11G Modplsql Basic Authentication not working for globally identified database users

I have a modplsql dad that uses Basic authentication.  When I supply a username and password where the database user is locally defined in the database using the "identified by" syntax the authentication works perfectly and the modplsql app works.  When I try to authenticate a database user that is defined in the database using the "identified globally" syntax authentication fails.  Any idea on how to get modplsql app to work with users identified via OID?
Thanks,
Phil

Hi,
Before deploying, have you changed:
Application properties -> Deployment
Remove the selection from "Auto Generate and Syncronize weblogic-jdc.xml ....."
Kind Regards

Similar Messages

  • Basic authentication not working for portal application

    HI All,
    i have a portal application where I have a servlet. i want to use basic authentication for this servlet.
    to archive this i have followed http://docs.oracle.com/cd/E14571_01/web.1111/b31974/adding_security.htm
    and configured basic authentication, also add web-resource in web.xml for the url to access the servlet.
    my web.xml look like (copied is only security section from web.xml)
    <security-constraint>
        <web-resource-collection>
          <web-resource-name>adfAuthentication</web-resource-name>
          <url-pattern>/adfAuthentication</url-pattern>
        </web-resource-collection>
        <web-resource-collection>
          <web-resource-name>All</web-resource-name>
          <url-pattern>/faces/Auto-connect</url-pattern>
        </web-resource-collection>
        <auth-constraint>
          <role-name>valid-users</role-name>
        </auth-constraint>
      </security-constraint>
      <login-config>
        <auth-method>BASIC</auth-method>
      </login-config>
      <security-role>
        <role-name>valid-users</role-name>
      </security-role>
    this works when in run the application in JDeveloper i.e. when i try to access http://localhost:7101/MyApp/faces/Auto-connect it ask for basic authentication (the popup) and when i access http://localhost:7101/MyApp/ it takes me to home page for login , but doesn't work when i deploy the application in weblogic 11g.(deployment done using Enterprise Manager console (EM console) (for both URL no popup).
    i tried Google around it but didn't get any solution please provide your input and guide me.
    thanks
    -somesh

    Hi,
    Before deploying, have you changed:
    Application properties -> Deployment
    Remove the selection from "Auto Generate and Syncronize weblogic-jdc.xml ....."
    Kind Regards

  • SPSecurity.RunWithElevatedPrivileges Not Working for Read Only Permissions Users

    I have the following code in a method that generates tabbed web parts on any page in SharePoint 2010.
    The problem is that it will not work for users who have Read access only on a SharePoint site.  It will work when those users have Contribute access.  
    So even though I have elevated permissions in the code it does not actually elevate the permissions at the point where it is needed.
    if (panel != null)
    try
    using (SPLimitedWebPartManager wpManager = SPContext.Current.Web.GetLimitedWebPartManager(HttpContext.Current.Request.Url.ToString(), PersonalizationScope.Shared))
    try
    // Elevated previleges required for EXPORT and IMPORT. Else Users with normal read access will get errors.
    SPSecurity.RunWithElevatedPrivileges(delegate()
    // Retrieve the web part titles in the ConfigureTabs XML string for this tab.
    var webPartTitles = from t in xDocument.Descendants("webPart")
    where (string)t.Parent.Attribute("name") == (string)e.Item.DataItem
    select (string)t.Attribute("title");
    foreach (string wpTitle in webPartTitles)
    foreach (System.Web.UI.WebControls.WebParts.WebPart webPart in wpManager.WebParts)
    // Find the matched closed web part in WebParts collection
    if (webPart.Title == wpTitle && webPart.IsClosed == true)
    string errorMessage;
    //ADD EXPORT PROPERTY
    webPart.ExportMode = WebPartExportMode.All;
    MemoryStream stream = new MemoryStream();
    XmlTextWriter writer = new XmlTextWriter(stream, System.Text.Encoding.UTF8);
    // Export the closed webpart to a memory stream.
    wpManager.ExportWebPart(webPart, writer);
    writer.Flush();
    stream.Position = 0;
    XmlTextReader reader = new XmlTextReader(stream);
    // Import the exported webpart.
    System.Web.UI.WebControls.WebParts.WebPart newWebPart = wpManager.ImportWebPart(reader, out errorMessage);
    reader.Close();
    writer.Close();
    // Show the imported webpart.
    panel.Controls.Add(newWebPart);
    break;
    catch (Exception ex)
    // For debugging use only.
    Label label = new Label();
    label.Text = "Please check your XML configuration for error. " + Environment.NewLine + ex.Message;
    panel.Controls.Add(label);
    catch (Exception ex)
    // For debugging use only.
    Label label = new Label();
    label.Text = "Please Check SPContext.Current.Web is not null. " + Environment.NewLine + ex.Message;
    panel.Controls.Add(label);
    This snippet of code was originally pulled from a microsoft technet article on creating Tabbed web parts "the correct way" but it doesn't work in all scenarios.
    Is there a way to get this code working for Read/Visitors to a SharePoint site?

    From initial observation what I see is that your SPLimitedWebPartManager is not created from an elevated web. Try like below
    SPSecurity.RunWithElevatedPrivileges(delegate()
    using(SPSite elevatedSite = new SPSite(SPContext.Current.Site.ID))
    using(SPWeb elevatedWeb = elevatedSite.OpenWeb())
    using (SPLimitedWebPartManager wpManager = elevatedWeb.GetLimitedWebPartManager(HttpContext.Current.Request.Url.ToString(), PersonalizationScope.Shared))
    { //Rest of your code
    Geetanjali Arora | My blogs |

  • Negotiate Authentication Not working for Outlook

    This is a very odd situation so bear with me when explaining this.
    I have several users scattered out in different remote offices that are haveing authentication issues in outlook 2007 when trying to connect to our exchange 2010 public folder servers (CAS).  When the users open outlook it constantly sits at trying
    to connect and eventually locks the machine up until you use the task manager to close outlook.  I have only determined this is a public folder issue because if you hold down the cntrl key and right click on the outlook icon in the taskbar (next to clock) you
    get and option to see connection status.  This shows the server name (one of the CAS) and the type as public folder and the connection status is empty. 
    We opened a microsoft ticket on this and they said it was a client side issue because we have 1700 users connection to the same set of servers with out issues.  Well we have reimaged the users desktop, replaced all cableing from the user to the switch,
    and confirmed the IOS on the routers matches other offices that are working.   Still the same problem.
    Heres the kicker!  This problem does not effect other users in the same office and if this paticular user logs into another machine the same problem happens.  But if she accesses her mailbox from Web Access she has no problems and if I log this
    user on here at our home office on the same LAN as the Exchange system she has no issues.
    But wait theres more.  We have deleted the user's mailbox and LAN account.  Created a new mailbox and LAN account with a similar name not the same one and when I log on to her machine exacte same issue.  I have removed all antivirus software
    from the machine and still have the same problem.  
    Not until we ran wireshark on her machine did I start seeing some ntlm authentication issues to the exchange system. We manually changed outlook from Negotiate Authentication to  Password Authenticatoin (NTLM) and viola her email started syncing??? 
    When i change this setting on the other users they connect also. But why are we not haveing to change this on the other 1700 users?
    Can anyone please offer some insite in to what the hell is causing this and why it seem to follow the user around.  I have been troubleshooting this for weeks and am so frustrated because it just doesnt make any sense. 
    Thankyou to anyone willing to provide any ideas into what could be causing this.  When we opened a Microsoft ticket they were convinced that its client side but I have replaced everything.

    Hello,
    if you using OAW (Outlook AnyWhere) check the authentication method
    get-OutlookAnywhere -Identity "<Servername>xpv00645\RPC (Default Web Site)" | fl *AuthenticationMethod*
    I think it is set of NTLM or Negotiate.
    Outlook 2007 has negotiate
    problems at an OAW connection
    authentication.
    Change the authentication to NTLM for
    the internal and Basic for the extenal method.
    You need to reconfigure the Outlook Exhange settings to anonymous authentication and in the proxy settings to default authentication

  • Basic authentication only works for some webservices?

    I'm trying to call the SAP BI/BO REStful webservices using basic authentication. I enabled basic authentication in the WACS and tested with this service:
    http://host:6405/infostore/16422
    This works! I can get the report metadata as either xml or json. However, whenever I try an url with "raylight" in it, I get an authentication problem:
    http://host:6405/biprws/raylight/v1/documents/16422/parameters
    error_code: "1"
    message: "No session found in HTTP header X-SAP-LogonToken"
    Why do some services work with basic authentication and others absolutely require the logontoken? I would like to avoid the logontoken if possible. I tested by logging on with the token and that does work, so it's not like my credentials are wrong.
    I also found the a problem with the raylight logontoken described here: RESTful Raylight Error Incorrect session
    Apparently, there needs to be double quotes around the logontoken for it to work. Could this "bug" be the reason why basic authentication doesn't work? I already tfried to put double quotes around and inside my base-encoded value but it still gives the same error.

    Hello,
    Raylight doesn't support basic authentication because it required a permanent session to work. Internally, we have to manage a "cache" to support subsequent REST calls and this is not possible using basic authentication.
    Regards,
    Anthony

  • Ldap authentication not working for Solaris 8 host - Help!

    Greetings folks,
    I just recently migrated a host to use LDAP authentication. The only difference between this host and the rest of the hosts in the environment that I've converted to use LDAP is that this one is running Solaris 8.
    Here's the steps I took to migrate it (though, I used the same steps for another Sol8 host in another environment and it works fine):
    ldapclient -P stg -d mydomain.com -D cn=proxyagent,ou=profile,dc=mydomain,dc=com -w secret 192.168.1.69
    My /etc/nsswitch.conf looks like this:
    passwd: files ldap
    group: files ldap
    My /etc/pam.conf looks like this:
    login auth requisite pam_authtok_get.so.1
    login auth required pam_dhkeys.so.1
    login auth sufficient pam_unix_auth.so.1
    login auth required pam_ldap.so.1
    sshd auth requisite pam_authtok_get.so.1
    sshd auth sufficient pam_unix_auth.so.1
    sshd auth required pam_ldap.so.1
    other auth requisite pam_authtok_get.so.1
    other auth required pam_dhkeys.so.1
    other auth sufficient pam_unix_auth.so.1
    other auth required pam_ldap.so.1
    passwd auth sufficient pam_passwd_auth.so.1
    passwd auth required pam_ldap.so.1
    I've also cleared out the local user accounts for my human users, so there aren't any more passwd or shadow entries (yes, I ran pwconv). I also cleaned out the /etc/group entries for the same users. The machine appears to be configured properly, because I can run various DS commands that indicate this:
    hostname# getent passwd user1
    user1::1001:1001:User 1:/opt/home/user1:/bin/bash
    hostname# ldaplist -l passwd user1
    dn: uid=user1,ou=people,dc=mydomain,dc=com
    shadowFlag: 0
    userPassword: {crypt}(removed)
    uid: user1
    objectClass: posixAccount
    objectClass: shadowAccount
    objectClass: account
    objectClass: top
    cn: user1
    uidNumber: 1001
    gidNumber: 1001
    gecos: User 1
    homeDirectory: /opt/home/user1
    loginShell: /bin/bash
    However, in the end, actual logins to this host fail via ssh. Snooping the traffic reveals that all the right info is being handed back to the client, including the crypt'ed password hash, uid, etc. just like I see with other hosts that work.
    Any ideas?
    Thanks!
    Patrick

    I assume you have applied lastest kernel patch and 108993 to this Solaris8 machine, and its nss_ldap.so.1 and pam_ldap.so.1 are the same as the other Solaris8 LDAP clients that are working for ssh via LDAP auth.
    1) Please replace "objectClass: account" with "objectClass: person", I know SUN ONE DS5.2 likes "person".
    2) Did you test and verify telnet/ftp/su working? but SSH not working?
    3) If telnet/ftp/su all worked, and SSH (SUN-SSH or OpenSSH), make sure you have "UsePAM yes" in sshd_config and restart sshd.
    4) It is not a must I think but normally I will add "shadow: files ldap" to /etc/nsswitch.conf, restart nscd after that.
    5) Whenever ldapclient command is run and ldap_cachemgr is restarted, I usually also restart nscd and sshd after that, if not testing result may not be accurate as nscd is still remembering OLD stuffs cached which could be very misleading.
    6) You may use "ssh -v userid@localhost" to watch the SSH communications, on top of your usual "snoop"ing of network packets.
    7) Use the sample pam.conf that is meant for pam_ldap from Solaris 10 system admin guide with all the pam_unix_cred.so.1 lines commented out. This works for me, there is no sshd defintions as it will follow "other".
    http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=view
    Gary

  • Realm authentication not working for usergroups

    Hi...
    I have a server running 10.4.3 (8F46). I'm running one web site, and also some AFP shares. This server is bound to our corporate Active Directory server.
    I'm positive the AD integration works because my AFP shares use AD users and groups for their permissions. All but one AFP share uses an AD group for permissions. AD users are in an AD group, and they can log in to the share. It works.
    Anyways.... I want my one web site to be protected, and I'd like only one AD group to be able to access it. I am familiar with Apache from FreeBSd and OpenBSD. In ServerAdmin, I created a web site, and it works. I then created a realm, and added one AD user to the users pane. From the browser, I can connect to the web site after I authenticate as the AD user (annoyingly, I have to prepend my AD domain and a backslash to my username). My AD user can connect and view the web page.
    When I add an AD group to the groups pane, none of the member users can authenticate properly. If I remove the above user from the user pane, and add a group (containing said user) to the group pane, that user can no longer log in.
    I've consulted the 10.4 server documentation; the WebServices pdf does not get into details with realm authentication, and covers it mostly in conjunction with WebDAV.
    I find it odd that an AD user can connect when specified as a user entry, but not from within a group. It's almost as if authenticating to AD groups is broken in Apple's implementation of Apache.
    Has anyone else set up authentication with websites? Ever done it with Active Directory?
    Thanks
    /eric

    This is not limited to Active Directory as I have been unable to use groups for realm authentication with OpenLDAP either (on 10.3.9).
    I assumed it would be fixed in 10.4 but I see it has not.

  • Weblogic server BASIC Authentication not prompting for username

    I created a very simple Weblogic 10.3.5 web application with BASIC Authentication that for some reason doesn't prompt for the username and password. I believe the web.xml and weblogic.xml are created properly. The entire application is below.
    It consists of two files:
    index.html -- that anyone should be able to load
    remoteuser.jsp -- that only people in 'group' should be able to load
    I added an <auth-constraint> for all JSPs (*.jsp), such that only users in 'group' should be able to load them. However, when I load the url "/remoteuser.jsp", it displays "The remote user is null", and doesn't prompt for a username and password. The causes the JSP to also print out null instead of the remote user's name.
    The <auth-method> is, of course, set to BASIC.
    I currently don't even have any groups defined in Weblogic's Security Realm, because I want to watch it fail first.
    According to this Weblogic documentation (http://docs.oracle.com/cd/E15051_01/wls/docs103/security/thin_client.html#wp1037337), I believe that I'm doing everything correctly.
    Do I have to modify the Weblogic Security Realm's Authentication Provider? Or some other setting?
    I know that I'm doing something silly, but can't see it. Please help!
    SOURCE FILES
    web.xml
    <web-app>
    <welcome-file-list>
    <welcome-file>index.html</welcome-file>
    </welcome-file-list>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>JSPs</web-resource-name>
    <url-pattern>*.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>group</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>BASIC</auth-method>
    </login-config>
    <security-role>
    <role-name>group</role-name>
    </security-role>
    </web-app>
    weblogic.xml
    <weblogic-web-app>
    <security-role-assignment>
    <role-name>group</role-name>
    <principal-name>group</principal-name>
    </security-role-assignment>
    </weblogic-web-app>
    remoteuser.jsp
    <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>Remote User</title>
    </head>
    <body>
    <p>
    Only users in "group" should be able to load this page.
    </p>
    <p>
    The remote user is <%= request.getRemoteUser() %>
    </p>
    </body>
    </html>
    index.html
    <html>
    <head><title>WebLogic Test</title></head>
    <body>
    Everyone should be able to see this.
    </body>
    </html>

    Hi,
    Before deploying, have you changed:
    Application properties -> Deployment
    Remove the selection from "Auto Generate and Syncronize weblogic-jdc.xml ....."
    Kind Regards

  • FormsCentral PDFs not working for Linux and Unix users

    I recently created a PDF (using Indesign > Acrobat IX Pro > Formscentral [AFC]) that includes radio buttons, form fields, linked videos set to play in the PDF once clicked and (after running through AFC) a submit button.
    The form has been distributed and we have already had hundreds of successful responses collected in the AFC site, all is working well there.
    One major problem we are having is that we have a lot of Linux/Unix users and the response from them is that they can't activate the videos, the form fields are out of kilter alignmentwise and the submit button does not work. Even when using the proper Adobe Acrobat Reader (v9, for example).
    Is the Adobe development team aware of problems such as these for Linux/Unix platforms and is there a suggested fix that they know of?
    The link to the actual file is here: http://cms.iopscience.iop.org/alfresco/d/d/workspace/SpacesStore/b5a48eac-8642-11e2-8cf8-e 50acbc9fd86/NJP-Video-Abstracts-Competition-2013.pdf
    Thanks in advance

    Hi Jesse,
    can you email me ([email protected]) the original PDF (before you imported it in FormsCentral)? Also, I'm curious about the format of the video in the PDF. Does the video in the PDF worked in Linux/Unix before going through the FormsCentral import/export?
    When I look at your PDF on my Red Hat Entrprise Linux 6.0 system with Reader 9.5.4 it does look fine (location of the fields) but the video generate an error (which I'm still investigating). I have not yet try the submit button on your form (as I don't want to submit bad data to you) but I seem to have an issue with the submit button on other PDF forms I generated (when I try to submit from a linux machine). Still investigating that as well.
    Gen

  • Accounts search not working for only the specific user

    Hi friends,
      We have configured E.P 7.0 with CRM 5.0 and configured  CRM PCUI business package.
    We have role called <b>accounts abd products</b> in portal. So accounts can be searched in this role.
    Now our severity issue is for one of the super user,for ex su1,  accounts search is not working in portal  but the same is working in CRM GUI.
    for example if we search for an account 233445(or any other account) in portal its showing no data found but if we search with the same criteria data is displaying CRM GUI.
    We have checked with other 2 super ids. Both ends portal and gui search is  working fine.
    Am unable to figure out whats the cause of the issue as search is not working only for one user su1 .
    we have checked by restarting the server also to clear the memory cache.But still search is not working in portal.
    Could anyone of u please advice ASAP as this is severity issue.
    Thanks & Regards
    Sireesha.

    Hello,
    Go in debugging in the query method of your MAC to see why the BP is not selected (or deleted) before going to the read method.
    Regards,
    Fred

  • Integrated Authentication not working for firefox 31 and above for NTLMv2

    Users browsing from a Citrix session are being asked to authenticate using Firefox on newer versions (31-35) as they used to pass authentication transparently via NTLMv2 in earlier versions. This does not happen on IE so wondering what to do to get this working again for Firefox users.
    Did release 31 also remove by accident ntlmv2 capability? If so, when and where is a fix to correct it. Fine to remove pre-ntlmv2 versions but dont break ntlmv2

    I would like to bump this and I am wondering if this was ever solved. My only difference is at one point I had it working with http but ended up reinstalling using https. I get access denied but when I type in my username and password and it goes in fine.
    There is a cert on the website
    I have changed NTFS permissions
    Made sure NTLM was on top
    Website is in the local intranet zone
    On the server itself that hosts the webconsole I can get in fine.

  • Squid basic authentication not working

    I have setup squid as follows:
    /etc/squid/squid.conf
    auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    auth_param basic casesensitive off
    acl ncsa_users proxy_auth REQUIRED
    http_access allow ncsa_users
    Then I created my passwd file:
    # htpasswd -c /etc/squid/passwd user
    I get the authentication dialog, but squid does not authenticate me. I think my authenticator is crashing or something, I have no clue. When I run "http_access allow ncsa_users /etc/squid/passwd" the program runs fine and does not segfault. /etc/squid/passwd is world readable.
    Here is my log output of /var/log/squid/cache.log:
    2013/05/26 12:25:24.811 kid1| Checklist.cc(153) preCheck: 0xb71178 checking slow rules
    2013/05/26 12:25:24.811 kid1| Checklist.cc(160) checkAccessList: 0xb71178 checking 'http_access allow ncsa_users'
    2013/05/26 12:25:24.812 kid1| Acl.cc(336) matches: ACLList::matches: checking ncsa_users
    2013/05/26 12:25:24.812 kid1| Acl.cc(319) checklistMatches: ACL::checklistMatches: checking 'ncsa_users'
    2013/05/26 12:25:24.812 kid1| Acl.cc(281) aclCacheMatchFlush: aclCacheMatchFlush called for cache 0xb744e8
    2013/05/26 12:25:24.812 kid1| Acl.cc(61) AuthenticateAcl: returning 2 sending credentials to helper.
    2013/05/26 12:25:24.812 kid1| Acl.cc(321) checklistMatches: ACL::ChecklistMatches: result for 'ncsa_users' is -1
    2013/05/26 12:25:24.812 kid1| Acl.cc(339) matches: ACLList::matches: result is false
    2013/05/26 12:25:24.812 kid1| Checklist.cc(275) matchNode: 0xb71178 matched=0 async=1 finished=0
    2013/05/26 12:25:24.812 kid1| Checklist.cc(312) matchNode: 0xb71178 going async
    2013/05/26 12:25:24.812 kid1| Checklist.cc(131) asyncInProgress: ACLChecklist::asyncInProgress: 0xb71178 async set to 1
    2013/05/26 12:25:24.813 kid1| AclProxyAuth.cc(144) checkForAsync: checking password via authenticator
    2013/05/26 12:25:24.813 kid1| Checklist.cc(256) matchNodes: 0xb71178 awaiting async operation
    2013/05/26 12:25:24.813 kid1| WARNING: basicauthenticator #1 exited
    2013/05/26 12:25:24.813 kid1| Too few basicauthenticator processes are running (need 1/5)
    2013/05/26 12:25:24.813 kid1| Starting new helpers
    2013/05/26 12:25:24.813 kid1| helperOpenServers: Starting 1/5 'basic_ncsa_auth' processes
    2013/05/26 12:25:24.831 kid1| Checklist.cc(131) asyncInProgress: ACLChecklist::asyncInProgress: 0xb71178 async set to 0
    2013/05/26 12:25:24.831 kid1| Checklist.cc(160) checkAccessList: 0xb71178 checking 'http_access allow ncsa_users'
    2013/05/26 12:25:24.831 kid1| Acl.cc(336) matches: ACLList::matches: checking ncsa_users
    2013/05/26 12:25:24.831 kid1| Acl.cc(319) checklistMatches: ACL::checklistMatches: checking 'ncsa_users'
    2013/05/26 12:25:24.831 kid1| Acl.cc(66) AuthenticateAcl: returning 3 sending authentication challenge.
    2013/05/26 12:25:24.831 kid1| Checklist.cc(146) markFinished: 0xb71178 answer AUTH_REQUIRED for AuthenticateAcl exception
    2013/05/26 12:25:24.831 kid1| Acl.cc(321) checklistMatches: ACL::ChecklistMatches: result for 'ncsa_users' is -1
    2013/05/26 12:25:24.831 kid1| Acl.cc(339) matches: ACLList::matches: result is false
    2013/05/26 12:25:24.831 kid1| Checklist.cc(275) matchNode: 0xb71178 matched=0 async=0 finished=1
    2013/05/26 12:25:24.832 kid1| Checklist.cc(294) matchNode: 0xb71178 exception: AUTH_REQUIRED
    2013/05/26 12:25:24.832 kid1| Checklist.cc(88) matchNonBlocking: ACLChecklist::check: 0xb71178 match found, calling back with AUTH_REQUIRED
    2013/05/26 12:25:24.832 kid1| Checklist.cc(182) checkCallback: ACLChecklist::checkCallback: 0xb71178 answer=AUTH_REQUIRED
    2013/05/26 12:25:24.832 kid1| Gadgets.cc(58) aclGetDenyInfoPage: got called for ncsa_users
    2013/05/26 12:25:24.832 kid1| Gadgets.cc(77) aclGetDenyInfoPage: aclGetDenyInfoPage: no match
    2013/05/26 12:25:24.832 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7fffa1efef70
    2013/05/26 12:25:24.832 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7fffa1efef70
    2013/05/26 12:25:24.832 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7fffa1eff090
    2013/05/26 12:25:24.832 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7fffa1eff090
    2013/05/26 12:25:24.833 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xb71178
    2013/05/26 12:25:24.833 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xb71178
    2013/05/26 12:25:24.833 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xb71178
    2013/05/26 12:25:24.833 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xb71178
    2013/05/26 12:25:27.344 kid1| Checklist.cc(153) preCheck: 0xb71178 checking slow rules
    2013/05/26 12:25:27.344 kid1| Checklist.cc(160) checkAccessList: 0xb71178 checking 'http_access allow ncsa_users'
    2013/05/26 12:25:27.344 kid1| Acl.cc(336) matches: ACLList::matches: checking ncsa_users
    2013/05/26 12:25:27.344 kid1| Acl.cc(319) checklistMatches: ACL::checklistMatches: checking 'ncsa_users'
    2013/05/26 12:25:27.345 kid1| Acl.cc(66) AuthenticateAcl: returning 3 sending authentication challenge.
    2013/05/26 12:25:27.345 kid1| Checklist.cc(146) markFinished: 0xb71178 answer AUTH_REQUIRED for AuthenticateAcl exception
    2013/05/26 12:25:27.345 kid1| Acl.cc(321) checklistMatches: ACL::ChecklistMatches: result for 'ncsa_users' is -1
    2013/05/26 12:25:27.345 kid1| Acl.cc(339) matches: ACLList::matches: result is false
    2013/05/26 12:25:27.345 kid1| Checklist.cc(275) matchNode: 0xb71178 matched=0 async=0 finished=1
    2013/05/26 12:25:27.345 kid1| Checklist.cc(294) matchNode: 0xb71178 exception: AUTH_REQUIRED
    2013/05/26 12:25:27.345 kid1| Checklist.cc(88) matchNonBlocking: ACLChecklist::check: 0xb71178 match found, calling back with AUTH_REQUIRED
    2013/05/26 12:25:27.345 kid1| Checklist.cc(182) checkCallback: ACLChecklist::checkCallback: 0xb71178 answer=AUTH_REQUIRED
    2013/05/26 12:25:27.345 kid1| Gadgets.cc(58) aclGetDenyInfoPage: got called for ncsa_users
    2013/05/26 12:25:27.345 kid1| Gadgets.cc(77) aclGetDenyInfoPage: aclGetDenyInfoPage: no match
    2013/05/26 12:25:27.345 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7fffa1efe4d0
    2013/05/26 12:25:27.345 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7fffa1efe4d0
    2013/05/26 12:25:27.345 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7fffa1efe5f0
    2013/05/26 12:25:27.345 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7fffa1efe5f0
    2013/05/26 12:25:27.345 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xb71178
    2013/05/26 12:25:27.346 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xb71178
    2013/05/26 12:25:27.346 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xb71178
    2013/05/26 12:25:27.346 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xb71178
    Any pointers greatly appreciated!

    I have setup squid as follows:
    /etc/squid/squid.conf
    auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    auth_param basic casesensitive off
    acl ncsa_users proxy_auth REQUIRED
    http_access allow ncsa_users
    Then I created my passwd file:
    # htpasswd -c /etc/squid/passwd user
    I get the authentication dialog, but squid does not authenticate me. I think my authenticator is crashing or something, I have no clue. When I run "http_access allow ncsa_users /etc/squid/passwd" the program runs fine and does not segfault. /etc/squid/passwd is world readable.
    Here is my log output of /var/log/squid/cache.log:
    2013/05/26 12:25:24.811 kid1| Checklist.cc(153) preCheck: 0xb71178 checking slow rules
    2013/05/26 12:25:24.811 kid1| Checklist.cc(160) checkAccessList: 0xb71178 checking 'http_access allow ncsa_users'
    2013/05/26 12:25:24.812 kid1| Acl.cc(336) matches: ACLList::matches: checking ncsa_users
    2013/05/26 12:25:24.812 kid1| Acl.cc(319) checklistMatches: ACL::checklistMatches: checking 'ncsa_users'
    2013/05/26 12:25:24.812 kid1| Acl.cc(281) aclCacheMatchFlush: aclCacheMatchFlush called for cache 0xb744e8
    2013/05/26 12:25:24.812 kid1| Acl.cc(61) AuthenticateAcl: returning 2 sending credentials to helper.
    2013/05/26 12:25:24.812 kid1| Acl.cc(321) checklistMatches: ACL::ChecklistMatches: result for 'ncsa_users' is -1
    2013/05/26 12:25:24.812 kid1| Acl.cc(339) matches: ACLList::matches: result is false
    2013/05/26 12:25:24.812 kid1| Checklist.cc(275) matchNode: 0xb71178 matched=0 async=1 finished=0
    2013/05/26 12:25:24.812 kid1| Checklist.cc(312) matchNode: 0xb71178 going async
    2013/05/26 12:25:24.812 kid1| Checklist.cc(131) asyncInProgress: ACLChecklist::asyncInProgress: 0xb71178 async set to 1
    2013/05/26 12:25:24.813 kid1| AclProxyAuth.cc(144) checkForAsync: checking password via authenticator
    2013/05/26 12:25:24.813 kid1| Checklist.cc(256) matchNodes: 0xb71178 awaiting async operation
    2013/05/26 12:25:24.813 kid1| WARNING: basicauthenticator #1 exited
    2013/05/26 12:25:24.813 kid1| Too few basicauthenticator processes are running (need 1/5)
    2013/05/26 12:25:24.813 kid1| Starting new helpers
    2013/05/26 12:25:24.813 kid1| helperOpenServers: Starting 1/5 'basic_ncsa_auth' processes
    2013/05/26 12:25:24.831 kid1| Checklist.cc(131) asyncInProgress: ACLChecklist::asyncInProgress: 0xb71178 async set to 0
    2013/05/26 12:25:24.831 kid1| Checklist.cc(160) checkAccessList: 0xb71178 checking 'http_access allow ncsa_users'
    2013/05/26 12:25:24.831 kid1| Acl.cc(336) matches: ACLList::matches: checking ncsa_users
    2013/05/26 12:25:24.831 kid1| Acl.cc(319) checklistMatches: ACL::checklistMatches: checking 'ncsa_users'
    2013/05/26 12:25:24.831 kid1| Acl.cc(66) AuthenticateAcl: returning 3 sending authentication challenge.
    2013/05/26 12:25:24.831 kid1| Checklist.cc(146) markFinished: 0xb71178 answer AUTH_REQUIRED for AuthenticateAcl exception
    2013/05/26 12:25:24.831 kid1| Acl.cc(321) checklistMatches: ACL::ChecklistMatches: result for 'ncsa_users' is -1
    2013/05/26 12:25:24.831 kid1| Acl.cc(339) matches: ACLList::matches: result is false
    2013/05/26 12:25:24.831 kid1| Checklist.cc(275) matchNode: 0xb71178 matched=0 async=0 finished=1
    2013/05/26 12:25:24.832 kid1| Checklist.cc(294) matchNode: 0xb71178 exception: AUTH_REQUIRED
    2013/05/26 12:25:24.832 kid1| Checklist.cc(88) matchNonBlocking: ACLChecklist::check: 0xb71178 match found, calling back with AUTH_REQUIRED
    2013/05/26 12:25:24.832 kid1| Checklist.cc(182) checkCallback: ACLChecklist::checkCallback: 0xb71178 answer=AUTH_REQUIRED
    2013/05/26 12:25:24.832 kid1| Gadgets.cc(58) aclGetDenyInfoPage: got called for ncsa_users
    2013/05/26 12:25:24.832 kid1| Gadgets.cc(77) aclGetDenyInfoPage: aclGetDenyInfoPage: no match
    2013/05/26 12:25:24.832 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7fffa1efef70
    2013/05/26 12:25:24.832 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7fffa1efef70
    2013/05/26 12:25:24.832 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7fffa1eff090
    2013/05/26 12:25:24.832 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7fffa1eff090
    2013/05/26 12:25:24.833 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xb71178
    2013/05/26 12:25:24.833 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xb71178
    2013/05/26 12:25:24.833 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xb71178
    2013/05/26 12:25:24.833 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xb71178
    2013/05/26 12:25:27.344 kid1| Checklist.cc(153) preCheck: 0xb71178 checking slow rules
    2013/05/26 12:25:27.344 kid1| Checklist.cc(160) checkAccessList: 0xb71178 checking 'http_access allow ncsa_users'
    2013/05/26 12:25:27.344 kid1| Acl.cc(336) matches: ACLList::matches: checking ncsa_users
    2013/05/26 12:25:27.344 kid1| Acl.cc(319) checklistMatches: ACL::checklistMatches: checking 'ncsa_users'
    2013/05/26 12:25:27.345 kid1| Acl.cc(66) AuthenticateAcl: returning 3 sending authentication challenge.
    2013/05/26 12:25:27.345 kid1| Checklist.cc(146) markFinished: 0xb71178 answer AUTH_REQUIRED for AuthenticateAcl exception
    2013/05/26 12:25:27.345 kid1| Acl.cc(321) checklistMatches: ACL::ChecklistMatches: result for 'ncsa_users' is -1
    2013/05/26 12:25:27.345 kid1| Acl.cc(339) matches: ACLList::matches: result is false
    2013/05/26 12:25:27.345 kid1| Checklist.cc(275) matchNode: 0xb71178 matched=0 async=0 finished=1
    2013/05/26 12:25:27.345 kid1| Checklist.cc(294) matchNode: 0xb71178 exception: AUTH_REQUIRED
    2013/05/26 12:25:27.345 kid1| Checklist.cc(88) matchNonBlocking: ACLChecklist::check: 0xb71178 match found, calling back with AUTH_REQUIRED
    2013/05/26 12:25:27.345 kid1| Checklist.cc(182) checkCallback: ACLChecklist::checkCallback: 0xb71178 answer=AUTH_REQUIRED
    2013/05/26 12:25:27.345 kid1| Gadgets.cc(58) aclGetDenyInfoPage: got called for ncsa_users
    2013/05/26 12:25:27.345 kid1| Gadgets.cc(77) aclGetDenyInfoPage: aclGetDenyInfoPage: no match
    2013/05/26 12:25:27.345 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7fffa1efe4d0
    2013/05/26 12:25:27.345 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7fffa1efe4d0
    2013/05/26 12:25:27.345 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7fffa1efe5f0
    2013/05/26 12:25:27.345 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7fffa1efe5f0
    2013/05/26 12:25:27.345 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xb71178
    2013/05/26 12:25:27.346 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xb71178
    2013/05/26 12:25:27.346 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0xb71178
    2013/05/26 12:25:27.346 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0xb71178
    Any pointers greatly appreciated!

  • Form Based Authentication not working for my sharepoint site.

    I am using FIM 2010 r2 on Sharepoint -80 . I tried to use forms based authentication instead of default windows based auth. But the site is not even redirecting to the custom login page i am trying to connect .
    Any suggestions ?

    Issue has been resolved.  There was no interesting work-a-round or fix involved.

  • Anyconnect not working for Mac OS X users

    I have AnyConnect newly configured on my ASA 5550, running 8.2.x code; however, Mac users cannot connect using the Apple client, nor using the Cisco AnyConnect client - they are getting a "posture error" of some kind or the laptop is failing some kind of machine profiling.
    Help - I have no Apple OS experience on this.
    Thanks,
    Marc

    Thanks for your reply;
    Here are the relevant parts of the ASA config:
    crypto ipsec transform-set fdoe3desset esp-3des esp-md5-hmac
    crypto ipsec transform-set doe-sha esp-3des esp-sha-hmac
    crypto ipsec transform-set des-sha esp-des esp-sha-hmac
    crypto ipsec transform-set remoteset esp-des esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map fdoedynmap 65530 set transform-set remoteset
    crypto dynamic-map fdoedynmap 65530 set security-association lifetime seconds 7200
    crypto map remotemap 65535 ipsec-isakmp dynamic fdoedynmap
    crypto map remotemap interface outside
    crypto ca trustpoint ASDM_TrustPoint0
    enrollment terminal
    subject-name ------------------
    keypair doesslkey
    crl configure
    crypto ca trustpoint ASDM_TrustPoint1
    enrollment terminal
    subject-name --------------------
    crl configure
    crypto isakmp identity address
    crypto isakmp enable outside
    crypto isakmp policy 20
    authentication pre-share
    encryption des
    hash md5
    group 2
    lifetime 3600
    ** snip **
    crypto isakmp policy 70
    authentication pre-share
    encryption 3des
    hash md5
    group 1
    lifetime 28800
    crypto isakmp policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    webvpn
    enable outside
    csd image disk0:/csd_3.6.6203-k9.pkg
    csd enable
    svc image disk0:/anyconnect-win-3.0.10055-k9.pkg 1
    svc image disk0:/anyconnect-macosx-i386-3.1.00495-k9.pkg 2
    svc image disk0:/anyconnect-linux-3.0.10055-k9.pkg 3
    svc enable
    group-policy fdoe_vpn internal
    group-policy fdoe_vpn attributes
    wins-server value xx.xx.xx.xx
    dns-server value yy.yy.yy.yy
    vpn-idle-timeout 240
    vpn-session-timeout 720
    vpn-tunnel-protocol IPSec svc
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value split
    default-domain value fldoe.int
    The user has an AnyConnect client installed on his Apple laptop; I wasn't aware that there was a component that needed to be installed in the ASA for AnyConnect clients to work. Am I confusing AnyConnect with another web SSL VPN application for the ASA 5550?

  • Outlook 2007 cached mode not working for old exchange 2003 users

    For some reason outlook isn't receiving emails straight away when in cached mode for users which we moved (few years ago) from exchange 2003 to 2007 (we now have everyone on exchange 2010). I checked the security tab in AD and compared new and old users
    and the permissions are completely different.
    Creating a new AD account and linking the old email account to it, fixes the issue but that's not really an option for over 100 users.
    Has anyone else had this issue?

    Hello,
    What's the difference between the permissions?
    Can the users receive emails from OWA?
    In addition, please make sure your Outlook 2007 has installed the latest update. And try to use
    outlook/cleanips and check if it helps. See:
    http://support.microsoft.com/kb/968773/en-us
    Best Regards,
    Steve Fan
    TechNet Community Support

Maybe you are looking for

  • BLOCKEDPRICE  event not triggering

    Hi All, We have developed a custom workflow with Business object BUS2081 and the event  'BlockedPrice' was enable in the SWETYPV T code.  We on the trace. When we created Invoice with Pmnt Block u201CRu201D we are getting 'BlockedPrice' event in SWEL

  • Issue with reinstalling a brand new mac pro

    I was recomended to reinstall the leopard since I had some issues with my new 27" cinema display.( there is an update for the cinema display and my mac did not allow me to updat it so apple care person told me to reinstall the leopard. After 15 minut

  • No higher than 2-D arrays can be inputs, outputs?

    hello, i need to pass a 4-dimensional array into a mathscript node as well as receive an output that is 4-dimensional.  i came across a post where somebody speculated that the only way to input all of the information in a 3-D array is to reshape the

  • Can I connect an iPhone to an iPad to provide 3G?

    I am considering buying the ipad 3, but as I have an iphone, I am reluctant to buy another 3G capability.  If needed, can the iphone connect to the Ipad and make it 3G enabled if their is no wi fi. Many Thanks

  • Can LR filter or sort by pixel count or file size?

    LR ought to sort or filter images by pixel count and by file size. I can't seem to figure it out. Consider adding this capability.