Difficulty accessing Active Directory to work
Hello worldI need a little help (and not a little, but...) regarding the implementation of Active Directory to authenticate with Microsoft's Login button to the server of the University Complutense of MADRID. I tried for days to try to work, but not having not much of luck to all.
Here are some basic configuration details, I have right now:
OS: Windows Server 2003 as a domain controller Standard
IIS: 6.0
UCM server information:
Server name: abc
Version: 10.1.3.5.0 (090630) (version: 7.2.3.26) Server Configurations
--------------------------------------------------------------------------------
Product version 10.1.3.5.0 (090630)
Product build 7.2.3.26
7.1.4.1 Native version
Platform win32
Instance name abc
Server Menu Label abc
Content Description abc Server
Server Port 4444
UTF8 encoding file
Page Charset UTF-8
Host name of the server filter any host this address allows you to filter IP
Filter Server IP 127.0.0.1
2012 server process ID
/ ABC / root Web http
Classpath
--------------------------------------------------------------------------------
Install directory: c: / ucm/abc /.
Details of the directory
--------------------------------------------------------------------------------
Name of the key value
Install the directory c:/ucm/abc /.
Shared Library and Resources Directory c:/ucm/abc/shared /.
State of the data server directory c:/ucm/abc/data /.
Weblayout directory c:/ucm/abc/weblayout /
--------------------------------------------------------------------------------
Type of database: Oracle
Database Version: 11.1.0.0.0 - Oracle Database 11 g Release - Production
Database connection details
--------------------------------------------------------------------------------
Name of the key value
Type of database
Oracle
Version of database
11.1.0.0.0 - oracle Database 11 g Release - Production
--------------------------------------------------------------------------------
The HTTP server address: testserver.abc.test
Mail server: mail
Configurations of the Internet
--------------------------------------------------------------------------------
Name of the key value
Courier mail server
sysadmin (deleted) Email
Iis Web server
The HTTP server address: testserver.abc.test
/ ABC / root Web http
Use Secure Sockets Layer: FALSE
--------------------------------------------------------------------------------
Search for Engine::DATABASE. FULL-TEXT
DATABASE: index engine name. FULL-TEXT
Index: IdcColl2 active
The domain Information (not the real estate but close I can do to reveal details):
Domain: abc.test
Example of my tree of the AD I created the OU and the groups and users:
ABC.test
-ORACLE
-AAU
-ROLES
-Contributor
-Comments
-Developer
I looked through the documentation for the managing_security_10en.pdf document, and I can't seem to figure out the settings to go to the fields as everything does not authenticate at all. I tried to create an LDAP provider and it worked perfectly, but who was using the normal connect button not the button Login from Microsoft.
Currently, I've disabled the LDAPProvider and tried to configure the ADSI section under administration of the filter:
Here are the details, as I entered:
Authorization method: UseTokenGroups
Filtering user group: true
Role prefix: OU = ROLES, OU = UCM, OU = ORACLE [1]
Full employment group names: false
LDAP attribute:
CN:dFullName
mail: dEmail
Use short names: false
Master default domain: abc
Username: abc.test\Administrator
Password: *.
* According to the managing_security_10en.pdf document, I seem to be missing the prefix account box. Does this mean that I have to do an update to the server of the University Complutense of MADRID to get this box?
With all these details entered in the Active Directory Configuration page, and I have already turned on full detailed tracing and userstorage for the active Sections for the server logs. When I try to connect using the Microsoft Login button there are recorded against another server log using the normal login button.
My apologies for the long reading from the top but I'd appreciate any help that I can and I thank you in advance for any help. A little desperate for any help at all.
Integration of advertising works so don't panic!
A few things
(1) don't worry the account prefix area - this will show only upward if you use security optional accounts and you have UseAccounts = true in your config.cfg
(2) did you change in Internet Information services to support Active Directory? (IIRC you must configure it to use IWA)
(3) have you restarted the IIS server
(4) don't worry too much about the role/group mapping until you can get the authentication works! When the Login MS butoon works then got to the 'My profile' page and you can see if all the attributes have been mapped to AD
Tim
Tags: Fusion Middleware
Similar Questions
-
Access Active Directory Domain Services on a VM Machine on the local computer (laptop)
Dear all,Below, I use the version of VMware workstation on my laptop. I created VM 1, Machines with windows 2012 Datacenter Edition. the machine configured as AD and Domain Services. How can I access the IP address of domain which is 192.192.0.1 of my local machine (laptop)
Product: VMware® Workstation
Version: 10.0.2 build-1744117
Machine 1: settings
VM1.jpgMachine 1: Network connection settings
VM2.jpg
VM3.jpg
The address Ip of each network card are
C:\users\administrator > ipconfig/allWindows IP configuration
Name of the host...: airliner
Suffix main Dns...: dbprox.local
Node... type: hybrid
Active... IP routing: Yes
Active... proxy WINS: No.
... DNS suffix search list: dbprox.local
localdomainEthernet Ethernet1 adapter:
The connection-specific DNS suffix. :
... Description: Intel(r) PRO/1000 MT Network Connection #.
2
Physical address.... : 00-0C-29-2B-2F-BD
DHCP active...: No.
Autoconfiguration enabled...: Yes
IPv4 address...: 192.192.0.1 (Preferred)
... Subnet mask: 255.255.255.0.
... Default gateway. : 192.192.0.100
DNS servers...: 192.192.1.1.
192.161.161.2
NetBIOS over TCP/IP...: enabledEthernet Ethernet0 adapter:
The connection-specific DNS suffix. : localdomain
... Description: Intel(r) PRO/1000 MT Network Connection
Physical address.... : 00-0C-29-2B-2F-B3
DHCP active...: Yes
Autoconfiguration enabled...: Yes
IPv4 address...: 192.168.161.136 (Preferred)
... Subnet mask: 255.255.255.0.
Lease obtained...: Saturday, July 5, 2014 12:41:46
End of the lease...: Saturday, July 5, 2014 13:41:46
... Default gateway. : 192.186.0.1.
192.168.161.2
DHCP server...: 192.168.161.254
DNS servers...: 192.168.161.2.
Primary WINS server...: 192.168.161.2
NetBIOS over TCP/IP...: enabledCard adapt 6TO4 tunnel:
The connection-specific DNS suffix. :
... Description: Microsoft 6to4 card
Physical address.... : 00-00-00-00-00-00-00-E0
DHCP active...: No.
Autoconfiguration enabled...: Yes
IPv6 address: 2002:c0c0:1:c0c0:1 (Preferred)
... Default gateway. :
DNS servers...: 192.192.1.1.
192.161.161.2
NetBIOS over TCP/IP...: disabledTunnel adapter ISATAP.localdomain:
State of the media...: Media disconnected
The connection-specific DNS suffix. : localdomain
... Description: Adapter Microsoft ISATAP #2
Physical address.... : 00-00-00-00-00-00-00-E0
DHCP active...: No.
Autoconfiguration enabled...: YesTunnel adapter isatap. {04A33498-31FA-4E61-8910-B5F2CE50F1A1}:
State of the media...: Media disconnected
The connection-specific DNS suffix. :
... Description: Adapter Microsoft ISATAP #3
Physical address.... : 00-00-00-00-00-00-00-E0
DHCP active...: No.
Autoconfiguration enabled...: YesC:\users\administrator >
Concerning
Sufian
Hello
I am writing from mobile muy wait you so the typos and strangeness...
That's what I see:
-your host/laptop is connected via WiFi to your router. WiFi is usually a little more difficult to make it work, but it does not now matter now
-your "external" network (computer laptop/probably the router to wide band) are on the 192.168.0.X network
-your AD windows virtual machine is configured with two network adapters and the two using NAT, as the screenshot you provided.
-to the command ipconfig for the virtual machine, it shows that a single configured both network adapter, there probably a fixed IP address and this IP address is out of all the existing networks that you got
* VM IP: 192.192.0.1/24
* Real external Network:192.168.0.X/24
* Host-only workstation: 192.168.72.X/24
* NAT workstation: 192.168.161.X/24With that IP to the VM must be impossible any form of communication with your host, with the exception of the RDP rule you put (and it is also conceptually wrong of course it works)
If you really want to put your VM with a fixed IP address in the NAT network, you must configure the virtual computer with an IP address of 192.168.161.3 - 192.168.161.127 (le.1 et.2 are used by the host/VMware workstation, and le.128 to la.254 are used by the dhcp range)
Kind regards
Luis -
Active Directory user profile question
I have a weird problem. I use two server Remote Office Server R2 2012 with roaming profiles. If I create a new user profile in active directory all works fine. I had a situation where I had to remove a user profile for cause of termination. He was rehired after 3 days. I created a new profile with the same username as before. Now, when the user connects, they are logged in a temporary profile. There is no .bak profile lists on with rds server. Event files give a 1521 event ID Windows cannot locate the server copy of your roaming profile and is trying to connect you with your local profile. Changes to the profile will not be copied to the server when you log off. This error can be caused by network problems or insufficient security rights.
DETAIL - access is denied.
and 1511 Windows cannot find the local profile and connects you with a temporary profile. Changes to this profile will be lost when you log out.
I thank in advance for your suggestions.
Hello
Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.
http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer
See you soon.
-
Active Directory + ACS Remote Agent
I have a camera ACS (3.2). I understand that I need to use a remote ACS agent installed preferably on a domain controller, Windows authentication. My question is: if I use Active Directory, can I not use external user databases and configure generic LDAP with the appropriate settings to access Active Directory? So I wouldn't need a remote agent? Or I have to use external user databases and configure the databases Windows (which means using an external remote agent? Or I can choose two methods? His confusion as active Direcory cann support for pre-2000 windows domains and I do not know which method of mapping of external user database to use.
My apologies, missed the word "apparatus" in your original post.
You can probably do this use anyway, I guess, even though we suggest using a Remote Agent with the Windows DB. If you are not going in this direction, make sure your security permissions (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#642394)
I've had users use the LDAP with Windows Ad database before and it works very well, the only difference (IIRC) is you don't get all the group maps of Windows with this method, but for the authentication of the user only, it should work fine.
-
Version of forms: Forms [32 bit] Version 10.1.2.3.0 (Production)
Is there a way to access Active Directory of MS Windows in my version of forms?
Thank you
Added the: my goal is to save a database table referenced on the Directory user active directory.
Published by: DM 6 Sep, 2010 15:08Active Directory users are stored in a LDAP directory. a simple way would be to use the dbms_ldap package:
http://download.Oracle.com/docs/CD/B10501_01/AppDev.920/a96612/d_ldap2.htm#1019412
for example:
http://www.Oracle-base.com/articles/9i/LDAPFromPLSQL9i.phpsee you soon
-
Firepower does not work when using the Active Directory group as a rule filter access control
I am PoV of Cisco ASA with the power of fire with my client. I would like to integrate the power of fire to MS Active Directory. Everything seems to work properly.
-Fire power user agent installation to complete successfully. Connection to AD work fine. The newspaper is GREEN.
-J' created a Kingdom in FireSight and you can download users and groups from Active Directory.
-J' created a politics of identity with passive authentication (using the field I created)
-Can I use the AD account "user" as a filter in access control rule and it work very well.
However, if I create the rule of access control with AD Group', the rule never get match. I'm sure that the user that I test is a member of the group. Connection event show the system to ignore this rule and the traffic is blocked by the default action below. It doesn't look like the firepower doesn't know that the user belongs to the group.
I use
-User agent firepower for Active Directory v2.3 build 10.
-ASA 5515 software Version 9.5 (2)
-Fire version 6.0.0 - 1005 power module
-Firepower for VMWare Management Center
Any suggestion would be appreciated. Thanks in advance.
Hello
You should check the download user under domain option. Download the users once belonging to a group is specified on the ad and then test the connection.
Thank you
Yogesh
-
printer would not work reading 'active directory domain services currently unavailable'.
Printer worked. Tonight, laptop bed "domain services active directory currently not available".
How is - a workaround? Thank you
I suggest you to uninstall and reinstall the latest compatible drivers for Windows 7.
You can also run the troubleshooting of the printer.
Open the printer Troubleshooter
Open the printer Troubleshooter by clicking the Start button, then Control Panel. In the search box, type troubleshooting, and then click Troubleshooting. Under hardware and sound, click on use printer.
For more information, visit the below mentioned link:
http://Windows.Microsoft.com/en-us/Windows7/open-the-printer-Troubleshooter
Printer problems:
http://blogs.technet.com/b/markrussinovich/archive/2010/04/12/3324570.aspx
Run the printer difficulty of:
http://support.Microsoft.com/GP/printing_problems?EntryPoint=WHHT
You can see the below mentioned links.
http://Windows.Microsoft.com/en-us/Windows7/install-a-printer
http://Windows.Microsoft.com/en-us/Windows7/find-and-install-printer-drivers
http://Windows.Microsoft.com/en-us/Windows7/change-your-default-printer
http://Windows.Microsoft.com/en-us/Windows7/printing-to-the-correct-printer
-
Cannot access creative cloud bookstores after switching to Microsoft Active Directory
Recently IT Department flies over the entire company to Microsoft Active Directory computers. After the computers in the design team were made too, we could no longer access the library of creative cloud or download anything creative market.
The Panel for the library displays a cloud with a x and this message: ' something went wrong initialization of the cloud creative libraries ' with a link to "More information" leading to this error page - Adobe - error page
Very annoying. I really need access to libraries for my work.
If anyone else has experienced this problem and has a solution for this? Is this a known issue? I searched and have not been able to find something that helped.
Using windows 7
Please check the steps mentioned in: need help with this message: 'something went wrong initialization library of creative cloud'
-
ESX4.1 SSH user access to Active Directory.
I have one of my servers for improved test of 4.0 update 2 for ESX 4.1. I'm trying to understand how to configure SSH access to my Active Directory account. I joined the host to active directory and granted my acount AD permissions on the host computer. If I try and ssh to the host with my AD account I get access denied. I can connect via the Client vSphere with my AD account successfully. SSH works with a local account on the server ESX4.1. I tried both with just my username to the SSH connection as well as domain\username. User domain\username using is actually suspended the host and I need to do a hard reset to get it back.
Someone does it that it works?
4.0 Update 2, I used esxcfg-auth - enablead and then created a user without password on the host computer. This command no longer exists on 4.1 however.
I would like to do an update here for those interested. I found it frustrating that the access AD kerberos from vSphere 4.0 to 4.1, ssh disabled unless you have used the "Authentication AD" via the VI Client configuration. I ran into the same issue with JEPP 0 errors and the server actually restart itself trying to ssh using my AD account. The problem is that if you are part of > 30 security groups (in my case it was only 23), the server lock herself up and sometimes even restart. I validated with another AD account that was only member groups of 3 seconds and he was able to connect without locking ESX or causing a reboot.
In addition, in my laboratory, where I run VCenter 4.1 and both nodes are now 4.1, I use authentication 'AD' and it works very well with only a part of a limited number of groups SEC users in AD.
VMWare said that this issue was refitted to engineering.
FYI, this affects the ESX and ESXi.
-
am setting up remote access on the MS 2003 Server following the white paper, but can not find the 'users Active Directory & computers' to set the ip this part has been renamed or hidden somewhere?
original title: MS Server 2003Post in the Windows Server Forums:
http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer/ -
To access network shared files on active directory on one subnet to the other
Hello, please, I have this problem with my network; I have a windows 2008 standard edition as my domain controller, I have a router cisco with two Lan port, a port has this subnet:172.29.24.0/24 and the other has this subnet 172.29.25.0/25.Both subnet see each other, I can ping any computer from subnet to subnet 172.29.25.0/24 172.29.24.0/24 and the 172.29.25.0/24 to 172.29.24.0/24 without get a query at the time that is, I would answer. I created an account in active directory and given the privileged administrative account. I then joined the computer to the domain, and he succeeded. I went futher to access my server application on the 172.29.24.0/24 subnet, and it succeeded. later I tried to access my application server subnet of 172.29.24.0/24 and it show the network path was not found. I used another computer to access the server application on the 172.29.24.0/subnet in the 172.29.25.0/network and I stil get the same answer. network not found path. I had access more quickly the application server on this system. Now what will I do to have access to all of the network files shared on both subnets.
Thank you
Samuel Bemi (Microsoft Certified Systems Engineer)
Hi Samuel Bemi,.Your question of Windows is more complex than what is generally answered in the Microsoft Answers forums, since it relates to the sharing of files on the server. Appropriate in instances of Windows Server.
Please post your question in the Forums of Windows Server.
-
I want to be able to allow user group to be able to reset passwords and create accounts in an organizational unit. I delegate control of the organizational unit for the group, but if I connect to the domain controller and try opening users and computers active directory, we wonder an administrator password. I have a mix of two domain controllers Server 2003 and a Server 2008 DC. Is there a way to give a group access to the users and computers active directory without being administrator?
For assistance, please ask for help in the appropriate Microsoft TechNet Windows Server Forum.
Thank you. -
Get the access denied error after using the rights delegation wizard in Active Directory
I used the rights delegation wizard to grant permissions to a group in AD and do not always receive either the access message when I try to change anything on an existing object, I can however create new objects without any problem. What can I do to fix this?
Original title: Delegation issue in AD
Hello mhipke,
Your Windows XP question is more complex than what is generally answered in the Microsoft Answers forums, as it deals with Active Directory. It is better suited for the IT Pro TechNet public. Please ask your question in the ITPRO Technet Windows Server Directory Services.
I have provided the link for you:
http://social.technet.Microsoft.com/forums/en-us/winserverDS/threadsSincerely,
Marilyn
-
ISE Admin 1.2 access via Active Directory
Hi Experts,
Nice day!
I want to configure my 1.2 ISE to authenticate (for admin) to active directory. I know it's possible, but our ad is not all groups named for admins.
Is it possible for the ISE 1.2 to configure a local user ID and compare it to the pub for the password of the user ID?
Thanks for your great help.
Niks
Niks,
I just did this. First you must have the external configuration of Active Directory as a data source. Once you do this, click on Administration - Admin Access.
For the Type of authentication to ensure password database is switched and edit your data source Active Directory (or whatever you named it).
Then click Administrators - Admin users. Click Add a user - create an Admin user. Make sure you check the external box and you will notice that the password field is leaving. Fill in the appropriate information and then assign them to a group of Directors.
Once you are done with that you can test the user in you on your ISE session. You will notice that when you try to log back in you will have the choice of the sources of data used to authenticate the user. Change the selection in the Active Directory and enter the AD username/password of the newly created account, you should be good to go.
Make sure that you don't delete or deactivate your original admin account in this process. (Change the password if you want.)
-
6.0 ESXi host Active Directory Group authentication works in the hull but no client
Got a weird here.
Add 6.0 host vSphere to Active Directory.
Added a group of pub with the Administrator role.
I can authenticate with an AD user account that is a member of this group of ads, using SSH or Shell access.
I cannot authenticate with an account AD who is a member of this group of ads using the Web UI or Client vSphere linking directly to the host.
If I add the domain user directly with the role of administrator on the host computer permissions, the Web GUI and vSphere Client will be authenticate using the user of the AD.
What it looks like access using SSH/Shell, vSphere host can burst of belonging to a group and to authenticate, but using the GUI Web or vSphere Client he can't. There are not a lot of sense to me.
The hostd.log file has nothing in it which is very informative, just a line saying "status: success accepted password for the user", followed by the event 131: could not connect the user without permission.
Hello
If you are in 6.0 Update 2? Then, this article could describe your problem:
https://KB.VMware.com/kb/2145400
Please try the fix and let us know if it helps.
-Andreas
Maybe you are looking for
-
FN key no longer works on my Tecra M5
Hello 2 keys on my keyboard have stopped working: the Fn key and the key Windows (left).It seems to be a hardware problem, as I have tried several utilities keyboard test.They were working fine and at first, then after a while they worked sporadicall
-
Windows 7 + WoW sound problems
Hello, I have recently acquired a new computer with Windows 7 64 bit home edition. It's an HP with Quad AMD Athlon 2 @2. 8 ghz, 6 GB ram, nvidia 9200 graphics and Realtek HD Audio 5.1 configuration. I have 2 Wow installed, version NA on C: and versio
-
What is the difference between J2ME, blackberry and android
Hi all... I am new to mobile development and I am working in J2ME and Blackberry development. In fact I was wondering wat is the difference between Nokia, Blackberry and Android development. And I want to clarify that Nokia, BB and Android statement
-
After manually copy logs in mode standby, newspapers are always shipped through RFS
HelloI managed the side waiting for an instance Data Guard. This database is no RAC (standalone) without ASM and running Oracle on Oracle Linux 5 11.2.0.3. On the primary side is up and is maintained by another company, so I did not have access to it
-
2014 CC versions available?
2014 apps are always available? My macbook is from 2007 and will not work with version 2015.