Similar Questions

• Can OBIEE on UNIX OS - we use LDAP using Microsoft Active Directory for UNIX OS?

  We are looking at options to run OBIEE 11 g on a UNIX server.

  Can we use authentication using Microsoft Active Directory LDAP for authentication OBIEE?

  Short answer: Yes.

  Longer answer: Yes you can. Operating system has no influence on that. All you need is the ability to connect to LDAP, and it's pure networking.

• Is it possible to map a promoter group in Cisco ISE to a group of users in Active Directory, using a RADIUS server?

  Hello!!

  We are working on a mapping between a promoter Cisco ISE group and a user group in Active Directory, but the customer wants the mapping through a RADIUS SERVER, to avoid the ISE by querying directly activate Directory.

  I know it is possible to use a RADIUS SERVER as source of external identity for ISE... but, is possible to use this RADIUS SERVER for this sponsor group manages?

  Thank you and best regards!

  Hi Rodrigo,

  The answer is no. There is no way to integrate the portal Sponsor config with a RADIUS server. Your DB for authentication Portal Sponsor options;

  AD
  LDAP
  User internal ISE DB

  Sent by Cisco Support technique iPhone App

• authentication Microsoft Active Directory iDRAC 7

  Hello

  I installed Microsoft Active Directory on iDRAC 7 with some very basic options (no certificate, no Single Sign-On, not Kerberos Keytab, the Standard schema). Everything works fine.

  The problem is that we have 2 forests with full trust configured between them and iDRAC is not able to authenticate the users of both of them.

  Basically, we have the single domain on 1 security group and pair the users of these two forests (1 and foret2). If I add domain (DC) IPs for two areas-forest controllers, authentication fails on the first domain controller, if the user is a different domain (check does not reach the second DC IP to verify the user). The error I get:

  ERROR: failed to bind: Invalid credentials, 80090308: LdapErr: IDDM-0C0903A9, comment: AcceptSecurityContext error, 52nd data, v1db0: [email protected] host = 192.168.0.1.

  [email protected] - 1 user
  192.168.0.1 - foret2 DC IP

  Does IDARC support AD authentication for users of forest separated couple?

  Thank you

  iDRAC do not support authentication Active Directory for the domain of the unique forest.

• Integration of EBS 11i with Microsoft Active Directory

  Hi all
  
  Please suggest how can I integrate EBS 11i with Microsoft Active Directory (LDAP), since we have regiterd SSO.
  
  Thank you.

  Please see these documents.

  Integration of Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On [261914.1 ID]
  Installation of Oracle Application Server 10 g with Oracle E-Business Suite Release 11i [ID 233436.1]
  Oracle Application Server with Oracle E-Business Suite Release 11i FAQ [ID 186981.1]
  Oracle Application Server 10g with Oracle E-Business Suite Release 11i troubleshooting [ID 295606.1]

  Thank you
  Hussein

• Using Oracle with Microsoft Active Directory database

  Hello
  Because of too many nodes, we have in our company communicate each other (using the old files tnsnames.ora), we are now in the time to find a central location to store our net service names.
  I know that we can use for this OID to store the names of Service Net, but my question is it possible to use Microsoft AD, because our infrastructure using Microsoft AD as a central point.
  I have read the documentation oracle Oracle® Database Platform Guide (Chapter 12 Using Oracle Database with Microsoft Active Directory), but the problem is what happens if my database is not on the Windows operating system (such as Unix/Linux, we have number of it).
  I also read the document Oracle® Database Net Services Administrator's Guide (Chapter 3 Configuration Management Concepts) where you will find statement on the end of the chapter:
  Oracle supports Microsoft Active Directory only on Windows operating systems. Therefore, the client computers and the database server must also run on the Windows operating systems to access or create entries in Microsoft Active Directory.
  
  From this text, it looks like that my only option in this different environment with multiple operating systems is the OID (I wish it isn't true).
  
  Thank you

  Dragan,

  Sorry for the late reply. Since once it has clearly mentioned in the white paper that IO is a must; If you want to use MS AD, because 'oracle white paper' means 'documentation' refined and very authenticated.

  Enter the information useful/correct and close the debate.

  Concerning
  Girish Sharma

• Content question Pack Microsoft Active Directory

  So I installed the pack content for Microsoft Active Directory, and it works well for what it was designed for.

  Would it not possible to add another article for the surveillance of the integrity of the file? It is a requirement for PCI compliance and would be a great addition to this content back dashboard!

  Thought I would ask here before you request a feature, to see if it could possibly be just added to the fly ;-)

  OK, the content of Windows pack has been updated to include the auditing of objects! Please take a look and reply back with any feedback. If this answers your question could you please mark it as answered? Thanks for the comments!

• Cannot access creative cloud bookstores after switching to Microsoft Active Directory

  Recently IT Department flies over the entire company to Microsoft Active Directory computers. After the computers in the design team were made too, we could no longer access the library of creative cloud or download anything creative market.

  The Panel for the library displays a cloud with a x and this message: ' something went wrong initialization of the cloud creative libraries ' with a link to "More information" leading to this error page - Adobe - error page

  Very annoying. I really need access to libraries for my work.

  If anyone else has experienced this problem and has a solution for this? Is this a known issue? I searched and have not been able to find something that helped.

  Using windows 7

  Please check the steps mentioned in: need help with this message: 'something went wrong initialization library of creative cloud'

• Oracle Forms and Microsoft Active Directory

  Application server = 10.1.2.2.0
  Database server = 10.2.0.3.0
  
  We have a connection to a database (for example abcd/abcd@abcd). The login is in the formsweb.cfg file.
  
  Users click a URL that opens the first form (10g), where they must enter their username and password. The "When-new-form-Instance" trigger will use the data entered to check the username and password is correct on a users Table. It will also recover the level of security for members of the staff.
  
  If authentication fails, a message in a form and they can not go further.
  
  If authentication is successful then the first form of the system is displayed. The level of security is used to decide what forms/States are available for this user and the data that is displayed. The user ID is used throughout the system to save the changes made by the user.
  
  We went to Microsoft Active Directory and I have a requirement to allow a user to simply click on a link and the application opens with the data and access. I also need the user ID in the application.
  
  Is it possible to either from the Microsoft Active Directory for the Oracle Forms user ID or is there a way to recover it from in Oracle Forms.
  
  Thanks in advance
  Michael

  I seem to remember that we did in an installation of web Forms6i a few years ago.

  We used the ONE LOGON trigger to invoke the DBMS_LDAP package to interact with the microsoft server active dir.

  There are several ways to do it now with SSO also.

  Tony

• CIsco Anyconnect VPN with LDAP AAA

  Hi there, I was hoping that someone can point me in the right direction here. I created a VPN connection profile to match anyconnect SSL entering customers. I would like to use LDAP group membership as a sine qua non for authentication. I found a few online pages on what to do about it, I followed. Unfortunately, it seems my connection profile to allow access to any user in the ldap, not only those of the ldap group database. I'll post the relevant bits of the config here in hopes that someone can point my mistake!

  The idea of the config is to have the map of connections 2 by default a noaccess policy which has 0 simultaneous connections and the profile card (SSL_VPN) connection ssl to anyconnect to group_policy_SSL_VPN group policy.

  local pool CONTOSOVICVPN_DHCP_POOL 10.0.5.51 - 10.0.5.254 255.255.255.0 IP mask

  NAT (inside_int, any) static source NetworkGroup_Internal_networks NetworkGroup_Internal_networks Network_VPNRANGE_10.0.5.0 Network_VPNRANGE_10.0.5.0 non-proxy-arp-search of route static destination

  LDAP attribute-map AuthUsers
  name of the memberOf Group Policy map
  map-value memberOf memberOf CN = NETWORK_CONTOSO_ASA_VPN_DLSG, OR = network, OU = resources, OU = CONTOSO, OU = security, OU = Groups, DC = CONTOSO, DC = group

  ynamic-access-policy-registration DfltAccessPolicy

  AAA-server CONTOSOVIC_LDAP protocol ldap
  AAA-server CONTOSOVIC_LDAP (inside_int) 10.0.0.45
  LDAP-base-dn DC = CONTOSO, DC = group
  LDAP-group-base-dn DC = CONTOSO, DC = group
  LDAP-scope subtree
  LDAP-naming-attribute sAMAccountName
  LDAP-login-password *.
  LDAP-connection-dn CN = ASA_LDAP_USER, OU = network, OU = accounts, DC = CONTOSO, DC = group
  microsoft server type

  No vpn-addr-assign aaa
  No dhcp vpn-addr-assign

  SSL-trust ASDM_TrustPoint4 outside_int point
  WebVPN
  Select outside_int
  AnyConnect essentials
  AnyConnect image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
  AnyConnect enable
  tunnel-group-list activate
  internal NoAccess group strategy
  Group Policy attributes NoAccess
  WINS server no
  VPN - concurrent connections 0
  Ikev1 VPN-tunnel-Protocol, l2tp ipsec ikev2 ssl-client
  value by default-field CONTOSO.group
  disable the split-tunnel-all dns
  attributes of Group Policy DfltGrpPolicy
  VPN - concurrent connections 0
  client ssl-VPN-tunnel-Protocol ikev1 l2tp ipsec
  internal GroupPolicy_SSL_VPN group strategy
  attributes of Group Policy GroupPolicy_SSL_VPN
  WINS server no
  value of server DNS 10.0.0.45
  VPN - connections 1
  Ikev1 VPN-tunnel-Protocol, l2tp ipsec ikev2 ssl-client
  value of group-lock SSL_VPN
  Split-tunnel-policy tunnelspecified
  value of Split-tunnel-network-list VPN_SPLIT_TUNNEL
  value by default-field CONTOSO.group
  activate dns split-tunnel-all
  the address value CONTOSOVICVPN_DHCP_POOL pools

  attributes global-tunnel-group DefaultRAGroup
  authorization-server-group CONTOSOVIC_LDAP
  NoAccess by default-group-policy
  authorization required
  tunnel-group DefaultRAGroup webvpn-attributes
  message of rejection-RADIUS-
  attributes global-tunnel-group DefaultWEBVPNGroup
  NoAccess by default-group-policy
  type tunnel-group SSL_VPN remote access
  attributes global-tunnel-group SSL_VPN
  address CONTOSOVICVPN_DHCP_POOL pool
  authentication-server-group CONTOSOVIC_LDAP
  authorization-server-group CONTOSOVIC_LDAP
  Group Policy - by default-GroupPolicy_SSL_VPN
  authorization required
  tunnel-group SSL_VPN webvpn-attributes
  message of rejection-RADIUS-
  Proxy-auth sdi
  enable CONTOSOvicvpn.CONTOSOgroup.com.au group-alias

  You must specify the NoAccess group policy as group policy by default for the Group of the SSL_VPN tunnel.

  Remember to rate helpful answers. :)

• Version of Cisco ACS 5.1.0.44.3 integrate with active directory server from Microsoft windows 2012?

  Version of Cisco ACS 5.1.0.44.3 integrate with active directory Microsoft windows 2012 R2 server?

  Unfortunately, it does not support R2 2012

  5.1 ACS supports all editions of:

  Windows Active Directory (AD) 2000

  Windows AD 2003

  Windows AD 2003 R2

  Windows AD 2008

  Source

  Windows AD 2012 R2 is supported after ACS 5.5 patch 1 and following.

  Source

  Please find below the steps to go from 5.1 to 5.5 hotfix 1:

  STEP	FILE	COMMAND
  Apply the 5.1 patch 6	5-1-0-44 - 6.tar.gpg	ACS patch install repository 5-1-0-44 - 6.tar.gpg ftp_repository_name
  Apply 5.3	ACS_5.3.0.40.tar.gz	application upgrade ACS_5.3.0.40.tar.gz ftp_repository_name
  Apply the patch 5.3 8	5-3-0-40 - 8.tar.gpg	ACS patch install repository 5-3-0-40 - 8.tar.gpg ftp_repository_name
  Apply the sharp Patch	Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg	ACS patch installs Pointed-PreUpgrade -CSCum04132- 5-3-0 - 40.tar.gpg repository ftp_repository_name
  Apply 5.5	ACS_5.5.0.46.tar.gz	application upgrade ACS_5.5.0.46.tar.gz ftp_repository_name
  Apply the patch 5.5 1	5-5-0-46 - 1.tar.gpg	ACS patch install repository 5-5-0-46 - 1.tar.gpg ftp_repository_name

  Best regards ~ jousset

• Microsoft Active Directory Web Services - 2008 R2 edition

  Hello

  I'm updating the information for the employee on Active Directory (which is on the 2008 R2 version). My research on ADWS, I realized that there are some available in the version 2008 R2 of ADWS web services that are accessible to the public. But I have not any clear documentation confirm us. We try to access any account management Web service via http or soap

  NET. TCP: / /: 9389, ActiveDirectoryWebServices, Windows, AccountManagement

  via a browser after you connect to the host via the VPN network. But it does not work. What I feel is that this service must be hosted on a Web like IIS server for it to be accessible to the public via the Internet.  Like this instead of net.tcp

  http://: 9389, ActiveDirectoryWebServices, Windows, AccountManagement

  But the client side, host of this service indicates that it is hosted on IIS. Could someone please guide me if something is missing here?

  Thanks a bunch!

  SN06

  Hi SN06.
   
   
   
  The question you have posted is related to Windows Server 2008 R2, this is why I suggest you to contact the TechNet forums for help.
  http://social.technet.Microsoft.com/forums/en/category/WindowsServer
   
   
   
  It may be useful

• APEX_LDAP. AUTHENTICATE - using Microsoft Active Directory

  Request Express 4.1.1.00.23
  Internet Explorer - 8
  Oracle Database 11 g Enterprise Edition Release 11.2.0.3.0 - 64 bit Production
  
  Hi very new at the Apex and try to get the authenticaqtion work against our active directory. I installed an authentication scheme for my application chossing the schema type in the LDAP directory... my settings are the following:
  
  Host: *.
  Port: 389
  Use SSL: No SSL
  Distinguished Name (DN) string: domain\%LDAP_USER%
  Just use the distinguished name (DN): Yes
  
  This works perfect, and authenticates the user in active directory. The problem is when I try to do the following in the database that I really want to implement a custom authentication scheme, it just doesn't work.
  
  Begin
  IF apex_ldap.authenticate)
  p_username = > "testusername",.
  p_password = > "testpassword";
  p_search_base = > 'domain\%LDAP_USER% ',.
  p_host = > ' *',
  p_port = > 389) THEN
  
  dbms_output.put_line ('True');
  
  On the other
  dbms_output.put_line ('False');
  End If;
  End;
  
  No matter what I do it always returns false. I created a function based on the same code and created a custom authentication scheme that calls the function but I still have a fake. Not sure why it works one way and not the other. Also really appreciate it if someone could help me get the code above to work or help correct.
  
  I looked through the forum and tried many different research base channels, but nothing seems to work.
  
  Concerning
  Ash

  Hey Ash,

  you could use the built-in LDAP authentication scheme and use authentication according to load the group information in some parts of the application. A scheme of application-level authorization can permit or deny access to the app, based on these values. In the post-auth feature, you should even have access to the elements of connection (P101_USERNAME, P101_PASSWORD) If you need.

  You can also base your authentication scheme directly custom DBMS_LDAP, if you want to avoid our API not supported.

  Kind regards
  Christian

• Cisco ASA 8.4 - LDAPS

  Hello

  I'm trying to configure an ASA to contact an AD environment that is only using secure LDAP (LDAPS). I have configured the authentication of the ASA with LDAP a lot of times, but never with LDAPS.

  Is this possible? Without doubt, there is a procedure to install a certificate in the same way as a GIS RSA in VPN.

  Kind regards

  Jake

  Hello

  Basically, you would want to do ldap over ssl.

  Please follow this configuration guide

  https://supportforums.Cisco.com/docs/doc-20366

  Please note useful...

  Nitesh

• Integration of AAA with RADIUS NPS Microsoft Active Directory

  Hi all...

  We are looking to centralize administrative authentication of our switches and routers using domain AD groups. The oldest switches being 3560 s. There are a lot of great guides online on how to do it using MS NPS, but they all seem to require NPS to the use of the PAP and SPAP for authentication methods between the RADIUS (switches) clients and NPS-clear text protocols. It is the only option to make this work? Of course, the main concern would be the high-level AD user passwords transmitted through the wire. Am I right in thinking that the AD passwords are indeed involved in the process and NOT only verification of the Shared Secret between the NPS RADIUS clients... and then membership in one group AD?  Also, what would be a safe alternative where AD passwords would not be sent in clear text. Any clarification would be great...

  Thank you... Dennis

  Hello Dennis.

  The password is not sent in clear text. Instead, it is encrypted by the n (in your case the switch) until this draft is forwarded to the Radius server. The 'shared secret' is used in the encryption process, that's why the secret is not sent over the network. In addition, this is why the shared secret should be complex. For more information, see the links below:

  http://www.Cisco.com/c/en/us/support/docs/security-VPN/Remote-Authentication-Dial-user-service-RADIUS/12433-32.html

  http://TechNet.Microsoft.com/en-us/library/cc771660%28V=WS.10%29.aspx

  I hope this helps!

  Thank you for evaluating useful messages!