Attributes, [006] Service-Type checkbox. Then select Administrative. Administrative is required to enable RADIUS authentication for privileged user (SuperUser) connection with the CSS. "
Gilles.

Sshd authentication via pam_userdb

Hello
I would like to configure ssh to authenticate against a database file which I've created.
This is what I have done so far:
1. Generate the database file out of a text file:
db_load -T -t hash -f logins.txt /etc/vpasswd.db
I have modified /etc/pam.d/sshd to be the below:
%PAM-1.0
auth requisite pam_securetty.so #Disable remote root
auth sufficient pam_unix.so
auth sufficient pam_userdb.so db=/etc/vpasswd crypt=hash use_first_pass
auth required pam_nologin.so
auth required pam_env.so
account sufficient pam_unix.so
account sufficient pam_userdb.so db=/etc/vpasswd crypt=hash use_first_pass
account required pam_time.so
password required pam_unix.so
session required pam_unix_session.so
session required pam_limits.so
When I log is as a user specified in the database file the following logs are returned:
Apr 1 00:29:47 dopey sshd[13778]: Failed none for invalid user testuser from 57.62.62.102 port 31794 ssh2
Apr 1 00:29:52 dopey sshd[13778]: Failed password for invalid user testuser from 57.62.62.102 port 31794 ssh2
Apr 1 00:29:55 dopey sshd[13778]: Failed password for invalid user testuser from 57.62.62.102 port 31794 ssh2
What I'd like to happen is if the user exists as a Linux account then let them in as normal, but if not then check the vpasswd.db database file.
Can anyone point me in the right direction? Is it possible to configure this?
Thanks
- eskay
Last edited by eskay (2009-04-01 03:18:55)

It looks like RADIUS authentication via the PAM module does work. We compiled the pam_radius module using the -bundle option to the linker. That seems to have fixed it. The link line ends up being
gcc -bundle pamradiusauth.o md5.o -lpam -o pamradiusauth.so
We'll send these simple changes to the pam radius developers.
What this has allowed us to do is use RADIUS authentication for logging in remotely via ssh. However, we have yet to figure out how to get the main login "window" for OS X to allow PAM to be used.
Pete

Cisco CSS Client Authentication

I have a few questions in this regard..
1.) Is it possible to use self signed certs for the client authentication, baring in mind you need to point the CSS to the CRL?
2.) I need to run around 20 different VIP's (probably on the same IP but with different tcp ports), all requiring their own individual certificate for client auth. Is there a limit to the number of client authentication certificates I can load on a 11501S device?
3.) Can someone provide me with a working configuration example for client authentication on a CSS?

client authentication means the CSS will request the client to send its own certificate and we will check its validity with the configured CA and configured CRL.
It has nothing to do with the CSS certificate.
So, you could have a self signed certificate on the CSS. That doesn't change anything for client authentication.
The same IP thing is probably not a good thing if you want to assign the certificate to different domain.
A dns request will only return an ip address and no port.
So you may end up with all requests going to the same ip and port 443.
I think the limit is 256 ssl-proxy server.
Check config guide for assistance :
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.50/configuration/ssl/guide/terminat.html#wp999318
Gilles.

How to give Username and password when calling HTTP page?

I have this code when i run this I get credentials error. How to give credentials .The authentication is set to windows in the https page. Means pop up will appear to get the credentials
declare
req UTL_HTTP.REQ;
resp UTL_HTTP.RESP;
value varchar2(1024);
p_url varchar2(4000);
OPT varchar2(1000);
BEGIN
dbms_output.put_line('');
p_url:='http://www.xyz.com/';
dbms_output.put_line(p_url);
req := UTL_HTTP.begin_REQUEST(p_url);
utl_http.set_header(req, 'User-Agent', 'Mozilla/4.0');
resp := utl_http.get_response(req);
loop
utl_http.read_line(resp, value, true);
dbms_output.put_line(value);
end loop;
exception
when utl_http.end_of_body then
utl_http.end_response(resp);
END;
When i run this i get
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">

Basic authentication is set using the UTL_HTTP.Set_Authentication() call.
If you are using a proxy and need procy authentication, you can set the username and password for proxy access, as part of the proxy URL. E.g.
utl_http.set_proxy( 'http://proxyuser:[email protected]', null );NTLM (Windows NT LAN Manager) authentication is proprietary and not part of the HTTP specifications. If that is needed, try and use the username and password as part of the URL - or do some research on how to manually perform NTLM authentication.
If you are using HTTPS, you need an Oracle Wallet with that server's certificate (making it a trusted certificate), and then set/use the wallet using the UTL_HTTP.Set_Wallet() call. See sample code in {message:id=10820182}.

FDM 11.1.2.1 Login problem

Hi All,
We migrated a FDM app from 9.3.1 to 11.1.2.1 ,......in 11.1.2.1 we configured CSS for authentication.....now when i try to log in to FDM app in V11.1.2.1....we can login with a MSAD ID which was present in V9.3.1
.we are not able to login with admin ID(after giving access to FDM app in SS) or we gave access to a new MSAD ID in V11.1.2.1...........but not able to login with it............
What can be the issue..how can we solve it

TonyScalese - Thanks for your support.
1. When Logging into FDM Using MSAD Provider in Shared Services, Login is Taking Minutes
2. Re-register FDM with SS
Our issue is different from these.
We are not able to log in with any new MSAD id (which didnt have access to FdM app in V9)....
we are not able to login with default admin ID....also

Seek help!redhat as4 installation oracle 10g configure sysctl.config error!

[root@localhost ~]# /sbin/sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.shmall = 2097152
kernel.shmmax = 2147483648
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
[root@localhost ~]# /sbin/sysctl -a | grep shm
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe3'
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe2'
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe1'
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe0'
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe'
error: unknown error 22 reading key 'net.ipv6.route.flush'
error: unknown error 22 reading key 'net.ipv4.route.flush'
vm.hugetlb_shm_group = 0
error: unknown error 22 reading key 'fs.binfmt_misc.register'
kernel.shmmni = 4096
kernel.shmall = 2097152
kernel.shmmax = 2147483648
[root@localhost ~]#
seek help!!!! help!!!

[root@localhost ~]# /sbin/sysctl -e -a | grep shm
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe3'
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe2'
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe1'
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe0'
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe'
error: unknown error 22 reading key 'net.ipv6.route.flush'
error: unknown error 22 reading key 'net.ipv4.route.flush'
vm.hugetlb_shm_group = 0
error: unknown error 22 reading key 'fs.binfmt_misc.register'
kernel.shmmni = 4096
kernel.shmall = 2097152
kernel.shmmax = 2147483648
You have new mail in /var/spool/mail/root
[root@localhost ~]# /sbin/sysctl -e -a | grep shm
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe3'
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe2'
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe1'
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe0'
error: unknown error 0 reading key 'dev.parport.parport0.autoprobe'
error: unknown error 22 reading key 'net.ipv6.route.flush'
error: unknown error 22 reading key 'net.ipv4.route.flush'
vm.hugetlb_shm_group = 0
error: unknown error 22 reading key 'fs.binfmt_misc.register'
kernel.shmmni = 4096
kernel.shmall = 2097152
kernel.shmmax = 2147483648
[root@localhost ~]#
From [email protected] Thu Dec 22 04:02:05 2005
Return-Path: <[email protected]>
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
     by localhost.localdomain (8.13.1/8.13.1) with ESMTP id jBLK25Av010183
     for <[email protected]>; Thu, 22 Dec 2005 04:02:05 +0800
Received: (from root@localhost)
     by localhost.localdomain (8.13.1/8.13.1/Submit) id jBLK2353010181
     for root; Thu, 22 Dec 2005 04:02:03 +0800
Date: Thu, 22 Dec 2005 04:02:03 +0800
From: root <[email protected]>
Message-Id: <[email protected]>
To: [email protected]
Subject: LogWatch for localhost.localdomain
################### LogWatch 5.2.2 (06/23/04) ####################
Processing Initiated: Thu Dec 22 04:02:02 2005
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: localhost.localdomain
--------------------- Cron Begin ------------------------
**Unmatched Entries**
STARTUP (V5.0)
STARTUP (V5.0)
---------------------- Cron End -------------------------
--------------------- Kernel Begin ------------------------
WARNING: Kernel Errors Present
vesafb: probe of vesafb0 failed with error -6...: 2 Time(s)
---------------------- Kernel End -------------------------
--------------------- pam_unix Begin ------------------------
crond:
Unknown Entries:
session closed for user root: 217 Time(s)
session opened for user root by (uid=0): 217 Time(s)
gdm:
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=root: 1 Time(s)
sshd:
Authentication Failures:
unknown (211.93.8.116): 11 Time(s)
mysql (211.93.8.116): 1 Time(s)
oracle (211.93.8.116): 1 Time(s)
root (211.93.8.116): 1 Time(s)
system-install-packages:
Unknown Entries:
auth could not identify password for [root]: 2 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
New Users:
useradd (oracle)
New Groups:
useradd (oracle)
**Unmatched Entries**
usermod[2945]: change user `oracle' password
userhelper[3909]: pam_timestamp: updated timestamp file `/var/run/sudo/root/unknown'
userhelper[3910]: running '/usr/sbin/system-config-network' with root privileges on behalf of 'root'
userhelper[4298]: pam_timestamp: updated timestamp file `/var/run/sudo/root/unknown'
userhelper[4299]: running '/usr/share/system-config-users/system-config-users' with root privileges on behalf of 'root'
userhelper[7961]: pam_timestamp: updated timestamp file `/var/run/sudo/root/unknown'
userhelper[7962]: running '/usr/sbin/system-config-packages' with root privileges on behalf of 'root'
userhelper[9157]: pam_timestamp: updated timestamp file `/var/run/sudo/root/unknown'
userhelper[9158]: running '/usr/sbin/system-config-packages' with root privileges on behalf of 'root'
userhelper[9163]: pam_timestamp: updated timestamp file `/var/run/sudo/root/unknown'
userhelper[9164]: running '/usr/sbin/system-config-packages' with root privileges on behalf of 'root'
---------------------- Connections (secure-log) End -------------------------
--------------------- SSHD Begin ------------------------
SSHD Started: 2 Time(s)
Failed to bind:
0.0.0.0 port 22 (Address already in use) : 2 Time(s)
Failed logins from these:
mysql/password from ::ffff:211.93.8.116: 1 Time(s)
oracle/password from ::ffff:211.93.8.116: 1 Time(s)
root/password from ::ffff:211.93.8.116: 1 Time(s)
**Unmatched Entries**
Invalid user fluffy from ::ffff:211.93.8.116
Failed password for invalid user fluffy from ::ffff:211.93.8.116 port 50249 ssh2
Invalid user admin from ::ffff:211.93.8.116
Failed password for invalid user admin from ::ffff:211.93.8.116 port 50738 ssh2
Invalid user test from ::ffff:211.93.8.116
Failed password for invalid user test from ::ffff:211.93.8.116 port 51217 ssh2
Invalid user guest from ::ffff:211.93.8.116
Failed password for invalid user guest from ::ffff:211.93.8.116 port 51434 ssh2
Invalid user webmaster from ::ffff:211.93.8.116
Failed password for invalid user webmaster from ::ffff:211.93.8.116 port 51651 ssh2
Invalid user library from ::ffff:211.93.8.116
Failed password for invalid user library from ::ffff:211.93.8.116 port 52584 ssh2
Invalid user info from ::ffff:211.93.8.116
Failed password for in
valid user info from ::ffff:211.93.8.116 port 52810 ssh2
Invalid user shell from ::ffff:211.93.8.116
Failed password for invalid user shell from ::ffff:211.93.8.116 port 53024 ssh2
Invalid user linux from ::ffff:211.93.8.116
Failed password for invalid user linux from ::ffff:211.93.8.116 port 53261 ssh2
Invalid user unix from ::ffff:211.93.8.116
Failed password for invalid user unix from ::ffff:211.93.8.116 port 53491 ssh2
Invalid user webadmin from ::ffff:211.93.8.116
Failed password for invalid user webadmin from ::ffff:211.93.8.116 port 53715 ssh2
RSA1 閿殑鐢熸垚 succeeded
RSA 閿殑鐢熸垚 succeeded
DSA 閿殑鐢熸垚 succeeded
---------------------- SSHD End -------------------------
------------------ Disk Space --------------------
/dev/mapper/VolGroup00-LogVol00
/dev/hda1 3.9G 47M 3.7G 2% /boot
###################### LogWatch End #########################
From [email protected] Fri Dec 23 04:02:03 2005
Return-Path: <[email protected]>
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
     by localhost.localdomain (8.13.1/8.13.1) with ESMTP id jBMK23vb020633
     for <[email protected]>; Fri, 23 Dec 2005 04:02:03 +0800
Received: (from root@localhost)
     by localhost.localdomain (8.13.1/8.13.1/Submit) id jBMK23wD020631
     for root; Fri, 23 Dec 2005 04:02:03 +0800
Date: Fri, 23 Dec 2005 04:02:03 +0800
From: root <[email protected]>
Message-Id: <[email protected]>
To: [email protected]
Subject: LogWatch for localhost.localdomain
################### LogWatch 5.2.2 (06/23/04) ####################
Processing Initiated: Fri Dec 23 04:02:02 2005
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: localhost.localdomain
--------------------- Init Begin ------------------------
Re-execs of init: 1 times
---------------------- Init End -------------------------
--------------------- pam_unix Begin ------------------------
crond:
Unknown Entries:
session closed for user root: 458 Time(s)
session opened for user root by (uid=0): 458 Time(s)
sshd:
Authentication Failures:
unknown (fw-25-15-a8.bta.net.cn): 6 Time(s)
oracle (82.78.172.155): 3 Time(s)
root (fw-25-15-a8.bta.net.cn): 3 Time(s)
unknown (202.29.52.44): 1 Time(s)
Unknown Entries:
2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.78.172.155 user=oracle: 2 Time(s)
6 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.78.172.155 user=oracle: 1 Time(s)
service(sshd) ignoring max retries; 7 > 3: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- sendmail Begin ------------------------
Bytes Transferred: 9906
Messages Sent: 2
Total recipients: 2
---------------------- sendmail End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from these:
oracle/password from ::ffff:82.78.172.155: 3 Time(s)
root/password from ::ffff:202.108.25.15: 3 Time(s)
**Unmatched Entries**
Invalid user test from ::ffff:202.108.25.15
Failed password for invalid user test from ::ffff:202.108.25.15 port 49076 ssh2
Invalid user guest from ::ffff:202.108.25.15
Failed password for invalid user guest from ::ffff:202.108.25.15 port 49212 ssh2
Invalid user admin from ::ffff:202.108.25.15
Failed password for invalid user admin from ::ffff:202.108.25.15 port 49318 ssh2
Invalid user admin from ::ffff:202.108.25.15
Failed password for invalid user admin from ::ffff:202.108.25.15 port 49448 ssh2
Invalid user user from ::ffff:202.108.25.15
Failed password for invalid user user from ::ffff:202.108.25.15 port 49620 ssh2
Invalid user test from ::ffff:202.108.25.15
Failed password for invalid user test from ::ffff:202.108.25.15 port 50275 ssh2
Invalid user test from ::ffff:202.29.52.44
Failed password for invalid user test from ::ffff:202.29.52.44 port 2356 ssh2
---------------------- SSHD End -------------------------
------------------ Disk Space --------------------
/dev/mapper/VolGroup00-LogVol00
/dev/hda1 3.9G 47M 3.7G 2% /boot
###################### LogWatch End #########################
Message was edited by:
user475340

Using Cisco TACACS for CSS11501

I currently have an 11501 series CSS and am trying to have authentication use our ACS appliance. I added the config listed below but when running a "show tacacs-server" both servers are listed as dead. I am able to ping both of the ACS servers without issue.
The following is the configuration I have added to the CSS:
virtual authentication primary tacacs
tacacs-server authorize config
tacacs-server authorize non-config
tacacs-server account non-config
tacacs-server account config
tacacs-server 10.10.75.9 49 primary frequency 10
tacacs-server key ****
ip management route 10.10.75.0 255.255.255.192 10.10.253.1
Any help would be greatly appreciated.
Thanks,
-Dennis

Lists the external user databases that CiscoSecure ACS uses to authenticate an unknown user (if the Check the following external user databases option is selected). CiscoSecure ACS attempts authentication using the selected databases one at a time in the order specified.
Users whose accounts were created in the CiscoSecure ACS database when CiscoSecure ACS successfully authenticated them using the Unknown User Policy. When CiscoSecure ACS creates a discovered user, the user account contains only the username, a Password Authentication list setting that reflects the external user database that authenticated the user, and a "Group to which the user is assigned" list setting of Mapped By External Authenticator, which enables group mapping. Using the CiscoSecure ACS HTML interface, you can further configure the user account as needed. For example, after a discovered user is created in CiscoSecure ACS, you can assign user-specific network access restrictions to the discovered user.
http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_user_guide_chapter09186a0080204cf8.html

CSS Authentication Problem

Hey Lenovo community,
I wonder if there's anyone else out there who keeps getting the CSS Authentication error at the beginning the startup of Windows. Every time I restart or turn on my computer, it seems to boot this CSS Authentication Provider that stops working immediately, delaying boot up time that used to be a couple of minutes to more than 5. I've looked for a solution, but none seems to come up. Does anyone else have the same problem?
I have a Lenovo X61 Tablet, by the way. Perhaps it's the ThinkVantage Suite that's interfering.

Where do I find the FPR software to reinstall. Also getting message xml4c_5_5.dll was not found. DK if this is associated
crisdean wrote:
Reinstall the FPR software and maybe delete the FP in the BIOS.

MDM 9.3 and CSS authentication

Hello All,
I installed MDM 9.3 selecting the MIX authentication option and everything works fine when I'm using internal authentication, I need to enable CSS authentication and this is what I did:
-Install Shared services 9.2 where the MDM server is running
-Update the system path and class path in the CSS section of the MDM console pointing to the right path
-Restart the server
Click on enable CSS, when I do this I'm getting this error:
LoadLibrary("E:\Hyperion\master Data Management\mdm_ntier_css_validator.dll") failed, the specified mudule could'n t be found.
I see the same error when I'm manually trying to register the specific dll doing this on a DOS command prompt window :
regsvr32 mdm_ntier_css_validator.dll
Any ideas?, any help would be really appreciated
Regards
Miguel Sanchez

Alan,
Thanks a lot for your reply, it was very helpful, I successfuly could register the mdm_ntier_css_validator.dll following your recommendations about paths and the %PATH% env variable, however when I'm trying to enable the CSS module on MDM I'm getting this error:
Exception Emdm_Exception with message 'Could not Initialize CSS. Error: 'com/hyperion/mdm/CSSInit (Unsupported major.minor version 49.0)'. Classpath: 'E:\Hyperion\Master Data Management\cssvalidator.jar;E:\Hyperion\common\CSS\9.2.0\lib\css-9_2_0.jar;E:\Hyperion\common\CSS\9.2.0\lib\ldapbp.jar;E:\Hyperion\SharedServices\9.2\client\lib\commons-httpclient.jar;E:\Hyperion\SharedServices\9.2\client\lib\commons-logging.jar;E:\Hyperion\common\XML\JAXM\1.1.1\dom4j.jar;E:\Hyperion\common\XML\JAXP\1.2.2\dom.jar;E:\Hyperion\SharedServices\9.2\client\lib\interop-common.jar;E:\Hyperion\SharedServices\9.2\client\lib\interop-sdk.jar;E:\Hyperion\SharedServices\9.2\client\lib\jakarta-slide-webdavlib.jar;E:\Hyperion\common\XML\JAXM\1.1.1\jaxm-api.jar;E:\Hyperion\common\XML\JAXM\1.1.1\jaxm-runtime.jar;E:\Hyperion\common\XML\JDOM\0.8.0\jdom.jar;E:\Hyperion\common\loggers\Log4j\1.2.8\lib\log4j-1.2.8.jar;E:\Hyperion\common\XML\JAXM\1.1.1\saaj-api.jar;E:\Hyperion\common\XML\JAXM\1.1.1\saaj-ri.jar;E:\Hyperion\common\XML\JAXP\1.2.2\sax.jar;E:\Hyperion\common\XML\JAXP\1.2.2\xalan.jar;E:\Hyperion\common\XML\JAXP\1.2.2\xercesImpl.jar;E:\Hyperion\common\XML\JAXP\1.2.2\xsltc.jar;E:\Hyperion\common\JCE\1.2.2\jce1_2_2.jar;E:\Hyperion\common\JRE\Sun\1.4.2\lib\jsse.jar;E:\Hyperion\common\JCE\1.2.2\local_policy.jar;E:\Hyperion\common\JCE\1.2.2\sunjce_provider.jar;E:\Hyperion\common\JCE\1.2.2\US_export_policy.jar;''
Is this error related to the .jar file replacement you are talking about?, if so, how can I get that file and the configuration instructions?
Thanks in advance
Miguel

CSS Authentication Provider has stopped

I have a Lenovo T61 which has Client Security Software v8.2 on it. Everything was working fine until one bootup brought up a window saying my password had been changed (it hadn't) and to type in the correct password. I typed in the old password and it was happy but the next thing that showed up was a window saying "CSS Authentication Provider has stopped." Now my password manager is not working. Anyone have a fix for this?

I got the same message half years ago on my T61 (Vista). I have tried all the possible solutions I can find on the Internet, but the problem is still there. Just wondering if any Lenovo guy can give some suggestions.
Thanks.

CSS: "authentication failed" after successful fingerprint authentication - twice!

T61p
CSS: 8.10.0006.00
Vista 32 Ult
After successful fingerprint login, CSS states that the Windows password had been changed (it hasn't) and then asked me to verify that the CSS password matched my Windows password; this failes, even though the password entered is correct. This dialog pops up until it is cancelled.
I've also lost the ability to use my fingerprint reader to login to websites, it says that
- the print is okay, with that green checkmark, but then
- proceeds to say "authentication failed"
The password manager does not show up any more if started.
@ lenovo: any ideas, this is a very annoying one! And it is old, I think. Any ideas, before I go and buy
an Apple?
Moderator Note; please update your profile with your correct country location as per the forum rules. Products, options and services vary from market to market. Knowing your location helps us help you
Message Edited by andyP on 06-21-2008 09:54 PM

I have the same issue here.
The fingerprint software is working perfectly and it is properly linked with the Windows password so I can logon with no problems. However, right after I get the message the password has been changed when it hasn't.
The issues start when I need to use the Thinkvantage Password Manager or any other CCS applications. It does recognize my finger but it says "authentication failed".
I have emailed Lenovo and they recommended me to removed the CCS and the fingerprint software. I did it and it didn't work. Then they said I should take my laptop to a service center because it is no longer in warantee period.
In my case, all these issues began when I updated the CCS to the newer version (8.2)
I have read in other forums that it has to do with TPM or security chip encryption. It seems the CCS has not taken control over it. They state all will be fixed once the chip is clear which is done thru the BIOS>Security Chip>Clear Encryption. The big problem is that all encrypted data is erased in the process!!!
I have used the password manager for so long now with no problems that I have forgotten most of the keywords.
T60
Vista Ultimate 32 bits
CCS 8.2

Sshd for gssapi authentication

Hi I want to configure sshd in solaris 8 for gssapi authentication. I have uncommneted GSSAPIAuthentication yes and GSSAPICleanupcredentials yes in sshd_file.
After that when I am trying to restart sshd using /etc/init.d/sshd start I am getting message that unspported option GSSAPIAuthentication and unspported option GSSAPICleaupcredentials.
From where i can enable GSSAPI authentication for kerberos.

where did you get this ver of ssh? if its built from src, you probably need to compile/install mit or heimdal krb5 before trying to get gssapi auth to work. the stock krb5 with solaris 8 (seam) is not very good compared to what comes with 9+.

Css authentication provider has stopped working

I have this error message pop up every time I start my computer.
I've tried reinstalling the fingerprint software and also the client security
but it still is there. Any ideas?
I've got a x61 tablet running Vista.

I got the same message half years ago on my T61 (Vista). I have tried all the possible solutions I can find on the Internet, but the problem is still there. Just wondering if any Lenovo guy can give some suggestions.
Thanks.

Site Server - Client comminucations with selective authentication

My environment has multiple domains, but I've been trying to avoid standing up an MP in each. Currently the only MP is the site server in domain1. A two-way selective authentication trust exists between the domains, users and computers from domain2
have 'allowed to authenticate' permissions on the site server and, for the most part, everything is peachy. However, this has been showing up in the CcmMessaging.log:
IsSslClientAuthEnabled - Determining provisioning mode state failed with 80070005. Defaulting to state of 448.
[CCMHTTP] ERROR: URL=https://SCCM2012.DOMAIN1.com/ccm_system_windowsauth/request, Port=443, Options=448, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE
Raising event:
instance of CCM_CcmHttp_Status
   ClientID = "GUID:60A1F0BE-B65D-4F33-9CFE-B15FDE62517F";
   DateTime = "20120919152518.415000+000";
   HostName = "SCCM2012.DOMAIN1.com";
   HRESULT = "0x87d0027e";
   ProcessID = 2480;
   StatusCode = 401;
   ThreadID = 3940;
Successfully sent location services HTTPS failure message.
Post using DOMAIN2\user security context failed due to Integrated Windows Authentication failure
Post to https://SCCM2012.DOMAIN1.com/ccm_system_windowsauth/request failed with 0x80070005.
OutgoingMessage(Queue='mp_[http]mp_policymanager', ID={D6399C84-F0DE-46BD-8630-D918ECA157A5}): Will be discarded (0x80070005).
I'm not exactly sure what these errors are telling me. First, "Determining provisioning mode state failed"? I'm actually seeing that on clients in the same domain as the site server, as well. What is the client attempting to do here, and
in what security context, that it would be getting an access denied error?
Second, the other 5 lines? I'm assuming that's coming from IIS? What permissions need to exist that would not be implicit for the second domain?

Yes, I know this is an old post, but I’m trying to clean them up. Did you solve this problem, if so what was the solution?
Since no one has answer this post, I recommend opening a support case with CSS as they can work with you to solve this problem.
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ

CSS SSHD Authentication

Similar Messages

Maybe you are looking for