Using ACS as a web authentication server

Similar Messages

• Using ACS for Cisco Prime authentication

  I'd like to use our Tacacs server running ACS to be the authentication method for user accounts in Prime, but don't even know where to start with this..
  Any pointers?

  The configuration on the Prime Infrastructure side is minimal:  define the authentication server Prime is to use and select a mode for Prime Infrastructure to use with it.
  Administration > AAA > TACACS+ Servers > add tacacs server.
  Administration > AAA > AAA Mode Settings > tacacs+ and enable fallback to local.
  The bulk of the configuration is on the authentication server side, particularly indefining groups, services and authorization tasks.  This is covered in the "Performing Administrative Tasks" chapter of the Prime Infrastructure Configuration Guide, starting with the topic "Configuring ACS 5.x"
  http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.3/configuration/guide/admin.html#wp1595935
  "Configuring ACS 4.x"
  http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.3/configuration/guide/admin.html#wp1625896
  https://supportforums.cisco.com/docs/DOC-17909
  In case it doesn't work, please get the logs from the ACS reports and monirtoring for tacacs authentication and error message while accessing cisco prime.
  Jatin Katyal
  - Do rate helpful posts -

• External Web authentication server for Guest access

  I have a guest wireless wlan setup. When guest users attach to our guest wireless they are prompted by the built in web security on the WLC's.
  Cisco talks about how to setup the WLC to route web authentication to an external web server, but they don't say what kind of web server to use or examples.
  I need some help on getting an external web server to do web authentication. With the server we would like to get some basic info from the user. name, email, pupose of using wlan, and some background info they don't see like, computer name, mac address. This is all for tracking purposes.
  Hotels do this type of web authentication for example.
  Any help would be great.

  Hi Patrick,
  I'm having the same problem here. I configured my WLC that redirect the login page to WEB Server, but I don't know how configure the Web Server to back the credentials to WLC. Did you can solve this problem?
  thanks!
  Claudio

• Java web authentication server

  Hello, I am new to the forum so if this has been talked about before, then I apologise as I must have missed it when i had a look through.
  I am trying to create an authentication server using Java and sockets. Now I know there will be better ways to do this, but it is the approach I have chosen, and would like to stick to it if possible. I wish to get the user information from a standard HTML form, and then run a java application that will validate the information before connecting to a server created in java to authenticate the user. When authenticated, the user will then be forwarded to a 'members only' page.
  What i need to know, is if I can do this, and if so, what are the things i need to know to go about it? I had previously decided to use applets on the website that would then connect to the server, but this is a messy approach, and as yet have not got as far as testing if it will even actually work.
  Any input to this problem would be much appreciated.
  Regards,
  Relyimah

  I'd start with Servlets or JSPs.
  Kind regards,
    Levi

• How to use Mac Mini as web hosting server?

  Hi,
  I would like to use my mac mini as a web hosting server.
  I have a few domains that I want to host on my mac mini.
  How do I configure/setup the mac mini?
  Best,
  Leo

  yes, a little. it's nice for people not used to setting up from source or doing tons of stuff in the command line. it installs like any other mac application & puts a nice control pane in system preferences. plus, you can set up for updates to keep everything current with patches.
  I'm not sure how to handle the multiple domains, but whatever you find on apache that covers this should also or mostly apply to you too.

• How to create a Web Authentication Meathod using Server 2008 r2 ?

  HI, i am a NewBee in Server Managment. am using windows server 2008 R2 Enterprise Edition, with 2 NiC One is Connected to modem other one connected to Lan , using ICS for internet . i have 80 client computers , all clients have access to unlimited internet,
  i want to control them without 3rd part application, or  Create a Web authentication username and Password for users , is there any possible way to create a web authentication server in server 2008 r2 ? plz give me a proper guideline.....

  Hi,
  According to your description, my understanding is that you want to configure web authentication that allow the client to connect to Internet by password and user name.
  I am afraid that no function within Windows Server 2008 R2 may fulfill your requirement. 
  For better control of your clients, I would recommend you to configure the Windows Server 2008 R2 as an RRAS (dial-up) router(use NAT to assign private IP address for the internal network), and connect to the clients with intermediate device, such as hub,
  switch. Cooperate with NPS to provide authentication for network connection.
  3rd party software/device should be needed for configuring web authentication. Here is a deployment scenario just for your reference:
  Web Authentication Using LDAP on Wireless LAN Controllers (WLCs) Configuration Example
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/108008-ldap-web-auth-wlc.html
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Best Regards,           
  Eve Wang                                                                                            

• Question about using built-in Web Authentication.

  Is it possible to use LDAP servers as an Authentication Server for webauth? I'm running code 4.2.
  We can use RADIUS which I know works fine, but I'm unclear on how to get it to work with just LDAP (if it's even possible).
  We'd like to use LDAP so that we can point to different containers for different WLANs- we've been having some WPA key leaks and want to make sure users are on the network they're supposed to be on.
  Any input is appreciated.

  Nevermind.
  I got confirmation from TAC that although it's technically possible, according to him, it's not supported until 5.1.
  Time to dust off the RADIUS servers I guess!

• Wlc5760 web authentication custom page

  I have installed custom web pages with our company logo on the autentication pages. 
  everything is fine, users are able to access the pages and autenticate but the logo image is not showing.
  instead of the logo *some text missing * is appearing on the webpage.
  my logo file is .gif having a size of 211KB.

  Downloading a Customized Web Authentication Login Page
  You can compress the page and image files used for displaying a web authentication login page into a.tar file for download to a controller. These files are known as the webauth bundle. The maximum allowed size of the files in their uncompressed state is 1 MB. When the .tar file is downloaded from a local TFTP server, it enters the controller's file system as an untarred file.

• IPlanet Sun ONE Web Proxy Server 3.6 SP6 terminating

  I have a problem with my proxy server server.
  I use iPlanet Sun ONE Web Proxy Server 3.6 SP6
  It is terminating and the service is restarting. This happens about 10-15 times a day. The message I get from the log is :
  [22/Mar/2005:09:29:30] info: server terminating... each time it terminates.
  I know for sure that this is no hardware issue (as I have changed the hard disk recently). My OS is win2000 server SP4 + all released patches from MS.
  Also I have reinstalled the OS several times (clean install after format) and I got the same result.
  Also I tried to use the proxy with/without LDAP server for authentication - the same.
  Any suggestions/recommendations are mostly welcome.
  Thanks in advance,
  Kaloyan

  Dear Kaloyan,
  Migration to another proxy (e.g. ISA) seems to be quickest solution for your problem, as WebProxy doesn't work well on w2k platform.
  Vladimir
  P.S. Regards to Delyan :)

• ACS 5.1 administrator authentication via AD

  Hi,
  We are migrating from ACS 3.3 to 5.1 - formerly we were able to configure ACS to use an external database for internal user passwords. Thus, in 3.3, we had AD users using a Windows database for their password and we were able to use our AD accounts to administer ACS.
  In 5.1, when viewing the "Accounts" under the System Administration dropdown, there appears to be only the ability to create internal accounts and use internal passwords. This is yet another password mechanism to track, enforce, and audit - it would be preferable to have the option to use our AD accounts to get around this. I've looked through the User and Identity stores and don't see an obvious way of making this work, and there is no mention of it in the documentation.
  Note that I am not talking about authenticating devices to Active Directory, this functions fine - I'm talking about the actual ACS system administrator / web authentication. Am I just missing the option?
  Thanks.

  Doug,
  The option you are looking for in not available in any  ACS 3.x/4.x / 5.x.
  ACS administrators are configrued  locally.
  Regards,
  ~JG
  Do  rate helpful posts

• Oracle iPlanet Web Proxy Server 4.0.14 not getting started.

  bash-3.00# ./start
  ld.so.1: parsexml: fatal: relocation error: file parsexml: symbol __RTTI__1nMXMLException_: referenced symbol not found
  ld.so.1: parsexml: fatal: relocation error: file parsexml: symbol __RTTI__1nMXMLException_: referenced symbol not found
  ld.so.1: parsexml: fatal: relocation error: file parsexml: symbol __RTTI__1nMXMLException_: referenced symbol not found
  ld.so.1: parsexml: fatal: relocation error: file parsexml: symbol __RTTI__1nMXMLException_: referenced symbol not found
  Oracle iPlanet Proxy Server 4.0.14 B06/08/2010 05:46
  failure: CORE3170: Configuration initialization failed: Error running init function load-modules: dlopen of /export/home/Oracle_Proxy/bin/proxy/lib/libj2eeplugin.so failed (ld.so.1: proxyd: fatal: libjvm.so: open failed: No such file or directory)
  bash-3.00# uname -r
  5.10
  bash-3.00# uname -a
  SunOS sunfire-v240 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Fire-V240
  bash-3.00#
  The web proxy server version is 4.0.14 and the package i used is "Oracle-iPlanet-Web-Proxy-Server-4.0.14-sparc.zip"
  Please help me. If any other information is needed, please let me know.

  Your proxy instance should start. The error you are seeing should only be for the admin server. Add the location of where your jvm.so is located to the LD_LIBRARY_PATH. The jvm.so is located under the JDK directory.

• Port 80 for Web authentication?

  Hi,
  Is it possible to use port 80 for web authentication instead of port 443?

  Sure... on the later code versions you can set the WebAuth to use either http or https by disabling WebAuth SecureWeb (http) or enabling it for https.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• OpenDocument and the Webi Job Server

  (Using XI R2 on windows environment)
  I have a Webi report which will be opened using the OpenDocument URL syntax, passing parameters through, with the report set to refresh on open.
  When this report opens and refreshes does this use one of the Webi Job Server "Maximum Jobs Allowed"?
  ie say the server is set to allow 10 simultaneous jobs to run, and these are all being used by scheduled jobs (say at month end) and someone uses the OpenDocument function, will this document wait until there is a job allowed to run on the Job Server or does it refresh immediatley?
  Sorry if this doesn't make sense, its a bit had to explain what I think I mean.
  Cheers

  Hi
  the WebI Job server is not involved  in the workflow you described. The webI Report Server is repsonsible for creating reports on-demand. Calling your openDocument link will trigger the WebI report server. While the report is refreshed and remains open a connection will be opened on this server.
  Regards
  Stratos

• How many web authentication users do 2125 support?

  when 2125 use local database for web authentication. how many web authentication users do 2125 support?

  thank you very much!!
  醉生梦死谁成气,拓马长枪定乾坤
  Date: Fri, 19 Aug 2011 01:10:43 -0600
  From: [email protected]
  To: [email protected]
  Subject: - Re: how many web authentication users do 2125 support?
  Cisco Support Community
  Re: how many web authentication users do 2125 support? created by pcroak in Getting Started with Wireless - View the full discussion
  Hello Yuliang,
  The maximum number of local database accounts that could be created is 2048. You can configure the size of the local database with the command:
  config database size <512-2048>
  NOTE: This local database count is shared between the following entries:
  MAC filters (clients)
  AP MIC/SSC (AP authorization list)
  Dynamic Interfaces
  Management users
  Local net users
  Excluded Clients
  If you are asking about the number of simultaneous wireless clients, I believe the 2125 supports 350 active wireless clients.
  -Patrick Croak
  Wireless TAC
  Reply to this message by going to Cisco Support Community
  Start a new discussion in Getting Started with Wireless at Cisco Support Community

• Radius server web authentication using ISE

  Hi,
  Can anyone point me in the direction of a guide to implement radius server web authentication using ISE?
  I need this to be layer 3 Web Auth with all authentication requests coming from the wireless anchor controller, therefore don't think I can implement central web auth on ISE as detailed in the user guide as its layer 2 and auth requests come from the foreign controller.
  The following link explains "Radius Server Web Authentication" using ACS.  I need to find something similar for ISE - http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html  
  Thanks,

  Hi,
  Please check these:
  Central Web Authentication on the WLC and ISE Configuration Example
  http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
  Regards
  Dont forget to rate helpful posts