Reg Re-authentication for Tcode access
Dear All,
I want to enable Re-authentication for certain tcode access in my SAP ABAP system. The SAP as such supports this with the SSF settings. I have the SSF working but am not sure how to enable the particular tcode for Re-authentication.For example i have created a z code zAl08 out of Al08 for test purpose.When an user tries to access zAL08 he should be asked to give his credentials for authentication and then should be able to access the tcode.
1.Is this possible. (am already using a Security product working properly in my environment)
2.How to configure(Steps) the zcode for enabling Re-authentication?
Regards,
Karthik
Basically, what I said was:
function auth_check_tcode.
""Lokale Schnittstelle:
*" IMPORTING
*" VALUE(TCODE) LIKE TSTC-TCODE
*" EXCEPTIONS
*" PARAMETER_ERROR
*" TRANSACTION_NOT_FOUND
*" TRANSACTION_LOCKED
*" TRANSACTION_IS_MENU
*" MENU_VIA_PARAMETER_TRANSACTION
*" NOT_AUTHORIZED
Dieser Funktionsbaustein dient als reine Kapsel für den C-Call
auth_check_tcode und ist daher im Gegensatz zu authority_check_tcode
nicht für die Prüfung vor dem Call Transaction gedacht, sondern für
die Fälle, in denen ein Start Transaction geprüft werden soll,
z.B. in der SE93.
authority_check_tcode berücksichtigt wie der Kernel die per SE97
pflegbaren Einträge in der Tabelle tcdcouples.
Berechtigungsprüfung
call 'AUTH_CHECK_TCODE'
id 'TCODE' field tcode.
if sy-subrc = 0.
auth_check_tcode enthält die Prüfungen von tcode_executable,
daher im OK-Fall keine Aufruf nötig.
else.
perform tcode_executable using tcode.
Keine Berechtigung für Transaktion &
message i077(s#) with tcode raising not_authorized.
endif.
endfunction.
FORM tcode_executable *
--> TCODE *
form tcode_executable using tcode.
call 'DY_CHECK_TRANSACTION'
id 'TX' field tcode.
case sy-subrc.
when 0. " Alles ok, return
when 1. " Parameter Error
message i274(00) raising parameter_error.
when 2. " Transaktion nicht gefunden
message i343(s#) with tcode raising transaction_not_found.
when 3. " Transaktion gesperrt
message i348(s#) with tcode raising transaction_locked.
when 4. " Transaktion ist Bereichsmenü
message i037(oz) with tcode raising transaction_is_menu.
when 5. " Bereichsmenü via Parameter-Transaktion
message i350(s#) with tcode
raising menu_via_parameter_transaction.
when 6. " Nicht berechtigt; vorgesehen, aber nicht implementiert
message i077(s#) with tcode raising not_authorized.
endcase.
endform. "tcode_executable
</pre>
Sorry, the comments are in German. But as you can see, there is no exit and the checks are in the kernel only.
My hat is safe...
Cheers,
Julius
Edited by: Julius Bussche on Jul 29, 2009 5:55 PM
Similar Messages
-
Radius authentication for privileged access
Hello,
I have configured Cisco 6513 for radius authentication with following commands.
aaa new-model
aaa authentication login authradius group radius line
aaa accounting exec acctradius start-stop group radius
radius-server host <radius-ip> auth-port 1812 acct-port 1646 key 6912911
line vty 0 4
accounting exec acctradius
login authentication authradius
This is working pretty fine. I want to configure radius authentication for priviledged access / for enable access.
I am using TeKRadius as Radius server.
Please help.
Thanks and Regards,
PratikHi Pratik
Sorry I mostly use only TACACS+ for AAA as it provides better granularity of access controls.
You'll need to make some specific changes to your RADIUS config so that nominated users ( the ones you want to be able to go to enable mode ) get put straight into enable mode upon login.
There's a guide here http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/ which details the steps if you're using the Microsoft IAS radius server - you should be able to figure out that changes you need to make to your own server from there.
Nick
Message was edited by: NickNac79 - Spelt the OP's name wrong, sorry. -
User Authentication for Internet access
Hi,
Is it possible to configure authentication for internal (LAN) users to Authenticate (local/RADIUS/LDAP) for any kind of internet access through the ISA550/570? (like cut-through authentication proxy in ASA.)
And Can the ISA550/570 act as a Web proxy?
Thanks in advance.HI Sulu,
You can configure captive portal for internal LAN users to authenticate (local/Radius/LDAP) for internet
access through ISA500. (see attached screenshot)
ISA500 cannot act as a web proxy. what is your use case ?
Regards,
Wei -
Need Authentication for SMTP Access
I have this Java program (SendMail.java) for sending email; however, my ISP requires authentication for SMTP server access, i.e. I receive a 550 Authentication Required error. Does anyone know how to go about coding authentication into a program like SendMail so that the userID and password can be sent back to the server?
* SendMail.java
* Created on July 13, 2005, 8:09 PM
* To change this template, choose Tools | Options and locate the template under
* the Source Creation and Management node. Right-click the template and choose
* Open. You can then make changes to the template in the Source Editor.
* @author Owner
// SendMail by Tony Swain.
// Send mail via SMTP
// To do Appletisize it.
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.net.Socket;
import java.util.StringTokenizer;
import java.net.Authenticator;
import java.net.*;
// To do. Finish multiThreading &| write que Thread.
// this programs sends mail Via SMTP as defined in RFC 821.
// ftp://ftp.isi.edu/in-notes/rfc821.txt
public class SendMail
Object mailLock = null; //In case we want a multi-threaded mailer
public String mailServerHost = "";
public String from = "";
public String to = "";
public String replyTo = "";
public String subject = "Java is Fun";
public String mailData =
"HyperSendMail";
public String errorMsg = "";
public Socket mailSendSock = null;
public BufferedReader inputStream = null;
public PrintStream outputStream = null;
public String serverReply = "";
SendMail()
// Doesn't do anything but we need this for extension purposes.
// Server, from,to,subject, data
SendMail(String server,String tFrom,String tTo,String sub,String sendData)
mailServerHost = server;
mailLock=this; // Thread Monitor passed constructor later. Default this Monitor.
from = tFrom;
to = tTo;
if(sendData != null)
mailData = sendData;
/* Just a note to remind myself to add this for cross app./Applet & Runnable.
& Threadsafe readLine() I'm too lazy ATM
SendMail()
if(mailLock != null)
if(mailLock instanceof Applet)
Applet app = (Applet)
public void send()
if(!open()) //Yikes! get out of here.
return;
try
outputStream.println("HELO sendMail");
serverReply = inputStream.readLine();
catch(Exception e0)
e0.printStackTrace();
try
outputStream.println("MAIL FROM: "+from);
serverReply = inputStream.readLine();
// I cheat and don't look for the whole 550
// we know 5 is an error anyway. Add it in if you want.
if(serverReply.startsWith("5"))
close("FROM: Server error :"+serverReply);
return;
// Note the switch here. we could get mail from somewhere and by
// pre setting replyTo reply somewhere else :)
if(replyTo == null)
replyTo = from;
outputStream.println("RCPT TO: <"+to+">");
// Ya got me! I didn't look for any 250 OK messages. Add it in if you really want.
// A real programmer will spend 30 hours writing self modifying code in order
// to save 90 nano seconds ;) we assume if it did't give an error it must be OK.
serverReply = inputStream.readLine();
if(serverReply.startsWith("5"))
close("Reply error:"+serverReply);
return;
outputStream.println("DATA");
serverReply = inputStream.readLine();
if(serverReply.startsWith("5"))
close("DATA Server error : "+serverReply);
return;
outputStream.println("From: "+from);
outputStream.println("To: "+to);
if(subject != null)
outputStream.println("Subject: "+subject);
if(replyTo != null)
outputStream.println("Reply-to: "+replyTo);
outputStream.println("");
outputStream.println(mailData);
outputStream.print("\r\n.\r\n");
outputStream.flush();
serverReply = inputStream.readLine();
if(serverReply.startsWith("5"))
close("DATA finish server error: "+serverReply);
return;
outputStream.println("quit");
serverReply = inputStream.readLine();
if(serverReply.startsWith("5"))
close("Server error on QUIT: "+serverReply);
return;
inputStream.close();
outputStream.close();
mailSendSock.close();
catch(Exception any)
any.printStackTrace();
close("send() Exception");
close("Mail sent");
public boolean open()
synchronized(mailLock)
try
mailSendSock = new Socket(mailServerHost, 25);
outputStream = new PrintStream(mailSendSock.getOutputStream());
inputStream = new BufferedReader(new InputStreamReader(
mailSendSock.getInputStream()));
serverReply = inputStream.readLine();
if(serverReply.startsWith("4"))
errorMsg = "Server refused the connect message : "+serverReply;
return false;
catch(Exception openError)
openError.printStackTrace();
close("Mail Socket Error");
return false;
System.out.println("Connected to "+mailServerHost);
return true;
public void close(String msg)
//try to close the sockets
System.out.println("Close("+msg+")");
try
outputStream.println("quit");
inputStream.close();
outputStream.close();
mailSendSock.close();
catch(Exception e)
System.out.println("Close() Exception");
// We are closing so see ya later anyway
public static void main(String Args[])
SendMail sm = new
// * NOTE:
// Erase these values right away! Just to show you how it is done.
// Whatever you do don' release it with my mail server hardcoded.
// last thing I need is 10 million Java mail test spams :)
SendMail(
"outgoing.myISP.net", //Mail Server
"[email protected]", // sender
"[email protected]", // Recipient
"Java mail test", // Subject
"test test test!"); // Message Data
sm.send(); // Send it!
}There is no one in the forum who can shed some light on my problem?
-
Smartcard authentication for Clean Access SSO
Is anyone doing smartcard authentication into clean access via SSO? I have an issue where the UPN is not the username and the domain suffix is different from the AD domain so the agent is appending @domain.com to the $user$ variable and so it is failing to authenticate.
Did you run KTPASS correctly?
I had the same problem, (very undocumented 'feature', I would say) the KTPASS command must be run slightly different when running against a DC, versus running it against a AD Domain.
For Domain Authentication:
ktpass.exe -princ cleanaccess/domain_in_lower_case.co.za@DOMAIN_IN_UPPER_CASE.CO.ZA -mapuser cleanaccess -pass mypassword -out c:\cleanaccess.keytab -ptype KRB5_NT_PRINCIPAL +DesOnly
For AD Server Authentication:
ktpass.exe -princ cleanaccess/SERVERNAME.domain_in_lower_case.co.za@DOMAIN_IN_UPPER_CASE.CO.ZA -mapuser cleanaccess -pass mypassword -out c:\cleanaccess.keytab -ptype KRB5_NT_PRINCIPAL +DesOnly
NOTE: SERVERNAME need to be exactly as indicated under My Computer > Properties. (ie, correct UPPERCASE and lowercase letters in the right places)
Another thing to look out for is the cleanaccess AD account you have created, make sure that the display name matches the account name, and do not specify anything for the Firstname, Lastname fields. This seems to break things ans gets the authentication to fail for some reason.
O, and if you have set up the account at first for DC Server Authentication, delete it and recreate it for the AD Domain Authentication, because that breaks it too, when you run the KTPASS.EXE again.
Another thing, try using ADSSO without the lookup account configured to see that the machine authenticates first, then ad the Lookup Account, maybe the problem lies there.
Hope this helps. -
Open Authentication for Wireless Access
Hello,
The standalone implementation of an existing wireless network is configured as Open Authentication with a TKIP Cipher. The client key management is set to WPA PSK.
What exacly is the authentication for? I see that MAC and EAP are available options. Would these options be used to block or authorize the actual wireless devices that connect to the AP?
The next thing I see is Client Authenticated Key management and I am using WPA PSK. What exactly happens once I enter thsi PSK from the client? Is it only used to encrypt the data?
Thanks,
KevinHi Kevin,
Using WPA we can configure either Enterprise or pre shared key.. Enterprise comprises of EAP and pre shared key is just the PSK..
if we are using EAP then auth will be done by the RADIUS and the encryotion will still be TKIP.. now coming back to PSK, this is shared key which will authenticate the users locally...
EAP is more secured auth compared to PSK..
Now regarding the "auth open" line.. see there are 2 kinds of auth in 802.11.. here while using wireless we need to auth twice, dot11 authentication and followed by the psk or EAP auth.. the auth open statement will force us to get the dot11 auth successful and then we move towards needed auth like PSK or EAP.. and another is Shared auth is very similar to WEP using open auth!!
in the nut shel we have 3 kinds of auth..
1> open - Dot11 auth
2> Shared - Nothing but WEP
3> 802.1X suite - EAP
again, the below link may give you some insights as well!!
http://www.cisco.com/en/US/docs/wireless/access_point/12.2_13_JA/configuration/guide/s13auth.html#wp1035025
Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
Regards
Surendra -
ISE - AAA radius authentication for NAD access
Hi ,
I have configured the switches to use the ISE as the Radius server to authenticate with , on the ISE i've configured an authentication policy
for the "NADs" using the "Wired Devices" group which points to the AD indentity source to authenticate against .
While testing the login access to the switches we've come up with 2 results :
1.A domain user can indeed login to the switch as intended.
2.Every domain user which exists in the AD indentity source can login , this is an undesired result .
So I am trying to search for a way to restrict access to the NADs to only a particular group belonging to the AD , for example the group/ou
of the IT_department only .
I haven't been successfull , would appreciate any ideas on how to accomplish this .
Switch configurations :
=================
aaa new-model
aaa authentication login default group radius local
ISE Authentication policy
==================
Policy Name : NADs Authentication
Condition: "DEVICE:Device Type Equals :All Device Types#Wired"
Allowed Protocol : Default Network Access
use identity source : AD1Thank you for the quick replys , and now ok , I've configured the following authorization policy :
Rule Name : Nad Auth
Conditions
if: Any
AND : AD1:ExternalGroups EQUALS IT_Departments
Permissions , then PermitAccess
What I don't understand is that it needs to match an "identity group" which can be either "Endpoint Identity group" or "Users Identity group" , I am limited with the if statement and cannot chose the same device group a choose before .
How can i do that , i am thinking ahead an asking myself if in other cases a user might match this policy rule and can interfer ? -
ACS/ASA authentication for vpn access vs. console management access
I have an ACS 4.2 Server and an ASA 5540. I have setup AnyConnect SSL VPN on the ASA and want to authenticate users using AAA tacacs+ authentication with the ACS and an external Windows AD database. I have done this successfully. I also want to use the ACS for authenticating SSH management sessions into the ASA. I have setup a group in AD and on the ACS called VPNUSERS and NETADMINS. The problem is, I want the VPN users to ONLY be able to authenticate for VPN but not have access to logging into the ASA CLI or ASDM. The NETADMINS should be able to do both. The question I have is how do I setup the VPNUSER group in ACS to have access to connect to the ASA for VPN but not for the management console? It seems that if they can authenticate for vpn, they can also ssh the firewall which is what I want to prevent.
Try using Network Access Restrictions (NAR)where you can restrict the administrative access on per device or on NDG basis.
By default user accounts from external database such as AD in ACS will get authenticated through telnet on network device or a AAA client which can be restricted by enabling NAR in ACS.
In your case it should be VPNUSERS group in ACS.
HTH
Ahmed -
Authentication for Guest Access
Hi, we are looking for a solution for either automated daily creation of guest user accounts or a console for clients enter their details which in turn creates the guest account on the controller.
If we go down the path of automation, policy requires a single username/password for each day, unfortuntely WLC scheduled guest account creation is not an option as the reocurrence doesn't change the password, but it would be a handy feauture if Cisco would like to introduce it in a future release
The CLI has the option to create 'config netuser add [name] [password] WLANID [X] userType guest lifetime [seconds]' - Can we schedule and email this from the CLI on the controller?
Appreciate your time.
BrendanBrendan,
Currently there is no way to automate this process. The process that has been developed is either an admin on the wlc/wcs creates the account or the use of the lobby admin feature. WCS has the lobby admin feature also to create accounts but it isn't intended for guest users to create their own account.
The wlc doesn't have a schedule to enter a command via the cli, but I bet you can developer some web base guest creation that would send the command to the wlc and remember that command to remove it later.
Sent from Cisco Technical Support iPhone App -
AAA authentication for IDS access?
I've been implementing a new SSM-20 I haven't found anything that indicates we can use RADIUS to authenticate users logging into the GUI or telnet/ssh. Am I missing something here?
You expectations are quite reasonable but regretably, Cisco ONLY supports local authentication on the IPS Sensor platform (4200 series, CIDS, IDSM-2 and SSM).
This has been discussed in the past:
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddef483 -
Aaa authentication for https access
I have several Catalyst 3750 switches that I'm running Tacacs on. I set the switch up to be an http server so that some of our admins could administer the switches through the web gui. Is it possible to login to the web console via your Tacacs login (in our case, our Windows username/password)? I found the "ip http authentication aaa" command but this doesn't seem to do it. I just don't want to share the local passwords if I don't have to.
Thanks in advance,
EricMy experience of the web interface is that it uses the local password on the device and not the aaa authentication IDs and passwords.
HTH
Rick -
LDAP vs local login for remote access
Hi Team,
I am evaluating the best means for single factor authentication for remote access (client to site or SSL VPN). The options I see are creating local usernames and password or integration with Active Directory via LDAP. What are the pros and cons of these solutions.
I feel local logins are more secure comparitavely because the user first login using local login and password and then has to use the domain credentials for accessing corporate resources. Of course, this comes at an admistrator overload and local management of user names and passwords. Do you have any opinion on this? Any acknowledgement will be highly appreciated.Hello Manoj,
IMO, I would never consider the LOCAL DB as an option for a corporate deployment. It does not scale and it is not easy to manage.
Local DB is used in case you need to manage a number of 15 users for instance, so in this case it is managable, but when it comes to a higher number it is not an option.
Active Directory is a better solution since it is meant to handle hundred of users and allows password-management for instance. Also you can have many ASA devices, performing DB bindings and queries to check the users credentials to the AD servers, so you don't need to deal with tons of user accounts on each ASA, for instance.
If you are looking for a more secure way to authenticate your users you can consider two-factor authentication using certificates for instance:
AnyConnect Certificate Based Authentication.
Why to use AD:
Pros
Scalable.
Easy to manage.
Allows password-management.
Cons:
Expensive (not open AD solution).
HTH.
Please rate helpful posts. -
Best authentication method for controlling access to wlan
What is the best method for controlling access to a wlan with a 5508 wlan controller
The requirments are
-Needs to support all types of clients (Mac, PC, smartphones, tablets)
-Clients need to be able to connect easily and without errors or installing certs or wireless profiles etc..
-Secure
This doesn't seem like alot to ask but I keep running into problems.
What are people using?
ThanksI can't find an errors in any area of the event viewer.
Here is these files cat'd together.
GeoTrustGlobalCA
GeoTrustDVSSLCA
corp-vs-ca2.########-export
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIID+jCCAuKgAwIBAgIDAjbSMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTAwMjI2MjEzMjMxWhcNMjAwMjI1MjEzMjMxWjBhMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UECxMURG9tYWluIFZh
bGlkYXRlZCBTU0wxGzAZBgNVBAMTEkdlb1RydXN0IERWIFNTTCBDQTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKa7jnrNpJxiV9RRMEJ7ixqy0ogGrTs8
KRMMMbxp+Z9alNoGuqwkBJ7O1KrESGAA+DSuoZOv3gR+zfhcIlINVlPrqZTP+3RE
60OUpJd6QFc1tqRi2tVI+Hrx7JC1Xzn+Y3JwyBKF0KUuhhNAbOtsTdJU/V8+Jh9m
cajAuIWe9fV1j9qRTonjynh0MF8VCpmnyoM6djVI0NyLGiJOhaRO+kltK3C+jgwh
w2LMpNGtFmuae8tk/426QsMmqhV4aJzs9mvIDFcN5TgH02pXA50gDkvEe4GwKhz1
SupKmEn+Als9AxSQKH6a9HjQMYRX5Uw4ekIR4vUoUQNLIBW7Ihq28BUCAwEAAaOB
2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIz02ZMKR7wAoErOS3VuoLaw
sn78MB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMBIGA1UdEwEB/wQI
MAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5j
b20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAB
hhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZIhvcNAQEFBQADggEBADOR
NxHbQPnejLICiHevYyHBrbAN+qB4VqOC/btJXxRtyNxflNoRZnwekcW22G1PqvK/
ISh+UqKSeAhhaSH+LeyCGIT0043FiruKzF3mo7bMbq1vsw5h7onOEzRPSVX1ObuZ
lvD16lo8nBa9AlPwKg5BbuvvnvdwNs2AKnbIh+PrI7OWLOYdlF8cpOLNJDErBjgy
YWE5XIlMSB1CyWee0r9Y9/k3MbBn3Y0mNhp4GgkZPJMHcCrhfCn13mZXCxJeFu1e
vTezMGnGkqX2Gdgd+DYSuUuVlZzQzmwwpxb79k1ktl8qFJymyFWOIPllByTMOAVM
IIi0tWeUz12OYjf+xLQ=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgIDBo5UMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQLExREb21haW4gVmFsaWRh
dGVkIFNTTDEbMBkGA1UEAxMSR2VvVHJ1c3QgRFYgU1NMIENBMB4XDTEzMDQyNTA4
NTEzNVoXDTE1MDQxNTA0NDcyOVowgdQxKTAnBgNVBAUTIHNZbkoyTG0tb2dGZnZC
aFlodWRqWVZIMndEek43MGdOMRMwEQYDVQQLEwpHVDU3NDYxMTU1MTEwLwYDVQQL
EyhTZWUgd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzIChjKTEzMTcwNQYD
VQQLEy5Eb21haW4gQ29udHJvbCBWYWxpZGF0ZWQgLSBRdWlja1NTTChSKSBQcmVt
aXVtMSYwJAYDVQQDEx1jb3JwLXZzLWNhMi5wb3BtdWx0aW1lZGlhLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM4jgpKBeo8rtM/zJIEyho3HppeU
tZeK+wmLfPeBTJxr2UmQFOmcniQblgsHREAGyJR0KT5yrYzxx6wpZaqCUcZlxl1Z
lUz5mfxHnL5Oc14sUnqwaJuxprXV5Rnclci6W6BMFjI4QoxXjQwSa+3A1enf+ZsO
sXUojQbQx62MX8rINuQ+srgdDielK/mJqTAMt11x6+NqIpwlGAgOxKd7vjG6aKRf
a2efvS/hK4Pi0ieWPGn1GXz/AlYpHQv0cppUr8huL/+2+9cEvd1sp8XN/ASN3YTm
WWo//fVpbXIlzp8mU4Q7t8+7LglxFQabhl4eMBarMi8SnNuh2zYKQxJRPvsCAwEA
AaOCAbMwggGvMB8GA1UdIwQYMBaAFIz02ZMKR7wAoErOS3VuoLawsn78MA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwKAYDVR0R
BCEwH4IdY29ycC12cy1jYTIucG9wbXVsdGltZWRpYS5jb20wQQYDVR0fBDowODA2
oDSgMoYwaHR0cDovL2d0c3NsZHYtY3JsLmdlb3RydXN0LmNvbS9jcmxzL2d0c3Ns
ZHYuY3JsMB0GA1UdDgQWBBSODVVgPunABo61x13N20tEP66egDAMBgNVHRMBAf8E
AjAAMHUGCCsGAQUFBwEBBGkwZzAsBggrBgEFBQcwAYYgaHR0cDovL2d0c3NsZHYt
b2NzcC5nZW90cnVzdC5jb20wNwYIKwYBBQUHMAKGK2h0dHA6Ly9ndHNzbGR2LWFp
YS5nZW90cnVzdC5jb20vZ3Rzc2xkdi5jcnQwTAYDVR0gBEUwQzBBBgpghkgBhvhF
AQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291
cmNlcy9jcHMwDQYJKoZIhvcNAQEFBQADggEBAC2Kadfzc6X/3dI//J5SGR9fnCa7
6NVl8SV5aAYAvmOdkZBiurIYa1eHYYaDUGmOO8awTOXTfc4QzX75QwBUmcZeZKdj
ZMPiJlm7Bsz/3Q1eolxHCqkAiDZIEohoT0o8Spw6+Eq8KcPnhf+K5+rIzJnWBZ9P
tmpS4SEtrGHIfj3+638eqTydxuOCZ0Be9EanVK0ERav25fTRgRoZ+yEDiFP/MjQd
rAgW7SyLOjm4I6bTmzjugmXf2Axm2kFuoyyZdrvdrJ+GBku5F6DOufGdGu13j80S
lp148qh7gCREWrCqn3pH14qPKeHwC47jAQ3+ikRDfB090h9HGRi/8+w7Tx4=
-----END CERTIFICATE----- -
External Web authentication server for Guest access
I have a guest wireless wlan setup. When guest users attach to our guest wireless they are prompted by the built in web security on the WLC's.
Cisco talks about how to setup the WLC to route web authentication to an external web server, but they don't say what kind of web server to use or examples.
I need some help on getting an external web server to do web authentication. With the server we would like to get some basic info from the user. name, email, pupose of using wlan, and some background info they don't see like, computer name, mac address. This is all for tracking purposes.
Hotels do this type of web authentication for example.
Any help would be great.Hi Patrick,
I'm having the same problem here. I configured my WLC that redirect the login page to WEB Server, but I don't know how configure the Web Server to back the credentials to WLC. Did you can solve this problem?
thanks!
Claudio -
"Team Foundation Server" is preventing authentication for whole team !!
I am getting 2 errors through the event viewer that prevents TFS 2013 authentication for local domain users, also this error started appearing after having TFS upgraded to [ 12.0.30723.0 (Tfs2013.Update3) ].
1st
Error (from administrative events):
The Execute method of job definition Microsoft.SharePoint.Administration.SPUsageImportJobDefinition (ID a51a0244-765d-433b-8502-0bb0540ad1fd) threw an exception.
More information is included below.
Access to the path 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS' is denied.
Tried so far:-
- changed the path to another folder from "Diagnostic Logging" in another drive, but still getting the same error.
2nd
Error (from application server):
DistributedCOM error
The application-specific permission settings do not grant
Local Activation permission for the COM Server application with CLSID
{000C101C-0000-0000-C000-000000000046}
and APPID
{000C101C-0000-0000-C000-000000000046}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20)
from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Which I already got fixed using the following steps on a thread I opened before (but still getting the same error).
https://social.technet.microsoft.com/Forums/windows/en-US/3896e35c-b99a-4d30-b662-f92d337c8d6f/windows-servers-components-services-and-regedit-permissions-are-grayed-out-for-my-admin-account?forum=winservergen
Other
Fixes I tried
- Found on another topic that it is not sharepoint that is causing the problem, but it is the generated ASP.NET web pages used for testing is causing the memory to fill up due to cashing on RAM, the fix suggested to change IIS cashing from RAM to HD to prevent
loading up using w3wp.exe from processes.
Concern
- by checking other topics for people having the same problem, it was mentioned that this error appeared after the lastest TFS update, is there is a fix for it ?Hi Amr,
For your first error, you can change the "Diagnostic Logging" path, aslo change the path of the usage and health data connection the same with your ULS log location. Check this
blog for more detils and make sure you follow the instructions. Restart SharePoint tracing service after the operations. You can also check this
thread for more references. If you still have any other concerns about SharePoint, you can open a new thread in SharePoint forum for a better response.
About the second error, seems it's not related to TFS. You can also run TFS best practice analyzer to check if there any configuation issues on your application tier server. However, you can also refer to this
blog
to get this issue resolved. If the problem persists, you can elaborate more details about your scenario and the reproduce steps or open a new thread related forum.
Best regards,
Maybe you are looking for
-
PO report with the GR and IR activities
Hi All, Need a report for Purchase order history where we could get the last Goods receipt activity and the Invoice receipt activity done.Please advice. Regards Rekha
-
i have edited the setValueAt method of the TableModel interface to enable editing of cells in my JTable - in-situ. This works fine. However, i would like it so that when any change is made to the table data, it is automatically sorted depending on ho
-
Do the latest n grestest (17 inch) iMacs have overheating issues like the G5 PPCs did ? I'm in Houston,Tx so there is no lack of heat & humidity here and it isn't getting any cooler ... G3 i Mac OS X (10.3.9) iMac in the future
-
Adobe QT32 Server.exe keeps crashing.
Hi I'm ediiting on a local disk on my windows PC. The PC has a 4930K i7 , 32gb of ram and a gtx 670 4gb. The issue has happened a couple of times in the passed but is now constant as I am trying to finish a multi-cam edit. I have copied the error log
-
When the Database startup and open? please please not alert log
Hello all is there is a script or dinamic view which query what time the database startup and shutdown. please don't answer me with opent alert log, am looking for view or script only thank you regards