Difficulty accessing Active Directory to work

Hello world

I need a little help (and not a little, but...) regarding the implementation of Active Directory to authenticate with Microsoft's Login button to the server of the University Complutense of MADRID. I tried for days to try to work, but not having not much of luck to all.

Here are some basic configuration details, I have right now:

OS: Windows Server 2003 as a domain controller Standard
IIS: 6.0

UCM server information:
Server name: abc
Version: 10.1.3.5.0 (090630) (version: 7.2.3.26) Server Configurations
--------------------------------------------------------------------------------
Product version 10.1.3.5.0 (090630)
Product build 7.2.3.26
7.1.4.1 Native version
Platform win32
Instance name abc
Server Menu Label abc
Content Description abc Server
Server Port 4444
UTF8 encoding file
Page Charset UTF-8
Host name of the server filter any host this address allows you to filter IP
Filter Server IP 127.0.0.1
2012 server process ID
/ ABC / root Web http
Classpath
--------------------------------------------------------------------------------
Install directory: c: / ucm/abc /.
Details of the directory
--------------------------------------------------------------------------------
Name of the key value
Install the directory c:/ucm/abc /.
Shared Library and Resources Directory c:/ucm/abc/shared /.
State of the data server directory c:/ucm/abc/data /.
Weblayout directory c:/ucm/abc/weblayout /

--------------------------------------------------------------------------------


Type of database: Oracle
Database Version: 11.1.0.0.0 - Oracle Database 11 g Release - Production
Database connection details
--------------------------------------------------------------------------------
Name of the key value
Type of database
Oracle

Version of database
11.1.0.0.0 - oracle Database 11 g Release - Production

--------------------------------------------------------------------------------
The HTTP server address: testserver.abc.test
Mail server: mail
Configurations of the Internet
--------------------------------------------------------------------------------
Name of the key value
Courier mail server
sysadmin (deleted) Email
Iis Web server
The HTTP server address: testserver.abc.test
/ ABC / root Web http
Use Secure Sockets Layer: FALSE

--------------------------------------------------------------------------------


Search for Engine::DATABASE. FULL-TEXT
DATABASE: index engine name. FULL-TEXT
Index: IdcColl2 active


The domain Information (not the real estate but close I can do to reveal details):
Domain: abc.test

Example of my tree of the AD I created the OU and the groups and users:

ABC.test
-ORACLE
-AAU
-ROLES
-Contributor
-Comments
-Developer

I looked through the documentation for the managing_security_10en.pdf document, and I can't seem to figure out the settings to go to the fields as everything does not authenticate at all. I tried to create an LDAP provider and it worked perfectly, but who was using the normal connect button not the button Login from Microsoft.

Currently, I've disabled the LDAPProvider and tried to configure the ADSI section under administration of the filter:

Here are the details, as I entered:

Authorization method: UseTokenGroups
Filtering user group: true
Role prefix: OU = ROLES, OU = UCM, OU = ORACLE [1]
Full employment group names: false
LDAP attribute:
CN:dFullName
mail: dEmail
Use short names: false
Master default domain: abc
Username: abc.test\Administrator
Password: *.


* According to the managing_security_10en.pdf document, I seem to be missing the prefix account box. Does this mean that I have to do an update to the server of the University Complutense of MADRID to get this box?

With all these details entered in the Active Directory Configuration page, and I have already turned on full detailed tracing and userstorage for the active Sections for the server logs. When I try to connect using the Microsoft Login button there are recorded against another server log using the normal login button.



My apologies for the long reading from the top but I'd appreciate any help that I can and I thank you in advance for any help. A little desperate for any help at all.

Integration of advertising works so don't panic!

A few things

(1) don't worry the account prefix area - this will show only upward if you use security optional accounts and you have UseAccounts = true in your config.cfg
(2) did you change in Internet Information services to support Active Directory? (IIRC you must configure it to use IWA)
(3) have you restarted the IIS server
(4) don't worry too much about the role/group mapping until you can get the authentication works! When the Login MS butoon works then got to the 'My profile' page and you can see if all the attributes have been mapped to AD

Tim

Tags: Fusion Middleware

Similar Questions

  • Access Active Directory Domain Services on a VM Machine on the local computer (laptop)


    Dear all,

    Below, I use the version of VMware workstation on my laptop. I created VM 1, Machines with windows 2012 Datacenter Edition. the machine configured as AD and Domain Services. How can I access the IP address of domain which is 192.192.0.1 of my local machine (laptop)

    Product: VMware® Workstation

    Version: 10.0.2 build-1744117

    Machine 1: settings


    VM1.jpg

    Machine 1: Network connection settings

    VM2.jpg

    VM3.jpg

    The address Ip of each network card are


    C:\users\administrator > ipconfig/all

    Windows IP configuration

    Name of the host...: airliner
    Suffix main Dns...: dbprox.local
    Node... type: hybrid
    Active... IP routing: Yes
    Active... proxy WINS: No.
    ... DNS suffix search list: dbprox.local
    localdomain

    Ethernet Ethernet1 adapter:

    The connection-specific DNS suffix. :
    ... Description: Intel(r) PRO/1000 MT Network Connection #.
    2
    Physical address.... : 00-0C-29-2B-2F-BD
    DHCP active...: No.
    Autoconfiguration enabled...: Yes
    IPv4 address...: 192.192.0.1 (Preferred)
    ... Subnet mask: 255.255.255.0.
    ... Default gateway. : 192.192.0.100
    DNS servers...: 192.192.1.1.
    192.161.161.2
    NetBIOS over TCP/IP...: enabled

    Ethernet Ethernet0 adapter:

    The connection-specific DNS suffix. : localdomain
    ... Description: Intel(r) PRO/1000 MT Network Connection
    Physical address.... : 00-0C-29-2B-2F-B3
    DHCP active...: Yes
    Autoconfiguration enabled...: Yes
    IPv4 address...: 192.168.161.136 (Preferred)
    ... Subnet mask: 255.255.255.0.
    Lease obtained...: Saturday, July 5, 2014 12:41:46
    End of the lease...: Saturday, July 5, 2014 13:41:46
    ... Default gateway. : 192.186.0.1.
    192.168.161.2
    DHCP server...: 192.168.161.254
    DNS servers...: 192.168.161.2.
    Primary WINS server...: 192.168.161.2
    NetBIOS over TCP/IP...: enabled

    Card adapt 6TO4 tunnel:

    The connection-specific DNS suffix. :
    ... Description: Microsoft 6to4 card
    Physical address.... : 00-00-00-00-00-00-00-E0
    DHCP active...: No.
    Autoconfiguration enabled...: Yes
    IPv6 address: 2002:c0c0:1:c0c0:1 (Preferred)
    ... Default gateway. :
    DNS servers...: 192.192.1.1.
    192.161.161.2
    NetBIOS over TCP/IP...: disabled

    Tunnel adapter ISATAP.localdomain:

    State of the media...: Media disconnected
    The connection-specific DNS suffix. : localdomain
    ... Description: Adapter Microsoft ISATAP #2
    Physical address.... : 00-00-00-00-00-00-00-E0
    DHCP active...: No.
    Autoconfiguration enabled...: Yes

    Tunnel adapter isatap. {04A33498-31FA-4E61-8910-B5F2CE50F1A1}:

    State of the media...: Media disconnected
    The connection-specific DNS suffix. :
    ... Description: Adapter Microsoft ISATAP #3
    Physical address.... : 00-00-00-00-00-00-00-E0
    DHCP active...: No.
    Autoconfiguration enabled...: Yes

    C:\users\administrator >

    Concerning

    Sufian

    Hello
    I am writing from mobile muy wait you so the typos and strangeness...
    That's what I see:
    -your host/laptop is connected via WiFi to your router. WiFi is usually a little more difficult to make it work, but it does not now matter now
    -your "external" network (computer laptop/probably the router to wide band) are on the 192.168.0.X network
    -your AD windows virtual machine is configured with two network adapters and the two using NAT, as the screenshot you provided.
    -to the command ipconfig for the virtual machine, it shows that a single configured both network adapter, there probably a fixed IP address and this IP address is out of all the existing networks that you got
    * VM IP: 192.192.0.1/24
    * Real external Network:192.168.0.X/24
    * Host-only workstation: 192.168.72.X/24
    * NAT workstation: 192.168.161.X/24

    With that IP to the VM must be impossible any form of communication with your host, with the exception of the RDP rule you put (and it is also conceptually wrong of course it works)

    If you really want to put your VM with a fixed IP address in the NAT network, you must configure the virtual computer with an IP address of 192.168.161.3 - 192.168.161.127 (le.1 et.2 are used by the host/VMware workstation, and le.128 to la.254 are used by the dhcp range)

    Kind regards
    Luis

  • Active Directory user profile question

    I have a weird problem.  I use two server Remote Office Server R2 2012 with roaming profiles.  If I create a new user profile in active directory all works fine.  I had a situation where I had to remove a user profile for cause of termination.  He was rehired after 3 days.  I created a new profile with the same username as before.  Now, when the user connects, they are logged in a temporary profile.  There is no .bak profile lists on with rds server.  Event files give a 1521 event ID Windows cannot locate the server copy of your roaming profile and is trying to connect you with your local profile. Changes to the profile will not be copied to the server when you log off. This error can be caused by network problems or insufficient security rights.

    DETAIL - access is denied.

    and 1511 Windows cannot find the local profile and connects you with a temporary profile. Changes to this profile will be lost when you log out.

    I thank in advance for your suggestions.

    Hello

    Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.

    http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

    See you soon.

  • Active Directory + ACS Remote Agent

    I have a camera ACS (3.2). I understand that I need to use a remote ACS agent installed preferably on a domain controller, Windows authentication. My question is: if I use Active Directory, can I not use external user databases and configure generic LDAP with the appropriate settings to access Active Directory? So I wouldn't need a remote agent? Or I have to use external user databases and configure the databases Windows (which means using an external remote agent? Or I can choose two methods? His confusion as active Direcory cann support for pre-2000 windows domains and I do not know which method of mapping of external user database to use.

    My apologies, missed the word "apparatus" in your original post.

    You can probably do this use anyway, I guess, even though we suggest using a Remote Agent with the Windows DB. If you are not going in this direction, make sure your security permissions (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#642394)

    I've had users use the LDAP with Windows Ad database before and it works very well, the only difference (IIRC) is you don't get all the group maps of Windows with this method, but for the authentication of the user only, it should work fine.

  • MS-Windows Active Directory

    Version of forms: Forms [32 bit] Version 10.1.2.3.0 (Production)

    Is there a way to access Active Directory of MS Windows in my version of forms?


    Thank you

    Added the: my goal is to save a database table referenced on the Directory user active directory.

    Published by: DM 6 Sep, 2010 15:08

    Active Directory users are stored in a LDAP directory. a simple way would be to use the dbms_ldap package:

    http://download.Oracle.com/docs/CD/B10501_01/AppDev.920/a96612/d_ldap2.htm#1019412

    for example:
    http://www.Oracle-base.com/articles/9i/LDAPFromPLSQL9i.php

    see you soon

  • Firepower does not work when using the Active Directory group as a rule filter access control

    I am PoV of Cisco ASA with the power of fire with my client. I would like to integrate the power of fire to MS Active Directory. Everything seems to work properly.

    -Fire power user agent installation to complete successfully. Connection to AD work fine. The newspaper is GREEN.

    -J' created a Kingdom in FireSight and you can download users and groups from Active Directory.

    -J' created a politics of identity with passive authentication (using the field I created)

    -Can I use the AD account "user" as a filter in access control rule and it work very well.

    However, if I create the rule of access control with AD Group', the rule never get match. I'm sure that the user that I test is a member of the group. Connection event show the system to ignore this rule and the traffic is blocked by the default action below. It doesn't look like the firepower doesn't know that the user belongs to the group.

    I use

    -User agent firepower for Active Directory v2.3 build 10.

    -ASA 5515 software Version 9.5 (2)

    -Fire version 6.0.0 - 1005 power module

    -Firepower for VMWare Management Center

    Any suggestion would be appreciated. Thanks in advance.

    Hello

    You should check the download user under domain option. Download the users once belonging to a group is specified on the ad and then test the connection.

    Thank you

    Yogesh

  • printer would not work reading 'active directory domain services currently unavailable'.

    Printer worked.  Tonight, laptop bed "domain services active directory currently not available".

    How is - a workaround? Thank you

    I suggest you to uninstall and reinstall the latest compatible drivers for Windows 7.

    You can also run the troubleshooting of the printer.

    Open the printer Troubleshooter

    Open the printer Troubleshooter by clicking the Start button, then Control Panel. In the search box, type troubleshooting, and then click Troubleshooting. Under hardware and sound, click on use printer.

    For more information, visit the below mentioned link:

    http://Windows.Microsoft.com/en-us/Windows7/open-the-printer-Troubleshooter

    Printer problems:

    http://blogs.technet.com/b/markrussinovich/archive/2010/04/12/3324570.aspx

    Run the printer difficulty of:

    http://support.Microsoft.com/GP/printing_problems?EntryPoint=WHHT

    You can see the below mentioned links.

    http://Windows.Microsoft.com/en-us/Windows7/install-a-printer

    http://Windows.Microsoft.com/en-us/Windows7/find-and-install-printer-drivers

    http://Windows.Microsoft.com/en-us/Windows7/change-your-default-printer

    http://Windows.Microsoft.com/en-us/Windows7/printing-to-the-correct-printer

  • Cannot access creative cloud bookstores after switching to Microsoft Active Directory

    Recently IT Department flies over the entire company to Microsoft Active Directory computers. After the computers in the design team were made too, we could no longer access the library of creative cloud or download anything creative market.

    The Panel for the library displays a cloud with a x and this message: ' something went wrong initialization of the cloud creative libraries ' with a link to "More information" leading to this error page - Adobe - error page

    Very annoying. I really need access to libraries for my work.

    If anyone else has experienced this problem and has a solution for this? Is this a known issue? I searched and have not been able to find something that helped.

    Using windows 7

    Please check the steps mentioned in: need help with this message: 'something went wrong initialization library of creative cloud'

  • ESX4.1 SSH user access to Active Directory.

    I have one of my servers for improved test of 4.0 update 2 for ESX 4.1. I'm trying to understand how to configure SSH access to my Active Directory account. I joined the host to active directory and granted my acount AD permissions on the host computer. If I try and ssh to the host with my AD account I get access denied. I can connect via the Client vSphere with my AD account successfully. SSH works with a local account on the server ESX4.1. I tried both with just my username to the SSH connection as well as domain\username. User domain\username using is actually suspended the host and I need to do a hard reset to get it back.

    Someone does it that it works?

    4.0 Update 2, I used esxcfg-auth - enablead and then created a user without password on the host computer. This command no longer exists on 4.1 however.

    I would like to do an update here for those interested.  I found it frustrating that the access AD kerberos from vSphere 4.0 to 4.1, ssh disabled unless you have used the "Authentication AD" via the VI Client configuration.  I ran into the same issue with JEPP 0 errors and the server actually restart itself trying to ssh using my AD account.  The problem is that if you are part of > 30 security groups (in my case it was only 23), the server lock herself up and sometimes even restart.  I validated with another AD account that was only member groups of 3 seconds and he was able to connect without locking ESX or causing a reboot.

    In addition, in my laboratory, where I run VCenter 4.1 and both nodes are now 4.1, I use authentication 'AD' and it works very well with only a part of a limited number of groups SEC users in AD.

    VMWare said that this issue was refitted to engineering.

    FYI, this affects the ESX and ESXi.

  • After you have configured remote access on Server 2003, I am unable to find the 'users Active Directory & computers'.

    am setting up remote access on the MS 2003 Server following the white paper, but can not find the 'users Active Directory & computers' to set the ip this part has been renamed or hidden somewhere?

    original title: MS Server 2003

    Post in the Windows Server Forums:
    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer/

  • To access network shared files on active directory on one subnet to the other

    Hello, please, I have this problem with my network; I have a windows 2008 standard edition as my domain controller, I have a router cisco with two Lan port, a port has this subnet:172.29.24.0/24 and the other has this subnet 172.29.25.0/25.Both subnet see each other, I can ping any computer from subnet to subnet 172.29.25.0/24 172.29.24.0/24 and the 172.29.25.0/24 to 172.29.24.0/24 without get a query at the time that is, I would answer. I created an account in active directory and given the privileged administrative account. I then joined the computer to the domain, and he succeeded. I went futher to access my server application on the 172.29.24.0/24 subnet, and it succeeded. later I tried to access my application server subnet of 172.29.24.0/24 and it show the network path was not found. I used another computer to access the server application on the 172.29.24.0/subnet in the 172.29.25.0/network and I stil get the same answer. network not found path. I had access more quickly the application server on this system. Now what will I do to have access to all of the network files shared on both subnets.

    Thank you

    Samuel Bemi (Microsoft Certified Systems Engineer)

    Hi Samuel Bemi,.
     

    Your question of Windows is more complex than what is generally answered in the Microsoft Answers forums, since it relates to the sharing of files on the server. Appropriate in instances of Windows Server.

    Please post your question in the Forums of Windows Server.

  • Is there a way to give a user access to the users and computers active directory, without being an administrator

    I want to be able to allow user group to be able to reset passwords and create accounts in an organizational unit.  I delegate control of the organizational unit for the group, but if I connect to the domain controller and try opening users and computers active directory, we wonder an administrator password.  I have a mix of two domain controllers Server 2003 and a Server 2008 DC.  Is there a way to give a group access to the users and computers active directory without being administrator?

    For assistance, please ask for help in the appropriate Microsoft TechNet Windows Server Forum.

    Thank you.

  • Get the access denied error after using the rights delegation wizard in Active Directory

    I used the rights delegation wizard to grant permissions to a group in AD and do not always receive either the access message when I try to change anything on an existing object, I can however create new objects without any problem. What can I do to fix this?

    Original title: Delegation issue in AD

    Hello mhipke,

    Your Windows XP question is more complex than what is generally answered in the Microsoft Answers forums, as it deals with Active Directory. It is better suited for the IT Pro TechNet public. Please ask your question in the ITPRO Technet Windows Server Directory Services.

    I have provided the link for you:
    http://social.technet.Microsoft.com/forums/en-us/winserverDS/threads

    Sincerely,

    Marilyn

  • ISE Admin 1.2 access via Active Directory

    Hi Experts,

    Nice day!

    I want to configure my 1.2 ISE to authenticate (for admin) to active directory. I know it's possible, but our ad is not all groups named for admins.

    Is it possible for the ISE 1.2 to configure a local user ID and compare it to the pub for the password of the user ID?

    Thanks for your great help.

    Niks

    Niks,

    I just did this.  First you must have the external configuration of Active Directory as a data source.  Once you do this, click on Administration - Admin Access.

    For the Type of authentication to ensure password database is switched and edit your data source Active Directory (or whatever you named it).

    Then click Administrators - Admin users.  Click Add a user - create an Admin user.  Make sure you check the external box and you will notice that the password field is leaving.  Fill in the appropriate information and then assign them to a group of Directors.

    Once you are done with that you can test the user in you on your ISE session.  You will notice that when you try to log back in you will have the choice of the sources of data used to authenticate the user.  Change the selection in the Active Directory and enter the AD username/password of the newly created account, you should be good to go.

    Make sure that you don't delete or deactivate your original admin account in this process.  (Change the password if you want.)

  • 6.0 ESXi host Active Directory Group authentication works in the hull but no client

    Got a weird here.

    Add 6.0 host vSphere to Active Directory.

    Added a group of pub with the Administrator role.

    I can authenticate with an AD user account that is a member of this group of ads, using SSH or Shell access.

    I cannot authenticate with an account AD who is a member of this group of ads using the Web UI or Client vSphere linking directly to the host.

    If I add the domain user directly with the role of administrator on the host computer permissions, the Web GUI and vSphere Client will be authenticate using the user of the AD.

    What it looks like access using SSH/Shell, vSphere host can burst of belonging to a group and to authenticate, but using the GUI Web or vSphere Client he can't.  There are not a lot of sense to me.

    The hostd.log file has nothing in it which is very informative, just a line saying "status: success accepted password for the user", followed by the event 131: could not connect the user without permission.

    Hello

    If you are in 6.0 Update 2? Then, this article could describe your problem:

    https://KB.VMware.com/kb/2145400

    Please try the fix and let us know if it helps.

    -Andreas

Maybe you are looking for

  • FN key no longer works on my Tecra M5

    Hello 2 keys on my keyboard have stopped working: the Fn key and the key Windows (left).It seems to be a hardware problem, as I have tried several utilities keyboard test.They were working fine and at first, then after a while they worked sporadicall

  • Windows 7 + WoW sound problems

    Hello, I have recently acquired a new computer with Windows 7 64 bit home edition. It's an HP with Quad AMD Athlon 2 @2. 8 ghz, 6 GB ram, nvidia 9200 graphics and Realtek HD Audio 5.1 configuration. I have 2 Wow installed, version NA on C: and versio

  • What is the difference between J2ME, blackberry and android

    Hi all... I am new to mobile development and I am working in J2ME and Blackberry development. In fact I was wondering wat is the difference between Nokia, Blackberry and Android development. And I want to clarify that Nokia, BB and Android statement

  • After manually copy logs in mode standby, newspapers are always shipped through RFS

    HelloI managed the side waiting for an instance Data Guard. This database is no RAC (standalone) without ASM and running Oracle on Oracle Linux 5 11.2.0.3. On the primary side is up and is maintained by another company, so I did not have access to it

  • 2014 CC versions available?

    2014 apps are always available? My macbook is from 2007 and will not work with version 2015.