AD users login issue.

Similar Messages

• EDirectory users login issue(Linux Systems)

  Dear team,
  For PDC(primary domain controller)::
  We have installed SLES11-SP3 and OES11-SP2 on the top of this.
  After this, we configured DSFW and eDirectory.
  Now, when we are trying to login eDirectory users from Windows System,, we are able to do this.
  But when we trying from Linux Systems, users are able to login but not getting their respective directory (/home/user_name)
  For ADC(additional domain controller)::
  We configured same configuration as shown above by replicating tree.
  For this server, when we are trying to login eDirectory users from Windows and Linux Systems, we able to do this successfully without any issue.
  Both Servers we are using for high availability.
  Please help us on the PDC.
  Thanks

  Dear Team,
  As you asked we don't know whether it is using ncp or dsfw, please let us know this also. I want to give you clear picture, step by step.
  Goal:
  1. We have two systems, need replication of edirectory Partition.
  2. We need to login from edirectory users in windows/linux both
  3. We want to login into windows systems like AD users from DSFW, using domain login.
  4. We need to login in Linux machine with eDirectory users using LDAP authentication
  5. We need to sync both systems 24x7x365
  Implementation:
  1. We have install SLES11-S3 with OES2-S2 in first machine with image name OES11-SP2-addon_with_SLES11-SP3-x86_64-DVD.iso (4GB image size)
  https://www.novell.com/documentation.../b11i67vh.html
  a) Installation of forest root domain.
  b) New tree : K_TREE
  c) FDN : cn=administrator,cn=Users,dc=k2,dc=gov,dc=in
  d) Net bios domain name = k2
  e) Configure this server as WINS server:selected check box
  f) Site name : DC
  Particulars:
  IP : 10.0.0.136
  Hostname: PDC.k2.gov.in
  Domain: k2.gov.in
  Netbios name: k2
  NTP: 10.0.0.136 (we dont have ntp server as of now)
  Selected : Use multicast to access SLP
  Novell modular authentication services: Challenge response, NDS
  Then Novell OES configuration successfully done.
  2. In second server we have replicated first edirectory server.
  a) SLP Server : blank
  b) NTP: 10.0.0.136
  c) Existing tree : K_TREE
  d) IP:10.0.0.135
  e) FDN: cn=administrator,cn=Users,dc=k2,dc=gov,dc=in
  f) Enter Server Context: dc=k2,dc=gov,dc=.in
  g) Hostname : ADC.k2.gov.in
  We have installed only iManager and edirectory with existing PDC eDirectory.
  Replication done successfully
  IP Hostname Partition Windows without agent Linux LDAP replication home directory in linux
  PDC 10.0.0.136 PDC.k2.gov.in k2 login login done yes
  ADC 10.0.0.135 ADC.k2.gov.in k2 login login done no
  Testing PDC :
  1. Windows 7, successfully joined DSFW domain : k2.gov.in
  2. Windows Users are able to login from edirectory/DSFW users
  3. Linux Users are also able to login with normal shell, but not getting home directory
  Testing ADC :
  1. Windows 7, successfully joined DSFW domain : k2.gov.in
  2. Windows Users are able to login from edirectory/DSFW users
  3. Linux Users are also able to login with normal shell, also getting home directory
  Query : In PDC (DSFW Domain k2.gov.in) Linux users are getting shell but not getting Home directory in RHEL-6.5, but ADC (DSFW Domain k2.gov.in) Linux Users are getting shell as well as Home directory also.

• Mac OSX Lion Server Network User Login Issue

  We have in the office a server running Mac OSX Lion, and several network users who've all been running happily for quite a will.
  About a month ago I was added to the system, and initially we had a few issues relating to the home directory, but we changed 'something' and it all worked.
  Fast forward to now, and we've added a new user - Hannah - to our system.
  I've added her in the Workgroup Manager, and set her up everywhere I can find on the server. Her home directory creates on the server fine.
  She appears in the Logon list on the client machines, and here's where the trouble starts...
  Every time she tries to log on, it fails. The logon box just bounces or wobbles as though the password is incorrect. We've tried changing the password, to no avail. We've tried adding new test users - same problem.
  We've tried sudo kinet on the Terminal as a local user, with variable results.
  I'm at my wits end, and really hoping someone here can help offer some suggestions or advice we can work through to get to the bottom of this.
  Thanks in advance!

  Your problems are likely occurring because you added her to the directory with Workgroup Manager.
  You should really start avoiding WGM when at all possible as Apple is clearly moving away from it. Because of this, things don't always work as expected when using 'legacy' tools like WGM.
  My guess as to what your problem is: When you create a new user in Server.app, two things happen for you automatically that WILL NOT HAPPEN if done from WGM.
  First the user is added to the default "Workgroup" group.
  More importantly (and the source of much confusion), the user is automatically added to SACLs.
  Check the SACL for the user in Server.app, I bet you'll notice that they aren't a member of the File Sharing group like they should be. To solve this problem, you can either delete the user and recreate them in Server.app, or manually add them to the appropriate SACL.
  I would opt for recreating them in Server.app if I were you, as I don't trust user accounts that originate in WGM on Lion Server.

• LDAP/AD Role group user login issue in sharepoint 2010 FBA with LDAP

  Hi.
  I created sharepoint 2010 site with LDAP FBA.If I add the AD user as form based user and try to login to my site its working very well but if I add a AD Group in to my site and try to login with one of the AD user of this group its say "Access
  Denied".
  In my project we want add AD group in sharepoin Groups not a individual AD users.
  Can anyone help me with this please its urgant?

  I added both LDAP membership and LDAP Role provider.And I can also find groups in people picker in my Central Admin and FBA Web app site colleciton.  
  <add name="ADMembers"
  type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
  server="company.com"
  port="389"
  useSSL="false"
  userNameAttribute="sAMAccountName"
  userContainer="DC=company,DC=com"
  userObjectClass="person"
  userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
  userDNAttribute="distinguishedName"
  scope="Subtree"
  enableSearchMethods="true"
  otherRequiredUserAttributes="sn,givenname,cn"
  />
  <add name="ADRoles"
  type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="Company.com"
  port="389"
  useSSL="false"
  groupContainer="DC=Company,DC=com"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="sAMAccountName"
  dnAttribute="distinguishedName"
  groupFilter="(ObjectClass=group)"
  userFilter="(ObjectClass=person)"
  scope="Subtree" />

• OS X 10.10.2 Server 4.0.3 Wiki User Login Issue

  I have an Apple wiki that seems to be running fine for all but one user.
  Now, when that user tries to login it just sits there and does not process the username or password.
  When you go to All People that user is no longer listed there.
  We authenticate via Active Directory.
  Where should I start trouble shooting?

  After the user attemps to login, when they return to the page they get this until they clear their internet data from Safari:
  Caught exception "[<CSEntityPlaceholder 0x7fbc404fb9a0> valueForUndefinedKey:]: this class is not key value coding-compliant for the key externalID." [NSUnknownKeyException] executing route /app-context/wiki:
  0 CoreFoundation 0x00007fff90a3966c __exceptionPreprocess + 172
  1 libobjc.A.dylib 0x00007fff8d20d76e objc_exception_throw + 43
  2 CSService 0x0000000100dbf569 -[CSLocalServiceProxy forwardInvocation:] + 1278
  3 CoreFoundation 0x00007fff909838a6 ___forwarding___ + 518
  4 CoreFoundation 0x00007fff90983618 _CF_forwarding_prep_0 + 120
  5 CSService 0x0000000100de86f3 __27-[CSAppContextService init]_block_invoke234 + 180
  6 CSService 0x0000000100dcfaf4 __53-[CSRoutingHTTPConnection httpResponseForMethod:URI:]_block_invoke + 92
  7 CSService 0x0000000100dd30ea -[CSHTTPBackgroundResponse bounce:] + 284
  8 Foundation 0x00007fff9523c90a __NSThread__main__ + 1345
  9 libsystem_pthread.dylib 0x00007fff8c145268 _pthread_body + 131
  10 libsystem_pthread.dylib 0x00007fff8c1451e5 _pthread_body + 0
  11 libsystem_pthread.dylib 0x00007fff8c14341d thread_start + 13

• CUPS 8.0 end user login issue

  Hi All,
  I am having CUCM 7.1.5 and CUPS 8.0(4) installed. The problem is when I tried to login the CUPS user page the it says "login failed". The CUPS intergration with CUCM seem to be fine because all the end users can be seen in CUPS. But I am not able to login the CUPS user page. Users have needed roles assigned to them.
  CUCM is sycronized with LDAP server over SSL
  Can anyone pls help me on this. What else I need to check? Is there any log to check on CUCM or CUPS?
  Thanks

  Hi Ronak,
  It is not the problem login to the CUPC  (still I didn't tried it), I have problem login to the CUPS User Web page using end user credentials in CUCM
  End users have needed roles assigned and they also are CUP enabled users
  Pls can you suggest me to any thing to check, As I said our CUCM is sycronized with LDAP server over SSL
  Thanks

• Exchange 2003/2010 Coexistance - User login Issue

  Hello
  We have deployed Exchange 2010 SP3 in coexistance with 2003 and created connectors.
  2003/2010 both Users are not able to login on 2010 OWA and error showing that username/PW is wrong although they are working on OWA 2003 perfectly.
  When i add the same user to the local admin group on the Ex2010 server, it works fine with email send/receive. i am confused please suggest what i am missing....Regards
  Waseem

  Hello
  This is the error that occured during that time.
  SACL Watcher servicelet encountered an error while monitoring SACL change.
  Got error 1722 opening group policy on system SERVER.DOMAIN in domain MYDOMAIN.
  Event ID 6003
  Source : MSExchange SACL Watcher
  i am not sure if its related to this problem.
  Secondly i have also tested to run the "Microsoft Exchange Active Directory Topology Service" with a new user having all the rights of exchange & AD groups but its showing giving the error that it cant run the dependency
  services. currently this service is running with the local account rights.
  I just add the test users (moved from 2003 and new user created in 2010) to the local admin group and it works fine, please give any idea what may be the problem in rights or something else ??
  Regards
  Waseem

• Wiki Server - AD User Login Issues (8002)

  I'm in the process of getting wiki server functioning in an AD integrated environment. We have login, portable home directories, and many other integrated services working properly, but I'm having trouble with wiki server. When logging in to the server using OD credentials, things function properly. However, when logging in with AD credentials, users are presented with "Invalid Session (8002)" in a web browser popup, and the server notes the following in its error logs:
  2008-07-02 09:29:45-0400 [HTTPChannel,12,127.0.0.1] Unhandled Error
  Traceback (most recent call last):
  File "/usr/share/caldavd/lib/python/twisted/web/http.py", line 598, in requestReceived
  self.process()
  File "/usr/share/caldavd/lib/python/twisted/web/server.py", line 150, in process
  self.render(resrc)
  File "/usr/share/caldavd/lib/python/twisted/web/server.py", line 157, in render
  body = resrc.render(self)
  File "/usr/share/wikid/lib/python/applexmlrpcserver/WebAppServer.py", line 70, in render
  d = defer.maybeDeferred(function, request, *args)
  --- <exception caught here> ---
  File "/usr/share/caldavd/lib/python/twisted/internet/defer.py", line 107, in maybeDeferred
  result = f(*args, **kw)
  File "/usr/share/wikid/lib/python/applexmlrpcserver/WebAppServer.py", line 91, in xmlrpc_login
  session = SessionHandler.sessionHandler.sessionForID(session_id)
  File "/usr/share/wikid/lib/python/apple_utilities/SessionHandler.py", line 155, in sessionForID
  return self.authProvider.avatarForSession(sessionid)
  File "/usr/share/wikid/lib/python/apple_utilities/Authentication.py", line 349, in avatarForSession
  return self.sessionFactory.getSession(sessionId)
  File "/usr/share/wikid/lib/python/apple_utilities/Authentication.py", line 210, in _func
  return f(self, *args, **kwargs)
  File "/usr/share/wikid/lib/python/apple_utilities/Authentication.py", line 269, in getSession
  raise InvalidSessionError(sessionId)
  apple_utilities.Authentication.InvalidSessionError: Invalid Session:
  2008-07-02 09:29:45-0400 [HTTPChannel,12,127.0.0.1] 127.0.0.1 - - [02/Jul/2008:13:29:44 +0000] "POST / HTTP/1.1" 200 1758 "http://cts-fs01/groups/cts/" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 1054; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1"
  Any suggestions or ideas? Smells like a bug to me unfortunately...
  Many thanks,
  Josh

  Clear text authentication must first be enabled for both Wiki and iCal in order for certain functionality to work in the OD/AD config. So there are a couple of workarounds that must be applied.
  For Wiki, there is a KBase article that provides instructions and background info on this subject:
  http://docs.info.apple.com/article?artnum=306750
  For iCal, you must edit the caldavd.plist file for the following:
  <key>Authentication</key>
  <dict>
  <key>Basic</key>
  <dict>
  <key>Enabled</key>
  <false/> <----- change to true
  </dict>
  <key>Digest</key>
  <dict>
  <key>Algorithm</key>
  <string>md5</string>
  <key>Enabled</key>
  <true/> <---------- change to false
  <key>Qop</key>
  <string></string>
  </dict>
  <key>Kerberos</key>
  <dict>
  <key>Enabled</key>
  <true/>
  <key>ServicePrincipal</key>
  <string></string>
  </dict>
  </dict>

• DRM login issue

  Hi Experts,
  I installed Hyperion DRM 11.1.2.1 in Windows 2008 server.
  Created the DRM Schema and the objects using the generated scripts.
  I have entered the repository admin ID(DRM_DB in my case) and password and saved the configuration.
  Test connection is successful.
  I can start and stop the application.
  I can also open the URL: http://localhost/drm-web-client/Logon.aspx.
  But when I am entering the admin ID and password, it is saying DRM-61025:unable to create user session. Reason: Login failed. Invalid username or password.
  Please help if you have faced this problem. Let me know if you need more information.
  Thanks,
  NS

  Hi,
  DRM user login issue
  Please go through the above URL and the solution, hope it will solve the issue.
  Thanks

• WLC 4400 issue on "user login policies" parameter.

  Hi,
  I'm using a Cisco Wireless controller in my company.
  (the model is a AIR-WLC4402-50-K9 in 4.2.207.0 version).
  The WLAN is configured with WPAv2 AES and 802.1X (PEAP MS-CHAPv2) authentication on an external Microsoft IAS server (2003 R2).
  the authentication rely on Active Directory login and password.
  The user authentication works fine and the WLAN too.
  But it's possible for a single user to log on different laptops with the same AD login and password and use the wireless network.
  And it has to be forbiden by  "user login policies" parameter set to 1 on the WLC (in security parameters).
  Does anybody says if it's a known issue and how to solve this problem?
  thanks,
  raphael Paviot.

  Dancampb,
  Many thanks ,  you're right, I have to find the solution on IAS server side.
  In fact, I have also applied these commands on the controller and the max-user login works (in the case of an externan radius server).
  I have seen it in the "message logs".
  (Cisco Controller) config>advanced eap max-login-ignore-identity-response disable
  (Cisco Controller) config> netuser maxuserLogin 1
  But the problem still remain , because the IAS server is not case sensitive for user logins instead of the Wireless Controller.
  For exemple:
  raphaelpaviot login and RaphaelPAVIOT login are:
  -one user for the IAS server.
  -two different users on the WLC.
  cordially.

• Unable to bootup after Yosemite install. have to keep shutting down from rear button. it does come on after a few times but then hangs at user login again. If you get in it is great. Seems faster than Mavericks but there is some sort of issue, bouts

  unable to bootup after Yosemite install. have to keep shutting down from rear button. it does come on after a few times but then hangs at user login again. If you get in it is great. Seems faster than Mavericks but there is some sort of issue, bootup /login.

  Knock on wood, this seems to have been my problem as well.  I stumbled on this thread after dealing with this ridiculously-long boot times for the past several weeks.
  I just reinstalled McAfee Antivirus and my Macbook Air booted up in less than 1 minute.  No more hanging on the boot-up progress bar.  No more hanging after I click on my user's avatar on the log-in screen.  Bootup would often take 5+ minutes and sometimes never complete.
  This has been SUPREMELY frustrating.
  THANK YOU SO MUCH FOR POSTING YOUR RESPONSE!!!

• GRC AC 10.1 - End User Login - Request issue

  Hi experts!
  Im working in GRC AC 10.1 SP07. I have configured END USER LOGIN services; the idea is that end user from ECC system could submit request without having user in GRC box, this is working fine but i´m experimenting next problem.
  When i go to search request, those request submited by end user appears like created by Z_END_USER, this is the user in GRC that i have configured in services GRAC_UIBB_END_USER_LOGIN and GRAC_OIF_REQUEST_SUBMISSION_EU.
  ¿Is possible to configure that request appears "Created By" the requester and not the service´s user? I don´t think so, but if not, ¿is there any way to add the column User ID in Result screen? because it is avaible in parameters search but im not being able to add this in result screen (it´s not like hidden neither).
  Parameters "Created by user ID" would be service´s user and "User ID" would be the requester.
  Thanks!
  Emiliano

  Hi Emiliano,
  Your understanding is correct, request created by UserID will always show GUEST UserID configured in the End User Logon service.
  In search requests there is option to search requests by UserID but the same field has not been enabled to be available in Search Request result screen. This is as per standard functionality. You can check with SAP or can work with ABAPer to make the UserID column as display field in Search Request results.
  Regards,
  Madhu.

• Is there an and in original box with cables. Item cannot be activated because of cloud lock. Preof cloud lockvious user login is UNKNOWN. Unit is sold as is for parts or use by someone who knows how to fix this issue

  Amazon has a refurbed I pad Air with this remark. Item cannot be activated because of cloud lock previous user login unknown. Is there a work around or is it best to forget this one and move on?

  You are welcome, at least the seller was honest enough to let potential buyers know that the device is useless to anyone who would try to buy it.

• 10.2.8 client login issues with 10.3.9 server

  Hi we have just updated our computer lab to 10.2.8 client computers and a 10.3.9 server but I am having issues with the client computer loging into the server I am using LDAPv3 and when I try to have a user login to the server from the client at the login screen I get the login window shake.I can login fine from a 10.3.9 client computer.Any advice would be appreciated.Thanks in advance

  Check your 10.2.8 machines Directory Access and make sure LdapV2 is not checked and also that Ldap V3 is checked and configured correctly. I found that if I had both Ldapv2 and v3 on my 10.2.8 clients could not log in. 10.3 clients only have the option for Ldap V3, so it is not an issue.

• Why do I get sent to the User Login screen to enter my password after sleep?

  Hi,
  On OSX Lion, 10.7.4. I recently had to reinstall the OS on a new hard drive in my iMac and now have an issue with it that I never had before.
  After prolonged periods of sleep (I haven't determined what the minimum length is before this will happen), when I come to wake the computer it shows me the User Login screen. Under my user icon is an orange checkmark, presumably to show that I am the user logged in. Otherwise it is exactly the same as the User Login screen one gets when the computer boots up. I select my user icon and enter my password and the computer unlocks.
  I haven't got this set up anywhere, that I know of. I don't have the 'Security & Privacy - Require password for sleep and screen saver' option checked, never have. If I do turn that on just to check, it's a very different password screen, a little popup window in the centre of the dimmed screen.
  How do I turn this feature off?
  Thanks,
  Owen

  Sounds like you may have deleted something you shouldn't have. Boot to an OS X DVD or a bootable backup, and using Disk Utility, do a repair disk, and while there repair permissions. Disconnect any peripherals, and reboot. If you get the same startup behavior, do a safe boot, by holding the shift key down when booting. If that works, try a normal boot. If neither step helps, you may need to relaod your operating system.