NPS: Override User-Name and User Identity Attribute

Similar Messages

• NAM and "unprotected identity pattern" not working as expected

  Hi,
  I'm trying to test such 802.1x wired environment:
  windows xp sp3 as supplicant
  windows NPS as radius server
  2960 as authenticator
  latest anyconnect (3.1.01065) + nam and standalone profile editor
  I have a question:
  Could someone explain me the difference between protected identity pattern and unprotected identity pattern (set in nam profile editor)? As I understand documentation PEAP-MSCHAPv2 is a tunneled method and it uses unprotected identity pattern to protect user's identity during phase 0. But if I use any fake identity here (anonymous, anonymous@[domain], etc) access is rejected (Access-Reject in switch debugs). I have to use exacly the same pattern in
  unprotected identity pattern as in protected identity pattern ([username] or [username]@[domain]) to gain access, regardless of authenticaton mode (same in machine only, user only authentication)
  I would be grateful for any clues
  Best regards
  Lukasz

  Ok I've solved it... NAM works fine, problem was with NPS config. If you want unprotected identity pattern to work, just configure authentication methods under "connection request policies" not "network policies".

• Iphones and user identity certs

  successful in implementing client based authentication with the iPhone and Exchange 2003 (or 2007 for that matter)?
  Our current implementation requires Windows Mobile devices to obtain a client certificate on the users behalf and then upload it to the phone. Our ISA server then presents this to the exchange server then requires the device to present the client certificate before letting them in. the goal is single sign on via user cert. we are moving to all I-phones from mobile 6 devices.
  This is working on the Windows Mobile side, but is not working on the iPhone side.
  the root certs and user certs are installed on the Iphone, but when you connect to the server can verify exchange account.
  we run 2 servers one for OWA/activsync with user ID and password no user cert work fine, If I move the iphone to our second server which is cert only authentication no go on the Iphones, but mobile seems to work fine. just bought 120 Iphones need to figure this out.

  Hi GerardVU4,
  Thank you for your post.
  Is it by design that all authentication requests handled, are changed to MAC Address Authentication?
  To always use the MAC address as the user identity, on the NPS server set the Override User-Name registry value to 1.
  If you set Override User-Name to 1 and the User Identity Attribute to 31, the authenticating server can perform
  only Automatic Number Identification/Calling Line Identification (ANI/CLI)-based authentication. Normal authentication by using authentication protocols, such as Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) and Extensible
  Authentication Protocol (EAP), is disabled.
  So please remove Override User-Name registry entry on your NPS server first.
  Do we need separate NPS servers, one for MAC based authentication and one for A.D. account authentication?
  No, you could set up three Network Access Policies on same NPS server.
  Network Access Policies based on MAC Address, just select Authentication Methods PAP in policy Constraints TAB.
  Network Access Policies based on Active Directory Account, Keep the default Authentication Methods MS-CHAP-v2& MS-CHAP.
  If there are more inquiries on this issue, please feel free to let us know.
  Regards,
  Rick Tan

• Firefox will not save my user name and password for one of my sites. How can I fix this problem. It is getting annoying having to reenter every time I check this site. Is there a solution.

  I had my user name and password saved for my library site. My grandson hit something and now the saved user name and password are gone. It asks me every time to enter it and it is getting annoying. How do I fix this. I want Firefox to remember these codes.

  You can create a bookmark with the JavaScript code via a right-click on the "Remember Password" link on the squarefree.com website and choose "Bookmark This Link" and select the "Bookmarks Toolbar" as the destination folder for easy access.
  * https://www.squarefree.com/bookmarklets/forms.html#remember_password
  You need to use the "Remember Password" bookmarklet before or after filling the name and password field on the website with the <u>login form</u>, but before submitting the login form by clicking a button on the web page.
  If the site is using autocomplete="off" then you see a number not equal to 0 (i.e. attributes were removed) in the pop-up alert from the bookmarklet and Firefox should offer to remember the name and password via a drop down dialog of the key icon that will appear on the location bar (Firefox 4+) or via an info bar at the top (Firefox 3).

• I am in the Enterprise Dashboard and I can't view User, Identity or Deployment areas, can anyone help?

  When I try to access the User, Identity or Deployment areas in the Enterprise Dashboard there appears to be issues, the page doesn't appear to be able to load.
  I wonder is anyone else experiencing this, for me and my colleague are having issues?
  Please come back to me asap as we are trying to role out the abobe creative suite to the business and already had several holdups
  Many thanks
  Sarah

  Hi Sarah,
  Can you please e-mail me your org name and customer ID via private message? I did check with your e-mail however I do not find any enterprise account.
  Thanks,
  Ashish

• How to show users display name and email address in open social widget?

  Hello experts,
  Is it possible to retrieve users display name and email address with opensocial javascript e.g. Login widget seems to load user data (and userData.firstname) during the site init. Is this something that could be consumed or is there some opensocial data request that could/should be used. Any working sample widget spec would be appreciated.
  Best regards,
  Ville

  Hi Ville,
  in the logon widget, we also use the data retrevied from siteInit.loadData.data.user. However, this widget is part of the out of the box openSocial widgets, it is being released with the product code, not as a separate OS widget deployed on HANA Cloud Platform.
  If you'll do window.parent.siteInit you'll probably will get the data you are looking for, but this isn't the official public API, so you can use it but we cannot commit on keeping this structure.
  Why do you need this information in the widget level? Does your widget require authentication or is it for personalization needs?
  The best way is to retrieve this info on the java side using HAHA Cloud Platform APIs and send them back to the client.
  Look at this - SAP HANA Cloud Platform SDK >
  Package com.sap.security.um.user
  Interface:
  User
  This interface provides read access to user data and is an extension of Principal.
  UserAttribute
  The interface represents abstraction over a user general attribute, such as an e-mail address.
  UserProvider
  This interface represents the service interface which provides read access to a user implementation.
  Inbal 

• How to create a user using XML and specifying addional attributes that are objects

  I'm trying to create a user using XML and specifying some attributes that are objects and not sure how to do it. How would I set the DirectoryUserAcl to Public?
  Here's the xml file:
  <?xml version = '1.0' standalone = 'yes'?>
  <SimpleUser>
  <UserName>mike2</UserName>
  <Password>abc123</Password>
  <AdminEnabled>false</AdminEnabled>
  <HomeFolderRoot>/home</HomeFolderRoot>
  <HasContentQuota>false</HasContentQuota>
  <DirectoryUserAcl> ??? </DirectoryUserAcl>
  <DefaultAclBundleAcl> ??? </DefaultAclBundleAcl>
  <HomeFolderPolicyBundleAcl> ??? </HomeFolderPolicyBundleAcl>
  </SimpleUser>

  I figured out the answer:
  <?xml version = '1.0' standalone = 'yes'?>
  <SimpleUser>
  <UserName>mike2</UserName>
  <Password>abc123</Password>
  <AdminEnabled>false</AdminEnabled>
  <HomeFolderRoot>/home</HomeFolderRoot>
  <HasContentQuota>false</HasContentQuota>
  <DirectoryUserAcl classname="SystemAccessControlList" refType="name">Public</DirectoryUserAcl>
  </SimpleUser>
  null

• How to compare index names and columns from different user?

  I am using below query to compare two indexes from 2 different users but even though index name and columns are same... result shows me they are different.. what I am doing wrong? Thanks
  WITH t AS
          (SELECT COUNT (DISTINCT index_owner || index_name || indexed_cols)
                     cnt
             FROM (  SELECT index_owner,
                            index_name,
                            listagg (column_name, ',')
                               WITHIN GROUP (ORDER BY column_position)
                               indexed_cols
                       FROM dba_ind_columns
                      WHERE index_name='XPKTBL_A'
                   GROUP BY index_owner, index_name))
  SELECT CASE
            WHEN cnt > 1 THEN 'Indexes are different'
            WHEN cnt = 0 THEN 'Indexes dont exist'
            WHEN cnt > 1 THEN 'Indexes are identical'
         END
            commnt
    FROM t
  Result:
  Indexes are different
  but Actually if you check below they are same After when I run this query:
  SELECT index_owner,
           index_name,
           listagg (column_name, ',') WITHIN GROUP (ORDER BY column_position)
              indexed_cols
      FROM dba_ind_columns
     WHERE index_name='XPKTBL_A'
  GROUP BY index_owner, index_name;
  Result:
  Index_owner
  Index_name
  Index_cols
  USER1
  XPKTBL_A
  FIELD_A1
  USER2
  XPKTBL_A
  FIELD_A1

  Hi,
  Erhan_toronto wrote:
  I am using below query to compare two indexes from 2 different users but even though index name and columns are same... result shows me they are different.. what I am doing wrong? Thanks
  WITH t AS
          (SELECT COUNT (DISTINCT index_owner || index_name || indexed_cols)
  So index_owner is 'USER1' in one case, and 'USER2' in the other; right?
  A string that starts with 'USER1' will be distinct from a string that starts with 'USER2', no matter what the rest of the string contains.  Maybe you don't want to compare the owners, or maybe you meant to use some other column (such as table_name) instead of index_owner).
  I hope this answers your question.
  If not, post a little sample data (CREATE TABLE, CREATE INDEX and CONNECT statements), and also post the results you want from that data.
  Explain, using specific examples, how you get those results from that data.
  Always say which version of Oracle you're using (e.g., 11.2.0.2.0).
  See the forum FAQ: https://forums.oracle.com/message/9362002

• Problems with invalid user name and password

  We have a one week old MacBook 2.2GHz basic white model that is generally working well.
  However a problem has now arisen whereby on any attempt to shutdown or restart it won't accept the administrator user name and password, returning an 'invalid' warning. The issue seems to be the user name as the administrator password has worked OK in other situations. Naturally I have checked and re-checked the user name (which was in the form (first name followed by surname in upper and lower case) and it was OK (in any case it was being prompted automatically by the system.)
  I have subsequently changed the administrator name (to the form first name only in upper and lower) and the password as suggested by the following article:
  http://docs.info.apple.com/article.html?artnum=306876
  Nothing has changed. Can anyone help?

  HI Martin, a late post to confirm the solution from the last post by using the "RETURN" key works..
  (mouse click worked ok in Tiger 10.4.x I thought).
  Tis was a delight and so obvious after seeing these symptoms.
  I have posted this entry in case anyone else get's into this situation since OSX LEopard 10.5. Several people have encountered this issue where they may have:
  • LEopard 10.5.x installed
  • have 2 or more active users LOGGED into the OSX system via fast user / fastuser switching
  • request a SHUTDOWN or RESTART from an user
  • get a OSX request to supply administrator attributed user and it's associated password to validate SHUTDOWN | RESTART request,
  • have admin | root account verification failure of password after 'clicking'.
  After some months of frustration, it seems a simple PRESS of the "RETURN key" works!
  Simply, DON'T mouse click after entering admin user/password.... instead press "RETURN" key.
  fwiw.
  w

• Rename short name or switch main user identity

  Hi fellow mac users!
  I recently have taken over a new G5 at work and want to personalize it to my new user identity. How do I change the existing 'short name' or delete the existing user and make myself the main user?
  I'm trying to avoid a whole system re-install since apps and files already exist from the previous user.
  Is there a technique that I can try?
  thanks in advance.

  If you don't need anything from the previous user's home folder, you can simply create a new admin account in SystemPreferences>Accounts and then delete the previous user's account.

• Get User Names and Mail Ids present in Exchange Server

  Hello All,
  Can we get all the names and mail ids present in the exchange Server global address book?
  I tried one example but it is giving error.
  Exception in thread "main" javax.naming.CommunicationException: [LDAP: error
              code 2 - Protocol Error]; remaining name 's=satheesh'
  Code is given below:
  Hashtable env = new Hashtable(11);
  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.PROVIDER_URL, "ldap://mailserver:389");
  DirContext ctx = new InitialDirContext(env);
  Attributes answer = ctx.getAttributes("s=satheesh");
  Any example code to get user names and mail ids will be helpful.
  Thanks in advance.
  Regards,
  Satheesh A
  [email protected]

  Hi Satheesh,
  I am new to LDAP. I am facing the exact same problem as you mentioned. Did you solve your problem?
  Thanks for any help you can provide.
  Hello All,
  Can we get all the names and mail ids present in the
  exchange Server global address book?
  I tried one example but it is giving error.
  Exception in thread "main"
  read "main" javax.naming.CommunicationException:
  [LDAP: error
  code 2 - Protocol Error]; remaining name
  aining name 's=satheesh'
  Code is given below:
  Hashtable env = new Hashtable(11);
  env.put(Context.INITIAL_CONTEXT_FACTORY,
  "com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.PROVIDER_URL,
  "ldap://mailserver:389");
  DirContext ctx = new InitialDirContext(env);
  Attributes answer = ctx.getAttributes("s=satheesh");
  Any example code to get user names and mail ids will
  be helpful.
  Thanks in advance.
  Regards,
  Satheesh A
  [email protected]

• How to find out the user name and email address from SAP user id?

  Hi experts,
  In sto3n I find out the the user id with most navigations. I like to know his name or email address to contact him. Which table stores the user details? how to do it?
  Thanks in advance.
  Sharat.

  hi,
  The below tables will give only the name .
  USER_ADDRS
  USER_ADDR
  USER_ADDRP
  USR02
  i think you need email address .
  you can use this Tcode : su01d
  and give the user name and excute it
  i hope it will help you.
  Ram
  Edited by: Ram velanati on Jun 30, 2008 6:57 PM

• TS3276 Cannot send mail from my iPad...."user name and or password is incorrect"......mail can be sent from my iPhone

  Why do I get the message   "Cannot send mail, the user name and or password for my email outgoing server is incorrect"?  I use the same account, etc. on my iPhone and haven't any trouble sending mail.

  If your email requires a password for the SMTP server you can set it up in the settings in the General mail setup. Some i.e Gmail require a password for SMTP.
  Otherwise you will probably get better answers in the iPad forum.
  https://discussions.apple.com/community/ipad/using_ipad

• SharePoint 2010 Web Analytics showing user Display Name and Account Name from the same user

  Hi!
  Since July, 16th 2012 the Web Analytics Daily Unique Visitors reports started to show almost the double of visitors we used to have on our Web Application. Here are some of the data (I intentionally deleted the weekend data):
  10/7/2012 2.497
  11/7/2012 2.723
  12/7/2012 2.722
  13/7/2012 2.699
  16/7/2012 5.055
  17/7/2012 4.963
  18/7/2012 4.954
  19/7/2012 4.998
  20/7/2012 4.965
  23/7/2012 5.117
  24/7/2012 5.012
  25/7/2012 5.071
  As you may notice the data jumped from around 2.700 unique visitors to around 5.000 unique visitors. As the number of permissioned users remains constant it is pretty odd. I also checked the Number of Page Views report and see no change on its behavior.
  The number of page views remained constant.
  So I went to look the Top Visitors report and understand why the visitors number almost doubled. The analytics started to count the users Display Name and Account name as two different visitors with a different number of page views. Let me show you an example
  from yesterday (July, 25th) Top Visitors report:
  #     Visitor                  Page Views    %
  1    Cinthia XXXXXXXXXX    359        0,55%
  5    Giselle XXXXXXXXXX     143        0,22%
  7    Aline XXXXXXXXXX       138        0,21%
  15  nt\cmazevedo              111        0,17%
  60  nt\gbsantana                 69        0,11%
  73  nt\aglsiqueira                 65        0,10%
  "Cinthia" and the account "nt\cmazevedo" are the same person. The same is applied to "Giselle" / "nt\gbsantana" and "Aline" / "nt\aglsiqueira".
  As I stated this is an example from July, 25th. If I checked the same report from a period before July, 16th I can only see the users Display Name as "Visitors". No account name is displayed or counted as a different visitor.
  About the environment:
  We have two SharePoint 2010 farms: a "corporate" and a "enterprise". The corporate farm contains four web servers and a central administration servers with publishing services. The enterprise farm contains two servers running User Profile Services, Search
  Services and some others. Our main version is the SP1 with June/2011 Cumulative Update with a few more hotfixes applied.
  This behavior on analytics is affecting all web applications (we have more than 20) installed on this farm and my company Support team said that no change were made on SharePoint on the weekend the problem started.
  Does anyone have any tip about what is going on?
  Thanks in advance!

  Hi, Manas!
  First of all thanks for your interest on this issue but I don't think it is related to the User Profile or the Active Directory.
  I checked both records and there was no change on the Display Names. All the users have "full names" as display names (first + middle + last name) and not logins as SharePoint is displaying on this report.
  But I did a test yesterday and checked the results today confirming that just the access been made using a specific server are causing this. Explaining it better:
  I have four web servers on my farm named from P01 to P04. Then I created this test script:
  Step 1: Change local HOSTS file to point the web application on the server P01.
  Step 2: Access site "A"
  Step 3: Access site "B"
  Step 4: Close the browser.
  Step 1: Change local HOSTS file to point the web application on the server P02.
  Step 2: Access site "C"
  Step 3: Access site "D"
  Step 4: Close the browser.
  Step 1: Change local HOSTS file to point the web application on the server P03.
  Step 2: Access site "E"
  Step 3: Access site "F"
  Step 4: Close the browser.
  Step 1: Change local HOSTS file to point the web application on the server P04.
  Step 2: Access site "G"
  Step 3: Access site "H"
  Step 4: Close the browser.
  I asked three users to execute that script. The results: All access to the sites "C" and "D" were registered on Web Analytics with the user account name such as "nt\cmazevedo". All the other sites registered the user Display Name correctly such as "Cinthia
  XXXXXXXXXX".
  With this test we could isolate the problem just on the server P02. It doesn't occur on the others. Now my support team is trying to find any configuration difference between this server and the other three that could point for the root cause.
  I am also looking for some information regarding the service responsible for this task ("transform the account name into a display name") to understand why it doesn't work on one server and works on the others.
  Thanks!

• Upgrade of our 10.4.11 laptop to 10.5 is accomplished and we now need to upgrade Quicktime and iTunes; however, the user name and password is now not working after the upgrade to 10.5.

  Object is to sync address and calendar between laptop with Max OS 10.4.11 and iPhone. Upgrade of our 10.4.11 laptop to 10.5 is accomplished and we now need to upgrade Quicktime and iTunes; however, the user name and password for the laptop is now not working after the upgrade to 10.5., though it was working prior to the upgrade, for file sharing.

  @ BDAqua > I tried your suggestion but no luck. holding opt+command just gave me a blue screen and it rebotted, pushing the disk out of the drive. Yes, the macbook has 1 gb of ram. I realize that the min req. call for 2 gb of ram so i've got an order in for another dimm to put into the machine. Thanks for your suggestions.
  @ a_brody > Yes. The machine was plugged into a power source. The disk promts you to do that and i recall aspect this form other installs. Thanks for the reminder tho! ( btw your second post is like greek to me man!) 
  @ Kuncklesmac > You're right about Snow Leopard being an upgrade from Leopard. I'm aware of this. And yes previously i've been told by Apple that I needed the Box Set (not the family pack.  i am using the family pack for OS Snow Leopard) to upgrade my 10.4.11 mac - they never mentioned adding ram but i figured that out on my own and an apple specialist recommended it when i purchased Snow Leopard and confirmed that I coul duse the Snow Leopard to upgarde from Tiger (10.4.11). I've also read extensively (as i said above) that it isn't necessary (always) to buy the box set. Several 10.4.11 users report having upgraded using the Snow Leopard upgrade disk only (not the Box Set) without trouble on intel macs (also see the apple link i posted). So i'm just ondering how they did it and i cannot. 
  Thanks fo rall yor help!