Active Directory Authentication, AFP Home Folders in the wrong place!

Similar Messages

• Cisco ISE Failure: 24408 User authentication against Active Directory failed since user has entered the wrong password

  Hi,
  Since we implemented Cisco ISE we receive the following failure on several Notebooks:
  Authentication failed : 24408 User authentication against Active Directory failed since user has entered the wrong password
  This happens 2 or 3 times per Day. So basically the authentications are working. But when the failure appears, the connection is lost for a short time.
  The Clients are using PEAP(EAP-MSCHAPv2) for Authentication. We've got a Cisco Wireless Environment (WLC 5508).
  Why is this happening?
  Thanks,
  Marc

  The possible causes of this error message are:
  1.] If the end user entered an incorrect username.
  2.] The shared sceret between WLC and ISE is mismatched. With this we'll see continous failed authentication.
  3.] As long as a PSN not receiving a response from the supplicant within this limit during an EAP conversation, it will throw this error code. In majority of cases it says eap session timed out.
  In your cases, the 3rd option seems to be the most closest one.
  Jatin Katyal
  - Do rate helpful posts -

• BO XI 3.1 : Active Directory Authentication failed to get the Active Directory groups

  Dear all 
          In our environment, there are 2 domain (domain A and B); it works well all the time. Today, all the user belong to domain A are not logi n; for user in domain B, all of them can log in but BO server response is very slowly. and there is error message popup when opening Webi report for domain B user. Below are the error message: 
         " Active Directory Authentication failed to get the Active Directory groups for the account with ID:XXXX; pls make sure this account is valid and belongs to an accessible domain"
        Anyone has encountered similar issue?
     BO version: BO XI 3.1 SP5
     Authenticate: Windows AD
  Thanks and Regards

  Please get in touch with your AD team and verify if there are any changes applied to the domain controller and there are no network issues.
  Also since this is a multi domain, make sure you have 2 way transitive forest trust as mentioned in SAP Note : 1323391 and FQDN for Directory servers are maintained in registry as per 1199995
  http://service.sap.com/sap/support/notes/1323391
  http://service.sap.com/sap/support/notes/1199995
  -Ambarish-

• Weblogic with Active Directory Authentication provider problem: DN for user ....: null

  I have a java application (SSO via SAML2) that uses Weblogic as a Identity Service Provider. All works well using users created directly in Weblogic. However, I need to add support for Active Directory. So, as per documentation:
  - I defined an Active Directory Authentication provider
  - changed it's order in the Authentication Providers list so that it comes first
  - set the control flag to SUFFICIENT and configured the Provider Specific; here's the concerned part in config.xml:
  <sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">
          <sec:name>MyOwnADAuthenticator</sec:name>
          <sec:control-flag>SUFFICIENT</sec:control-flag>
          <wls:propagate-cause-for-login-exception>true</wls:propagate-cause-for-login-exception>
          <wls:host>10.20.150.4</wls:host>
          <wls:port>5000</wls:port>
          <wls:ssl-enabled>false</wls:ssl-enabled>
          <wls:principal>CN=tadmin,CN=wl,DC=at,DC=com</wls:principal>
          <wls:user-base-dn>CN=wl,DC=at,DC=com</wls:user-base-dn>
          <wls:credential-encrypted>{AES}deleted</wls:credential-encrypted>
          <wls:cache-enabled>false</wls:cache-enabled>
          <wls:group-base-dn>CN=wl,DC=at,DC=com</wls:group-base-dn>
  </sec:authentication-provider>
  I configured a AD LDS instance(Active Directory Lightweight Directory Services) on a Windows Server 2008 R2. I created users and one admin user "tadmin" which was added to Administrators members. I also made sure to set msDS-UserAccountDisabled property to FALSE.
  After restarting Weblogic I can see that the AD LDS's users and groups are correctly fetched in Weblogic. But, when I try to connect with my application, using Username:tadmin and Password:<...> it does not work.
  Here's what I see in the log file:
  <BEA-000000> <LDAP Atn Login username: tadmin>
  <BEA-000000> <authenticate user:tadmin>
  <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
  <BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)>
  <BEA-000000> <DN for user tadmin: null>
  <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
  <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
  <BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)>
  <BEA-000000> <DN for user tadmin: null>
  <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
  <BEA-000000> <javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User tadmin denied
    at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:229)
    at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  So, I tried to look why do I have: <DN for user tadmin: null>. Using Apache Directory Studio I reproduced the ldap search request used in Weblogic and, sure enough, I get no results. But, changing the filter to only "(&(cn=tadmin)(objectclass=user))" (NOTICE, no userAccountControl), it works; here's the result from Apache Directory Studio:
  #!SEARCH REQUEST (145) OK
  #!CONNECTION ldap://10.20.150.4:5000
  #!DATE 2014-01-23T14:52:09.324
  # LDAP URL     : ldap://10.20.150.4:5000/CN=wl,DC=at,DC=com?objectClass?sub?(&(cn=tadmin)(objectclass=user))
  # command line : ldapsearch -H ldap://10.20.150.4:5000 -x -D "[email protected]" -W -b "CN=wl,DC=at,DC=com" -s sub -a always -z 1000 "(&(cn=tadmin)(objectclass=user))" "objectClass"
  # baseObject   : CN=wl,DC=at,DC=com
  # scope        : wholeSubtree (2)
  # derefAliases : derefAlways (3)
  # sizeLimit    : 1000
  # timeLimit    : 0
  # typesOnly    : False
  # filter       : (&(cn=tadmin)(objectclass=user))
  # attributes   : objectClass
  #!SEARCH RESULT DONE (145) OK
  #!CONNECTION ldap://10.20.150.4:5000
  #!DATE 2014-01-23T14:52:09.356
  # numEntries : 1
  (the "[email protected]" is defined as userPrincipalName in the tadmin user on AD LDS)
  As you can see, "# numEntries : 1" (and I can see as result the entry "CN=tadmin,CN=wl,DC=at,DC=com"  in Apache Directory Studio's interface); if I add the userAccountControl filter I get 0.
  I've read that the AD LDS does not use userAccountControl but "uses several individual attributes to hold the information that is contained in the flags of the userAccountControl attribute"; among those attributes is msDS-UserAccountDisabled which, as I said, I already set to FALSE.
  So, my question is, how do I make it work? Why do I have "<DN for user tadmin: null>" ? Is it the userAccountControl ? If it is, do I need to do some other configuration on my AD LDS ? Or, how can I get rid of the userAccountControl filter in Weblogic?
  I didn't seem to find it in config files or in the interface: I only have "User From Name Filter: (&(cn=%u)(objectclass=user))", there's no userAccountControl.
  Another difference I noticed is that, even though in Weblogic I have set ssl-enabled flag to false, in the logs I see ldaps and not ldap ( I'm not looking to setup something production-ready and I don't want SSL for the moment ).
  Here are some other things I tried but did not change anything:
  - the other "msDS-" attributes were not set so I tried initializing them to some value
  - I tried other users defined in AD LDS, not tadmin
  - in Weblogic I added users that were imported from AD LDS in Roles and Policies> Realm Roles > Global Roles > Roles > Admin
  - I removed all userAccountControl occurrences that I found in xml files in Weblogic (schema.ms.xml, schema.msad2003.xml)
  Any thoughts?
  Thanks.

  I managed to narrow it down: the AD LDS does not support the userAccountControl.
  Anyone knows how I can configure my Active Directory Authentication Provider in Weblogic so that it does not implicitly use userAccountControl as filter?
  <BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)> 

• Unable to find user list in Active Directory Authenticator

  Hi all,
  I am using weblogic 10.3 and want to configure ActiveDirectory Authenticator for my weblogic application. We have one managed srever under admin server . I have configured a Active Directory Authenticator named "ADAuthenticator" and made following changes as per the below values:
  I set the control flag to "OPTIONAL" .
  Security Realms-->myrealm-->Providers-->ADAuthenticator-->Provider Specific
  UserName Attribute : ServiceBEA
  Principal : ServiceBEA
  Host : xxxxxx
  User Search Scope : subtree
  Group From Name Filter : (&(ServiceBEA=%g)(objectclass=group))
  Credential : xxxxxx
  Confirm Credential : xxxxxx
  User From Name Filter : (&(ServiceBEA=%u)(objectclass=user))
  Static Group Name Attribute : ServiceBEA
  User Base DN : values provided as per requirement
  Port : 389
  User Object Class : user
  Use Retrieved User Name as Principal : checked
  Group Base DN : same values as per User Base DN
  Static Group Object Class : group
  Group Membership Searching : unlimited
  Max Group Membership Search Level : 0
  These are my AD settings. After doing this i click on save and then activate changes and then restarted the admin server.
  But the problem is when i login to weblogic console to check the user list under "User and Group" i am unble to find any Active Directory users.
  I don't know where i made the mistake. Can some make me out of this trouble.
  Any help is highly appreciated.
  Thanks in advance !

  Hi Sean,
  Actually we have already a Active Directory with username "ServiceBEA" in our windows server. So i used this "ServiceBEA" as UserName Attribute in weblogic console while creating a Active Directory Authenticator.
  You mean to say that we should go for "sAMAccountName" or what? If that is the case then i have also tested with following values, but still no luck.
  UserName Attribute : sAMAccountName
  Principal : ServiceBEA
  Host : xxxxxx
  User Search Scope : subtree
  Group From Name Filter : (&(sAMAccountName=%g)(objectclass=group))
  Credential : xxxxxx
  Confirm Credential : xxxxxx
  User From Name Filter : (&(sAMAccountName=%u)(objectclass=user))
  Static Group Name Attribute : sAMAccountName
  User Base DN : values provided as per requirement
  Port : 389
  User Object Class : user
  Use Retrieved User Name as Principal : checked
  Group Base DN : same values as per User Base DN
  Static Group Object Class : group
  Group Membership Searching : unlimited
  Max Group Membership Search Level : 0
  Please advise what to be place in case of User Name Attribute.
  Any help is highly appreciated.
  Thanks in advance !

• Active Directory Authentication in Weblogic 8.1

  Hi,
  We want to do authentication from Microsoft Active Directory using weblogic 8.1.
  I have created a Active directory and
  configured weblogic from console to use it. But it is still not working. Your
  help with these question would be highly
  appreciated.
  1. Is there anyone in group who have tried this before. Please let me know how
  to proceed.
  2. Is there any tool by which I can get to know the different attribute asked
  for configuration in Weblogic?
  3. I am not able to login to my application after configuration. Is there any
  other way to come to know whether it is working
  or not?
  There could be plethora of reason but nothing which can come to my mind. Everything
  seems to be configured correctly. Here is
  portion of my config.xml related with authentication:
  <FileRealm Name="wl_default_file_realm"/>
  <PasswordPolicy Name="wl_default_password_policy"/>
  <Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
  <Security GuestDisabled="false" Name="vendavo-dev"
  PasswordPolicy="wl_default_password_policy"
  Realm="wl_default_realm" RealmSetup="true">
  <weblogic.security.providers.authentication.DefaultAuthenticator
  ControlFlag="SUFFICIENT"
  Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authentication.DefaultIdentityAsserter
  ActiveTypes="AuthenticatedUser"
  Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultRoleMapper
  Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultAuthorizer
  Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultAdjudicator
  Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.credentials.DefaultCredentialMapper
  Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
  <weblogic.management.security.authentication.UserLockoutManager
  Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
  <weblogic.management.security.Realm
  Adjudicator="Security:Name=myrealmDefaultAdjudicator"
  AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
  =myrealmADAuthenticator"
  Authorizers="Security:Name=myrealmDefaultAuthorizer"
  CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
  DefaultRealm="true" DisplayName="myrealm"
  Name="Security:Name=myrealm"
  RoleMappers="Security:Name=myrealmDefaultRoleMapper"
  UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
  <weblogic.security.providers.pk.DefaultKeyStore
  Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
  ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
  DisplayName="ADAuthenticator" FollowReferrals="false"
  GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
  Name="Security:Name=myrealmADAuthenticator"
  Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
  </Security>
  First, of all is it possible to use Active Directory authentication in Weblogic
  without writing any custom code. If yes, how?
  Thanks in advance,
  Amit Tyagi

  Amit,
  We have successfully used WLS 8.1 sp1 with AD - but not without our share of ups
  and downs though.
  |
  |
  1) First, make sure you are sending right LDAP queries to AD. To verify this,
  we used free 3rd party LDAP browser from Softerra. There is also java based free
  browser from Univ of Michigan. Personally, I like Softerra's LDAP browser better.
  Play with your LDAP settings using this and make sure AD is returning the right
  data.
  |
  2) AD has some default settings that makes it return only the top 1000 users.
  Use ntdsutil.exe to modify these default settings
  |
  3) AD needs to have the right set of users and groups. To configure this, refer
  to WLS docs. This is very well documented in WLS docs. Also refer to this article
  http://dev2dev.bea.com/products/wlportal/whitepapers/wlp70_MSADS.jsp as additional
  reference
  |
  4) Also, there are some bugs with 8.1 portal sp1 and AD. It cannot take more than
  one Authentication provider. sp2 is supposed to have fixed it. For sp1 we used
  another product AD/AM (AD in Application Mode) in combination with MIIS server.
  But if you are using sp2, you shouldn't be worry about this.
  |
  5) In your providers, you might want to get rid of the DefaultAuthentication provider,
  once you are able to establish a connection with your ActiveDirectoryAuthentication
  provider. The DefaultAuthentication provider causes some problems and does not
  let ActiveDirectoryAuthentication provider to behave properly. We haven't fully
  investgated the root of this prob. When we deleted DefaultAuthentication provider,
  everything worked normally - so we didn't really care that much :-)
  |
  6) Make sure you have your JAAS options set to OPTIONAL initially and make sure
  your are able to authenticate talk to your AD.
  |
  These are the ones I could think of. Hope this helps..
  Regards,
  Anant
  "Amit" <[email protected]> wrote:
  >
  Hi,
  We want to do authentication from Microsoft Active Directory using weblogic
  8.1.
  I have created a Active directory and
  configured weblogic from console to use it. But it is still not working.
  Your
  help with these question would be highly
  appreciated.
  1. Is there anyone in group who have tried this before. Please let me
  know how
  to proceed.
  2. Is there any tool by which I can get to know the different attribute
  asked
  for configuration in Weblogic?
  3. I am not able to login to my application after configuration. Is there
  any
  other way to come to know whether it is working
  or not?
  There could be plethora of reason but nothing which can come to my mind.
  Everything
  seems to be configured correctly. Here is
  portion of my config.xml related with authentication:
  <FileRealm Name="wl_default_file_realm"/>
  <PasswordPolicy Name="wl_default_password_policy"/>
  <Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
  <Security GuestDisabled="false" Name="vendavo-dev"
  PasswordPolicy="wl_default_password_policy"
  Realm="wl_default_realm" RealmSetup="true">
  <weblogic.security.providers.authentication.DefaultAuthenticator
  ControlFlag="SUFFICIENT"
  Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authentication.DefaultIdentityAsserter
  ActiveTypes="AuthenticatedUser"
  Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultRoleMapper
  Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultAuthorizer
  Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultAdjudicator
  Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.credentials.DefaultCredentialMapper
  Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
  <weblogic.management.security.authentication.UserLockoutManager
  Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
  <weblogic.management.security.Realm
  Adjudicator="Security:Name=myrealmDefaultAdjudicator"
  AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
  =myrealmADAuthenticator"
  Authorizers="Security:Name=myrealmDefaultAuthorizer"
  CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
  DefaultRealm="true" DisplayName="myrealm"
  Name="Security:Name=myrealm"
  RoleMappers="Security:Name=myrealmDefaultRoleMapper"
  UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
  <weblogic.security.providers.pk.DefaultKeyStore
  Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
  ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
  DisplayName="ADAuthenticator" FollowReferrals="false"
  GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
  Name="Security:Name=myrealmADAuthenticator"
  Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
  </Security>
  First, of all is it possible to use Active Directory authentication in
  Weblogic
  without writing any custom code. If yes, how?
  Thanks in advance,
  Amit Tyagi

• WLS 7.0 Active Directory authenticator - problems starting managed server (Solaris 8)

  Has anyone managed to setup a WLS 7.0 Active Directory authenticator and booted
  a managed server using the node manager? I can boot the server without the AD
  authenticator and I can also boot the server using a script and successfully authenticate
  through AD. My AD control flag is set to OPTIONAL and I have also setup a default
  authenticator to boot weblogic - the control flag here is set to SUFFICIENT. This
  configuration works fine with weblogic running on W2K, but not on Solaris (it
  looks like the control flag is being ignored). Errors as follows
  ####<Oct 1, 2002 1:59:08 PM BST> <Info> <Logging> <mymachine> <server01> <main>
  <kernel identity> <> <000000> <FileLo
  gger Opened at /opt/app/live/appserver/domains/test/NodeManager/server01/server01.log>
  ####<Oct 1, 2002 1:59:09 PM BST> <Info> <socket> <mymachine> <server01> <main>
  <kernel identity> <> <000415> <System
  has file descriptor limits of - soft: 1,024, hard: 1,024>
  ####<Oct 1, 2002 1:59:09 PM BST> <Info> <socket> <mymachine> <server01> <main>
  <kernel identity> <> <000416> <Using e
  ffective file descriptor limit of: 1,024 open sockets/files.>
  ####<Oct 1, 2002 1:59:09 PM BST> <Info> <socket> <mymachine> <server01> <main>
  <kernel identity> <> <000418> <Allocat
  ing: 3 POSIX reader threads>
  ####<Oct 1, 2002 1:59:19 PM BST> <Critical> <WebLogicServer> <mymachine> <server01>
  <main> <kernel identity> <> <0003
  64> <Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException:
  Problem instantiating
  Authentication Providerjavax.management.RuntimeOperationsException: RuntimeException
  thrown by the getAttribute method of the Dynam
  icMBean for the attribute Credential>
  weblogic.security.service.SecurityServiceRuntimeException: Problem instantiating
  Authentication Providerjavax.management.RuntimeOper
  ationsException: RuntimeException thrown by the getAttribute method of the DynamicMBean
  for the attribute Credential
  at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:186)
  at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:236)
  at weblogic.security.service.SecurityServiceManager.doATN(SecurityServiceManager.java:1506)
  at weblogic.security.service.SecurityServiceManager.initializeRealm(SecurityServiceManager.java:1308)
  at weblogic.security.service.SecurityServiceManager.loadRealm(SecurityServiceManager.java:1247)
  at weblogic.security.service.SecurityServiceManager.initializeRealms(SecurityServiceManager.java:1364)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1107)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  ####<Oct 1, 2002 1:59:19 PM BST> <Emergency> <WebLogicServer> <mymachine> <server01>
  <main> <kernel identity> <> <000
  342> <Unable to initialize the server: Fatal initialization exception
  Throwable: weblogic.security.service.SecurityServiceRuntimeException: Problem
  instantiating Authentication Providerjavax.management.
  RuntimeOperationsException: RuntimeException thrown by the getAttribute method
  of the DynamicMBean for the attribute Credential
  weblogic.security.service.SecurityServiceRuntimeException: Problem instantiating
  Authentication Providerjavax.management.RuntimeOper
  ationsException: RuntimeException thrown by the getAttribute method of the DynamicMBean
  for the attribute Credential
  at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:186)
  at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:236)
  at weblogic.security.service.SecurityServiceManager.doATN(SecurityServiceManager.java:1506)
  at weblogic.security.service.SecurityServiceManager.initializeRealm(SecurityServiceManager.java:1308)
  at weblogic.security.service.SecurityServiceManager.loadRealm(SecurityServiceManager.java:1247)
  at weblogic.security.service.SecurityServiceManager.initializeRealms(SecurityServiceManager.java:1364)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1107)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)

  Solved the problem. The 'domain root' directory specified in the remote start configuration,
  must contain a copy of the file 'SerializedSystemIni.dat' that was created along
  with the domain, in order to boot when an AD authenticator is configured. If an
  AD authenticator is not configured, no file is required. This was not a platform
  specific issue; on Win2K I had configured the 'domain root' remote start parameter
  to point to an existing domain root and not a new directory.
  "Andrew Walker" <[email protected]> wrote:
  >
  Has anyone managed to setup a WLS 7.0 Active Directory authenticator
  and booted
  a managed server using the node manager? I can boot the server without
  the AD
  authenticator and I can also boot the server using a script and successfully
  authenticate
  through AD. My AD control flag is set to OPTIONAL and I have also setup
  a default
  authenticator to boot weblogic - the control flag here is set to SUFFICIENT.
  This
  configuration works fine with weblogic running on W2K, but not on Solaris
  (it
  looks like the control flag is being ignored). Errors as follows
  ####<Oct 1, 2002 1:59:08 PM BST> <Info> <Logging> <mymachine> <server01>
  <main>
  <kernel identity> <> <000000> <FileLo
  gger Opened at /opt/app/live/appserver/domains/test/NodeManager/server01/server01.log>
  ####<Oct 1, 2002 1:59:09 PM BST> <Info> <socket> <mymachine> <server01>
  <main>
  <kernel identity> <> <000415> <System
  has file descriptor limits of - soft: 1,024, hard: 1,024>
  ####<Oct 1, 2002 1:59:09 PM BST> <Info> <socket> <mymachine> <server01>
  <main>
  <kernel identity> <> <000416> <Using e
  ffective file descriptor limit of: 1,024 open sockets/files.>
  ####<Oct 1, 2002 1:59:09 PM BST> <Info> <socket> <mymachine> <server01>
  <main>
  <kernel identity> <> <000418> <Allocat
  ing: 3 POSIX reader threads>
  ####<Oct 1, 2002 1:59:19 PM BST> <Critical> <WebLogicServer> <mymachine>
  <server01>
  <main> <kernel identity> <> <0003
  64> <Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException:
  Problem instantiating
  Authentication Providerjavax.management.RuntimeOperationsException:
  RuntimeException
  thrown by the getAttribute method of the Dynam
  icMBean for the attribute Credential>
  weblogic.security.service.SecurityServiceRuntimeException: Problem instantiating
  Authentication Providerjavax.management.RuntimeOper
  ationsException: RuntimeException thrown by the getAttribute method of
  the DynamicMBean
  for the attribute Credential
  at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:186)
  at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:236)
  at weblogic.security.service.SecurityServiceManager.doATN(SecurityServiceManager.java:1506)
  at weblogic.security.service.SecurityServiceManager.initializeRealm(SecurityServiceManager.java:1308)
  at weblogic.security.service.SecurityServiceManager.loadRealm(SecurityServiceManager.java:1247)
  at weblogic.security.service.SecurityServiceManager.initializeRealms(SecurityServiceManager.java:1364)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1107)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  ####<Oct 1, 2002 1:59:19 PM BST> <Emergency> <WebLogicServer> <mymachine>
  <server01>
  <main> <kernel identity> <> <000
  342> <Unable to initialize the server: Fatal initialization exception
  Throwable: weblogic.security.service.SecurityServiceRuntimeException:
  Problem
  instantiating Authentication Providerjavax.management.
  RuntimeOperationsException: RuntimeException thrown by the getAttribute
  method
  of the DynamicMBean for the attribute Credential
  weblogic.security.service.SecurityServiceRuntimeException: Problem instantiating
  Authentication Providerjavax.management.RuntimeOper
  ationsException: RuntimeException thrown by the getAttribute method of
  the DynamicMBean
  for the attribute Credential
  at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:186)
  at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:236)
  at weblogic.security.service.SecurityServiceManager.doATN(SecurityServiceManager.java:1506)
  at weblogic.security.service.SecurityServiceManager.initializeRealm(SecurityServiceManager.java:1308)
  at weblogic.security.service.SecurityServiceManager.loadRealm(SecurityServiceManager.java:1247)
  at weblogic.security.service.SecurityServiceManager.initializeRealms(SecurityServiceManager.java:1364)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1107)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)

• Active Directory Authentication and permissions for user group in APEX 4.0

  Hello,
  I am new to oracle APEX and I have searched the forum for active directory authentication for a user group and I am really confused about all the different threads. Can anyone please provide me the steps to follow; in order to implement AD authentication for a user group in Oracle APEX 4.0.
  These are the threads which i was looking at to get an idea like how AD authentication works but its really confusing for me.
  Help with Authentication (APEX_LDAP.AUTHENTICATE)
  Re: LDAP Authentication Via Groups
  Thanks,
  Tony

  You need to give it more than 30 minutes before bumping your own post. This is not an official support channel, so you need to be patient and wait for people to read, think and respond.

• Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site

  Have an existing ex2010 sp3 organization.
  Could not run ex2013cu1 setup from my newly built 2012 server, getting the error in the subject line.  I used the command line to run the AD preparation steps successfully from my 2012 DC/GC, then tried to run setup again from the new 2012 server and
  still get the same error.  The error itself in the log is pretty useless:
  [05/07/2013 01:19:13.0137] [0] **********************************************
  [05/07/2013 01:19:13.0137] [0] Starting Microsoft Exchange Server 2013 Cumulative Update 1 Setup
  [05/07/2013 01:19:13.0137] [0] **********************************************
  [05/07/2013 01:19:13.0152] [0] Local time zone: (UTC-08:00) Pacific Time (US & Canada).
  [05/07/2013 01:19:13.0152] [0] Operating system version: Microsoft Windows NT 6.2.9200.0.
  [05/07/2013 01:19:13.0152] [0] Setup version: 15.0.620.29.
  [05/07/2013 01:19:13.0152] [0] Logged on user: DOMAIN\ADMINISTRATOR.
  [05/07/2013 01:19:13.0168] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
  [05/07/2013 01:19:13.0168] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
  [05/07/2013 01:19:13.0215] [0] Command Line Parameter Name='sourcedir', Value='\\h1\f$\junk\installers\server\Exchange\2013cu1'.
  [05/07/2013 01:19:13.0215] [0] Command Line Parameter Name='mode', Value='Install'.
  [05/07/2013 01:19:13.0215] [0] RuntimeAssembly was started with the following command: '/sourcedir:\\SERVER\f$\junk\installers\server\Exchange\2013cu1 /mode:Install'.
  [05/07/2013 01:19:13.0215] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
  [05/07/2013 01:19:13.0793] [0] Finished loading screen CheckForUpdatesPage.
  [05/07/2013 01:19:38.0762] [0] Finished loading screen UpdatesDownloadsPage.
  [05/07/2013 01:19:40.0496] [0] Starting file's copying...
  [05/07/2013 01:19:40.0496] [0] Setup copy files from '\\SERVER\f$\junk\installers\server\Exchange\2013cu1\Setup\ServerRoles\Common' to 'C:\Windows\Temp\ExchangeSetup'
  [05/07/2013 01:19:40.0700] [0] Finished loading screen CopyFilesPage.
  [05/07/2013 01:19:40.0840] [0] Disk space required: 1292445007 bytes.
  [05/07/2013 01:19:40.0840] [0] Disk space available: 23767240704 bytes.
  [05/07/2013 01:19:59.0762] [0] File's copying finished.
  [05/07/2013 01:19:59.0965] [0] Finished loading screen InitializingSetupPage.
  [05/07/2013 01:20:02.0934] [0] Setup is choosing the domain controller to use
  [05/07/2013 01:20:09.0325] [0] Setup is choosing a local domain controller...
  [05/07/2013 01:20:11.0794] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency. 
  See the Exchange setup log for more information on this error.
  [05/07/2013 01:20:11.0794] [0] [ERROR] Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
  [05/07/2013 01:20:11.0809] [0] Setup will use the domain controller ''.
  [05/07/2013 01:20:11.0809] [0] Setup will use the global catalog ''.
  [05/07/2013 01:20:11.0825] [0] Exchange configuration container for the organization is 'CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local'.
  [05/07/2013 01:20:11.0919] [0] Exchange organization container for the organization is 'CN=DOMAIN,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local'.
  [05/07/2013 01:20:11.0966] [0] Setup will search for an Exchange Server object for the local machine with name 'WEX1'.
  [05/07/2013 01:20:12.0028] [0] No Exchange Server with identity 'WEX1' was found.
  [05/07/2013 01:20:12.0044] [0] The following roles have been unpacked:
  [05/07/2013 01:20:12.0044] [0] The following datacenter roles are unpacked:
  [05/07/2013 01:20:12.0044] [0] The following roles are installed:
  [05/07/2013 01:20:12.0059] [0] The local server does not have any Exchange files installed.
  [05/07/2013 01:20:12.0075] [0] Server Name=WEX1
  [05/07/2013 01:20:12.0137] [0] Setup will use the path '\\SERVER\f$\junk\installers\server\Exchange\2013cu1' for installing Exchange.
  [05/07/2013 01:20:12.0137] [0] The installation mode is set to: 'Install'.
  [05/07/2013 01:20:27.0591] [0] An Exchange organization with name 'DOMAIN' was found in this forest.
  [05/07/2013 01:20:27.0591] [0] Active Directory Initialization status : 'False'.
  [05/07/2013 01:20:27.0591] [0] Schema Update Required Status : 'False'.
  [05/07/2013 01:20:27.0591] [0] Organization Configuration Update Required Status : 'False'.
  [05/07/2013 01:20:27.0591] [0] Domain Configuration Update Required Status : 'False'.
  [05/07/2013 01:20:27.0841] [0] Applying default role selection state
  [05/07/2013 01:20:27.0872] [0] Setup is determining what organization-level operations to perform.
  [05/07/2013 01:20:27.0872] [0] Because the value was specified, setup is setting the argument OrganizationName to the value DOMAIN.
  [05/07/2013 01:20:27.0872] [0] Setup will run from path 'C:\Windows\Temp\ExchangeSetup'.
  [05/07/2013 01:20:27.0888] [0] InstallModeDataHandler has 0 DataHandlers
  [05/07/2013 01:20:27.0888] [0] RootDataHandler has 1 DataHandlers
  [05/07/2013 01:20:27.0903] [0] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.  See
  the Exchange setup log for more information on this error.
  [05/07/2013 01:20:27.0935] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency. 
  See the Exchange setup log for more information on this error.
  [05/07/2013 01:21:04.0154] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
  [05/07/2013 01:21:04.0154] [0] End of Setup
  [05/07/2013 01:21:04.0154] [0] **********************************************

  Hi,
  The cause is clearly described in the log:
  [05/07/2013 01:20:11.0794] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency. 
  See the Exchange setup log for more information on this error.
  [05/07/2013 01:20:11.0794] [0] [ERROR] Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
  I'd suggest you check NIC settings and AD configuration.
  Hope it is helpful.
  Fiona Liao
  TechNet Community Support

• Active Directory Certificate Services setup failed with the following error: Overlapped I/O operation is in progress. 0x800703e5 (WIN32: 997)

  Hi,
  I am trying to install certificate services on a windows 2008 server (R2 ENT SP1) with a PCIe nCipher HSM module installed on it. The version of nCipher SW is = 11.30.  It is a RootCA, and I am trying to use a key that is already stored in the HSM (I
  have done this before with a PCI HSM (older HW version)).  I select “Use existing private key” and “Select an existing private key on this computer” on the wizard, then i change the CSP to nCipher and click on "search" the key I am looking for
  appears and I select that one.  I repeat, I have done this before and it works with a PCI HSM module.
  The installation is finished before being prompted to insert the operator cards, and it ends with two errors:
  <Error>: Active Directory Certificate Services setup failed with the following error: Overlapped I/O operation is in progress. 0x800703e5 (WIN32: 997)
  And:
  <Error>: Active Directory Certificate Services setup failed with the following error: The group or resource is not in the correct state to perform the requested operation.
  0x8007139f (WIN32: 5023)
  The servermanager.log says:
  1856: 2014-07-23 18:27:48.195 [CAManager]                 Sync: Validity period units: Years
  1856: 2014-07-23 18:27:48.928 [Provider] Error (Id=0) System.Runtime.InteropServices.COMException (0x800703E5): CCertSrvSetup::Install: Overlapped I/O operation is in progress. 0x800703e5 (WIN32: 997)
     at Microsoft.CertificateServices.Setup.Interop.CCertSrvSetupClass.Install()
     at Microsoft.Windows.ServerManager.CertificateServer.CertificateServerRoleProvider.Configure(InstallableFeatureInformation featureInfo, DiscoveryResult discoveryResult, ChangeTracker changeTracker)
  1856: 2014-07-23 18:27:48.928 [Provider]                  CAErrorID: 0, CAErrorString: 'Active Directory Certificate Services setup failed with the following error:  Overlapped I/O operation is in progress.
  0x800703e5 (WIN32: 997)'
  1856: 2014-07-23 18:27:48.928 [Provider]                  Adding error message.
  1856: 2014-07-23 18:27:48.928 [Provider]                  [STAT] For 'Certification Authority':
  And:
  1856: 2014-07-23 18:27:49.053 [CAWebProxyManager]         Sync: Initializing defaults
  1856: 2014-07-23 18:27:49.162 [Provider] Error (Id=0) System.Runtime.InteropServices.COMException (0x8007139F): CCertSrvSetup::Install: The group or resource is not in the correct state to perform the requested operation. 0x8007139f (WIN32: 5023)
     at Microsoft.CertificateServices.Setup.Interop.CCertSrvSetupClass.Install()
     at Microsoft.Windows.ServerManager.CertificateServer.CertificateServerRoleProvider.Configure(InstallableFeatureInformation featureInfo, DiscoveryResult discoveryResult, ChangeTracker changeTracker)
  1856: 2014-07-23 18:27:49.162 [Provider]                  CAErrorID: 0, CAErrorString: 'Active Directory Certificate Services setup failed with the following error:  The group or resource is not in the correct
  state to perform the requested operation. 0x8007139f (WIN32: 5023)'
  1856: 2014-07-23 18:27:49.162 [Provider]                  Adding error message.
  Has anyone experienced this before? Am I missing something here?
  Any help will be very appreciated
  Thanks in advance
  Best regards
  Alejandro Lozano Villanueva

  Hi, thanks for your support.
  I have been playing around a bit with some ncipher commands and found this:
  C:\Program Files (x86)\nCipher\nfast\bin>cspcheck.exe
  cspcheck: fatal error: File key_mscapi_container-1c44b9424a23f6cddc91e8a065241a0
  9aa719e4f (key #1): 0 modules contain the counter (NVRAM file ID 021c44b9424a23f
  6cddc91)
  cspcheck: information: 2 containers and 2 keys found.
  cspcheck: fatal error occurred.
  If I perform the same command on the original server (the server with the original kmdata folder and with the running RootCA services):
  E:\nfast\bin>cspcheck.exe
  cspcheck: information: 2 containers and 2 keys found.
  cspcheck: everything seems to be in order.
  Strange?
  Moreover, when I do a csptest.exe command (also on both servers, i find this)
  On the new server:
  C:\Program Files (x86)\nCipher\nfast\bin>csptest.exe
  nCipher CSP test software
  =========================
  Found the nCipher domestic CSP named 'nCipher Enhanced Cryptographic Provider'
    Provider name: nCipher Enhanced Cryptographic Provider
    Version number: 1.48
  User key containers:
      Container 'csptest.exe' has no stored keys.
      Container 'Administrator' has no stored keys.
    Machine key containers:
      Container '352dd28a-17cb-4c6f-b6e4-bf39bcf75db5' has a 2048-bit signature key.
      Container 'ROOTCA' has no stored keys.
      Container 'csptest.exe' has no stored keys.
  While in the old server:
  E:\nfast\bin>csptest.exe
  nCipher CSP test software
  =========================
  Found the nCipher domestic CSP named 'nCipher Enhanced Cryptographic Provider'
    Provider name: nCipher Enhanced Cryptographic Provider
    Version number: 1.40
  User key containers:
      Container 'csptest.exe' has no stored keys.
    Machine key containers:
      Container '352dd28a-17cb-4c6f-b6e4-bf39bcf75db5' has a 2048-bit signature key.
      Container 'ROOTCA' has a 2048-bit signature key.
      Container 'csptest.exe' has no stored keys.
  As you can see, the container called ROOTCA, which is the one that I use during the installation, says it has no stored keys.  While on the old server, it says it contains a key.  Why is this happening?  I dont know, I am copying the complete
  key management folder from one server to another and initialize the security world with that folder as I always do, and i dont have any errors during this procedure. 
  Do you know what could be the cause of this? or how can I fix this?  Thanks a lot, best regards.
  Alejandro Lozano Villanueva

• How do I best integrate existing laptops for a new server?  Can I use the existing home folders on the laptops and make them into Network Users?

  How do I best integrate existing laptops for a new server?  Can I use the existing home folders on the laptops and make them into Network Users?

  Yes it will work.  I've done it for a few users in my small office.  As with anything, there are quirks that you may or may not experience.  Most quirks are app-related, due to app developers hard-coding absolute paths into their apps for things like temp files (Photoshop).  Strategies for resolving these sorts of quirks can be found via google.  You would probably have seen these quirks already when using server-based home folders for your kids.  If you haven't noticed them, then you're probably fine.
  The tech note you cited should be fine.  It doesn't explicitly say so, but you'll need to enable ssh on your server, at least temporarily, so you can upload your home folder to the server using scp, rsync, etc.  Don't try to copy the files up to the server via Finder.
  Once all your files are transferred to the server and in the right place, make sure to chown them on the server, so they are owned by the userID you created for yourself on the server.
  As with anything this involved, make a good backup of your laptop first.
  Note I have one user that isn't too happy with the responsiveness of the periodic mobile home syncing.  She has about a decade of e-mail in her home folder, probably 50 to 100 emails per day, many with attachments.  Mobile home syncing takes a long time to check and sync this huge tree of itty-bitty files, eevn with server-side file tracking turned on.  The other users are happy.
  The nice thing about mobile home syncing is that when a user "graduates" to an age where they've earned their own laptop, you can change them from a server home user to a mobile home user, with a minimum of fuss.  Also, if you lose or break a laptop, you can add a new replacement laptop to your network, and pull-down a replica of the home folder from the server, with almost no downtime.

• IPhoto - My iPhoto is not responding. When I click on iPhoto I get a never ending spinning beachball.  I almost think it is looking in the wrong place for the pictures.  How do I redirect it back to the Mac hard drive?

  My iPhoto is not responding.  Whenever I click on the iPhoto icon I get a twirling beachball.  It is as if the machine is looking in the wrong place for the photos.  How can I see where the machine is looking to find out if this is really the problem.  How can I see the path?

  Try this:  launch iPhoto with the Option key held down and create a new, test library.  Import some photos and check to see if the same problem persists. If it doesn't then the problem lies with your current library.
  If that's the case  Apply the two fixes below in order as needed: 
  Fix #1
  Launch iPhoto with the Command+Option keys held down and rebuild the library.
  Since only one option can be run at a time start with Option #3, followed by #4 and then #1 as needed.
  Fix #2
  Using iPhoto Library Manager  to Rebuild Your iPhoto Library
  1 - download iPhoto Library Manager and launch.
  2 - click on the Add Library button, navigate to your Home/Pictures folder and select your iPhoto Library folder.
  3 - Now that the library is listed in the left hand pane of iPLM, click on your library and go to the File ➙ Rebuild Library menu option.
  4 - In the next  window name the new library and select the location you want it to be placed.
  5 - Click on the Create button.
  Note: This creates a new library based on the LIbraryData.xml file in the library and will recover Events, Albums, keywords, titles and comments.  However, books, calendars, cards and slideshows will be lost. The original library will be left untouched for further attempts at fixing the problem or in case the rebuilt library is not satisfactory.
  OT

• I have been editing project for two weeks and now I get ghosts of other images fromt eh project coming up in the wrong places even though the thumbnail looks right. Help.

  Help. I have been editing a project for two weeks and now it gets ghosts of ohter images from the project coming up in the wrong places. The thumbnail has the correct image but the image either does not display and its black or an old image or another one shows.

  When I have problems like this I do two things. First I shut down and restart iMovie. Sometimes that rejuggles the date. But I am sure you have been doing that in such a long project.
  The Second thing I do is delete iMovie preferences, which can get corrupted.
  Home-library-preferences-com.apple.imoviepref
  Hugh

• What If The repeat is in the wrong place

  Just want to share my first panic moment...
  This is a stupid question but I like to know the best way to handle this.
  It was my first panic moment because I had never seen this before.
  This weekend I was testing some scripts with a loop (repeat action)
  The script had to make a new text edit document, and some more tasks...
  But I placed the repeat at the wrong place so when running the script...
  I had in no time 300 documents and keep counting... So the repeat was wrong...
  and the script keep running and running.... panic... How do I stop this ?...
  So I force quit text editor. but the script(activate text edit) and keep on running... I had so many files open on top the system almost crashes...
  The only solution I had was shut down..
  And hoping the script doesn't start over...
  ok.. didn't continue... fiew.
  Did some changes and had to run it again... (Hoping that it will work)
  almost ready... one more shut down. (again many files...)
  So after the last changes the script works perfect but I want to know how I do this in the future when testing something like this...
  When A script keep running.
  What is the most elegant way to stop this?
  thanks.

  Command-. is the standard method to stop a process.
  This may not work if your script first sets TextEdit to the active app (via an activate command) because that would send the Command-. to TextEdit, not to the script.
  If that were the case then you would first have to activate the Script Editor (or wherever you ran the script). If the activate command was within the loop then that might silll fail because it would switch back to TextEdit before you had a chance to stop the script.
  If all else fails, Ctrl-click on the Script Editor's icon in the dock and choose 'Quit'. This should send a signal to the app to stop processing (hopefully offering you a chance to save your script). At that point you can quit or not - the script has stopped running which is the main point.
  If that still doesn't work, then you may have to force quit Script Editor, losing any unsaved edits to your script, but it wouldn't be as harsh as a forced shutdown of the whole machine.

• Pacman looking for pacman.conf in the wrong place?

  When using yaourt, I had been getting an error message to do with pacman.conf not being found. I fixed this by creating my own and saving it in
  /usr/local/etc/pacman.conf
  (it's the only file in /usr/local/etc)
  I then got the error message:
  failed to initialize alpm library (could not find or read directory)
  After some googling and learning about the find command, I found the following files:
  /usr/lib/libalpm.so
  /usr/lib/libalpm.so.8
  /usr/lib/pkgconfig/libalpm.pc
  /usr/lib/libalpm.so.8.0.2
  So I'm guessing that I do have the alpm library, but pacman (or Yaourt?) isn't finding it.
  Further use of 'find' found the following versions of pacman:
  /usr/local/etc/pacman.conf
  /etc/pacman.conf
  Which then lead me to believe that I have the necessary files but they are in the wrong place or there is a config file (or something) that I need to alter.
  Any ideas what I've done wrong and how to correct it?
  Thanks, James

  I've just tried
  pacman -S man-pages
  as a test, and it worked ok.
  So, Bug Wrangler is probably right. Any ideas how I fix it, or is the solution to start again? If I need to start again, is there an easy way to remove yaourt?
  Last edited by james13 (2014-10-05 18:57:00)