Sharepoint authentication via AD

Similar Messages

• Sharepoint authentication via NTLM from proxy OSB service

  Hello all ,
  I want to reopen again this point of NTLM authentication for OSB to IIS/Microsoft .
  So we follow all the recomandation until now regarding Authenticator and open URL .
  The problem is that - webservice client generated from SharePoint wsdl - runs ok from java enviroment (Jdeveloper , Eclipse ) with Authenticator class set .
  But when we move on OSB - and made a proxy service that made the java call out to one of client method the response is 401 - not authorized .
  Any new hints ?
  What can be wrong ?
  Many thanks in advance ,
  Stefan

  Any way how can I see the error messages also in the log of OSBYou may use sysout's in Java code to print information on Standard out. You may also utilize server logging service-
  http://download.oracle.com/docs/cd/E14571_01/web.1111/e13739/logging_services.htm#CJAGBADA
  enable some http monitor to see what happened behind - and where credentials are lost .You may use any network packet analyzer.
  Regards,
  Anuj

• Updating a secondary datasource to a Sharepoint list via infopath form rules

  Using SharePoint 2010 and InfoPath 2010 I created a form that prior to submission it gets an integer value from a separate SharePoint list via a secondary datasource.  Just before the rule that submits the form to a document folder via the
  main datasource I increment the integer value and try to write it back to the secondary datasource I got it from.  I know that I have the correct value.  That is, it is reading from the data source the correct integer information and it is incrementing
  it in the form but when it writes the value back to the same column in the same secondary datasource it doesn't give any indication that it didn't work.  But when I look at the list of the secondary data source I see that the integer value is
  not updated.

  Hi Jonas,
  You can attach your Excel doucment into InfoPath form and send InfoPath form to a custom web service. Then you can parse the Excel data and combine the Excel data and additional fields into SharePoint list in the customized  web service.
  For more information, you can have a look at the thread:
  http://dandeng.blogspot.com/2012/03/submit-infopath-form-data-to-web.html
  http://www.codeproject.com/Articles/88547/Submit-entire-InfoPath-form-to-web-service
  https://social.msdn.microsoft.com/Forums/office/en-US/590f1e78-5c08-47bd-8af4-9709102b568d/webservice-to-send-attachments-in-infopath-form-to-different-location?forum=sharepointcustomization
  https://msdn.microsoft.com/en-us/library/office/gg575571.aspx?f=255&MSPPError=-2147217396
  Best Regards,
  Eric
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Cisco Prime Infrastructure 2.1 GUI authentication via RADIUS server (Cisco ISE 1.2 integrated with AD)

  Hi,
  I want to access Cisco PI 2.1 GUI using my AD credentials, so on PI I've enabled RADIUS AAA Mode and added RADIUS servers (two ISE nodes in our case). On ISE I added PI as RADIUS client and configured the same keys. Next, on ISE I created authorization profile PRIME_ADMIN_ACCESS with only attribute settings defined:
  My authentication and authorization rules relating that case are as on following screenshots:
  So when I open GUI of PI and enter my AD credentials to log in I have no success and I receive following message:
  Looking in ISE's Authentication section I can see following:
  Time difference between these two authentication/authorizations is just 25 msecs and clicking on each of them reveals following:
  So at first I can authenticate and authorize (authorization profile has necessary attributes defined for PI management access (NCS:role0=Root, NCS:virtual-domain0=ROOT-DOMAIN)) and after 25 msecs I am getting failure. So what could be cause of such things and how I can successfully log in to PI GUI authenticating via ISE using AD credentials?

  Hi,
  -- Please Go to Administration > Logging > set the Message level to TRACE > Click save
  -- Then try to add the ISE.
  -- Once it fails, collect the logs from Administration > Logging > 
  check the "ncs-0-0.log"  & search the file for "ERROR" & paste the results here. This will give us exact reason.
  - Ashok
  Please rate the post or mark as correct answer as it will help others looking for similar information

• Authentication via weblogic security realm

            My servlet needs to access a session bean. The action in the session bean requires
            that a user has been authorized, i.e. at some point the session been calls
            String name = d_ctx.getCallerPrincipal().getName()
            This name may not be null at this time.
            What I would like to have is that the user executing the URL gets authenticated
            by my server realm 'myrealm' and that the associated prinicpal gets passed to
            the session bean. Is this possible. If so, how can the user pass along the username
            and password as this query is executed programmatically?
            markus
            

  http://www.weblogic.com/docs51/classdocs/API_acl.html
  Michael Girdley
  BEA Systems Inc
  "gennot" <[email protected]> wrote in message
  news:[email protected]..
  Could you send me the complete URL of these example, please?
  Thanks
  Enrico
  Michael Girdley <[email protected]> wrote in message
  39b87078$[email protected]..
  The passing of the client's certificate should be automatic to WebLogic.We
  have an example of getting the client side certificate from inside of
  WebLogic in our documentation.
  This does not require for SSL to be used from the Web server to
  WebLogic.
  >>
  Thanks,
  Michael
  Michael Girdley
  BEA Systems Inc
  "Bob Simonoff" <[email protected]> wrote in message
  news:[email protected]..
  I have read through the docs and haven't found anything that would
  address
  the following confusion:
  Suppose I want to use Apache or IPlanet as the webserver with WebLogicas
  the back end application server (obviously). I have the need to use 2way
  SSL authentication. As I understand it the following applies:
  Client (browser) has a certificate as does the web server. Theyauthenticate
  each other.
  Now, the web server and weblogic need to communicate. WebLogic, in our
  environment does authentication via the security realm.
  What do I have to do to get the the web server (Apache or IPlanet) to
  communicate the client's certificate to WebLogic so the WebLogic canperform
  the authentication?
  Does the communication between the web server and WebLogic also need
  to
  be
  SSL?
  Thanks
  Bob Simonoff

• AP Authentication via ACS.

  Hi All,
  Just a basic question regarding MAC based authenitcation of AP with ACS.
  The scenario is - If I have a ACS installed and I want all my Cisco 3502 APs to be authenticated on MAC basis via ACS. I know that AP mac is used as a username and password at ACS so that whenever we plugin the new AP in the network, it gets authenticated via ACS first and if the AP is authorised to be used in network then only it gets the IP address from DHCP.
  My question is - What will happen, if the AP is connected in local mode on a remote location and the WLC, ACS & DHCP are in Datacenter. The traffic coming from remote location will pass through the Remote-site router and during that pass, it will remove the source mac address of AP and put the router interface MAC address as source, so how will the ACS authenticate the AP in that case.
  When working in a LAN I know its possible, but how will it work over the WAN.
  Pls. suggest ASAP.
  Thanks in Advance.
  Regards
  Harish

  Harish:
  As you may know that traffic between WLC and APs is encapsulated in CAPWAP tunnel.
  The information insdie the CAPWAP should tell the WLC what MAC address the AP uses.
  CAPWAP RFC metniones that you can do AP authorization by two ways:
  - with certificates
  - with PSK.
  The standards does no imply what the PSK should be, however, Cisco seems to use it to be the mac address of the AP when the ap authorization is enabled. RFC recommends to use mac address of AP as PSK.
  2.4.4.4.  PSK Usage
     When DTLS uses PSK Ciphersuites, the ServerKeyExchange message MUST
     contain the "PSK identity hint" field and the ClientKeyExchange
     message MUST contain the "PSK identity" field.  These fields are used
     to help the WTP select the appropriate PSK for use with the AC, and
     then indicate to the AC which key is being used.  When PSKs are
     provisioned to WTPs and ACs, both the PSK Hint and PSK Identity for
     the key MUST be specified.
     The PSK Hint SHOULD uniquely identify the AC and the PSK Identity
     SHOULD uniquely identify the WTP.  It is RECOMMENDED that these hints
     and identities be the ASCII HEX-formatted MAC addresses of the
     respective devices, since each pairwise combination of WTP and AC
     SHOULD have a unique PSK.  The PSK Hint and Identity SHOULD be
     sufficient to perform authorization, as simply having knowledge of a
     PSK does not necessarily imply authorization.
     If a single PSK is being used for multiple devices on a CAPWAP
     network, which is NOT RECOMMENDED, the PSK Hint and Identity can no
     longer be a MAC address, so appropriate hints and identities SHOULD
     be selected to identify the group of devices to which the PSK is
     provisioned
  you may spend more time reading the CAPWAP RFC if you are interested
  CAPWAP RFC: http://www.ietf.org/rfc/rfc5415.txt
  Hope this answers your concern.
  Amjad

• 802.1x wired authentication via PEAP, MD5

  Hi everyone,
  Thank you for taking the time for reading this, I am implementing a security solution and wanted to take th benefit of implementing 802.1x over wire. I have been searching a bit but no much info from start to finish on how to implementing this solution,
  i would really appreciate if someone could point me some where  to find  detailed instruction on how to do this, as so far i have been configuring in multiple way bit no result out of it. Still a orange port color on my switch, that means the first
  hop of security work but the next no.
  Thank you in advance to read this.

  Hi,
  According to your description, my understanding is that you want to deploy 802.1x wired authentication via PEAP, MD5 and need instructions about this.
  Some articles and just for your reference:
  802.1X Authenticated Wired Access Overview
  https://technet.microsoft.com/en-us/library/hh831831.aspx
  802.1X Authenticated Wired Access Design Guide
  https://technet.microsoft.com/library/dd378864(WS.10).aspx
  IEEE 802.1X Wired Authentication
  https://technet.microsoft.com/en-us/magazine/2008.02.cableguy.aspx
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Bulk Update Connected SharePoint Sites via powershell

  Hello
  Is there a way to Bulk Update Connected SharePoint Sites via powershell?
  Yasser

  Sure you can, call the following PSI method from PowerShell passing in the correct parameter values:
  http://msdn.microsoft.com/en-us/library/office/gg206217(v=office.15).aspx
  Paul
  Paul Mather | Twitter |
  http://pwmather.wordpress.com | CPS

• Self Assigned IP even though I am Authenticated via PEAP(MSCHAPv2) to WPA2

  Help!
  After installing Snow Leopard 10.6.1 on my 2.16 GHz Core Duo MacBook Pro running OS 10.5, I can no longer connect to the WPA2 Enterprise network at the University of Ottawa. I can still connect to other encrypted networks, such as my home WEP encrypted network. Before the installation I was able to connect to the WPA2 enterprise network.
  When attempting to connect, under network preferences I can see that my computer is Authenticated via PEAP(MSCHAPv2) and a timer showing my time connected is running. However under status, it says that I have a self assigned IP and that I cannot connect to the internet. As a result I cannot connect to the internet.
  I have included a picture that describes my problem exactly:
  Does anyone have this problem? Can anyone help me?
  Thanks!

  The thing you and many others forget is that these forums are for those with problems. Those for whom the installs works without fault do not visit here. They do not post. There are about 9,000 topics in the Installation and Using forums (the largest two) and even if every topic were an unique fault, this would mean a small fraction of the installed base.
  According to AppleInsider the Q1 sales of SL would be circa 5 million copies, and other reports indicate these numbers have been surpassed in the early months. So lets go for one months sales at only 1.5 million copies. 9,000 faults in 1.5 million copies is only a 0.6% rate and that's if every topic is a different fault (which it plainly isn't).
  So I'm afraid your argument is even less convincing - a few people report your fault, and even if only 1% of the installed base uses it, its still infinitesimal. IMO, the vast majority of problems arise from an initial Leopard installation that had enough variability of build to make enhancements problematical. I'd be the first to admit its not Apples finest hour, but its certainly not bad for the overwhelming majority.
  Perhaps you could apply to be an Apple tester, to help solve this issue ? Its better than standing on the sidelines complaining about everyone elses work for certain.
  Or log a fault request as it will get looked at I can assure you, but only if there is a tester who is actually able and willing to test that particular piece of functionality.

• Sshd authentication via pam_userdb

  Hello
  I would like to configure ssh to authenticate against a database file which I've created.
  This is what I have done so far:
  1. Generate the database file out of a text file:
  db_load -T -t hash -f logins.txt /etc/vpasswd.db
  I have modified /etc/pam.d/sshd to be the below:
  %PAM-1.0
  auth requisite pam_securetty.so #Disable remote root
  auth sufficient pam_unix.so
  auth sufficient pam_userdb.so db=/etc/vpasswd crypt=hash use_first_pass
  auth required pam_nologin.so
  auth required pam_env.so
  account sufficient pam_unix.so
  account sufficient pam_userdb.so db=/etc/vpasswd crypt=hash use_first_pass
  account required pam_time.so
  password required pam_unix.so
  session required pam_unix_session.so
  session required pam_limits.so
  When I log is as a user specified in the database file the following logs are returned:
  Apr 1 00:29:47 dopey sshd[13778]: Failed none for invalid user testuser from 57.62.62.102 port 31794 ssh2
  Apr 1 00:29:52 dopey sshd[13778]: Failed password for invalid user testuser from 57.62.62.102 port 31794 ssh2
  Apr 1 00:29:55 dopey sshd[13778]: Failed password for invalid user testuser from 57.62.62.102 port 31794 ssh2
  What I'd like to happen is if the user exists as a Linux account then let them in as normal, but if not then check the vpasswd.db database file.
  Can anyone point me in the right direction? Is it possible to configure this?
  Thanks
  - eskay
  Last edited by eskay (2009-04-01 03:18:55)

  It looks like RADIUS authentication via the PAM module does work. We compiled the pam_radius module using the -bundle option to the linker. That seems to have fixed it. The link line ends up being
  gcc -bundle pamradiusauth.o md5.o -lpam -o pamradiusauth.so
  We'll send these simple changes to the pam radius developers.
  What this has allowed us to do is use RADIUS authentication for logging in remotely via ssh. However, we have yet to figure out how to get the main login "window" for OS X to allow PAM to be used.
  Pete

• NAC authentication via Windows AD

  Hi,
  we have a Nac enviroment with users that are defined on the ACS. Also the groups are defined on this machine.
  The problem is that we have to move all the users from the ACS to the domain controller, so all the users will become AD users.
  In which way we have to configure the NAC enviroment to permit the authentication via Active Directory instead of Radius that runs on the ACS?
  Thanks a lot!
  Leonardo

  You have to create a map rule if you have two or
  more Roles authenticating in the same LDAP Auth Server
  and not if you have two or more auth servers
  If the users authenticating today in Radius Server ACS is associated with a single Role XYZ, then you can configure the LDAP Server linking users to the same Role XYZ.
  You will have two providers for the same Role.

• Kerberos authentication via Apache ...

  Hi all !
  we use SAP NW Portal 7.0; we can access the portal from internet via Apache as reverse proxy;
  our internal and external users access the portal via the Apache reverse proxy;
  now we want to use kerberos to authenticate against J2EE of Portal;
  Kerberos is working when ich access the Portal directly via http://<fqdn>:<port>/irj;
  but when we want to access the portal via Apache reverse proxy e.g. http://portal.test.com authentication via Kerberos don't work; Apache doesn't pass the kerberos ticket;
  is there any solution ?
  the Apache reverse proxy should be the 'single point of contact' for portal access;
  Thanks
  Oliver

  to use the portal, all users ( internal or external ) have to use the URL to our apache reverse proxy; the URL is the same for internal or external users
  ==> http://portal.test.com;
  for the internal users, it would be nice if the apache reverse proxy could pass the kerberos ticket to the portal server so that the login page doesn't appear;
  how to ?
  Thanks
  Oliver

• HTTP authentication via ACS TACACS+.

  Hi.
  I configure a router for tacacs+ access and the console and CLI work fine.
  HTTP access continually prompts for password and I can never gain access via web.
  I have tried the various cli combinations of IP HTTP AUTHENTICATION, but still does not seem to work with tacacs+.
  Debug authentication and authorization are ok (PASS)!
  Any suggestions??
  Thanks.
  Andrea.

  Hi Andrea,
  Make sure that you have privilege level 15, for your account, as telnet can work without it, but for http its a must.
  You can configure it for Group, under whihc you have your user account or per user basis too.
  Select group > Edit Settings > TACACS+ section
  Check "Shell" and "Privilege level" and in box in front of privilege level, put number "15".
  Also if you have configured enable authentication via TACACS+ ,amake sure under your user account you have selected "Use CiscoSecure..." option under TACACS+ enable password if you have your account configured on ACS, of select other as appropriate.
  Let me know if it helps :)
  I suppose you have "ip http authentiaction aaa" command configured.

• Publish Sharepoint 2013 via Web Application Proxy and Kerberos Authentication

  This is similar to
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/66c23aae-8774-4257-b9f9-b796e69b0318/action?threadDisplayName=publishing-sharepoint-2010-using-web-application-proxy
  However I have tried his resolution to no avail.
  I am trying to publish a SharePoint 2013 website via web application proxy. SharePoint 2013 is using negotiate (Kerberos) as its authentication provider. When trying to browse to the site externally via the WAP I get an http error 500 internal server error.
  In the web application proxy's event viewer I find the following two entries every time I try to browse the site.
  event ID 13019
  level: warning
  Web Application Proxy cannot retrieve a Kerberos ticket on behalf of the user because of the following general API error: No credentials are available in the security package
  (0x8009030e).
  Details:
  Transaction ID: {5672be45-a4b8-0005-58ff-7256b8a4cf01}
  Session ID: {5672be45-a4b8-0000-3909-7356b8a4cf01}
  Published Application Name: sharepoint
  Published Application ID: ****
  Published Application External URL: https://sharepoint.domain.com
  Published Backend URL: https://sharepoint.domain.com
  User: [email protected]
  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; NOKIA; Lumia 920) like Gecko
  Device ID: <Not Applicable>
  Token State: OK
  Cookie State: NotFound
  Client Request URL:
  https://sharepoint.domain.com/home?authToken=****client-request-id=****
  Backend Request URL: <Not Applicable>
  Preauthentication Flow: PreAuthBrowser
  Backend Server Authentication Mode: WIA
  State Machine State: BackendRequestProcessing_Pending
  Response Code to Client: <Not Applicable>
  Response Message to Client: <Not Applicable>
  Client Certificate Issuer: <Not Found>"
  And
  event ID 12027
  level: error
  Web Application Proxy encountered an unexpected error while processing the request.
  Error: No credentials are available in the security package
  (0x8009030e).
  Details:
  Transaction ID: ****
  Session ID: ****
  Published Application Name: Sharepoint
  Published Application ID: ****
  Published Application External URL: https://sharepoint.domain.com/
  Published Backend URL: https://sharepoint.domain.com/
  User: [email protected]
  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; NOKIA; Lumia 920) like Gecko
  Device ID: <Not Applicable>
  Token State: OK
  Cookie State: NotFound
  Client Request URL:
  https://gateway.dcsch.co.uk/home?authToken=****client-request-id=****
  Backend Request URL: <Not Applicable>
  Preauthentication Flow: PreAuthBrowser
  Backend Server Authentication Mode: WIA
  State Machine State: OuOfOrderFEHeadersWriting
  Response Code to Client: 500
  Response Message to Client: <Not Applicable>
  Client Certificate Issuer: <Not Found>"
  I have tried everything I have seen in many posts and the one linked above but cannot get this working. It does work fine internally.

  And within the next 10 minutes I found this
  http://technet.microsoft.com/en-us/library/dn308246.aspx#Kerberos
  Needed to set up delegation to ANY service in the Web application proxy

• Upload Excel data to Sharepoint list VIA infopath form

  Hi,
  I'll try to explain the process of what I want to do first.
  1. In Excel
  I have an exceldocument (XLS, XLSX or XLSM) with 4 named columns and a named worksheet saved locally on my computer.
  I want to upload this data into preferably a custom list in sharepoint but it needs to run via a infopath template first.
  2. In Infopath
  The Infopath template will prompt the user to specify values in 2 additional fields.
  After giving input to these fields user may browse for the locally stored excel document and upload the document.
  In the same infopath template a dynamic array should be visible containing 6 columns (4 from excel + 2 from headerlevel of template) and the amount of rows based on the number of rows from excelsheet.
  At the end of template a submit button is found for uploading the entire array into sharepoint custom list.
  Is this possible to do at all?
  NOTE! End user should not have to save the excelsheet as XML file nor do a XML mapping.
  Infopath should, perhaps with help of VBA read excelsheet and transfer data to correct destination in sharepoint on it self.
  Looking forward to your reply

  Hi Jonas,
  You can attach your Excel doucment into InfoPath form and send InfoPath form to a custom web service. Then you can parse the Excel data and combine the Excel data and additional fields into SharePoint list in the customized  web service.
  For more information, you can have a look at the thread:
  http://dandeng.blogspot.com/2012/03/submit-infopath-form-data-to-web.html
  http://www.codeproject.com/Articles/88547/Submit-entire-InfoPath-form-to-web-service
  https://social.msdn.microsoft.com/Forums/office/en-US/590f1e78-5c08-47bd-8af4-9709102b568d/webservice-to-send-attachments-in-infopath-form-to-different-location?forum=sharepointcustomization
  https://msdn.microsoft.com/en-us/library/office/gg575571.aspx?f=255&MSPPError=-2147217396
  Best Regards,
  Eric
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]