VPN Concentrator authentication with multiple domains

Similar Messages

• Manual Tomcat Active Directory (AD) Authentication with multiple domains

  Hi,
  We have successfully implemented manual AD Authenticaiton on our BO XI 3.1 environment using Tomcat applicaiton server.
  Now we need to include another domain to be able to use AD authenticaiton to BOE.
  What changes do we need to perform to allow the additional domain to log in successfully?
  Thanks for any support.
  Thanks,
  J

  Hello,
  You need to modify the file krb5.ini by adding the second domain there
  Have a look at the note 1406795 (https://bosap-support.wdf.sap.corp/sap/support/notes/1406795)
  The users of that domain will have to login by specifying that domain (user@domain)
  Regards,
  Philippe

• Authentication with Multiple SSIDs AP521G, using Autonomous

  I have an AP521G access point that I am trying to setup authentication for multiple SSIDs. One SSID is for domain users with WPA/TKIP authentication to a radius server and the other SSID is for guest to have access to Internet with no authentication. Is there a way to setup both SSIDs on the AP for this configuration?

  Security option for an SSID can be unique and can be configured when you configure a SSID or under VLAN . Note that each vlan is uniquely mapped to induvidual SSID.

• How to create a muse site in various languages with multiple domains

  I have been asked to create a website for a product. A very simple website with maybe one or two pages and one product for sale for which the client would like Paypal as the payment gateway. Simple right?
  No! This client would like to market their product into Europe, they would like to purchase multiple European domains ( .fr, .de for example).
  So how on earth can I do this? I will be using Muse for build and Business Catalyst for hosting.
  Bearing in mind the client will not want to pay for separately hosted sites. Is there a way of translating the text for each domain. Or could I assign multiple domains but direct them to different home pages within the same site?
  I haven’t a clue how to problem solve this.

  Hi,
  Some links that might be useful,
  how to set up a multilingual website with Adobe Muse and push it live to Adobe Business Catalyst
  Re: How can i create different languages for my page?
  How can i create a multilingual website?
  how to create a multilingual site
  Do let me know if you have any question.

• Authentication using multiple domains

  We've got a rather complicated configuration scenario here and I need to understand what would need to happen to put this in place, or if it can even be accomplished at all.
  We are on Business Objects XIR2 SP3 in a Windows 2003 environment. We are currently using Trusted Authentication with a 3rd party web security component (ISAPI filter) running on our IIS box, however our Web Intelligence implementation is actually done in Tomcat, which is connected to the IIS box simply using the IIS to Tomcat connector (also an ISAPI filter). We currently have the LDAP plugin configured to hit an ADAM directory server, however we are rewriting our web security solution with an AD back end. The AD back end may possibly have two different domains involved, one for internal users and one for external users. I would need to be able to authenticate users from both domains, and have all the other pieces and parts continue to work as far as authentication goes (ADAM via LDAP, trusted authentication for the thin client interface using the WEB_SESSION approach, and both AD directories with usres in each all able to authenticate to the tool set).
  First, can you tell me if it's even possible to accomplish this? And second, if it is, what kind of trust relationship does there need to be, if any, between the internal and external users AD domains? I ask because I see only one place to set up an SPN, and there are specific application server services that have to be configured to run as that given service account, so I'm assuming there has to be some sort of trust relationship there since our application servers are all installed in one of those domains.
  Thanks,
  V

  These questions keep getting more complicated
  Your domain situation depends on 2 things. If internal and external are 2 domains in the same AD forest(trust is automatic this way) then it should work fine (provided you aren't firewalling off the users as internal/external could imply).
  If they are not in the same forest then you would need a 2-way transitive trust, no firewalling, and XI 3.1 in order to map groups/users from both domains into 1 plugin (this would require the AD plugin).
  Another option might be to use the LDAP plugin for 1 forest and AD plugin for the other but that would kill your existing users. This is your only option in XIR2 if you have 2 forests.
  Regards,
  Tim

• How to confiture virtual hosts with multiple domain names

  hello,
  I've read through some of the postings here on virtual hosts, but I thought I'd better solicit advice before I actually try some of the things I've read about.
  In a nutshell, I've purchased multiple domain names that I'd like to alias to a new site (currently it is just a subfolder in the main site directory) on my OS 10.3.x server. There is only the one main site configured right now on the box, so I know I need to set up a second "virtual site" pointing to the files in this subfolder to make it function as its own site.
  I've dabbled around with the sites settings in the GUI, but I'd probably be most comfortable setting all this up in the httpd.conf by hand if I could. But I'm weary of this because I know it might be better to use the GUI because of OS X Server's flavor of WebObjects and Apache (sigh).
  So, I have two main questions:
  1) How would I set up this second site using the GUI in server settings? Do I need to first move the subfolder out of the main folder before it can be designated its own site? Or can I just point to it in the GUI? Can I use one of my purchased domain names in the domain field?
  2) Currently, I have URL Forwarding set with my multiple domain names, but I'm thinking there might be a better way to do this? For SEO I'd rather use some type of redirect rather than being penalized by search engines for having what looks to be multiple domains pointing to the same site.I'm thinking I should create virtual sites for each domain name I've purchased with a hard redirect back to the main site?
  Any suggestions would be appreciated.
  Thanks
  G4 Mac OS X (10.3.9) 10.3.9 Server
  G4 Mac OS X (10.3.9) 10.3.9 Server

  thank you for your reply.
  > You can create each site as a new Site in Server
  Admin. When you do this you can choose any
  directory on disk as the document root for each
  site.This means you can move the sites' folders out of
  /Library/WebServer/Documents if you like - you could
  create /Library/WebServer/site1,
  /Library/WebServer/site2, etc. (or even be outside of
  /Library/WebServer if you want).
  so, are you are saying that I could designate one site to be
  /Library/WebServer/Documents/site1
  and another to be
  /Library/WebServer/Documents/site1/directory1
  even though directory1 is contained within site1's structure? I'm not advancing this as a good idea, necessarily. I'm just wondering if Apache would complain.
  > Each site should have the domain name set as per your
  registered domains. Apache will need this to
  determine the correct site to serve for each
  request.
  Well, after some additional research I'm thinking I'm missing a critical piece of the puzzle. That being access to the DNS host server that manages the context of my server. I have purchased domain names through an outside registrar that point to my site and I can create virtual hosts on my server, but I don't have the ability to add the new virtual host names into the DNS server that manages my box. If that makes sense. Or maybe I'm missing something?
  >
  I'm not sure why you're using URL forwarding at all.
  Without that piece of information it's impossible to
  tell you whether you should continue using them or
  not - in general there's no need to use URL
  forwarding if you have multiple Virtual Hosts setup,
  but it sounds like you have multiple hostnames
  pointing to the same content, so your needs may be
  different.
  I'm using forwarding for the reason I list above. I didn't purchase hosting with the registrar where I purchased my domain names, so they are parked on the registrar's name server with URL forwarding to my server. The DNS server that manages my box resides in a different location and I don't have the ability to add DNS entries pointing to virtual hosts that I want to set up. Am I stuck?
  G4 Mac OS X (10.3.9) 10.3.9 Server

• Messed with multiple Domains... Big Problems

  I have posted on this topic because I was experiencing very slow save times and publishing times.
  I had 20+ sites created in iWeb, many of which have large photo galleries.
  Wanting to solve this problem, I tried a couple of techniques to start with a fresh Domain.
  I tried duplicating the existing Domain and deleting the sites I didnt want in Domain 2.
  Problem was this retained the massive "Albums" folder within iWeb package content.
  The sites didnt show in the iWeb interface but the new Domain was giant (1.9 gigs) and saving and publishing still took forever.
  So I went into the Domain 2 package contents and deleted the Albums for the sites I didnt want in my new Domain.
  Well then Domain saved and published nice and fast as I expected it to.
  Thing is...
  Now all of my previous sites from the old Domain are broken when you attempt to view them on the web.
  They all look fine when I look at them in iWeb by opening their files in iWeb.
  My original Domain is still intact where I have stored it on my computer.
  When I check my iDisk, I can see that my old websites are there but their Media folders are completely empty.
  Sooo... how do I fix this situation?
  I realize I brought this upon myself but I was trying to do what I have got to believe is doable.
  I want to have multiple Domains so I can work more efficiently.
  Surely I dont have to be saddled with updating a 1.9 gig Domain every time I publish to iWeb.

  You're only putting the domain file(s) in the trash to prevent iWeb opening them so that it will be forced to created a new blank domain file. Then drag it out and store it in a folder.
  Individual domain files are opened in Iweb by double clicking them.
  Splitting domain files with multiple sites is not recommended. You're only leaving yourself open to file corruption and other problems some where down the line.
  Start each new site on a blank domain file and store it in its own folder.

• CCM / AD intigration with Multiple domains

  Our corporation is made up of two different active directory domains. Is it possible to integrate call manager with both domains?

  If they are in the same forest, yes you can. Take a look at the following link:
  http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/4_2/srnd4_2/uc4_2/42drctry.htm#wp1067012
  There are definitely some added complexities and considerations in this sceario. Take a look at the following note from the previous link:
  "In a multiple-domain AD forest, try to keep the users for a specific Cisco Unified CallManager cluster within a single domain, and follow the guidelines described previously. If a single domain is not possible because users are spread across multiple domains, set the User Search Base to the lowest point in the tree containing all domains with users serviced by the Cisco Unified CallManager cluster. In structures in which serviced child domains are under the top-level domain, the User Search Base must be set at the root of the entire AD forest. In all cases, though, try to ensure that a domain controller for each serviced domain is collocated with Cisco Unified CallManager, or that the network is sufficiently resilient and fast to allow remote searches with no greater performance degradation than occurs with local searches."
  Hope this helps. If so, please rate the post.
  Brandon

• Office 365 tenant with multiple domains - What does Azure AD backend look like?

  I'm planning a full cloud deployment of multiple services. I have a few domains I'll be using for email. My question is simple. If I create an office365 tenant, add 3 domains, and then go to AzureAD, do I have 3 Azure AD instances or a single directory?
  I'm planning on leveraging Visual Studio Online, but it doesn't play nice with multiple Azure AD domains so I need to make sure I get this right.

  you can do both. But normally you will use one azue ad, with all the suffixes in it. But you could create a Azure AD for every domain.
  www.sccmfaq.ch

• Announcing the availability of enabling Windows Server 2012 R2 Essentials' integration of Microsoft online services in environments with multiple domain controllers

  In Windows Server Essentials 2012 R2, all of our online services integration features, including Azure Active Directory and Office 365, are supported only in environments that
  have a single domain controller. In environments with more than one domain controller, integration of these services is blocked due limitations in the user account and password synchronization mechanism in Windows Server Essentials. 
  I am happy to announce that with the recent Windows August Update released on (8/12/2014, PST), this limitation has been removed.  This update adds support for both Azure
  Active Directory integration and Office 365 integration features in domain environments consisting of a single domain controller, multiple domain controllers, or Windows Server Essentials as a domain member server.
  For more information, please go to
  http://support.microsoft.com/kb/2974308

  Hi JoeBeck,
  Thanks for the comment. Could you please tell which link you clicked to download?
  Please go to PinPoint check details and start download
  http://pinpoint.microsoft.com/en-US/applications/Dynamics-CRM-Online-Add-in-12884966386
  Thanks,
  Shanghai Wicresoft

• NTLM Authentication with a domain controller/active directory

  Hi,
  I have a requirement to do an NTLM authentication with the MS active directory.
  I am aware that JNDI doesn't support this protocol to communicate with the AD.
  I have looked into couple of online solutions available but that doesn't seem to meet my requirement. Most of the solutions like (Apache commons NTLMScheme/NTCredentials and java.net.Authenticator etc...) are used for only NTLM proxy authentication (where both username, password is sent to the proxy server which does the actual NTLM authentication with the Active Directory.)
  What I need is a solution in Java where I can directly contact Active directory for negotiation of challenge/response mechanism.
  Can any of you guys suggest any alternative to achieve this ?

  it really depends to be honest. I'd probably go something like this though:
  One Small physical server to act as a domain controller - you could put DHCP on this too
  One or Two physical, quite powerful servers to act as Hyper-V hosts - these can be domain joined. 
  Then for your VM's create the following:
  1 x additional domain controller
  For remote desktop services:
  1 x Remote Desktop Session Host
  1 x Connection Broker
  1 x Gateway and web server
  For additional services
  1 or 2 x Exchange
  1 x sharepoint
  1 x IIS
  but it really depends what you want to achieve. 
  The benefit from Virtual machines is that you can keep separate virtual servers for separate applications. 
  If you have two hosts you could then replicate the virtual machines between them if you wanted some layer of fault tolerance. 
  Hope this helps you a bit more. And thanks for positive blog feedback - its appreciated. 
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  My Blog
  LinkedIn:

• Essentials 2012 R2 Exchange Integration with Multiple Domain Controllers

  Attempting to integrate Exchange Server 2012 with the Essentials wizard results in the error message: "This task must be performed on the domain controller." I've found several threads that speculate this is because there are multiple domain controllers
  in the domain. Is there a workaround or patch available to resolve this issue? Why wouldn't Microsoft want the redundancy of multiple DCs?
  Thanks.

  Hi HartmannTek,
  I agree with Robert.
  We can get the following information from the article:
  Services Integration Overview for Windows Server 2012 R2 Essentials - Part 1. Please refer to.
  Currently, the Services Integration features, including Windows Azure Active Directory integration, Office
  365 integration, Windows Intune integration, and on-premises Exchange integration, are only supported in a single domain controller environment. In addition, the integration wizard must be run on a domain controller.
  Hope this helps.
  Best regards,
  Justin Gu

• More problems with multiple domains and subaccounts

  I had been creating multiple .mac web sites in earlier versions of IWeb by creating extra “domain” files and dragging them in and out of the folder library/Application Support/IWeb as needed. Now I notice that IWeb 08 lets me store several domain files with different names in a folder, and pick whichever one I want when launching IWeb. That’s good -- but of course, the IWeb “Publish” command wants to publish them all to my same .dot mac web site -- even though I have four .dot mac subaccounts each of which can have its own web site. The only way I could figure out to publish different domain files to different .mac web sites was to create several different user accounts on my computer, assign each one to a different .mac subaccount, launch IWeb, find the domain file for that account, publish it -- then log out, log in to another account, launch IWeb there and do the whole exercise again.
  It would be bad enough if that worked, but it doesn’t: I found that when I logged in to an account other than the one that created a given domain file, I could open that file (I’ve got it stored in a folder on root level of my hard drive), but I couldn’t save it -- I would get the error message: “Couldn’t save file. You don’t have permission to make changes to that file.” So OK, I went into “Get Info” and changed the ownernship/permissions to match the user account I was in. Now I can make changes and save my domain file -- but I can’t publish what I just saved. When I try, to get the message: “Publish Error. An unknown error occurred.”
  Is there any way I make this all work -- to open and save my domain files and publish them to the .dot mac subaccount/web site I want? And is there any way around this whole clunky system that would allow me to publish to different .mac subaccounts/websites more efficiently (preferably logged into my Mac from the same user account)?
  (It may be irrelevant, but in addition to paying for the subaccounts, I bought the family pack version of ILife what should give me legit access from a licensing point of view anyway.)

  That's helpful -- I'll try it. It seems to me it would still be preferable to store my multiple domain files in one hard drive location, easily accessible and offering read and write privileges to any user account. That way I could at least do design work, etc., on any of my domains without logging in and out as various users. Any way to make that work? And really, it seems weird that I can sit at my Mac and mount the IDisks of any of my four .mac sub accounts, open their folders, and look at the web pages previously published to those subaccounts -- but apparently I can't publish any changes to those subaccounts/domains through IWeb without logging out and then back in as a different user. Isn't there some way around these apparent restrictions?

• Help Working With Multiple Domains

  I have created multiple domains. I can send mail from all users on all domains but I can only receive mail on some domains. All the anti spam settings are the same for each domain in the enterprise manager smtp_in and smtp_out and on the mail client administration tab of the web client. The mx records are setup exactly the same for dns. When sending from yahoo the following error message is returned.
  <[email protected]>:
  216.198.xx.xx does not like recipient.
  Remote host said: 550 Spam check failed for recipient's address:
  [email protected]
  Giving up on 216.198.0.0.
  Any ideas?

  Thanks for the Reply Steven..
  I'll go deeper just so I understand.
  Lets say I have 2 separate matte shapes: a circle and a triangle....that will be used to cut out 2 different layers of video.
  I want to position the triangle in the right side of frame. The video I want to be revealed in that matte position will be placed on v1....the matte on v2.
  - I have to take the opacity down on the matte so I can see where to repo my video underneath so that I can chose what portion is seen in the triangle.
  - Then nest the matte and video "fill"...essentially building a precomp
  - Turn off the matte in the nest
  - Cut the Nested Seq into my Main Seq
  - Then copy the matte out of my nested seq to keep position intact, and paste that matte into my main seq...in this case on v2
  - Bring Matte opacity back up to full
  - Add Track Matte FX to v1
  - In Track Matte FX settings...chose v2 for matte
  Now I have the video in v1 being revealed thru the matte on v2. If for any reason I wish to adjust the repo of video on v1...I must go back into the nest.
  To continue and add the Circle shape cutout...I place the video "Fill" on v3 and the circle matte on v4 and repeat above steps.
  Is this the correct procedure?

• Portal AD authentication with multiple OU

  Hi, all.
  We are trying to implement AD authentication. Users are located under 3 different OU(but same domain controller). I don't want to use AD group to "group" the users since they would be limited to have one group. Is there a way to put in multiple OU in UME user path config?
  We are running on EP7, SP13.
  Thanks,
  Jonathan.

  Hi,
  LDAP error 49 is:
  LDAP_INVALID_CREDENTIALS: Indicates that during a bind operation one of the following occurred:
  The client passed either an incorrect DN or password.
  The password is incorrect because it has expired, intruder detection has locked the account, or some other similar reason.
  (ref http://www.directory-info.com/LDAP/LDAPErrorCodes.html)
  Probably you've entered the password wrong, or the xml file is refering to one of the field of the UME config properties (are several you can refer to from the xml file).
  Could you either send the relevant part of the datasource configuration xml file or do a network trace on port 389 with ethereal in order to find out which password the portal uses ?
  Regards
  Dagfinn