Similar Questions

• OEDQ integration with Active Directory - disable SSL

  Hi mates,

  I just installed OEDQ (latest version) on a Unix machine (deployed on WebLogic Server 10.3.6) but I have a few concerns:

  • SSL communications -> is mandatory? I mean, I tried to expose dndirector via a Server Web Apache OHS admin page. I am able to access the page from admin in raw mode, but every time I try to access a specific feature (dashboard, user management, server configuration, etc.) I am redirected to https://< web-server-hostname >: < wls-server-ssl-port > / dndirector, if this is not what I expect. What's wrong? Moreover, if SSL is required, is there a way to expose the console via apache (avoiding any redirect)?
  • OEDQ with Active Directory -> documentation- OEDQ integration with Active Directory - covers just Single Sign-on configuration (on the two Windows/Unix os). What about a simple configuration pointing to an external ldap? The documentation States the following statement:

  It is also possible to configure OEDQ to work with servers of different directory for authentication of users and the identification of the user. For more information on the alternative configurations, "see"contact us" "

  So, how can I achieve this?

  Pointers?

  Thanks in advance,

  Marco

  Marco

  Here is an example configuration that can be used to integrate with AD.  Create a folder called Security in your Disqualification configuration directory, and save the file in this folder as login.properties.  There are a few supporinting of documentation online this process in aid of the Disqualification.

  Here is the file, I'll add a few notes below:

  realms                        = internal, adgss                           = false
  
  ad.realm                      = EXAMPLE.COMad.auth                       = ldapad.auth.bindmethod            = digest-md5ad.auth.binddn                = search: sAMAccountNamead.ldap.server                = dc.example.comad.ldap.auth                  = simplead.ldap.user                  = [email protected]                    = testad.ldap.profile               = adsldapad.ldap.prof.defaultusergroup = testgroupad.ldap.prof.useprimarygroup  = false
  

  The kingdoms line indicates that the 'internal' (Disqualification internal users such as dnadmin) Kingdom and the Kingdom of AD should be used.  Once you are satisfied with the integration of ads you can remove the internal domain and use AD exclusively.  The domain property sets the name of the field AD - here I used EXAMPLE.COM.

  The server property sets the DNS name of the AD server.  If omitted, it is looked up in the DNS.

  The lines of the user and pw are used to connect to AD Disqualification.

  The defaultusergroup line is the name of a LDAP group that contains all users who will use the Disqualification.  The default value for this is domain users that contains usually much too many users.

  Once it is setup and working, you can go to Setup user Disqualification and see a link to external groups that attach ad with Disqualification groups groups to assign permissions to users.

  I hope this helps.

  Richard

• 4.2 ACS Cisco with Active Directory integration

  Hello

  I m new in the administration of the ACS, we have recently implemented on ACS version 4.2 Server

  to manage all the authorization of users in our network.

  We are in an environment with at least one Active Directory server, group, and users.

  Now, I m just able to create a new user in ACS and work with the switch of the customer, do I have to do, is to integrate my 4.2 ACS with Active Directory.

  to work with the user and group that a registry in my ad.

  Can someon help me please?

  Hello

  If you use windows server for CE 4.2 Installing you just need to do this the domain member server.

• Version of Cisco ACS 5.1.0.44.3 integrate with active directory server from Microsoft windows 2012?

  Version of Cisco ACS 5.1.0.44.3 integrate with active directory Microsoft windows 2012 R2 server?

  Unfortunately, it does not support R2 2012

  5.1 ACS supports all editions of:

  Windows Active Directory (AD) 2000

  Windows AD 2003

  Windows AD 2003 R2

  Windows AD 2008

  Source

  Windows AD 2012 R2 is supported after ACS 5.5 patch 1 and following.

  Source

  Please find below the steps to go from 5.1 to 5.5 hotfix 1:

  STEP	FILE	COMMAND
  Apply the 5.1 patch 6	5-1-0-44 - 6.tar.gpg	ACS patch install repository 5-1-0-44 - 6.tar.gpg ftp_repository_name
  Apply 5.3	ACS_5.3.0.40.tar.gz	application upgrade ACS_5.3.0.40.tar.gz ftp_repository_name
  Apply the patch 5.3 8	5-3-0-40 - 8.tar.gpg	ACS patch install repository 5-3-0-40 - 8.tar.gpg ftp_repository_name
  Apply the sharp Patch	Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg	ACS patch installs Pointed-PreUpgrade -CSCum04132- 5-3-0 - 40.tar.gpg repository ftp_repository_name
  Apply 5.5	ACS_5.5.0.46.tar.gz	application upgrade ACS_5.5.0.46.tar.gz ftp_repository_name
  Apply the patch 5.5 1	5-5-0-46 - 1.tar.gpg	ACS patch install repository 5-5-0-46 - 1.tar.gpg ftp_repository_name

  Best regards ~ jousset

• Integration with Active Directory OraHome92?

  Let me first say that I have absolutely zero knowledge of all Oracle products, I don't know if I'm posting in the right forum, but I'm here, if I need to ask another forum please let me know.

  Question:
  We are Microsoft System administrators. We have a client that is running a very old application to the database on a Windows 2003 server. Currently they use a new database (Oracle, not), but the oracle database must accessible for research in history.

  The application works very well.

  We plan to migrate the domain existing (Active Directory) to a couple of servers R2 2012.

  The 2003 with oracle server is also a domain controller, and we do not want in our field of 2012R2 2003 domain controllers.

  Our question is can demote us this domain controller and Orahome92 will work after the demotion?

  Server 2003 is not the FSMO, the FSMO is a Windows Server 2008.

  In other words, how Orahome92 integrates with Active Directory? Or isn't there any Active Directory integration and may us just demote the server and leave it to run as a member of the domain server?

  Maybe you need more information about oracle, all I can say that the following services are running:

  OracleMTSRecoveryService
  OracleOraHome92TNListener

  OracleServiceORCL

  Oracle installed, but NOT running services:
  OracleOraHome92Agent
  OracleOraHome92ClientCache
  OracleOraHome92HTTPServer

  OracleOraHome92PAgingServer

  OracleOraHome92SNMPPeerEncapsulator

  OracleOraHome92SNMPPeerMasterAgent

  
  

  I hope sombody can give treatment of this or point us in the right direction.

  I would not be protected by an export created like this. It is not a full export, is an export of the only pattern and you may need more than that if it is necessary to rebuild the database. In addition, it is not a coherent export which may make it unnecessary. I was running export something like this:

  exp.exe System/sys@oracle_w3 complete file=d:\directory\\file.dmp = compliance = y

  You may think it's all pretty awkward. The problem is that it is generally considered bad practice to install Oracle on a domain controller, unless you install as a member of the domain administrators group. I guess just like you do not have that, you can be able to downgrade the machine without affecting the database. But I don't really know, Windows security is a mystery to me.

• Autenticateing Oracle with Active Directory database

  I installed Oracle database 11.2.0.3.0 on Windows 2008 Server R2 64 bit. The company uses Microsoft Active Directory and I need to set up access to the Oracle database for users that are stored in Active Directory. Do I need another product in addition to the database to do? If so, what version of the product would need?

  To bind the user to Oracle database for users that are stored in Active Directory, and you must create the Oracle schema objects and an Oracle context.

  You can see the chapter on "Requirements for using Oracle with Active Directory database"
  http://docs.Oracle.com/CD/B28359_01/win.111/b32010/active_dir.htm#CDECHCBC

• Robo 9 plays nice with Active DIrectory?

  Hello, just try to make a business case for RoboHelp 9 and 9 RoboServer and trying to find any info on how it integrates with Active Directory. Can use info in AD to manage localized content or require a maintenance of a separate user database to control access to the help output?

  Thank you

  This has been answered on the forum HATT.

  http://groups.Yahoo.com/group/Hatt/message/78026

  Also consider using dynamic centred on the user content if you want different users to see different areas of assistance.

  See www.grainge.org for creating tips and RoboHelp

  @petergrainge

• Problem with Active Directory and the NAC

  Hello.

  Please I need help.

  I have my server with the "Active Directory SSO" began, but when a user tries to connect to the network with its credentials in Active Directory, the PC agent say that 'Invalid username and password.

  My server is tuned by the 8910 port.

  I conectivity with CBS and active directory.

  kpass command runs successfully.

  Thks.

  Jorge,

  If the service is running, then you must put emphasis on the communication client/AD and see where the break occurs.

  Can you ensure that the unauthenticated role, you have all the required TCP/UDP ports open, and ICMP and IP FRAGMENTS to all your domain controllers?

  HTH,

  Faisal

  --

  If you find this article useful, please note so that others can easily find the answer

• ACS authentication with Active Directory based on ad groups

  Hello

  I'm trying to integrate Cisco ACS 5.4.0.46 with AD and I connected successfully GBA to AD and I used as a successful AD authentication for network devices but my problem now is that anyone with an AD account can connect to network devices that compromises security. I created a group in AD that I would use and I added the group under users and identity stores > external identity stores > Active Directory > groups directory. I also chose source of identity for Default Device Admin as AD1 and under the authorization, an authorization policy that uses a compound condition that uses AD1 and the custom group. However after you have set all that I am still able to connect to the switch with a user not in the custom group. Based on what I have explained to you can someone tell me if Miss me a step?

  Thank you

  Derek Velez

  Thanks for the update and the fence wire. Set default default rules to deny access when user legimitate if does not match a rule set by the administration of the CSA he should get denied access. In your case, it has been updated a permit so that both type of users access (members and non-members of ad groups).

  The best way to resolve these issues is to look at the monitoring and troubleshooting > attempt user > magnifying glass. You will see how this user has been allowed access.

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• Passwords enable ISE device Administration (ACS) integrating with Active Directory

  I'm working on a standalone application ISE and running into a problem where the password to enable for a device is not shoot properly.  I have the original connection related AD and I policy conditions/results/sets all as they should be working.  My test run is a 2960 S.  I tried to set up ' group aaa authentication enable default Activate ', but the only way I could do a login enabled with which was if the user has configured locally in ISE identity management > identity > users.  Is there something that I missed that tie will enable passwords for a group active directory as I work for the initial logon?

  I see just a mistake with your failure to enable aaa authentication enable. You must specify the Group of Ganymede.

  Right now, I don't have access to my lab with ISE.

  Here's my config for switches used with ACS.

  AAA authentication login GANYMEDE-SRV Group Ganymede + local
  local authentication AAA Console connection
  Group AAA dot1x default authentication RADIUS
  AAA authorization exec GANYMEDE-SRV Group Ganymede + local
  AAA authorization commands 15 GANYMEDE-SRV Group Ganymede + local
  Group AAA authorization network default RADIUS
  AAA accounting exec GANYMEDE-SRV arrhythmic group Ganymede +.
  orders accounting AAA 15 GANYMEDE-SRV arrhythmic group Ganymede +.

  If you give me all out maybe we can understand why your GANYMEDE ISE works do not with the AD. I see no reason except a misconfiguration or another issue.

  Just to go to the mode, you need more aaa authentication command activate by default enable. This activation mode is pushed to the user if he gets the privilege 15. Your problem should be on the profile or politics. With the approval journal, we can see whether or not ISE pushes politics and why?

• Client pix VPN how to authenticate with Active Directory

  Hi all, I've just set up my first Client VPN on a Cisco PIX. Everything works very well so that hitting the correct subnet and logon. However, I would like to see how I can get my connection of remote users with there active directory accounts. Right now I use the local connection for the pix for testing purposes. Sounds easy, but I'm missing something

  We use:

  Cisco Pix 515E version 6.3 (3)

  Thank you

  Dan

  Unfortunately the PIX 6.3.3 version does not support Active Directory authentication. V6.3.3 PIX only supports authentication to the server database, radius, and Ganymede local PIX.

  If you want to authenticate to active directory, it is support for PIX v7.x go.

  Here are the different types of authentication support for PIX v7.x leave for your reference:

  http://www.Cisco.com/en/us/docs/security/ASA/asa70/configuration/guide/AAA.html

  Hope that answers your question.

• Advanced Security with Active directory

  Hello guys,.

  should I ASO the license if I use an external authentication and the clients are connecting with the credentials of MS Active directory? Thank you!

  Gytis

  Guys,

  Here you go: "network encryption (network encryption native and SSL/TLS) and strong authentication (Kerberos, PKI and RADIUS) services are no longer part of the Oracle Advanced security features and are available in all editions under license of all the supported versions of the Oracle database."

  http://docs.Oracle.com/database/121/DBLIC/options.htm#DBLIC143

  Looks like that ASO is no longer necessary.

  PS. though even the documentation is for Oracle 12 c local support confirmed that this also applies to earlier versions.

  Gytis

• Users of Active Directory cannot connect to vCenter 5 device via vSphere Client

  I'm unable to use credentials to access AD unit vCenter 5 via the vSphere client. I get an error message that I can log in because of 'incorrect user or password name' I am able to connect with this AD username and password for my vCenter 4.1, and environment to my RDP hosts by using the credentials of the AD, if AD works very well. And the password that I entered is correct.

  I could connect with AD credentials two weeks ago. Two weeks ago I stopped being able to connect with the credentials of the AD. I dropped back to the use of the local access through the vSphere client root user login. It seems that two weeks ago, my Oracle user passwords has expired. I fixed that by connecting to the EM console and responding to the command prompt to change the passwords. I've "changed" them to return the same password. Then, I subsequently put the limit password_life_time unlimited in the default profile. I tested since the vCSA admin interface the database settings. The settings saved and restarted the service VPXD.

  I have a 5.0.0 - 455964 vCenter device connected to an Oracle database. I activated the AD authentication in vCenter web admin GUI. I restarted vCenter Server Appliance after you have enabled this feature. I have validated that the time on the device of vCenter and the Active Directory zone are less than one second on the other. DNS forward and reverse unit number of AD and self-esteem are good. DNS is hosted on the AD controller, so I have connectivity between vCenter and AD. I run the query domainjoin-cli command and output is correct. I checked from the vSphere that my AD user customer and the ad group each received the Administrator role for the vCenter in the permissions screen object.

  Any ideas where to look next?

  Paul

  Hello

  (1) log the vCenter Server Appliance as root.

  2) reset the number of connection attempts that have failed for the domain user assigned with the command:

  / sbin/pam_tally - reset user user@domain--

  (3) to determine the status of each user, run the following script:

  to CONNECT to ' / opt/same/bin/lw-enum-users | grep name | AWK {' print $2' '}'
  do
  DOMAIN = $(écho $LOGIN | cut-d ' \'-f1)
  USER = $(écho $LOGIN | cut-d ' \'-f2)
  / sbin/pam_tally - user $USER@$DOMAIN
  fact

• ESX - integration with Active Directory: Kerberos?

  Hi all

  We set up the integration of ads for SSH on ESX 3.5 U3 accounts.

  esxcfg-auth - enablead works very well:

  esxcfg-auth - enablead - addomain = our.domain.com - addc = our.domain.com

  For some reason, there was already an additional line in the configuration script: esxcfg-auth - enablekrb5

  esxcfg-auth--enablekrb5--krb5realm=our.domain.com--krb5kdc=our.domain.com--krb5adminserver=our.domain.com

  Things go awry as soon as the last command entered.

  When you add a local account with this powershell command, we get this error:

  New-VMHostAccount: 12/05/2009-10:17:11 new-VMHostAccount 52976ebb - 2 d 24

  -f493-9aa3-bca7894ef581 a general error has occurred: passwd: Authenticate

  mishandling symbolic ion

  The local account is created, but the equivalent of Active Directory gets locked out, after several of these events:

  Failed prior authentication

  User name: USER-TEST

  ID: DOMAIN\TEST-USER

  Service name: kadmin/changepw

  Pre-authentication type: 0x0

  Error code: 0 x 19

  Customer's address: 10.10.120.16

  Now, I have two questions for you:

  1 - does anyone how to solve the problem of blocking

  2 East - -enablekrb5 necessary? What gives me extra in addition to enablead-

  Thanks for your help!

  Kind regards

  Harold

  enablekrb5 is not necessary.  The enablead will set up your kerberos configuration to talk to ad.  the krb5 option is used when you use a KDC that does not have active directory.  In addition, when you create an account on the side ESX, it's pretty much an account without password.  At least no password in UNIX file perspective shadow.  Authentication works by checking the files local to the user name (since the announcement does not serve for the Pb of the user, only authentication), then check the password in the local files, which do not have a password, so failure, and continuing to the announcement through kerberos, for a successful verification.  If you try to create an account with a password on the ESX system, then this is the problem.  You don't need to put it, in fact, it must be without password, so without posting, the user can connect to the system via ssh not effectively or console.

  -KjB

  VMware vExpert

• Is it possible to implement an entitled server that authenticates with active directory?

  We are holders of business accounts, and we are trying to establish the right for our customers. Does anyone know if there is a way to put up an entitled server that authenticates with ActiveDirectory?

  Portico of MEI supports authentication to Active Directory through LDAP or SAML interface.  Feel free to reach out if you want to learn more.

  Brett

  bkizner (at) maned.com