Guest/Internal users on a 1300

Similar Messages

• Keeping Internal Users off Guest Wireless

  Have a WLC 5508 running 6.x code with LAP's providing wireless for our internal laptops (WPA2 and EAP-TLS). I want to provide guest wireless which goes out a different port on the WLC to a guest firewall/cable modem. However, we want to prevent our internal laptops from being able to use the guest wireless. I have RADIUS (IAS) and LDAP for my AD available. We would prefer not to have use Lobby Ambassador and just have the guests use a simple password or web passthru. Guests may be laptops or smartphones.
  What options are available? I have tried a test setup using dynamic vlan assignments from RADIUS using the IETF flags, but can't seem to get it to work. Is there a way to identify the SSID is being used at the RADIUS server? Thanks.

  I'm closer. I have aaa override working for vlan assignment via RADIUS. On the RADIUS server, I have two access policies. The first is my normal authentication (EAP-TLS) for internal wireless clients where I included the condition member of Windows group Domain Computers. The RADIUS reply for the first policy assigns them to the "internal" vlan. The second RADIUS policy is for the visitor account (AD account with username/password) and the RADIUS reply from that assigns them to the "guest" vlan. The guest vlan exits my WLC on a seperate port to the guess firewall/cable modem, while the internal vlan exits to my internal lan.
  That way even if internal user connects to the Guest SSID with a company laptop they still end on the internal lan.
  Right now I have the Internal SSID authenticating off one group of RADIUS servers, and the Guest SSID authenticating off another set. My next step is to see if it can be done with only one SSID and one group of RADIUS servers, since assigning the vlan is what really matters.
  Are there any security considerations with using a single SSID?  I plan on turning on Peer to Peer Blocking if I do that.

• ISE 1.2 Guest portal user cannot change their passwords

  I have a WLC 5508(version 7.6) and a server installed  the ISE (version 1.2.1.198)，Now we configured the CWA，Use guest portal as an employee and guest login url，We can use the manually create internal user and password successfully logged in, and we set up allow guest users to change password in Multi-Portal, but the user can not change the password in the guest portal ,I suspect the change password option on the Guest  Portal actually works? Can anyone tell me how to change their own username password in the guest portal ?

  Requiring Guests to Change Password
  You can allow or require guest users to change their password after their initial account credentials are created by the sponsor. If guest users change their passwords, sponsors cannot provide guests with their login credentials if they are lost. The sponsor must create a new guest account.
  You can either allow guests to change their passwords, or you can require that they do it at expiration and at first login. To require internal users using a guest portal to change their password upon their next login, choose Administration > Identity Management > Identities > Users . Select the specific internal user from the Network Access Users list and enable the change password check box.
  Before You Begin
  Create a Guest portal or modify the DefaultGuestPortal. This setting is specific to each Guest portal.
  Step 1 Choose Administration > Web Portal Management > Settings > Guest > Multi-Portal Configuration.
  Step 2 Check the Guest portal to update and click Edit .
  Step 3 Click the Operations tab.
  Step 4 Check either or both options:
  Allow guest users to change password
  Require guest users to change password at expiration and first login
  Step 5 Click Save .

• NAC guest server-user poster assesment problem

  Dear all,
  Please assist me for NAC guest server poster assesment issue.
  Scenario is like we have NAC guest server and all wireless guest users authenticate through Guest Server.
  Its working fine.
  But customer  wants to apply poster assement on guest users through existing CAS and CAM.
  Guest_users-------AP-------WLC------- NAC_Guest_Server----------internet

  Thanks for reply.
  Actually in my network we have cas and cam integrate with WLC for internal users. Its working fine.No issue. Poster assesment and authentication working fine.
  We have also NGS server which is integrate with WLC for web authentication fow guest wireless users.
  It is also working fine.Authentication happened through NGS server succesfully.
  But now I wanted to force poster assesment for wireless guest users which are authenticated through NGS server.

• Routing internal users through UAG

  We have published SharePoint on the UAG and want all internal users to access SharePoint through the UAG, as if they were connecting from outside our network. This is working. The problem is that we are trying to publish Office Web Apps
  for SharePoint and it is not working internally or externally. We followed the TechNet article "Publishing Office Web Apps Server Using a Reverse Proxy Server." Is this a supported configuration (to route all internal traffic through UAG
  as if the connection was external to the network)? 

  Thanks for your reply. The underlying setup is the following and this should clarify things a bit:
  UAG is load balancing SharePoint farm.
  Internal DNS is the same as the Public DNS to access SharePoint. (For example sp.domain.com)
  At this point Office Web Apps works normally for both internal and external users.
  Since we want users to experience the same login steps, the following was done:
  A DNS record was created internally, so that sp.domain.com resolves to the public IP of the UAG. This way everyone is going through the UAG for access regardless if they are internal or external users. This is when we started having issues. It seems that
  there is a loop somewhere when office web apps tries to send the document back to SharePoint.

• BSP - UserId and Password for Internal Users - Anonymous for other users

  Hello,
  We developed an application via BSP's. This application can be accessed by two kind of users.
  1. External Users, with should access the page without using a userId and password.
  2. Internal Users, they will have more authorisation and need to specify their userId and Password.
  How can we accomplish this? I tried internal aliases, but can't get it to work properly.
  In the first service 'zbsp' I didn't specify a userId and password in sicf.
  Then I created an internal alias 'zbsp' referring to this 'zbsp'. In this alias I specified a userId and Password, but the system still asks for a userId and Password. (and after logging in the system gives the following error: The application name in URL .../bc/bsp/sap/zbsp2/uat_report.htm is invalid.)
  What did I do wrong? Or are there other ways to accomplish this?
  Greetings,
  Bart

  Take a look at the following mesaages that discussed the whole SSO and SSO2 ticket logins.
  As for a way to handle the two different login types. Well first and formost - active the SSO Tickets on your system.  Set your BSP up for that.
  Then create a new starting page with an alias to the pöublic section for BSP's in your system. On this page make two links.
  For your external users - one that redirects to your BSP passing the user and password in the url for the "read only external user" - that's the sap-user=name here&sap-password=passwordhere.
  For your internal people give them simply the link to the BSP which when they click it will see no user name and password and redirect them to the BSP login.
  Make sure you setup the BSP login according to SAP note 517860 and follow the instructions from http://help.sap.com/saphelp_nw04/helpdata/en/1d/13c73cee4fb55be10000000a114084/frameset.htm using the supplied SYSTEM_PUBLIC)
  It's a bit basic but it works, we do it
  Oh and setting up the system for the SSO (transaction sso2) is very very simple!!

• ISE internal user authentication failure - user not found

  Hi Forumers'
  I trying to do wireless 802.1x, where identity store using intenral user.
  But i found this error message when i trying to connect
  Authentication failed                                                                                 :
  22056 Subject not found in the applicable identity store(s)
  My authrorization rules is built like this
  identity groups = user identities group / " mygroup"
  condition = no setting
  permissions = standard / PermitAccess
  Question 1
  Any troubleshooting step to do on this?
  Question 2
  For the Authorization rules, what's the condition should set for using Internal User as Identity store?
  Thanks
  Noel

  The error is caused to an authentication failure and is not an issue with authorization
  You need to look at your authentications policy (Policy->Authentications) and see which identity store was authenticated against
  In addition can do the Live Authentications page (Monitor->Authentications) and for the failing record click on the icon under details. This will give you the full details of the requets processing and you can see which rule was matched in the identity policy (Identity Policy Matched Rule) and "Selected Identity Stores".

• The NLS operation failed because the registry key Control Panel\International\User Profile cannot be opened. Error code is 2. Error message: The system cannot find the file specified.

  H,
  Since upgrading Windows server 2008 R2 to Server 2012 Standard edition, we get this repetitious critical error in the event log:
  Event 1001
  Op Code NLS initialization
  The NLS operation failed because the registry key Control Panel\International\User Profile cannot be opened. Error code is 2. Error message: The system cannot find the file specified.
  We originally found that the regional date settings after changing them in regional settings (DD/MM/YYYY) and they did not inherit properly from the upgrade but they are ok now. 
  I've looked at HKCU\.Default\Control Panel\International and nothing looks obviously wrong. Country codes, time & date formats are correct.
  How do we ascertain the  cause of this error and the specific registry key that might be problematic?

  Hi,
  This could be caused by firewall rules or security softwares.
  http://www.tomshardware.com/forum/242579-44-hkcu-control-panel-international-opened
  And in addition, the fix is worth a try.
  Nothing happens when you double-click "Region" in Control Panel 
  http://support.microsoft.com/kb/2958845
  Please Note: Since the first web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

• How to authenticate external and internal users on different AD

  What is the recommended way to authenticate external users as well as internal employees in a customer facing application?
  We have external users in an Active Directory in the DMZ and our employees in our internal DMZ.  Unfortunately we don't have an identity management system in place and wondering if there is a way we could authenticate user against two active directories without creating a trust between them.
  We are implementing EP7.0
  Thanks in Advance.

  You can also use user partitioning. A feature of the UME which allows for having different user persistence options for different users. What you could do in this case have the external user stored in the local db or an LDAP for the external users and the internal users stored in an internal LDAP directory. For more details about <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/e0/b60b404b2b1e07e10000000a1550b0/frameset.htm">user partitioning</a>, please see the docs.
  regards,
  Patrick

• Endeca : multi invoice pay throwing correct error for internal user but it is failing to throw the same error for external user

  Hi,
  1) Internal User expected exception:
  Exception: Payments,apply credits,disputes and print are not supported when multiple customer/currency transactions are selected
  2) External User is throwing below error instead of throwing above exception.
  Error
    You are trying to access a page that is no longer active.
    The referring page may have come from a previous session. Please select Home
     to proceed.
  found this MACCHECK from fnd logs of external user payment.
  MACCHECK: . Parameter failing validation is :mode. The parameter mode with value MultiPay could not be recognized as part of Server's response on the previous request.  Incoming URL is : /OA_HTML/OA.jsp?page=/oracle/apps/ar/irec/endeca/webui/EndecaDummyPG . Current URL is : /OA_HTML/OA.jsp?page=/oracle/apps/ar/irec/endeca/webui/OIREndecaCustHomePG&akRegionApplicationId=222&_ti=1125493452&oapc=10&retainAM=Y&addBreadCrumb=N&oas=6-LL4ndIUFLX-2zjQAQD6A.. . Referer URL is : https://<hostname>:4443/endeca/web/ar/customer?doAsUserLanguageId=en_US&languageId=en_US . HTTP Request Method is : POST
  can someone please help.
  Thanks,
  RRS

  Well, I compared my classpath between my windows batch file and the
  makefile (that comes with the samples installation) on Solaris and realized
  that I am using different sets of jars.
  So, I removed the extra jars from the makefile to narrow down the
  problem. If I remove the /opt/SUNWam/lib/servlet.jar from the makefile,
  I can reproduce this problem on the Solaris box as well.
  When I include this servlet.jar on my windows machine the program works!
  Only jars I have in my classpath are amclientsdk.jar and servlet.jar which
  I have copied from my installation (/opt/SUNWam/lib) on the Solaris box.
  Just the same way, by copying the am_services.jar, saaj-api.jar, and jaxm-api.jar,
  from the Solarix box to the windows machine,
  I am also able to pull the assertions from the Access Manager.
  I installed Sun Java Enterprise System 2005Q1 on a Solaris 10 machine.
  During the installation, I configured to install the Access Manager
  in Sun Application Server.
  Why do I need to have different set of jars on the windows machine
  for the Access Manager client SDK ?
  Could you please point me to a download link where I could download
  the correct Windows Access Manager Client SDK for
  Sun Java System Access Manager 6.0 (Sun JES 2005Q1)?
  Thanks.

• Maximum message size for internal users

  Hi,
  Is it possible to configure a maximum message size for internal users and also create exceptions?
  The templates available in Transport Rules only allow for "when size of any attachment is greater or equal". This is not ideal as users can add 50 X 1MB attachaments to an email etc.
  Configuring Transport settings or Receive Connectors do not allow for exceptions.
  Thank you.

  Hi Prakash,
  Thanks for the link to the thread. The AD site link configuration is valid but does not account for the required exceptions. E.g User A can send unlimited size message to User B but not to User C.
  The thread also mentions the Transport Rule configuration stated in my original post but that configuration has one major flaw. Users can circumvent the control by splitting attachments.

• Delayed mail for internal user send a mail to gmail account

  hi to every one,
  Today we are facing an issue in exchange server 2010
  Whenever internal user send a mail to some of gmail accounts user receives a mail from postmaster states that
  This is an automatically generated Delivery Status Notification.
  THIS IS A WARNING MESSAGE ONLY.
  YOU DO NOT NEED TO RESEND YOUR MESSAGE.
  Delivery to the following recipients has been delayed.
  Action: delayed
  Status: 4.4.7
  Will-Retry-Until:
  Regards
  Kart26

  Hi,
  Did the issue occur when the specific user you mentioned above sent email to two gmail users at a time?
  Is there any recipient limit for this specific user?
  To narrow down the issue, I recommend you check the smtp log about this specific user for related messages.
  Best regards,
  Belinda
  Belinda Ma
  TechNet Community Support

• Sending mail from Ouloook (does not arrived to internal users)

  I have on machine that does not have GW client, but has only Outlook
  It is only used for SMTP sending mails via GWIA
  It works fine to external sources, but to internal ones it only works for
  some users, for majority it does not work
  It probably it is something with access control (can not understand how &
  why)
  Can see in the log that the mail being send, but it never arrives in
  internal user (same domain) mailbox
  No error visible
  Seb

  Well done! It was in fact 100% right
  My stupid user blocklisted our domain!
  Seb
  "Massimo Rosen" <[email protected]> wrote in message
  news:JCfgq.5080$[email protected]..
  > On 27.09.2011 10:11, Sebastian Cerazy wrote:
  >> I have on machine that does not have GW client, but has only Outlook
  >>
  >> It is only used for SMTP sending mails via GWIA
  >>
  >> It works fine to external sources, but to internal ones it only works for
  >> some users, for majority it does not work
  >>
  >> It probably it is something with access control (can not understand how&
  >> why)
  >>
  >> Can see in the log that the mail being send, but it never arrives in
  >> internal user (same domain) mailbox
  >>
  >> No error visible
  >
  > 99,5% the receiving users junk- or blocklist.
  >
  > CU,
  > --
  > Massimo Rosen
  > Novell Knowledge Partner
  > No emails please!
  > http://www.cfc-it.de

• Message tracking log of internal users who are all sent the mails to external domain

  Hi ,
  How can i get the message tracking log from internal users to external users?
  We need the report of internal users who are all sent the mails to the external domain
  Regards,
  Sankar M
  Sankar M http://messagingdevelopment.blogspot.in/

  Sankar, your outbound send connector has an address space of *. So when you run "Get-SendConnector", you will see something like the following:
  Identity                                AddressSpaces                          
  Enabled
  Unix System Connection                  {SMTP:*.domfreebusy.contractor.hunti... True
  Outgoing SMTP Connector                
  {SMTP:*;10}                             True
  Mailbox Journaling Connector            {SMTP:pdwastap01.huntington.com;1}      True
  The middle one with the {SMTP:*;10} in my case (you may have a different number than 10 in yours) is my outbound connector. So yours will show an address space of {SMTP:*;<some number, 10 is the default>}. HTH ...

• How to restrict the internal users(Business Users)

  Hi,
  If i  have a 3 catalogs like
        1.US catalog
        2.UK catalog
        3.Italian Catalog
  How can associate  this three catalog to specific internal user.

  Hi,
  For assigning a catalog to specific user, you can go to People and Organization-->Users in ACC
  Then click on a user and there you can see a property catalog,just click on that and search/select your catalog,save it and catalog is assigned to user.
  For more details please follow below link-
  Oracle ATG Web Commerce - Assigning a Catalog to a User
  Hope it help!
  Regards,
  PrateekG