ACS 4.2 failure to authenticate windows users
Hi all , we have a bit of a problem which we cannot seem to resolve.
The ACS can authenticate people using local database , it can also authenticate a single user (using windows database) if you are fast after the service is restarted , however after a few secounds, it fails to authenticate any users , the error we are seeing on the logs appear as authentication failure type : internal error. Also on the log files, the authentication request from the user does not appear in the correct group, it is thrown into the default group.
Any ideas on where we should look to the problem?
Hi,
Its running on windows 2003 server, is running as the system account.
Auth.log details below on a failed authentication
AUTH 04/09/2009 17:02:13 A 5789 3000 0x69 Worker 0 waiting for work
AUTH 04/09/2009 17:02:13 A 5789 1400 0x6 Worker 3 waiting for work
AUTH 04/09/2009 17:02:13 A 5789 0368 0x4 Worker 1 waiting for work
AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 0
AUTH 04/09/2009 17:02:23 A 5821 3000 0x69 Worker 0 established conn 166 with 127.0.0.1:1879
AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 1
AUTH 04/09/2009 17:02:23 A 5821 0368 0x4 Worker 1 established conn 167 with 127.0.0.1:1881
AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 3
AUTH 04/09/2009 17:02:23 A 5821 1400 0x6 Worker 3 established conn 168 with 127.0.0.1:1883
AUTH 04/09/2009 17:02:24 A 5853 0236 0x51 Worker 4 error/timeout, forcing API disconnect of connection 165.
AUTH 04/09/2009 17:02:24 A 5887 0236 0x51 Worker 4 closing conn 165 endpoint. Handled 2 messages.
AUTH 04/09/2009 17:02:24 A 5789 0236 0x51 Worker 4 waiting for work
AUTH 04/09/2009 17:02:30 E 2100 4080 0x6d External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1783L)
Similar Messages
-
ACS 4.1 failure to authenticate Windows users.
Hello.
We are running Cisco Secure ACS for Windows version 4.1(1)b23p5 on a Windows 2000 member server.
Starting from today, ACS fails to authenticate users.
Using the same external user (andrea-meconi) I can verify successfull and failed authentication.
This is the AUTH.log for a genericRADIUS request...
AUTH 25/02/2013 15:30:24 I 0396 3900 External DB [NTAuthenDLL.dll]: Starting authentication for user [andrea-meconi]
AUTH 25/02/2013 15:30:24 I 0396 3900 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user andrea-meconi
AUTH 25/02/2013 15:30:24 E 0396 3900 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1783L)
AUTH 25/02/2013 15:30:24 I 0396 3900 External DB [ODBCAuthDll.dll]: Starting 1 odbc workers
AUTH 25/02/2013 15:30:24 I 0396 3900 External DB [ODBCAuthDll.dll]: DLL initialised OK
AUTH 25/02/2013 15:30:24 I 0571 3900 AuthenLoadLibrary: Loaded DLL for External ODBC Database
AUTH 25/02/2013 15:30:24 I 1645 3900 pvAuthenticateUser: authenticate 'andrea-meconi' against External ODBC Database
This is the log for an EAP request...
AUTH 25/02/2013 16:23:56 I 1645 4568 pvAuthenticateUser: authenticate 'venezia\andrea-meconi' against Windows NT/2000
AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: Starting MSCHAP authentication for user [venezia\andrea-meconi]
AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: Got WorkStation CISCO
AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user andrea-meconi
AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: Windows authentication SUCCESSFUL (by RVVMDCC01PW)
AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: User mapped to ACS group id [20]
Windows AD running now on Windows 2008 server, migrating from 2003.
Any idea?
Thanks.
AndreaWindows authentication FAILED (error 1783L)
The above error indicates that the migration happened over night. In order to resolve this issue you need to upgrade your ACS to atleast ACS 4.2.0.124 patch 4 or above.
Supported Operating Systems section
--Windows Server 2008, Standard Edition
--Windows Server 2008, Enterprise Edition
--Japanese Windows Server 2008, Standard Edition, Service Pack 2
--Japanese Windows Server 2008, Enterprise Edition, Service Pack 2
NOTE: No version of ACS 4.x support 2008 R2. Only ACS 5.2 support it.
Regards,
Jatin Katyal
- Do rate helpful posts - -
Authenticate windows users via ACS
Hi,
Expert insight required for Cisco ACS, Is it possible to authentication windows user via ACS & apply ACL policies over network devices.
I would appreciate valued inputs.
Regards,Yes, it's possible to authenticate windows users via ACS and push DACL via radius.
Seems you are looking for DACL. Here is a document that can help you to understand the same
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a9eddc.shtml#user
Let me know if you need any further help.
Jatin Katyal
- Do rate helpful posts - -
Failure to authenticate the user weblogic, due to: Authentication Failed
I want to integrate Discussion forum with webcenter spaces. For that, first i have created a connection to forum in webcenter enterprise manager with admin user as weblogic. But In sevices configuration page of webcenter spaces it is showng 'failure to authenticate the user weblogic, due to: Authentication Failed' for Discussion Forums. I have logged into spaces using admin creadentials only.
Please help me...how to go about this?I tried everything but discussions server cannot autenticate.
Im using OID ldap success inside discussions forum AND webcenter but when I enter inside webcenter its generates this error!
<Sep 9, 2010 12:05:51 PM BRT> <Warning> <oracle.webcenter.collab.forum.internal.view.backing> <WCS-04013> <failure to authenticate the user weblogic, due to: Authentication Failed
oracle.webcenter.collab.share.LoginFailedException: Falha ao autenticar o usuário weblogic, em decorrência de: Authentication Failed
at oracle.webcenter.collab.forum.internal.jive.JiveAuthenticator.handleException(JiveAuthenticator.java:304)
at oracle.webcenter.collab.forum.internal.jive.JiveAuthenticator.login(JiveAuthenticator.java:247)
at oracle.webcenter.collab.forum.internal.jive.JiveForumSession.login(JiveForumSession.java:128)
at oracle.webcenter.collab.share.Session$1.call(Session.java:353)
at oracle.webcenter.collab.share.Session$1.call(Session.java:347)
at oracle.webcenter.concurrent.Submission$2.run(Submission.java:406)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.webcenter.concurrent.Submission.runAsPrivileged(Submission.java:420)
at oracle.webcenter.concurrent.Submission.run(Submission.java:347)
at oracle.webcenter.concurrent.Submission$SubmissionFutureTask.run(Submission.java:736)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at oracle.webcenter.concurrent.ModifiedThreadPoolExecutor$Worker.runTask(ModifiedThreadPoolExecutor.java:657)
at oracle.webcenter.concurrent.ModifiedThreadPoolExecutor$Worker.run(ModifiedThreadPoolExecutor.java:682)
at java.lang.Thread.run(Thread.java:619)
Caused By: Authentication Failed
I read all document about this and all failed. -
SEEBURGER AS2: AS2 Adapter failure - Cannot authenticate the user
Hello,
All was working fine but now I got these errors in an AS2 scenario. Sending a message via AS2. Also we don't receive any messages via AS2 anymore. This is the error when sending a message:
Unable to forward message to JCA adapter. Reason: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.
MP: Exception caught with cause javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.
Exception caught by adapter framework: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user
Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.: javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure.
Please advice, many thanks!
ErikAre you using the "Use Authentication" option in the communication channel? If yes, then ensure that the user provided is correct and is not locked. Also recheck the authentication certificate settings.
Regards,
Prateek -
Authenticate windows users accessing os x client using open directory?
I need to setup an OS X client machine (10.4.6) so that windows users (XP) can access folders based on their open directory credentials. (Using OS X server, open directory, windows PDC). If I turn on windows sharing in system preferences on the mac, it will only share local home folders to users with local accounts - not what I need. Any ideas? thanks.
Thanks! So now I see Open Directory, but it seems like it should be listed under the Server app with all the other services...
Anyhow, I seem to remember a way to administer the users and groups. This app shows me the status of the services, logs, settings. The Server app, if I click on Add Users button, then click "connect to it" to supposedly connect to the directory server, it won't take my credentials. I always get "Cannot authenticate to server. Please authenticate by entering the name and password of a user account in this server's directory."
Connect anonymously doesn't seem to do anything, it doesn't even dismiss the dialog.
So what am I missing? -
Irregular failure to authenticate OpenDirectory users via password-based ssh
TL;DR - my Yosemite Open Directory server irregularly fails to properly authenticate users (via password-based ssh).
I recently moved an Open Directory server from an Xserve running 10.6 to a new Mini running 10.10. I archived the OD config on the Xserve and then took it offline. Then I brought the Mini online using the same hostname/IP address, created a new OD master using the archived configuration. Everything seemed to work well, however sometimes the server will not authenticate users via password when logging in with ssh/sftp/scp. This is also true of a few OS X machines that bind to the OD server (i.e. they usually authenticate users properly, but sometimes fail for no discernable reason).
The failures are only for password authentication using ssh. Other mechanisms do not exhibit the auth failures. For instance, AFP and SMB user auth never fails (with proper credentials). Nor do users to a FileMaker Server machine that authenticate via the OD server have problems. Public key based ssh authentication never fails. Local accounts (non-OD, aka "Local Network Accounts") also do not fail using password-based authentication.
The failures are irregular. The only pattern that I can find at all is that sometimes when the failures start happening, they keep happening continuously until...at some point they work properly again. That is, they may fail from 11:15 am to 2:01 pm, and if so, then all of them fail in that time range. Sometimes that time range lasts seconds, sometimes it lasts hours.
The time range failure pattern is host specific. For instance, if password authentication is failing on the main OD server, authentication may be fine on the other bound machines. If authentication is failing on one of the bound machines, then it may be fine on all others and fine on the OD server itself.
The failure pattern does not seem to correlate to any other events or activity on the server (even remotely). CPU utilization never gets above about 15%. Memory utilization is similarly very low. Network traffic is occasionally high, but it does not seem in any way related to the auth failures. There are not other log messages that occur before or after the failures with any consistency.
I've been monitoring the auth failures by attempting to login to the OD server and two other bound hosts once per minute so that I can tell when the auth is failing (before getting calls from the users).
The adaptive firewall is not running on the OD server. Nor is any other firewall.
Below are a comparison of the system.log entries for a failed and successful auth (I've stripped out those lines that are identical in both instances). The log entries have been sanatized as described.
Rebooting the OD server does not affect the bound clients' authentication. Rebooting the OD server is problematic, and I cannot do it often. When I do, sometimes failures start soon after reboot, and sometimes that don't come back for many hours - again, no discernable pattern.
If anyone has any ideas what I can do to discover the source of this problem and come up with a solution, I'd very much appreciate it. Note that I'm aware that I can export all users and group and reconstruct a new, clean OD master, but without the ability to save the passwords, this becomes a large logisitcal problem, and I'm saving it as a last resort (particularly since if it doesn't solve my problem, I will have inconvenienced many users and be right back in the same place).
Thanks for reading.
First failure:
Feb 11 00:00:20 odserver.myorg.gov kdc[67]: TGS-REQ [email protected] from 127.0.0.1:65373 for host/[email protected] [canonicalize, forwardable]
Feb 11 00:00:20 odserver.myorg.gov opendirectoryd[67268]: GSSAPI Error: Miscellaneous failure (see text (unable to reach any KDC in realm ODSERVER.MYORG.GOV, tried 2 KDCs (negative cache))
Feb 11 00:00:20 odserver.myorg.gov sshd[72974]: error: PAM: authentication error for myusername from clienthost.myorg.gov via 10.50.50.50
Feb 11 00:00:20 odserver.myorg.gov sshd[72974]: Connection closed by 10.50.50.99 [preauth]
Now successful auth:
Feb 11 01:03:20 odserver.myorg.gov kdc[67]: TGS-REQ [email protected] from 127.0.0.1:63978 for host/[email protected] [canonicalize, forwardable]
Feb 11 01:03:20 odserver.myorg.gov kdc[67]: TGS-REQ [email protected] from 127.0.0.1:62346 for ldap/[email protected] [canonicalize, forwardable]
Feb 11 01:03:20 odserver.myorg.gov sshd[73786]: Accepted keyboard-interactive/pam for myusername from 10.50.50.99 port 53361 ssh2
Feb 11 01:03:20 odserver.myorg.gov NetAuthSysAgent[73789]: GetStatus: connecting to self not allowed
Feb 11 01:03:20 odserver.myorg.gov NetAuthSysAgent[73789]: ERROR: AFP_GetServerInfo - connect failed 62
I've sanitized the entries as follows, replacing...
My username by myusername
The ssh source host IP address by 10.50.50.99
The ssh source hostname by clienthost.myorg.gov
The server hostname by odserver.myorg.gov
The server hostname (in caps) by ODSERVER.MYORG.GOV
The server IP address by 10.50.50.50Hello James,
I have not had a chance to look for the Router configuration document, however, for one of my certificate exams I did configure Authentication Proxy on an IOS router. The config for that lab was:
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization auth-proxy default group tacacs+ local
aaa session-id common
ip auth-proxy name AUTHPROXY http inactivity-time 60
interface FastEthernet0/0
ip address 192.168.250.19 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/1
ip address 192.168.200.120 255.255.255.0
ip access-group 110 in
ip nat inside
ip virtual-reassembly
ip auth-proxy AUTHPROXY
duplex auto
speed auto
ip route 0.0.0.0 0.0.0.0 192.168.250.1
ip http server
ip http authentication aaa
no ip http secure-server
ip nat inside source list nat interface FastEthernet0/0 overload
ip access-list extended nat
permit ip 192.168.200.0 0.0.0.255 any
access-list 110 permit ip any any
tacacs-server host 192.168.250.20
tacacs-server key cisco123
end
Please check if the commands are supported on your router as well.
If this ws helpful please rate.
Regards. -
Can my AD connected server use kerberos to authenticate windows users?
Hi,
I have installed our brand new Xserve with leopard and set it up so that it is connected to a directory service (AD). I have check to see if it kerberized and it does appear so.
What I want to do is provide SSO for our users when they visit our intranet. Our users will be using Windows XP Pro clients. I have tried using basic authentication but this requires the user to enter their network username and password to authenticate. When I try setting the realm security to be Kerberos it doesn't work.
Can this be done and if so what am I doing wrong? Surely I am not the only person trying to integrate a mac server into a windows environment and provide windows clients with a seamless experience!
Please help anyone!!!!Ok, we managed to solve this!!!
It was to do with Active Directory. You need to set the xserve in Active Directory to be trusted for delegation (all kerberos services) and voila! Sorted! -
Mail crashing on failure to authenticate cyrus user
Mail crashed, and now will not warn re-start (a cold start of the server works) with error:
no entry in /etc/passwd for user _cyrus
can't change to the cyrus user: No such file or directory
The IMAP logs also show, for ALL users, even though all users have IMAP enabled:
AOD Warning: dsGetRecordList failed with: -14085 for user: username
AOD Warning: dsGetRecordList failed with: -14085 for user: username
badlogin from: [192.168.1.xxx]. plaintext user: username. mail is not enabled for this user
And SMTP log shows:
fatal: file /etc/postfix/main.cf: parameter default_privs: unknown user name value: nobodyAnd here's the system log, around the time of the last crash:
Jan 23 01:02:53 xserve DirectoryService[25]: GetGroups couldn't find uid 27
Jan 23 01:02:57: --- last message repeated 1 time ---
Jan 23 01:02:57 xserve servermgrd[56]: --Module servermgr_xserve's response has retain count of 1.
Jan 23 01:02:58 xserve bootpd[203]: DHCP DISCOVER [en0]: 1,0:e:70:0:6:9e
Jan 23 01:03:09: --- last message repeated 1 time ---
Jan 23 01:03:09 xserve servermgrd[56]: --Module servermgr_xserve's response has retain count of 1.
Jan 23 01:03:14 xserve bootpd[203]: DHCP DISCOVER [en0]: 1,0:e:70:0:6:9e
Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): getpwuid("77") failed
Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 5452 "master" has no account to back it! Real/effective/saved UIDs: 77/77/77
Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 3897 "imapd" has no account to back it! Real/effective/saved UIDs: 77/77/77
Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 3895 "imapd" has no account to back it! Real/effective/saved UIDs: 77/77/77
Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 3894 "imapd" has no account to back it! Real/effective/saved UIDs: 77/77/77
Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 3893 "imapd" has no account to back it! Real/effective/saved UIDs: 77/77/77
Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 3885 "idled" has no account to back it! Real/effective/saved UIDs: 77/77/77
Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 3874 "master" has no account to back it! Real/effective/saved UIDs: 77/77/77
Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): Exited with exit code: 1
Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77): Throttling respawn: Will start in 10 seconds -
Trying to create an annoucement ADF task flow. Failure to authenticate
Experts-
I have created a JSPX page and added the announcement ASF task flow. After I deploy to my WLS instance I recieve the following error when browing the page. "failure to authenticate the user weblogic, due to: Unable to connect to discussion server."
The java server log file throws this exception "Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials. Inner Exception: [Keystore was tampered with, or password was incorrect]"
I am able to login to the OOTB discussion web app using the same user but not my custom ADF JSPX page.
I have configured the JDEV Discussion forum connection with the following properties..
keystore.location = "E:\Oracle\Middleware\user_projects\domains\working_domain\config\fmwconfig\webcenter.jks"
keystore.type=jks
encryption.key.alias=orakey
encryption.key.password=welcome1
keystore.password=welcome1
I can test this connection with success.
Anyone know why I can correctly login the OOTB discussion app using my default weblogic user but not the custom ADK app?
I am also using the simple login page jdeveloper creates via the "configure ADF security"
Thanks-even I am getting the same problem. I created a Discussion Forum Connection from my Jdeveloper. I tested the connection to be successfull.
and when I run the ADF application having webCenter Discussion forum taskflow as a region , it says
For more information on this failure, please set -Djps.auth.debug.verbose=true
java.io.IOException: Keystore was tampered with, or password was incorrect
+ at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)+
+ at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)+
+ at java.security.KeyStore.load(KeyStore.java:1185)+
+ at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:525)+
+ at org.apache.ws.security.components.crypto.AbstractCrypto.<init>(AbstractCrypto.java:121)+
+ at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:62)+
+ at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)+
at the UI page it says the
failure to authenticate the user john, due to: Unable to connect to discussion server.
Please suggest some debugging tips.
Thanks
Thyagy -
ACS cannot Authenticate Aironet Users against Exernal DB (LDAP)
ACS cannot Authenticate Aironet Users against Exernal DB (LDAP)
Can anyone point me to a technical explanation of why this is true?
All I have found so far is one small note in a help file and something that might be related under EAP-FAST explanation.
I have posed this question to our Cisco account team but no response yet.
Just need to have a good explanation when explaining to mgmt why we need to have a special setup for WLAN users.Hmmm....you should be getting more than that from debug radius and debug aaa authen if your AP is truly attempting EAP authentication. The debugs I generally use for this are 'debug aaa authen', 'debug radius', and 'debug dot11 aaa dot1x all' coupled with gathering the detailed support logs from ACS. A warning about 'debug dot11 aaa dot1x all'....it is VERY verbose and cryptic if you don't have alot of experience looking at it so it may be best to open up a TAC case. With these debugs turned on, you should see an EAPOL logon show up from the client (usually says 'received EAPOL packet...') and then a request for identity from the switch and a response from the client with a username and password. Then a series of RADIUS challenge/response packets will be passed which consists of the server cert being passed to the client for validation and then the client sending the username and password to the server. Then you will finally get an access-reject or access-accept packet from the RADIUS server. The failed and passed attempts logs in ACS can also provide good info as to what the source of the failure may be. Do you get any passed or failed attempts for these authentications?
-
How can I authenticate a User In Windows Active Directory?
I need to authenticate a user in Windows Active Directory, but I found use the code below will return true if the user name and password are both correct and false if one of them is wrong. But when I input a user name which is not exist in Active Driectory with a blank password, it will also return true. What shall I do? Ask every user must input a password withnot blank?
Please give me some help to solve this problem. Thanks a lot.
Code:
private Context ctx = null;
Hashtable env = new Hashtable ();
boolean isValid = false;
try {
this.setEnvironmentProperties();
String domainName = AuthenticateResources.getString("mydomain.com");
//set the name of domain with the user name
String fullName = name + "@" + domainName;
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,"ldap://mydomain:389");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
//set user related information
env.put(Context.SECURITY_PRINCIPAL, fullName);
//set user password
env.put(Context.SECURITY_CREDENTIALS, password);
//validate user
ctx = new InitialDirContext(env);
isValid = true;
}catch (AuthenticationException ex){
isValid = false;
catch (NamingException ex) {
throw ex;
}finally{
this.freeContext();
return isValid;This is usually a problem if Anonymous Binding is enabled. I have faced this in other Directory Servers, but I am not familiar with Active Directory.
I think by default Active Directory disables Anonymous Binding, but you may want to check. -
Cisco ACS 4.2.1.15 for Windows and Network Access Profiles
We are attempting to configure ACS 4.2.1.15 on Windows Server 2008 Member Server. Initially I only have the need to authenticate Network Admins for device administration and authenticate Windows AD groups using PEAP authentication. The general problem that I am having is that if I configure a Cisco 1200 Access Point for PEAP and also setup The Access Point for Radius authentication pointed to the ACS server it always maps to the the first Network Access Profile and rather than it trying the second it will error sayiing some condition is not met depending on what changes I make. Can someone tell me what the criteria that is used to determine what NAP is used? According to the manual if all 4 criteria are not met then the Profile will not apply.
I am using one ACS group that is mapped to an AD group for Wireless Access and a Second ACS group mapped to an AD group that includes the Net Admins. This group mapping appers to be working as the user group name seems to mapped correctly in the logs. In short I have tried only configuring the Wireless NAP to only Allow EAP authentication using PEAP EAP-MSCHAPv2 and the Netadmins profile to include all protocols. Bascially what happens is if I have the Wireless NAP first it works fine for PEAP authentication on Wireless but if I try to administer the access point and provide credentials I get a message in the failed log that the authentication profile is not allowed in this Network Access Profile. Why does this not just go onto the next Network Access profile?
I am familiar with version 3.2 but it does not seem to work the same.
Any help would be appreciated on what I am missing.
ThanksHi Surenda,
Thanks for your reply. Nop, there is no WLC yet, but the WLC will be installed shortly.
Thanks,
Jean Paul -
Messages (Jabber) Refuses to Authenticate AD Users after 10.9.2/Server 3.0.3 update
Once again, an update appears to have broken Messages/Jabber's ability to authenticate AD users after the 10.9.2/Server 3.0.3 update even though it was working well before. Hoping someone here has some ideas for how to help!
I can log in just fine as a local user (e.g. [email protected]), but no luck with AD users (e.g. [email protected]). As always, it fails with no intelligible error message whatsoever:
Mar 1 09:46:00 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58658] connect
Mar 1 09:46:01 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58658] disconnect jid=unbound, packets: 0
Mar 1 09:48:00 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58667] connect
Mar 1 09:48:01 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58667] disconnect jid=unbound, packets: 0
I reset the jabber server configuration as described here to no avail: https://discussions.apple.com/thread/5354428
The DNS configuration looks good:
changeip -checkhostname
Primary address = 10.0.17.15
Current HostName = comet.ADdomain.private
DNS HostName = comet.ADdomain.private
The names match. There is nothing to change.
dirserv:success = "success"
The Jabber status from jabber:
serveradmin fullstatus jabber
jabber:state = "RUNNING"
jabber:roomsState = "RUNNING"
jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
jabber:logPaths:MUC_STD_LOG = "/var/log/system.log"
jabber:logPaths:JABBER_LOG = "/var/log/system.log"
jabber:proxyState = "RUNNING"
jabber:currentConnections = "0"
jabber:currentConnectionsPort1 = "0"
jabber:currentConnectionsPort2 = "0"
jabber:pluginVersion = "10.8.211"
jabber:servicePortsAreRestricted = "NO"
jabber:servicePortsRestrictionInfo = _empty_array
jabber:hostsCommaDelimitedString = "comet.ADdomain.private"
jabber:hosts:_array_index:0 = "comet.ADdomain.private"
jabber:setStateVersion = 1
jabber:startedTime = "2014-03-01 17:39:06 +0000"
jabber:readWriteSettingsVersion = 1
Full jabber server startup log:
Mar 1 09:52:19 comet.ADdomain.private servermgrd[180]: servermgr_jabber[N]: waiting for jabberd to finish startup...
Mar 1 09:52:19 comet.ADdomain.private jabberd/router[1785]: starting up
Mar 1 09:52:19 comet.ADdomain.private jabberd/router[1785]: loaded user table (1 users)
Mar 1 09:52:19 comet.ADdomain.private jabberd/router[1785]: couldn't open filter file /etc/jabberd/router-filter.xml: No such file or directory
Mar 1 09:52:19 comet.ADdomain.private servermgrd[180]: servermgr_jabber[N]: jabberd service startup completed.
Mar 1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: starting up
Mar 1 09:52:19 comet.ADdomain.private jabberd/s2s[1787]: starting up (interval=60, queue=60, keepalive=0, idle=86400)
Mar 1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: starting up
Mar 1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: modules search path: /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd/modules
Mar 1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: initialized auth module 'apple_od'
Mar 1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: initialised storage driver 'sqlite'
Mar 1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: modules search path: /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd/modules
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'sess-end' (order 0 index 0 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'validate' added to chain 'in-sess' (order 0 index 1 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'in-sess' (order 1 index 2 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'in-sess' (order 2 index 3 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=5347] listening for incoming connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [comet.ADdomain.private] configured; realm=comet.ADdomain.private, registration disabled, using PEM:/etc/certificates/mail.ADdomainbio.com.E41BBC081993E348B26181D9CB334A28137A8D8D.concat.pem
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: attempting connection to router at 127.0.0.1, port=5347
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49353] connect
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49353] authenticated as jabberd
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: connection to router established
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [c2s] online (bound to 127.0.0.1, port 49353)
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [::, port=5222] listening for connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [::, port=5223] listening for SSL connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: ready for connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'in-sess' (order 3 index 4 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: attempting connection to router at 127.0.0.1, port=5347
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49354] connect
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49354] authenticated as jabberd
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'in-sess' (order 4 index 5 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: connection to router established
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [s2s] set as default route
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [s2s] online (bound to 127.0.0.1, port 49354)
Mar 1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: ready for connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-ping' added to chain 'in-sess' (order 5 index 6 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-private' added to chain 'in-sess' (order 6 index 7 seq 0)
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Starting up...
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Loading persistent rooms from disk...
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Finished loading rooms from disk
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Connecting to XMPP server at 'comet.ADdomain.private' as 'rooms.comet.ADdomain.private'...
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'in-sess' (order 7 index 8 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'in-sess' (order 8 index 9 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'in-sess' (order 9 index 10 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'in-sess' (order 10 index 11 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'in-sess' (order 11 index 12 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'deliver' added to chain 'in-sess' (order 12 index 13 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'session' added to chain 'in-router' (order 0 index 14 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'validate' added to chain 'in-router' (order 1 index 1 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'in-router' (order 2 index 12 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'in-router' (order 3 index 2 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'out-router' (order 0 index 2 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'pkt-sm' (order 0 index 0 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-ping' added to chain 'pkt-sm' (order 1 index 6 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-time' added to chain 'pkt-sm' (order 2 index 15 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-version' added to chain 'pkt-sm' (order 3 index 16 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'pkt-sm' (order 4 index 9 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'pkt-sm' (order 5 index 8 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'pkt-sm' (order 6 index 11 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'help' added to chain 'pkt-sm' (order 7 index 17 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'echo' added to chain 'pkt-sm' (order 8 index 18 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'pkt-sm' (order 9 index 12 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'pkt-user' (order 0 index 3 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'pkt-user' (order 1 index 12 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'pkt-user' (order 2 index 5 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'pkt-user' (order 3 index 9 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'deliver' added to chain 'pkt-user' (order 4 index 13 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'pkt-user' (order 5 index 4 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'pkt-user' (order 6 index 10 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'pkt-user' (order 7 index 0 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'session' added to chain 'pkt-router' (order 0 index 14 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'pkt-router' (order 1 index 8 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-load' (order 0 index 19 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'autobuddy' added to chain 'user-load' (order 1 index 20 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'user-load' (order 2 index 3 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster-publish' added to chain 'user-load' (order 3 index 21 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'user-load' (order 4 index 2 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'user-load' (order 5 index 4 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-create' (order 0 index 19 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'template-roster' added to chain 'user-create' (order 1 index 22 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-delete' (order 0 index 19 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'user-delete' (order 1 index 11 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'user-delete' (order 2 index 10 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'user-delete' (order 3 index 2 seq 4)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'user-delete' (order 4 index 3 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'user-delete' (order 5 index 4 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'user-delete' (order 6 index 0 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-private' added to chain 'user-delete' (order 7 index 7 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'user-delete' (order 8 index 5 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-version' added to chain 'disco-extend' (order 0 index 16 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'help' added to chain 'disco-extend' (order 1 index 17 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: version: jabberd sm 2.2.17-409
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: [comet.ADdomain.private] configured
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: attempting connection to router at 127.0.0.1, port=5347
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49355] connect
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49355] authenticated as jabberd
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: connection to router established
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [sm] online (bound to 127.0.0.1, port 49355)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: sm ready for sessions
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [comet.ADdomain.private] online (bound to 127.0.0.1, port 49355)
Mar 1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49356] connect
Mar 1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49356] authenticated as proxy65.comet.ADdomain.private
Mar 1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [proxy65.comet.ADdomain.private] online (bound to 127.0.0.1, port 49356)
Mar 1 09:52:23 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49357] connect
Mar 1 09:52:24 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49357] authenticated as rooms.comet.ADdomain.private
Mar 1 09:52:24 comet.ADdomain.private jabberd/router[1785]: [rooms.comet.ADdomain.private] online (bound to 127.0.0.1, port 49357)
Mar 1 09:52:24 comet.ADdomain.private Rooms[1792]: Successfully connected to XMPP server, ready for activity
I am not sure if it's attempting to authenticate to AD or not, and if so, why it might be failing. Any suggestions would be greatly appreciated!uscadvit wrote:
Here is the output without the name of our AD:
Advanced Options - User Experience
Create mobile account at login = Disabled
Require confirmation = Enabled
Force home to startup disk = Enabled
Mount home as sharepoint = Enabled
Use Windows UNC path for home = Enabled
Network protocol to be used = smb
Default user Shell = /bin/bash
Advanced Options - Mappings
Mapping UID to attribute = not set
Mapping user GID to attribute = not set
Mapping group GID to attribute = not set
Generate Kerberos authority = Enabled
Advanced Options - Administrative
Preferred Domain controller = not set
Allowed admin groups = not set
Authentication from any domain = Enabled
Packet signing = allow
Packet encryption = allow
Password change interval = 14
Restrict Dynamic DNS updates = not set
Namespace mode = domain
That looks correct. Lets collect a few more config items.
Copy / paste the output of this command when run against c2s.xml:
sudo grep '<id require-starttls="true" pemfile="' /Library/Server/Messages/Config/jabberd/c2s.xml
Ours looks like this:
<id require-starttls="true" pemfile="/etc/certificates/chat.example.com.1234567890.concat.pem" private-key-password="12345678-1234-1234-12345678" cachain="/etc/certificates/chat.example.com.1234567890.chain.pem" realm="example.com">example.com</id>
Copy / paste the output of this command when run against sm.xml. To give us context, it will display the 6 lines above and below the text:
sudo grep -C 6 'If not set, the SM id is used. -->' /Library/Server/Messages/Config/jabberd/sm.xml
Ours looks like this:
<!-- Local network configuration --> <local> <!-- Who we identify ourselves as. Users will have this as the domain part of their JID. If you want your server to be accessible from other Jabber servers, this IDs must be FQDN resolvable by DNSes. If not set, the SM id is used. --> <id>example.com</id> <!-- <id>vhost1.localdomain</id> <id>vhost2.localdomain</id> --> </local>
Copy / paste the output of this command:
sudo serveradmin settings jabber
Ours looks like this:
jabber:dataLocation = "/Library/Server/Messages"jabber:s2sRestrictDomains = nojabber:jabberdDatabasePath = "/Library/Server/Messages/Data/sqlite/jabberd2.db"jabber:sslCAFile = "/etc/certificates/chat.example.com.1234567890.chain.pem"jabber:jabberdClientPortTLS = 5222jabber:sslKeyFile = "/etc/certificates/chat.example.com.1234567890.concat.pem"jabber:initialized = yesjabber:enableXMPP = nojabber:savedChatsArchiveInterval = 7jabber:authLevel = "STANDARD"jabber:hostsCommaDelimitedString = "example.com"jabber:jabberdClientPortSSL = 5223jabber:requireSecureS2S = nojabber:savedChatsLocation = "/Library/Server/Messages/Data/message_archives"jabber:enableSavedChats = nojabber:enableAutoBuddy = yesjabber:s2sAllowedDomains = _empty_arrayjabber:logLevel = "ALL"jabber:hosts:_array_index:0 = "example.com"jabber:eventLogArchiveInterval = 7jabber:jabberdS2SPort = 0
Also, while you're troubleshooting, I found Adium's debug window to be invaluble for showing errors during logon (even if you plan to use Messages).
You can open it in debug mode by holding option + click Adium.app, select "start in debug mode". Then in Adium menu > Debug window. -
Windows users authenticating in OID in Unix
Hi !!!
I am newbie with LDAP and OID, so If anyone can help me...
I have a Computer Associates Aplication which authenticate users against LDAP server but this application is installed in a Windows 2003 Server.
This application already query OID sucessfuly, because this application simply point to OID server through it´s configuration.
My problem is for authenticate users against OID because in Computer Associates Application does not have any configuration to tell authentication server.
What I must configure to tell the Computer Associates Application, or Windows 2003 server to authenticate the users in OID instead locally??Hi !!!
I am newbie with LDAP and OID, so If anyone can help me...
I have a Computer Associates Aplication which authenticate users against LDAP server but this application is installed in a Windows 2003 Server.
This application already query OID sucessfuly, because this application simply point to OID server through it´s configuration.
My problem is for authenticate users against OID because in Computer Associates Application does not have any configuration to tell authentication server.
What I must configure to tell the Computer Associates Application, or Windows 2003 server to authenticate the users in OID instead locally??
Maybe you are looking for
-
My laptop display has gone black and I cannot find any means of getting it turned back on. This problem has occurred intermittently in the past and I have been able to get it back on by closing the laptop and then reopening it and all is well. I was
-
Merged CHMs in RH9 not appearing as merged
I upgraded RoboHelp 8 projects to RoboHelp 9. I have 6 different projects that I compile as CHMs and they are all merged to appear as one CHM to the end user. In the RoboHelp 8 generated CHMs, when I would click on one of the child projects, it would
-
I would have updates for my phone but they paused like 3/4th of the way.. i would have to turn off my phone just so it could finish.. does that happen to anyone else?
-
I can't change the picture in the "publish and submit" window.
I can't change the picture in the "publish and submit" window. It still has the stock "surfer" picture in place. When I try to drag another picture there, it won't stick and I cannot select and delete the "surfer" picture.
-
Boot camp stuck at the start of windows installation
Hi, i'm reading through the comunity and tried to find an answer to my issue. There was a another discussion that was close, but not enough Let me state clearly what's going on. Macbook pro OSX Mountain Lion 10.8.2 As i already have a win7 ultimate d