LoginModule with JAAS, setup question for Frank Nimphius

Similar Messages

• I having problem with the answer  question for the App Store. And I forgot the answer

  I having problem with the answer  question for the App Store. And I forgot the answer

  Pleae call 1800MYAPPLE ask to speak to account security

• Having trouble with the security questions for iTunes.  Tried to reset them, but the mail from Apple never comes . . .

  Having trouble with the security questions for iTunes.  Tried to reset them, but the mail from Apple never comes . . .

  You need to ask Apple to reset your security questions; ways of doing so include clicking here and picking a method for your country, and filling out and submitting this form.
  (96290)

• ADF wont work with custom LoginModule! Question for Mr. Nimphius!

  ive setup login module as shown in:
  http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
  code:
  actionContext.getHttpServletRequest().isUserInRole("Administrators") works! but i also want this code to work in ADF:
  appmod.getSession().isUserInRole("Administrators")
  with default loginmodule "oracle.security.jazn.tools.Admintool" everything is ok! i can get roles in adf but with custom login module i cant!
  in ApplicationModule config i have setup
  jbo.security.config =
  jbo.security.context = oracle.security.jazn
  jbo.security.enforce = Must
  jbo.security.loginmodule = oracle.sample.dbloginmodule.DBTableLM.DBTableLoginModule
  please help!

  thank you very much for the reply!!!!
  i did what you told but no luck... :(((
  i still can not get user role from application module!
  this code:
  if (AppModule.getSession().isUserInRole("Administrators"))
  System.out.println("User is in role! ");
  simply does not work!
  ive tested on standallone oc4j, ive tested on embeded jdveloper 10.1.2.1 !
  i get NullPointerException at at oracle.jbo.server.security.jazn.JboJAZNUserManager.isUserInRole(JboJAZNUserManager.java:113)
  the thing is that i can use isUserInRole() from request but i can not from application modulle....
  ...ive lost hours in decompiling and tracking down ADF code just to realize that there is no way to use custom login module with ADF because the thing is hard coded to use xml or ldap..
  the only way i see how to solve the problem is to extend oracle.jbo.server.SessionImpl
  and override
  getUserRoles()
  and
  isUserInRole(String s)
  i can substitute session class with my own by setting
  SessionClass = oracle.jbo.server.ExtendedSessionImpl
  in file jboserver.properties (which is inside bc4jmt.jar)
  the easier way is to write my own function isUserInRole() in EntityImpl... i always can get user principal name with AppModule.getUserPrincipalName()
  what do you think?

• Problems with JAAS setup in WL 8.1 SP3

  Hi all,
  I have WL 8.1 SP3 installed on a XP Prof box with JDK 1.4.2
  I have an application that makes use of the JAAS. I keep getting the following error
  javax.security.auth.login.LoginException: No LoginModules configured for <XXXXXX>
  at javax.security.auth.login.LoginContext.init(LoginContext.java:189)
  at javax.security.auth.login.LoginContext.<init>(LoginContext.java:350)
  at javax.security.auth.login.LoginContext.<init>(LoginContext.java:465)
  I know that this means that it couldnt find the login modules defined in the configuration file. But I have it defined there. The following is what I am doing
  1. I have the startWebLogic.cmd as below.
  %JAVA_HOME%\bin\java %JAVA_VM% %MEM_ARGS% %JAVA_OPTIONS% -Dweblogic.Name=%SERVER_NAME% -Dweblogic.ProductionModeEnabled=%PRODUCTION_MODE% -Djava.security.policy=%JAVA_HOME%\jre\lib\security\java.policy weblogic.Server
  2. In the Java policy file located in security folder of the JDK home, I changed the security file to point to config file as below
  login.config.url.1=file:${JAVA_HOME}/jre/lib/security/jaas.conf
  Can someone suggest me a solution ?
  Thanks
  meka toka

  Did you ever find a solution to this?
  I am having the same problem.

• Please help with a storage question for Ideapad S 10-2

  Hello everyone, my name is Orela and I'm from Croatia.  Last year i bought Lenovo S 10-2 and was happy with it but recently it broke down and wouldn't start. I have a warranty and would like to send it to be repared.
  I have credit card information, personal e mail exchanges as well as family photos on the computer however and would rather repairmen couldn't go through my content. 
  My friend took out the hard disk but I remember that Windows 7 was on separate "unit". 
  Does S 10-2 have one 160 GB hard disk that contains 2 partitions (one for storage and other for Windows 7) or does it have one 160 GB hard disk + separate storage medium for Windows 7?
  Thans for your help,
  Orela

  Here's some help:
  File Sharing on Macs
  Mac 101- File sharing
  You have a home network setup so everything you need is in place. Also select Mac Help from the Finder's Help menu and search for "file sharing."

• Mail.app with gmail setup question

  hello,
  i have a large gmail account i have been using with mail.app for a long time and all works normally. however the "gmail style" is getting a bit out of control for me with the duplicates in sent/all mail. my processing is simple, after reading an email i archive it (so my inbox is always clean) so it means i move it to all mail. but since sent messages are also in all mail i'm pretty sure mail.app is storing these messages twice and whenever you search for messages you always have to filter through the duplicates. I think there are some newer ways to sync mail.app with gmail and i just wanted to ask what's the best solution to this common issue?
  thank you,
  rick

  thanks for the reply. yes that is what i do sorry if i wasn't clear enough. actually the messages coming in are not duplicated since once i move them to All Mail there is only one copy there in All Mail. it's the sent messages since they are saved once in Sent and once in All Mail. does that make sense and how do other deal with this?
  thanks again,
  rick

• Problem with populating setup tables for purchasing

  I'm working on NW2004s.
  Problem: Setup tables are not getting populated for 2lis_02_hdr, 2lis_02_item..
  what all i've done so far:
  1. Activated Data Sources in RSA5.
  2. In LO Data Extraction, all the extract structure are active. (btw in job control i'm not sure what it does, i did make job parameter start date immediate, didnt set the print parms, schedule job gives an error.. anything here i may be messing it up?)
  3. In SBIW initialization Deleted the contents of setup table and executed the 'Purchasing - perform setup'.
  4. In NPRT i can see the log, the name of the source table EKKO, duration of run is 0.0 and no of docs 130.
  5. In RSA3 for 2lis_02_hdr extraction process 0 records.
  6. I look at SE11 for 'MC02M_0HDRSETUP' and table contents gives 0 records.
  Any help is appreciated what i'm missing why the setup tables are not populating. I went thru the forum and did what was said but no sucess yet. I'm not an expert in SAP BW just been working for a year so pl dont be cryptic, explain u'r answers. Thanks for your time
  Mayil

  Hi,
  All the active datasources will be available in RSA6, after that go to LBWE ,maintain Ex Stru, Maintain DS and make that active, then we go for statistical setup
  have you done these things?
  Did you put any filters while filling up the setup tables?
  what is the transaction you used for Setup.
  cheers
  RK

• Seeking help with software upgrade questions for my PowerBook G4

  I am seeking help/advice for a very low tech guy. I upgraded my PowerBook G4 (ancient I know but I have trouble with our thow away society), to Leopard 10.5.2. However, my iDVD no longer works. I plan on upgrading to iLife'08, but based on the system requirements, I am not certain all of the features (i.e. iMovie'08) will work on my older processor. Before I upgrade to iLife, can anyone tell me if I should do it and if they will work on my all the features will work on my PowerBook G4?

  Many prefer iLife'06 to '08, but we went from '05 to '08.
  You are correct in that iMovie'08 will not run on your Book, but when you install iLife'08 you are given the opportunity to download iMovie'06 for free.
  I can't vouch for it fixing your iDVD however.
  Joe

• Problems with the Setup Wizard for WRT54GC

  Hi…
  I just bought a WRT54GC router and while trying to install it I had some problems.
  I opened the Setup Wizard on the CD to install the router.
  When I reach step 6 the internet connection is being checked with the following result: “Unable to detect the internet connection. Please check your cable connections”.
  I’ve checked all the cables and everything is okay – I’m also able to access the internet which shows me that all cables are correctly connected.
  So why do I get this message?
  What do I have to do?
  The problem is that I’m not able to continue the Setup Wizard further than step 6.
  Thanks!

  well..if you have an internet connection through the router and the CD setup shows “Unable to detect the internet connection. Please check your cable connections”. I would recommend you to neglect it....discard the CD and configure the router manually
  you can access the router from the wired computer using http://192.168.1.1 .. the default password is admin

• [SOLVED] Luks with /arch/setup installation , fails at boot

  Hi all,
  So I tried to install arch on virtualbox with encrypted partitions (root /, /home/ and swap), but it fails at boot.
  /dev/sda1 is /boot
  /dev/sda2 is swap
  /dev/sda3 is /
  /dev/sda4 is /home
  The root partition seems to be loading fine because it asks for my password, then the boot sequence goes on, until the /home/ (apparently) :
  :: Bringing up loopback interface
  :: Unlocking encrypted volumes: chome..Usage: cryptsetup [-?vyrq] (...all the options...can't copy paste with virtualbox)
  /sbin/cryptsetup: Unknown action
  failed [FAIL]
  /dev/mapper/croot: clean, 27576/457856 files, 166316/1830898 blocks
  fsck.ext4: No such file or directory while trying to open /dev/mapper/chome
  Possibly non-existent device?
  /dev/sda1: clean,29/24096 files, 20790/96356 blocks
  [FAIL]
  It seems that it tries to open /dev/mapper/chome but it's not mounted yet
  In my /etc/crypttab, I added the lines :
  chome /dev/sda4 none luks
  cswap /dev/sda2 none luks
  /etc/fstab (I didn't change anything, /arch/setup configured it that way) :
  /dev/mapper/chome /home ext4 defaults 0 1
  /dev/mapper/croot / ext4 defaults 0 1
  /dev/mapper/cswap swap swap defaults 0 0
  /dev/sda1 /boot ext2 defaults 0 1
  And grub :
  title Arch Linux
  root (hd0,0)
  kernel /vmlinuz-linux root=/dev/mapper/croot cryptdevice=/dev/sda3:croot ro
  initrd /initramfs-linux.img
  What I wanted to do was to have swap,root and home encrypted partitions mounted at boot, but maybe it is not possible?
  I tried a lot of configurations for /etc/fstab and /etc/crypttab according to what I could find on the net but nothing worked. I read the whole tutorial https://wiki.archlinux.org/index.php/Sy … _with_LUKS but there is no config for fstab or crypttab or grub when installing with /arch/setup
  Thanks for any help !
  Last edited by John0000 (2012-04-12 12:50:18)

  Indeed you have a point, putting password in plaintext isn't very safe.
  There is a good alternative though: https://wiki.archlinux.org/index.php/Sy … _a_Keyfile
  the reason why you don't have a passphrase for root in a file somewhere is that you provide this passphrase during boot-time.
  Somewhere during boot you get the option to unlock you root device by typing in a passphrase... right?
  ro means that the volume is mounted read only http://linux.die.net/man/8/mount

• Please read my question carefully, this is, I think, a question for the experts. It's not the usual name change question.   When I setup my new MacBook Pro, something slipped by me and my computer was named First-Lasts-MacBook-Pro (using my real first and

  Please read my question carefully, this is, I think, a question for the experts. It's not the usual name change question.
  When I setup my new MacBook Pro, something slipped by me and my computer was named First-Lasts-MacBook-Pro (using my real first and last name).
  I changed the computer name in Preferences/Sharing to a new name and Preferences/Accounts to just be Mike. I can right click on my account name, choose advanced, and see that everything looks right.
  However, If I do a scan of my network with my iPhone using the free version of IP Scanner, it lists my computer as First-Lasts-MacBook-Pro! And it lists the user as First-Last.
  So even though another Mac just sees my new computer name, and my home folder is Mike, somewhere in the system the original setup with my full name is still stored. And it's available on a network scan. So my full name might show up at a coffee shop.
  Can I fully change the name without doing a complete re-install of Lion and all my apps?

  One thought... you said the iPhone displayed your computer's old name? I think that you must have used the iPhone with this computer before you changed the name. So no one else's iPhone should display your full name unless that iPhone had previously connected to your Mac. For example, I did this exact same change, and I use the Keynote Remote app to connect with my MacBook Pro. It would no longer link with my MacBook Pro under the old name, and I found that I had to unlink and then create a new link under the new name. So the answer to your question is, there is nothing you need to do on the Mac, but rather the phone, and no other phone will display your full name.

• Help with simple OS upgrade and backup questions for a dumb old previous PC user...?

  Ok...have mercy on me, please...
  I am not completely dumb, I know typical board etiquette, and I have searched for various answers (and found many)...but I just want to confirm my personal "research" and get all of this clear up before I proceed with this insanity.  I know I could probably search more, but this is taking hours, because of all my various questions, one leads to 10 more...
  I have an iMac with Mac OS X Version 10.5.8 (which, though not mentioned anywhere?...is apparently "Leopard", right?  Told you I was dumb...)
  Processor:  3.06 GHz Intel Core 2 Duo
  Memory: 2 GB 800 MHz DDR2 SDRAM
  My main goal:  install an app that was in the Mac App store.
  However, with Leopard, I can't access the Mac App store with Leopard, apparently. 
  I click on the Mac App store, and up pops up a Lion advertisement...telling me I should upgrade.  Ok, fine...probably a good idea, anyway...
  But how do you upgrade to Lion?  Apparently through the Mac App store!
  The web-redirects on the Apple site are amusing...taking me on an endless cycle...purchase Lion in the app store...click..."you need to upgrade to Lion"...OK...click..."you need Lion at the app store"...OK...click..."you need to upgrade to Lion to get to the app store"....etc.
  OK...fine...google searches...ahh, I need to upgrade to Snow Leopard first, apparently!  Yes?
  (Maybe the Apple redirects should detect that I have Leopard, and direct me to a screen that explains that I must upgrade to Snow Leopard...and then Lion!  Do you hear that, Apple?  Thanks.)
  Anyway...so here's my plan:
  1) Upgrade to Snow Leopard
  2) Access the Mac app store
  3) Upgrade to Lion
  Question A:  With my iMac (specs above), is it really advisable for me to do this?  Can my computer really handle Lion?  It seems I barely meet the minimum with my intel core 2 Duo and 2 GB ram...yes?  Is this a dumb idea, even if "OK"?  I know that "minimum requirements" on a PC often meant:  "Well, it will work...but it will be slower than a snail and crash if you run 5 programs at the same time" (which I usually do...)  I don't want to upgrade if the "minimum" is really not enough. 
  Question B:  If the answer to A is "not a good idea", then  do I just need a new computer (i.e. better processor)?  Or do I need more Ram?  And can I add Ram to this computer, and is it relatively easy?  I have added Ram to PCs tons of times, and you always have to determine type of Ram for your board, make sure they "match", or whatever, and then open up the machine and install.  Kind of a pain, but once I have the "right" type of Ram, opening the CPU and installing is within my abilities.  Will it be harder for a Mac?
  = = =
  Next:
  When upgrading an OS on a Windows, you pretty much format the harddrive and start all over.  Back in the day I was a PC user, there wasn't really a "great" way to back up programs and files, so this was a nightmare.  You could NOT just back-up software.  You typically had to re-purchase and install it all from scratch.  Is this the same with Macs?  Furthermore, personal files were scattered all over the hard-drive for the individual software...so trying to back all that up to get it back on the new system = nightmare!  I hate PCs.
  Anyway...so, my iMac has Time Machine.  I am pretty ignorant about this, and based on my previous PC backup program nightmares, I have a distrust for it...and don't really understand how it works.  But in any event, my external drive crashed a few months ago, and I haven't replaced it, yet.  So, I am replacing it soon and will get Time Machine back up and running...setting it up again, etc...leading to question C...
  Question C: When upgrading from Leopard to Snow Leopard to Lion, what is the best way to ensure I keep all my programs and files.  My wife and I both access the computer, so two user accounts.  Does Time Machine really do a good job backing up everything and all things?  Is it just a matter of upgrade to Snow Leopard...then immediately to Lion...and then some sort of "Restore" from Time Machine?  Anything for me to "watch out for"...or to do when I buy a new external hard-drive and setup up Time Machine for the first time on it, in order to make this work well?  Will I have to re-install all the various applications I have installed on this thing?  (like with PCs?)
  Thanks for any sincere help. 

  yachadhoo wrote:
  I have an iMac with Mac OS X Version 10.5.8 (which, though not mentioned anywhere?...is apparently "Leopard", right?  Told you I was dumb...)
  Processor:  3.06 GHz Intel Core 2 Duo
  Memory: 2 GB 800 MHz DDR2 SDRAM
  Apple has discontinued support for 10.5, it's a plaque of our platform that Apple only supports the last two operating systems in circulation.
  Where as on Windows you can run the same OS version for 10 years and get updates free (if not stolen), on a Mac we get one year, two tops now and if you don't upgrade and break all your third party software and hardware drivers in the process, then your denied security updates.
  On top of that, the OS X upgrades tend to break your older hardware too, or slow it down so much that it drives you to want to buy newer hardware.
  It's funny Apple places the AppStore on your OS X version along with iTunes and Safari updates, but then doens't supply necessary security updates, your machine may be compromised and here you enter vital credit card info, banking  etc. thinking you have a secure machine.
  My advice, since that's a 10.5 era Mac, is to upgrade to 10.6.3 via this disk, then use Software Update until clear. You'll get security updates and your present installed 10.5 software will work in 10.6 using Rosetta.
  http://store.apple.com/us/product/MC573Z/A
  Rosetta is not avaialble in 10.7 so it could be a lot of your software will no longer function
  http://roaringapps.com/apps:table
  I don't see the sense in you buying all new software for a machine that's at it's end of life stage.
  You can buy software in the AppStore with 10.6.
  Question A:  With my iMac (specs above), is it really advisable for me to do this?  Can my computer really handle Lion?  It seems I barely meet the minimum with my intel core 2 Duo and 2 GB ram...yes?
  You will need to buy 4GB of RAM to run Lion well, the 2GB is just a bare minimum, and your processor is a bit dated.
  Lion 10.7 is certainly slower than Snow Leopard 10.6, in fact so many wanted to go back to Snow Leopard and one of the resons was Lion was slow.
  So I wrote a User Tip, here, but the Tips were implemented only recently.
  How to revert your Mac to Snow Leopard
  Question B:  If the answer to A is "not a good idea", then  do I just need a new computer (i.e. better processor)?  Or do I need more Ram?  And can I add Ram to this computer, and is it relatively easy?  I have added Ram to PCs tons of times, and you always have to determine type of Ram for your board, make sure they "match", or whatever, and then open up the machine and install.  Kind of a pain, but once I have the "right" type of Ram, opening the CPU and installing is within my abilities.  Will it be harder for a Mac?
  RAM is easy, you can buy it at Otherworld Computing or Crucial.com and install it yourself, there is a little door under the monitor.
  Videos online at YouTube.
  When upgrading an OS on a Windows, you pretty much format the harddrive and start all over.  Back in the day I was a PC user, there wasn't really a "great" way to back up programs and files, so this was a nightmare.  You could NOT just back-up software.  You typically had to re-purchase and install it all from scratch.  Is this the same with Macs?  Furthermore, personal files were scattered all over the hard-drive for the individual software...so trying to back all that up to get it back on the new system = nightmare!  I hate PCs.
  Mac'soperaing system is seperate, it can be replaced or upgraded indepentantly of programs or user accounts on the machine.
  There are some programs that install a kernel extension file at boot into OS X, those get knocked out, but those can be replaced with a new install of the software.
  You should always backup your users files as those can't be repalced.
   Most commonly used backup methods explained
  Question C: When upgrading from Leopard to Snow Leopard to Lion, what is the best way to ensure I keep all my programs and files.
  OS X upgrades dont' affect User accounts but they can have a affect on programs installed, which most of your 10.5 programs likely will no longer work in 10.7
  However they will (with a slight update) work in 10.6 just like before.
  You need to backup regardless, I suggest a manual backup of users files to a storage drive, a 10.5 clone on another drive, the your ready to upgrade to 10.6
  10.5 to 10.6 upgrade is rather painless, also 10.6 gives accelerated video drivers, so your machine will appear faster.
  However once you install 10.7, you will slow down.
  Does Time Machine really do a good job backing up everything and all things? 
  No, you shouldn't rely upon TM, have a multiple backup stragedy, TM files are hard to access directly.
  Is it just a matter of upgrade to Snow Leopard...then immediately to Lion...and then some sort of "Restore" from Time Machine?
  No need to restore, OS X upgrades and leaves everything else in place, just some programs (with 10.6) or a lot (with 10.7) when you try to launch them they will fail.
  Also when you connect TM it will do a substancial change to reflect the new boot drive.
  If you were using TM as a "storage drive" thinking you can use the archived versions later, that wil change upon the new OS X  upgrade.
  But in any event, my external drive crashed a few months ago, and I haven't replaced it, yet.  So, I am replacing it soon and will get Time Machine back up and running...setting it up again, etc...leading to question C..
  You need not only TM drive, but a bootable clone and user files on a storage drive.
   Most commonly used backup methods explained
  Will I have to re-install all the various applications I have installed on this thing?  (like with PCs?)
  No, depending upon what OS X version you stop at depends how many programs no longer work.
  You will have to buy a lot of new or upgrade versions with 10.7, not so with 10.6 only updates mostly because of Rosetta on 10.6 and not on 10.7
  My opinion, since that machine is a bit dated, is to upgrade to 10.6, Software update to 10.6.8, and stay there.
  Later on 10.8 is being released after this summer, you may want to consider getting a new machine with 10.8 a few months later to ensure all the bugs are worked out of it.
  Your not a comptuer savvy person, you like most Apple users expect your machine to "just work" I think going to 10.7 will be a bad experience for you.
  10.6.8 will server your needs until 10.8 is released and on new hardware where Apple will hold your hand for free for three months, 3 years with AppleCare.
  Your not a "OS X upgrader type of a person" and Apple needs to get of thier collective assets and pay better attention to it's most common users.

• 802.1x for user authentication setup questions

  Hi,
  I am fairly new to the 802.1x realm, I have read several documents on how the setup is accomplished and I was hoping someone could validate the setup I have in mind to make sure I am on the right page.  Any comments or assistance would be greatly appreciated, I do not have the infrastructure to test everything before hand.
  I have a remote site with a switch and router.  I want to authenticate users using their AD credentials. At the datacenter I will have ACS 5.2, a Windows 2008 enterprise server for AD service and CS service. I do not have the option to install an additional client on the PC like anyconnect, I need to use Windows OS supplicant without installing physcial certificates on the machine.
  - Within the CS service I will generate a certificate that will be imported by ACS.
  - I will activate ACS to integrate with AD
  - I do not want to insall certificates on the client machines so I will use PEAP w/ MSCHAPv2
  - The authenticating clients will be XP w/ SP3, I am hoping that a group policy can be created to enabed the wired service to start automatically and I will also need to add my CS/CA server as a trusted authority unless I purhcase a verisign certificate to be used. Correct? or will this need to be done when the desktop image is installed on the pc?
  Additional Questions:
  - With the setup I described above using MSCHAPv2 when the user boots the computer in the morning, hits ctrl+alt+delete and provides their AD credentials will this act as a single sign on? first authenticating them through 802.1x so the port is authorized and then authenticating them to the AD server? or will there be some type of pop up window that will appear before the ctrl+alt+delete window? making the user provide credentials twice (annoying)
  - Once the user is autheticated can I push an ACL down to the switch to enforce a set policy? or does this happen on the router?
  - Most of the documents I have read are related to L2 802.1x is there a  L3 option that includes the router that I should be looking at to  provide more features?
  - can anyone speak to their experience with the Windows OS supplicants? is the functionality flaky/clunky or if the backend is setup properly it works seamlessly?
  Sorry for the long winded post but I am kind of shooting in the dark without having the equipment to test with. Any help is appreciated!
  Thanks

  Thanks too you both for the responses.
  I have a few followup questions which I have added inline.
  Q:
  - With the setup I described above using MSCHAPv2 when the  user boots  the computer in the morning, hits ctrl+alt+delete and  provides their AD  credentials will this act as a single sign on? first  authenticating them  through 802.1x so the port is authorized and then  authenticating them  to the AD server? or will there be some type of pop  up window that will  appear before the ctrl+alt+delete window? making  the user provide  credentials twice (annoying)
  A:  If you select "Use windows credentials" it won't prompt you for credentials. so All automatic.
  However  note that it will only login AFTER you entered the credentials on the  logon page. So you won't have network connectivity for the initial  logon, so no login scripts this way.
  With your comments I am rethinking my approach, I am considering that if the company security policy will allow it I will do machine authentication only instead of user auth.   Obviously this is not as secure since a rogue user could change the local admin password and have access to the network.  But interms of simplicity and ease of use machine authentication provides a transparent authentication mechanism that should suffice.  I would just have to sell the solution to security. 
  There a few things I need to understand before persuing this.
  - will the machine be 802.1x authenticated and on the network before the  ctrl+alt+delete? so when user logs in the machine has passed 802.1x  already and has received ip from dhcp? this is my hope.
  - is peap/mschap still the supported protocol so no physical cert is required per machine? no EAP-TLS
  - is the machine profile on the AD server used for 802.1x verification/authentication? meaning ACS will pass off to AD to verify the machine is part of the domain? or do you have to create machine profiles in ACS?
  - I have read a few articles out there about issues with machine auth with clients using XP, perhaps this was related to previous serivce packs before SP3? there was mention of registery changes required etc.
  - is there a different supplicant offered by cisco that is more robust that would provide more stability or is the cisco supplicant cost money per user license or other etc.
  Again your feedback is invaluable as I do not have the physical equipment to test with.  Unfortunatly I have to propose a solution before actually testing something which I am not particularly fond of.
  Regards,
  Eric

• Exchange 2013 Site Resilience - Basic questions for setup in two seperate AD Sites, same domain

  I am just getting ramped up with Exchange 2013 and have a friend that I am assisting with planning an exchange 2013 deployment for.  I am not asking for step by step directions for setup, just asking for a basic overview so I can dig in to this and
  assist.
  Goal is to have an exchange server, one in NC and one in Switzerland in an active/passive mode for site resilience.  Both servers will be multi role servers. 
  This is a small organization, less than 50 users and on a budget for equipment.  HQ is in NC and the server will have all roles installed on a single server. Switzerland will have only one Exchange server for fail over.  There is only
  one domain total with two AD Sites. 
  My questions for clarity -
  1. Can I create a Site resilient deployment with two Exchange Multi Role servers in these locations?
  2. Currently, the organization does not have a Load Balancer.  Will this be required? 
  3. They do not have a third location for a Witness Server, what issues could potentially happen if the witness sits in one of the two sites?
  4. Any other basics for this design are much appreciated.  I am reading a lot, however a little confused as I read through the requirements.
  Thanks for your input and direction!
  Wall

  Hi
  Please find below answers to your questions.
  1. Can I create a Site resilient deployment with two Exchange Multi Role servers in these locations?
  Yes
  2. Currently, the organization does not have a Load Balancer.  Will this be required? 
  No you don't need to have a load balancer. As you are setting up the infrastructure in Active / Passive mode you don't need a dedicated LB for this.
  3. They do not have a third location for a Witness Server, what issues could potentially happen if the witness sits in one of the two sites?
  The issue with the witness server in primary or DR site is if your witness server is not responding your DAG won't work properly (failover). If you don't have a 3rd site then you can setup a witness server in your primary site and Alternate witness server
  to your DR site.
  4. Any other basics for this design are much appreciated.  I am reading a lot, however a little confused as I read through the requirements.
  I would recommend to use Exchange sizing calculator and technet is the best resource for you :)
  Kindly mark this as answer if it fulfill your requirements. :)
  Regards, Riaz Javed Butt Consultant Microsoft Professional Services MCITP, MCITP (Exchange), MCSE: Messaging, MCITP Office 365