Peap AUthentication User Group issue
Dear All,
I have a strange problem. We are running Wireless service which includes Cisco AP1200 (B&G), radius server ACS 4.0, WPA/TKIP. We have two setups, one for trusted machines which are part of our domain, other is untrusted which is from students. We have also setup groups in ACS 4.0 to allocate the required Vlan accordingly.
When untruisted machine logs in, it gets the required vlan which is fine. But when on the same machine I log in with domain account it get us the trusted machine ip address which is not right.
Is there any way I can stop this behaviour because if some with untruested machine logs in with the domain account, he/she will get the ip which is only for trusted machines.
Two Vlan are with two ssid'S.
I will be thankful, if someone could help me in this seyup issue.
regards
Khaleefa
Try these links:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_tech_notes_list.html
Similar Messages
-
Hello Everyone.
We created two Roles Role1 and Role2 for this Roles we have assigned the Group "Authenticated Users"
Now the client requirement is they wants to remove couple of users who are assigned to Role1(who belong to "Authenticated Users" group.
Though it is not a good practise One thing I can do is search for the group "Authenticated Users" in portal then choose modify and choose assigned users and remove the users from this group.So,that they can not see Role1
If I remove the users from the group "Authenticated Users" then they will not be able to see Role2 as they are removed from the "Authenticated Users" group which is assigned to Role2
Can anyone help me out regarding this issue.Hi Shailesh,
What you understood is correct ie "Both the users have been added to Role 1 and Role 2, and both the roles have been assigned to "Authenticated Group".
I tried the step what you have stated.
once I login to portal --- User administration -- identity management
search for the user.
choose modify
if I click on assigned roles I do not see either Role1 or Role2 under assigned roles
but if i click on assigned groups I see " Authenticated Users"
thanks in advance -
Authenticated Users Group Question
I have a quick question regarding the Authenticated Users "group". I used to be a systems administrator, but I'm a bit rusty since I've been a software developer for the last 10 years. A conflict with data center operations (DCO) group
at work lead me to get another opinion.
The question is this... is the authenticated users group a domain-level group or is there a local authenticated users group that would allow only users authenticated locally? We have a share that permits the authenticated users group access.
My opinion is that all domain users who have authenticated successfully have access to this share. The DCO group is telling me that this is the local (to the server containing the share of course) authenticated users group only.
Is there such a thing as a local-only authenticated users group? To me this doesn't even make sense, but I could very well be wrong.
Nathon Dalton
Sr. Software Engineer
Blog: http://nathondalton.wordpress.comI apologize. I don't think I explained myself correctly. Let's consider the following...
SERVER: SERVER1
DOMAIN: DOMAIN1
SHARE: \\SERVER1\SHARE1
SHARE PERMISSIONS: Authenticated Users - Full Control
Given the above information, is it possible that the Authenticated Users group will allow ONLY users that are defined on SERVER1 to access \\SERVER1\SHARE1?
My understanding is that's not possible. There's one defined Authenticated Users group and that represents ALL users that are authenticated against DOMAIN1, whether added to local groups, shares, etc.
What I'm being told however is that SHARE1 having Authenticated Users assigned is okay since only those user accounts defined on SERVER1 will be able to access it. All the users in the domain will NOT be able to access it. I think this is bogus. Am I wrong?
Nathon Dalton
Sr. Lead Developer
Blog: http://www.nathondalton.com -
We have following doubt regarding Authenticated User group in Windows 7
1. When this user group is added to a Drive/folder/file automatically.
2. As per our observation, mostly it shows in the drive in which OS is installed. On some machines it shows in other drives. How this is added in other automatically.
3. Another observation is, due to the presence of this group, it is possible to write a file(which is created by administrator or system) with an application which is started with Standard User token. So do we need to add any extra permission to work
our application(with standard user token) to read and write to the folder/file with Authenticated User group.
4. Is it possible that Authenticated User group will not exist in OS installed drive.
5. Is it possible that an application with standard user cannot write to a file/folder even if Authenticated User group is present for the same.
Thanks, Renjith V RHi,
To learn more about authenticated users group, you can refer to the related thread:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/e1a8e680-03a2-4690-a7e5-f17ad7389ecd/authenticated-users?forum=winserverDS
Andy Altmann
TechNet Community Support -
Everyone Group vs. Authenticated Users Group
Two questions.....
1.) What is the difference between the "Everyone" group and the "Authenticated Users" group.
2) We are starting to use some new BI content (NW04s) in our federated portal and have found that we have to grant permissions to "Authenticated Users" instead of the "Everyone" group. Any ideas why?
Regards,
DianeDiane,
The following asnwer is not a SAP answer but I did a quick check on our system and:
1. the difference between the group Everyone and Authenticated users is exactly 1 user assignment.. I looked further and see that it has to do with the J2EE_GUEST user. this user is member of the group Everyone but NOT of the group Authenticated users.
2. Can not give you a sure anser on this question but maybe it has to do with security that this is needed?!?!\
Hopfully another SDN community member can fill me in here...
Good luck and Kind Regards,
Benjamin Houttuin -
As I understand the AU group is made up by any user that logs in. However, it does not work when I specify access to a TAB page so is only visible for AU. In this case the TAB is also available for the PUBLIC user.
I am working with Portal 3.0 EA on an Intel/NT plataform, my question is: is this the way that was supossed to be or it is something that has to do with the version that I am using...?
ThanksI apologize. I don't think I explained myself correctly. Let's consider the following...
SERVER: SERVER1
DOMAIN: DOMAIN1
SHARE: \\SERVER1\SHARE1
SHARE PERMISSIONS: Authenticated Users - Full Control
Given the above information, is it possible that the Authenticated Users group will allow ONLY users that are defined on SERVER1 to access \\SERVER1\SHARE1?
My understanding is that's not possible. There's one defined Authenticated Users group and that represents ALL users that are authenticated against DOMAIN1, whether added to local groups, shares, etc.
What I'm being told however is that SHARE1 having Authenticated Users assigned is okay since only those user accounts defined on SERVER1 will be able to access it. All the users in the domain will NOT be able to access it. I think this is bogus. Am I wrong?
Nathon Dalton
Sr. Lead Developer
Blog: http://www.nathondalton.com -
Hello All,
I just got a Mac Pro with Lion Server Pre-Installed. I set everything up without a hitch for the most part and everything seems to be running fine.
My problem is after a server reboot for the umteenth time there are now 88 users when there was only 4 and 115+ groups when I had 6. I don't want to start deleteing users and groups and find out later that they where needed by an obscure service or application that could potentially cause issues but I would like to hide them so I don't have to scroll thru them or accidently click on the wrong one and change it by mistake.
Users consist of:
AMavis Daemon
ATS Server
CVMS Root
Dovecot Administrator
Jabber XMPP Server
Seatbelt
WindowServer
World Wide Web Server
Groups consist of:
Accessibility Group
Apple store Users
ATS Server
Binary
com.apple.access_backup
Why didn't they show up when I created groups and users prior and why are they now showing up.....Thanks for your help Apple Community.So I found the solution and thought I would post for others that might be having the same problem. Although I was authenticated I was not "completely" authenticated to the server. Why this changed I am not sure. I started my server after the big 10.7.2 push so no real major releases recently except the cloud. Anyway, I had to bind my laptop to the server, even though I was logging on to the server and getting the green light.
Here is how you do this. System Preferences/Users & Groups
Then Login Options (authenticate likely neccessary)
Then where it says Network Account Server click on Edit
Select server and then Open Directory Utility
Select LDAPv3 and click on the pencil icon
Select the server again and click on edit
and now login as the Directory Admin and Bind to the server. Not sure if I was "unbound" at some point or if this was added as part of some release but since doing this my problem has gone away and I am having no problems home syncing again. -
Weblogic on Unix, authenticating users/groups from NT domain controller
Hi!
Our weblogic 6.1 server will eventually run on a non-windows platform, but
needs to authenticate users from a Windows NT 4.0 domain controller. What's
the best solution to this?
- What (inexpensive) LDAP-servers supports synchronization with a Windows
domain controller?
- Or am I missing out on other ways of doing this?
jan henrikYes. Other instrinsic jobs are failed too. Does this related to Job Dispatcher service? Thank you for your help.
-
Groups Authenticated users & Everyone difference
Hi Everyone,
There are builtin groups Authenticated users & Everyone. when i check for some iviews, folders, their permissions are set to Everyone with enduser as checked and for some objects, the permissions are given as Authenticated users group with enduser as checked.
What is the difference between these two. All the ESS/MSS objects has given the permission as Authenticated users group with Enduser checked.
anyone clarify this doubt.
Regards,
EP.Hi,
There are two kinds of Properties for an Portal Content Object,
1. Administrator Permission- create/modify/read/ permissions etc privilatges on the object. These are Design Time Permissions
2. EndUser- When a user is assigned a end User Permission, he can view the content at runtime i.e. If the iView is assigned to the User (via iView assigned to a role, and role has an entry point and assigned to the user) and he has only the end user Permission, then he can login and view the runtime content only. A kind of end user privilage.
Now,
1. Authenticated Users: the Users who have entered their logon info/ used a certificate to Login to the Portal/ to say users who have authenticated themselves to Portal are the Authenticated Users. The User Group is named so.
2. Everyone- All the Users- Authenticated or not fall in this group. Sometimes Content can be accessed directly with a URL without any Logon.
Based on who can access the End user Content, the End User permission is provided in Permission settings, i.e.in the ACL of that Object.
Hope this answers your question. Reward points for Helpful answers.
Thanks,
Vamshi -
WLS 8.1.5 console doesn't show ActiveDirectory (or custom) Users/Groups
We currently have numerous apps running on a weblogic 8.1.4 portal domain. I am attempting to replicate this domain on 8.1.5. There are four authenticators on our old domain: a DefaultAuthenticator, an ActiveDirectoryAuthenticator, and two Custom Authenticators (based on the sample database authenticator), with JAAS flags set to OPTIONAL for all. Everything was working properly under sp4, including user/group/membership listings in console and authentication. Under sp5, while simple authentication seems to work with all providers, the user/group/membership listings in weblogic console have bad HTML (empty rows under any default authenticator users/groups). The active directory settings were migrated wholesale and I verified that authentication works against this provider. Just no usernames or groupnames. I tested with just ActiveDirectory and DefaultAuthenticator, DefaultIdentityAsserter.
<p>
I was able to debug a bit more using our custom authenticators. I have verified that the user and group lists are being requested and returned properly when you click on Manage Users or Manage Groups in weblogic 8.1.5 console. It just seems like somewhere in the console there is a problem and the HTML output is garbled. Here is a sample of my debug text, the method names and classes should be immediately familiar from the sample authenticator:
<p>
getUserLoginNamesMatching(*,50)<br>
loginNames=[BF, DAD, NA, OTN, P1Adm1, P1User1, P2Adm1, P2User1, S, ab, admtest, gw, jb, joeschmo, kw, mf, mh, pa, rn, rt, super, test1, wf]<br>
Success: listUsers(userNameWildcard = *, maximumToReturn = 2147483647) = Cursor0<br>
Success: haveCurrent(Cursor = Cursor0) = true<br>
Success: getCurrentName(Cursor = Cursor0) = BF<br>
Success: advance(Cursor = Cursor0)<br>
Success: haveCurrent(Cursor = Cursor0) = true<br>
Success: getCurrentName(Cursor = Cursor0) = DAD<br>
Success: advance(Cursor = Cursor0)<br>
Success: close(Cursor = Cursor0)<br>
getExistingUser(BF)<br>
user=new UserEntry( BF, BF , BF, [PDA, ADM], com.otn.mobilelynx2.security.providers.authentication.UserGroupDatabase@7f5e61 )<br>
Success: getUserDescription(user = BF) = BF<br>
getExistingUser(DAD)<br>
Success: haveCurrent(Cursor = Cursor0) = false<br>
Success: close(Cursor = Cursor0)<br>
getExistingUser(BF)<br>
user=new UserEntry( BF, BF , BF, [PDA, ADM], com.otn.mobilelynx2.security.providers.authentication.UserGroupDatabase@7f5e61 )<br>
Success: getUserDescription(user = BF) = BF<br>
getExistingUser(DAD)<br>
user=new UserEntry( DAD, Dummy Alcanto Demoer, LYNX, [PDA], com.otn.mobilelynx2.security.providers.authentication.UserGroupDatabase@7f5e61 )<br>
Success: getUserDescription(user = DAD) = Dummy Alcanto Demoer<br>
getExistingUser(NA)<br>
user=new UserEntry( NA, Nancy Aarons, 1234, [PDA, ADM], com.otn.mobilelynx2.security.providers.authentication.UserGroupDatabase@7f5e61 )<br>
Success: getUserDescription(user = NA) = Nancy Aarons<br>
---- weblogic console output sp4, Manage Users ----
User Description Provider <br>
portaladmin Admin for portal domain DefaultAuthenticator <br>
weblogic This user is the default administrator. DefaultAuthenticator <br>
yahooadmin Admin for yahoo content DefaultAuthenticator <br>
john John Smith DefaultAuthenticator <br>
qamean ActiveDirectoryAuthenticator <br>
qamin ActiveDirectoryAuthenticator <br>
---- weblogic console output sp5, Manage Users ----
User Description Provider <br>
portaladmin Admin for portal domain DefaultAuthenticator
weblogic This user is the default administrator. DefaultAuthenticator <br>
yahooadmin Admin for yahoo content DefaultAuthenticator <br>
--- html for above (with weird empty rows) ---
<FORM NAME=FilterUsers METHOD=POST ACTION=><P>Filter By:Â <INPUT TYPE=text NAME=filter SIZE=10>Â <INPUT CLASS='buttons' TYPE=submit VALUE=Filter></FORM><b>Displayed 68 of 357 Total, use filter to narrow your search results.<b><table border='1' cellpadding='4' cellspacing='0' height='20'><tr bgcolor='#b8cece'><th>User</th><th>Description</th><th>Provider</th><th>Â </th></tr><tr bgcolor='#FFFFFF'><td>portaladmin</td><td>Admin for portal domain</td><td>DefaultAuthenticator</td><td><img border='0' src='http://localhost:7001/console/images/delete.gif' title='Delete'/></td></tr><tr bgcolor='#FFFFFF'><td>weblogic</td><td>This user is the default administrator.</td><td>DefaultAuthenticator</td><td><img border='0' src='http://localhost:7001/console/images/delete.gif' title='Delete'/></td></tr><tr bgcolor='#FFFFFF'><td>yahooadmin</td><td>Admin for yahoo content</td><td>DefaultAuthenticator</td><td><img border='0' src='http://localhost:7001/console/images/delete.gif' title='Delete'/></td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr></table>
Message was edited by:
srhutch444i have reinstalled solaris and the problem continues.
Under Solaris Management Console groups and users doesn't run ok. Editing an user i can't see groups and editing groups i can't see its users...very very extrange.
A bug?
I don't know what is happening :( -
"Authenticated Users" vs. "Users"
I'm setting up a profiles structure on a server starting with the master folder that'll house all the profile subfolders. the default permissions on a newly created folder always has the admins and creator/owner and system accounts, but by default
it also has Users. Yet in some pre-existing installations I've come across I've seen Authenticated Users put there instead, so the admin must have had a reason.
So the question is, what's the difference? Since any domain user would have to authenticate to get into any resourcse anyway, is this not just the same thing? What would be a scenario whereby you should use one over the other?
Thanks!Authenticated user group is builtin user group & any user created in domain default became member of this group, where as you can't see or manually modify authenticated user group to add or remove members. Authenticated user group can't be added into
user created groups like Global/Domain local/Universal group but it can be added to built in domain local group in AD. Even it contains member of trusted forest. Authenticated user group membership is controller by OS.
Domain user group is a global group & it too contains all the users from domain where as its member can be managed like manually can be added or removed by administrators. Domain user group is visible in ADUC console.
http://technet.microsoft.com/en-us/library/cc756898%28WS.10%29.aspx
Regards
Awinish Vishwakarma| CHECK MY BLOG
Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
ISE / Active Directory: issue to get users group
Hello,
We have a strange issue:
- ISE 1.2 patch 8
- no WLC, autonomous AP
In authentication, we check Wireless IEEE 802.11 (radius) and cisco-av-pair (ssid), then we use AD.
We have 3 SSIDs, so 3 rules, one DATA, one GUEST, one for TOIP.
In one more rules to grant authentication from APs to register in WDS: user in local database.
In authorization, we check cisco-av-pair (ssid) and AD user group, then we permit access.
(so 3 rules), and one more to authorise the internal base for WDS.
We have something strange:
- sometimes users can connect but later they can't: in the logs, the authorization rejects the user because the AD Group is not seen.
Exemple:
1- OK:
Authentication Details
Source Timestamp
2014-05-15 11:43:19.064
Received Timestamp
2014-05-15 11:43:19.065
Policy Server
radius
Event
5200 Authentication succeeded
All the GROUPS of user are seen:
false
AD ExternalGroups
xx/users/admexch
AD ExternalGroups
xx/users/glkdp
AD ExternalGroups
x/users/gl revue écriture
AD ExternalGroups
xx/users/pcanywhere
AD ExternalGroups
xx/users/wifidata
AD ExternalGroups
xx/informatique/campus/destinataires/aa informatique
AD ExternalGroups
xx/informatique/campus/destinataires/aa entreprises et cités
AD ExternalGroups
xx/informatique/campus/destinataires/aa campus
AD ExternalGroups
xx/users/aiga_creches
AD ExternalGroups
xx/users/admins du domaine
AD ExternalGroups
xx/users/utilisa. du domaine
AD ExternalGroups
xx/users/groupe de réplication dont le mot de passe rodc est refusé
AD ExternalGroups
xx/microsoft exchange security groups/exchange view-only administrators
AD ExternalGroups
xx/microsoft exchange security groups/exchange public folder administrators
AD ExternalGroups
xx/users/certsvc_dcom_access
AD ExternalGroups
xx/builtin/administrateurs
AD ExternalGroups
xx/builtin/utilisateurs
AD ExternalGroups
xx/builtin/opérateurs de compte
AD ExternalGroups
xx/builtin/opérateurs de serveur
AD ExternalGroups
xx/builtin/utilisateurs du bureau à distance
AD ExternalGroups
xx/builtin/accès dcom service de certificats
RADIUS Username
xx\cennelin
Device IP Address
172.25.2.87
Called-Station-ID
00:3A:98:A5:3E:20
CiscoAVPair
ssid=CAMPUS
ssid
campus
2- NO OK later:
Authentication Details
Source Timestamp
2014-05-15 16:17:35.69
Received Timestamp
2014-05-15 16:17:35.69
Policy Server
radius
Event
5434 Endpoint conducted several failed authentications of the same scenario
Failure Reason
15039 Rejected per authorization profile
Resolution
Authorization Profile with ACCESS_REJECT attribute was selected as a result of the matching authorization rule. Check the appropriate Authorization policy rule-results.
Root cause
Selected Authorization Profile contains ACCESS_REJECT attribute
Only 3 Groups of the user are seen:
Other Attributes
ConfigVersionId
5
Device Port
1645
DestinationPort
1812
RadiusPacketType
AccessRequest
UserName
host/xxxxxxxxxxxx
Protocol
Radius
NAS-IP-Address
172.25.2.80
NAS-Port
51517
Framed-MTU
1400
State
37CPMSessionID=b0140a6f0000C2E15374CC7F;32SessionID=radius/189518899/49890;
cisco-nas-port
51517
IsEndpointInRejectMode
false
AcsSessionID
radius/189518899/49890
DetailedInfo
Authentication succeed
SelectedAuthenticationIdentityStores
AD1
ADDomain
xxxxxxxxxxx
AuthorizationPolicyMatchedRule
Default
CPMSessionID
b0140a6f0000C2E15374CC7F
EndPointMACAddress
00-xxxxxxxxxxxx
ISEPolicySetName
Default
AllowedProtocolMatchedRule
MDP-PC-PEAP
IdentitySelectionMatchedRule
Default
HostIdentityGroup
Endpoint Identity Groups:Profiled:Workstation
Model Name
Cisco
Location
Location#All Locations#Site-MDP
Device Type
Device Type#All Device Types#Cisco-Bornes
IdentityAccessRestricted
false
AD ExternalGroups
xx/users/ordinateurs du domaine
AD ExternalGroups
xx/users/certsvc_dcom_access
AD ExternalGroups
xx/builtin/accès dcom service de certificats
Called-Station-ID
54:75:D0:DC:5B:7C
CiscoAVPair
ssid=CAMPUS
If you have an idea, thanks so much,
Regards,To configure debug logs via the Cisco ISE user interface, complete the following steps
:Step 1 Choose Administration > System > Logging > Debug Log Configuration. The Node List page appears, which contains a list of nodes and their personas.
You can use the Filter button to search for a specific node, particularly if the node list is large.
www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_logging.html#wp1059750 -
External table authentication not updating user group changes
Hello
I have a question..
In OBIEE, i am using external table authentication. I have user and user group tables where users and groups are stores.. Every Time I create a new user and assign them to a group, these records get inserted immediately to these tables with the correct user and group ID that matches with each other.. Then in my initialization block I have the query that fetches the user name and psswd as well as groups names..
All these are working at the initial user creation. For example, when I create user A and assign it to group A, the DB table has all of the records inserted correctly. When I log in to OBIEE using User A login, I see it is assigned to Group B.
The problem comes when I change the user A from Group B to Group C. When I did that, although the DB table gets updated correctly, OBIEE session seems to still be the previous one. As a result, when I log in the second time, I see the user A is still assigned to Group B instead of Group C.. This seems to be cached..
I double check these user tables in OBIEE, none of them are cache enabled.. The connection pool setting of the isolation level is set as default..
When I reinstall OBIEE all over again and re-log in the first time, this User is now assigned to Group C..
So seems to be that it is caching issue.
How should I go about solving this issue
Appreciate in advanceMake sure you check the box for 'Required for authentication' and also 'Use caching' should not check.
Edited by: Srini VEERAVALLI on May 15, 2013 9:05 PM -
Variations issues with User & Group Site Column value
Hi all,
I have created variation sites. e.g. http://mydomain/en-us for english & http://mydomain/de-de for german language. I have created custom page layouts. This page layouts are based on custom content types. I have created a column called "User"
which is type of "User/Groups". I am registering this column to my page layout. http://mydomain/de-de is my default site.
Now I am editing column called "User" on page & save it. It saves data properly. But when I am propagating these changes to another site that is http://mydomain/en-us. It shows me all controls with values filled. but with "User"
column, its showing me blank value.
Any suggestion. ?
Thanks in advance.http://webcache.googleusercontent.com/search?q=cache:kNlxGIj5f1kJ:sjoere.blogspot.com/2007/11/5-reasons-why-you-should-not-use.html+&cd=2&hl=en&ct=clnk&gl=in
Content types not propagated
Risk
When you add a content type to a page library in the variation source, this type is not automatically propagated to the other labels (see
my previous post). If you then create a page with that content type in the variation source, it does get published to the other labels but loses its content type field values.
Proposed solutions
Set up your site via a site definition that already contains the proper content type bindings to the page libraries. All labels will use the same content types
Put a good governance plan in place to make sure manual changes are done in every label
If this helped you resolve your issue, please mark it Answered -
Active Directory Authentication and permissions for user group in APEX 4.0
Hello,
I am new to oracle APEX and I have searched the forum for active directory authentication for a user group and I am really confused about all the different threads. Can anyone please provide me the steps to follow; in order to implement AD authentication for a user group in Oracle APEX 4.0.
These are the threads which i was looking at to get an idea like how AD authentication works but its really confusing for me.
Help with Authentication (APEX_LDAP.AUTHENTICATE)
Re: LDAP Authentication Via Groups
Thanks,
TonyYou need to give it more than 30 minutes before bumping your own post. This is not an official support channel, so you need to be patient and wait for people to read, think and respond.
Maybe you are looking for
-
Enable AppXRay on a legacy project with unconventional directory structure
I've got a legacy project. My first need is to do remote debugging of JSPs (application will be deployed on an app. server on a remote server). I imported the existing project into Eclipse/Workshop Studio. When I try to enable AppXRay it popups a Fol
-
Lightroom 2.6 Crashes at startup.
I have tried everything I can think of and what I have seen to do here in the forums. I deleted the agprefs. I went through my startups to see if there was something to interfere with LR. I uninstalled and reinstalled. I renamed and moved my catalogs
-
Runtime exceptions while trying to DES encryption
Hi, I am quite new to Java and I am trying the following Encryption/decryption logic using DES Encryption. It works fine on my machine which has JDK 1.4 version and JCE 1.2.2 CODE SAMPLE:- import java.io.UnsupportedEncodingException; import java.secu
-
HT203200 how can I get the songs I paid for when I paid for a whole album and only got part of it
Today I purchased Rick Dankos album but some songs were left out how can I get the music I paid for ?
-
Extractor for statuses of sales order items
Hi Experts, If I want to report on different statuses of an sales order item which extractor you will use. Regards nagini