Authenticating a user present in default provider from a custom provider
Hi,
I have two authentication providers(custom and default one) configured with the configuration option "OPTIONAL" on weblogic v 10 server instance.
The custom Authentication provider basically creates a custom principal and adds the principal to the subject.This scenario works irrespective of the username sent by the client.
Now I want the custom authentication provider to add only principals (username) which are present in the default provider/ladap provider configured on the server.
for eg: If the client tries to authenticate with username "test", then my custom authentication provider should check if "test" user is present in the default/ldap provider, and if the "test" user does exists then create a custom principal with the user "test" and send it back to client as part of authentication.
How should one go about doing this? I tried to call the following code in my custom authentication provider,
try
System.out.println("default Login" + userId);
Authenticate.authenticate(environment, _subject);
principalsVector.add(new WLSUserImpl(customPrincipal.getName()));
but as expected the server startup gets into an infinite loop and throws
failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot iden
tity not valid; The user name and/or password from the boot identity file (boot.properties) is not v
alid. The boot identity may have been changed since the boot identity file was created. Please edit
and update the boot identity file with the proper values of username and password. The first time th
e updated boot identity file is used to start the server, these new values are encrypted.
Any help on this would be great.
Thanks in Advance.
Regards,
Preethi.
Hi,
Thanks for the information. It works when you change the configuration option for both the providers to sufficient . Now the subject gets populated with the custom principal and sent back to the client
can you tell me how to invoke an EJB method using this customprincipal from a java client? The EJB method is mapped to users having Admin role.
Best Regards,
Preethi.
Similar Messages
-
How to list all users present in Default Autheticator in WebLogic Security Realm
Hi All,
I need to get a list of all the users in my Weblogic server--> security realm--> Default Authenticator
There are more than 1000 users present in my security realm for different different Authentication Providers. So I can not get these details from WebLogic Admin Console.
Can anyone please help me in getting this list of all users in Default Authenticator? Please let me know how can I get these details.
My WebLogic version is 10.3.4.0
Thanks in Advance!You can use JMX to list users
http://weblogic-wonders.com/weblogic/2010/11/10/list-users-and-groups-in-weblogic-using-jmx/ -
User from my custom authenticator inside a group from Default Authenticator
Hi,
I have a custom authenticator that only uses user/password combination, how can I put this user into a default group.
Thanks,
Thiago Alvares Coli SilvaHi,
I have a custom authenticator that only uses user/password combination, how can I put this user into a default group.
Thanks,
Thiago Alvares Coli Silva -
Java.lang.SecurityException: Authentication for user system denied in realm wl_realm
I am experiencing this error when a servlet or JSP is preloaded on the web
server and the init method of the preloaded item results in a call to the
app server. If I don't preload and then manually invoke the JSP or servlet
after the web server completely loads the call to the app server does not
produce the exception. The only security differences between the web and
app servers are the console and system passwords. I can fix the problem by
making the passwords (system and console) the same across the board, but
find it hard to believe that this is the true solution. I would prefer
sticking with the default security settings.
I've poured through hundreds of messages. I can find similar problems but
not this exact problem.
Any ideas would truly be appreciated!
More information:...
App and Web server are both wls 6.1.1.0 running on the same SUN Solaris box.
Both are using the basic, out of the box, security.
The App server has SSL disabled.
The exception reported in the app server's log is:
java.lang.SecurityException: Authentication for user system denied in realm
wl_realm
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at
weblogic.security.acl.internal.Security.authenticate(Security.java:125)
at weblogic.security.acl.internal.Security.verify(Security.java:87)
at
weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:235)
at
weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:2
2)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
The exception reported in the web server's log is:
java.lang.SecurityException: Authentication for user system denied in realm
wl_realm
at
weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.
java:85)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:255)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:222)
at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
at $Proxy54.lookup(Unknown Source)
at
weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
at javax.naming.InitialContext.lookup(InitialContext.java:350)
at
com.qwest.tmmt.manager.client.MDMAdapter.getEJBHome(MDMAdapter.java:197)
at
com.qwest.tmmt.manager.client.MDMAdapter.<init>(MDMAdapter.java:64)
at
com.qwest.tmmt.manager.client.ManagerFactory.createMetaDataManager(ManagerFa
ctory.java:305)
at
com.qwest.insite.util.ClientMetaDataCache.<init>(ClientMetaDataCache.java:53
at
com.qwest.insite.util.ClientMetaDataCache.getInstance(ClientMetaDataCache.ja
va:106)
at
com.qwest.insite.metadata.startup.MetaDataServlet.init(MetaDataServlet.java:
30)
at
weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java
:700)
at
weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.ja
va:643)
at
weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.jav
a:588)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletC
ontext.java:2203)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlets(WebAppServlet
Context.java:2147)
at
weblogic.servlet.internal.WebAppServletContext.init(WebAppServletContext.jav
a:884)
at
weblogic.servlet.internal.WebAppServletContext.<init>(WebAppServletContext.j
ava:807)
at
weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:421)
at weblogic.j2ee.WebAppComponent.deploy(WebAppComponent.java:74)
at weblogic.j2ee.Application.addComponent(Application.java:160)
at weblogic.j2ee.J2EEService.addDeployment(J2EEService.java:117)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:329)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:144)
at
weblogic.management.mbeans.custom.WebServer.addWebDeployment(WebServer.java:
76)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy33.addWebDeployment(Unknown Source)
at
weblogic.management.configuration.WebServerMBean_CachingStub.addWebDeploymen
t(WebServerMBean_CachingStub.java:1094)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:315)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployments(Deployment
Target.java:279)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateServerDeployments(D
eploymentTarget.java:233)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateDeployments(Deploym
entTarget.java:193)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy32.updateDeployments(Unknown Source)
at
weblogic.management.configuration.ServerMBean_CachingStub.updateDeployments(
ServerMBean_CachingStub.java:2734)
at
weblogic.management.mbeans.custom.ApplicationManager.startConfigManager(Appl
icationManager.java:362)
at
weblogic.management.mbeans.custom.ApplicationManager.start(ApplicationManage
r.java:154)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy45.start(Unknown Source)
at
weblogic.management.configuration.ApplicationManagerMBean_CachingStub.start(
ApplicationManagerMBean_CachingStub.java:480)
at
weblogic.management.Admin.startApplicationManager(Admin.java:1151)
at weblogic.management.Admin.finish(Admin.java:570)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:506)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:203)
at weblogic.Server.main(Server.java:35)
Thanks,
Jed ZimmerYou're correct. I meant the DOMAIN_SYSTEM_PASSWORD password in my
<domain-name>domain.ksh file. The DOMAIN_SYSTEM_PASSWORD value (if
specified) has to match the system user's password or else the server will
not start/stop.
I have determined more since my post. A startup class also produces the
same error. I have minimized my environments as follows and still receive
the exception, and a soon as I synchronize the system users' passwords on
the app/web server the problem goes away. Or, I can keep the passwords
different and just not access the app server EJBs until after the web server
finished loading, which also causes the error to go away. I'm just confused
about what I might be doing wrong.
Steps to produce the error:
App server:
- Installed from 6.1.1.0 from scratch and started it up.
- Changed the system user's password from the admin console, persisting the
changes.
- Modified logging settings to see more info in the log files.
- Disabled instrument stack traces.
- Stopped/Started the app server
Web server:
- Installed from 6.1.1.0 from scratch and started it up.
- Modified logging settings to see more info in the log files.
- Disabled instrument stack traces.
- Added a servlet to the DefaultWebApp_insiteserver application
- specified name and class
- the load on startup setting defaulted to zero, which will cause the
preloading
- Added 3 jar files to the classpath to support the EJB call
- Stopped/Started the web server
When the web server loads the servlet loads and tries to locate the EJB on
the app server. The app server throws the security exception. The app/web
servers are both running on the same SUN box, have the same IP address
(different ports) and I'm using non-SSL. Each server is it's own WLS
environment. The only installed file that is shared it the
weblogic_domain_registry.dat file in the root directory. As for security,
I'm doing nothing except changing one password (system user on the app
server).
I then tried to manually upgrade the app/web servers to 6.1.2.0 by updating
the WEBLOGIC_ROOT in the respective xxxxdomain.ksh files. Same problem.
I then cleanly reinstalled the app/web servers using version 6.1.2.0 and
configured as above. Same problem.
Let me know if I need to provide additional details.
Thanks,
Jed Zimmer
"Joseph Nguyen" <[email protected]> wrote in message
news:[email protected]...
>
"Jed Zimmer" <[email protected]> wrote in message
news:[email protected]...
I am experiencing this error when a servlet or JSP is preloaded on the
web
server and the init method of the preloaded item results in a call tothe
app server. If I don't preload and then manually invoke the JSP orservlet
after the web server completely loads the call to the app server does
not
produce the exception. The only security differences between the weband
app servers are the console and system passwords. I can fix the problemby
making the passwords (system and console) the same across the board, but
find it hard to believe that this is the true solutionI don't quite understand what you mean by "console" password? Are you
talking about the admin console? If so then it's confusing because youhave
to log into the console using the system user. If you can clarify morehere
it would great.
Joseph Nguyen
BEA Support
. I would prefer
sticking with the default security settings.
I've poured through hundreds of messages. I can find similar problems
but
not this exact problem.
Any ideas would truly be appreciated!
More information:...
App and Web server are both wls 6.1.1.0 running on the same SUN Solarisbox.
Both are using the basic, out of the box, security.
The App server has SSL disabled.
The exception reported in the app server's log is:
java.lang.SecurityException: Authentication for user system denied inrealm
wl_realm
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
atweblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at
weblogic.security.acl.internal.Security.authenticate(Security.java:125)
atweblogic.security.acl.internal.Security.verify(Security.java:87)
at
weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:235)
at
weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:2
2)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
The exception reported in the web server's log is:
java.lang.SecurityException: Authentication for user system denied inrealm
wl_realm
at
weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.
java:85)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:255)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:222)
at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
at $Proxy54.lookup(Unknown Source)
at
weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
at javax.naming.InitialContext.lookup(InitialContext.java:350)
at
com.qwest.tmmt.manager.client.MDMAdapter.getEJBHome(MDMAdapter.java:197)
at
com.qwest.tmmt.manager.client.MDMAdapter.<init>(MDMAdapter.java:64)
at
com.qwest.tmmt.manager.client.ManagerFactory.createMetaDataManager(ManagerFa
ctory.java:305)
at
com.qwest.insite.util.ClientMetaDataCache.<init>(ClientMetaDataCache.java:53
at
com.qwest.insite.util.ClientMetaDataCache.getInstance(ClientMetaDataCache.ja
va:106)
at
com.qwest.insite.metadata.startup.MetaDataServlet.init(MetaDataServlet.java:
30)
at
weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java
:700)
at
weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.ja
va:643)
at
weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.jav
a:588)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletC
ontext.java:2203)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlets(WebAppServlet
Context.java:2147)
at
weblogic.servlet.internal.WebAppServletContext.init(WebAppServletContext.jav
a:884)
at
weblogic.servlet.internal.WebAppServletContext.<init>(WebAppServletContext.j
ava:807)
at
weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:421)
at weblogic.j2ee.WebAppComponent.deploy(WebAppComponent.java:74)
at weblogic.j2ee.Application.addComponent(Application.java:160)
at weblogic.j2ee.J2EEService.addDeployment(J2EEService.java:117)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:329)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:144)
at
weblogic.management.mbeans.custom.WebServer.addWebDeployment(WebServer.java:
76)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy33.addWebDeployment(Unknown Source)
at
weblogic.management.configuration.WebServerMBean_CachingStub.addWebDeploymen
t(WebServerMBean_CachingStub.java:1094)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:315)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployments(Deployment
Target.java:279)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateServerDeployments(D
eploymentTarget.java:233)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateDeployments(Deploym
entTarget.java:193)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy32.updateDeployments(Unknown Source)
at
weblogic.management.configuration.ServerMBean_CachingStub.updateDeployments(
ServerMBean_CachingStub.java:2734)
at
weblogic.management.mbeans.custom.ApplicationManager.startConfigManager(Appl
icationManager.java:362)
at
weblogic.management.mbeans.custom.ApplicationManager.start(ApplicationManage
r.java:154)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy45.start(Unknown Source)
at
weblogic.management.configuration.ApplicationManagerMBean_CachingStub.start(
ApplicationManagerMBean_CachingStub.java:480)
at
weblogic.management.Admin.startApplicationManager(Admin.java:1151)
at weblogic.management.Admin.finish(Admin.java:570)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:506)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:203)
at weblogic.Server.main(Server.java:35)
Thanks,
Jed Zimmer -
Changing SSH default port from 22 to 8080
Hi all,
I have deployed SSH on my home solaris 10 x86 machine and it was working fine through the default port 23.
But the problem is that i can't connect to it from work as the firewall blocks outgoing SSH traffic. So i want to change the default port from 23 to 8080.
i changed the value of Port in /etc/ssh/sshd_config.
Then i ran the command
/usr/lib/ssh/sshd -f /etc/ssh/sshd_config
because as far as i know from the man pages it will cause the daemon to reread the configuration file thus the new value for port but still it didnt' work.
Also i tried the command
/usr/lib/ssh/sshd -p 8080
but didn't work also
I tried to restart the ssh daemon after both commands but still the same result.
Would anyone please help me with this issue as i still don't have much experience in solaris.
Thanks in advance.Ok, So i installed lsof, but
When i ran that command i got this output
bash-3.00# lsof -M | grep 8080
sshd 1085 root 3u IPv6 0xd43e21c0 0t0 TCP *:8080 (LISTEN)
it seems that sshd is occupying port 8080 but still ican't login from a remote machine.
When i try it asks me to enter the username and then displays a messaing "Using keyboard-interactive authentication" then asks for password, When i enter the password it gives me "Access denied" although iam sure this is the right password.
When i try to connect to port 22 things go fine and i can login with the same user "root" with no problems (i know accessing remotely using root is not secure but that is not the problem for the moment)
So i did that
ps -ef | grep ssh
root 1085 1 0 19:05:07 ? 0:00 /usr/lib/ssh/sshd
root 1093 1 1 19:05:51 ? 0:00 /usr/local/sbin/sshd
Note that the PID for the process grabbing the port is the same for /usr/lib/ssh/sshd
so is that the ssh daemon or is it /usr/local/sbin/sshd ????
Please advise. Note that iam not experienced in solaris so please take it easy with me.
Thanks -
Problem with 'RP-PROVIDE-FROM-LAST' and IT0377(GB)
Greetings,
I have encountered a problem in that we have an interface from SAP to UNIPAY and this interface selects all the paydata from employees and then converts it so that it can be payed via UNIPAY. Now this in itself may sound fairly simple but the problem is the interface is selecting data from IT0377 that has been delimited and still paying the employee which is incorrect. I have debugged the interface and the problem is with 'RP-PROVIDE-FROM-LAST IT0377' which is still selecting and bringing through the data of the delimited record.
Has anybody had this problem and if so what was done to correct it ?
Thanks
Markthis macro will put the last infotype record in the header line of concerned internal table, for the given period (pn-begda and pn-endda on selection screen).
rp-provide-from-last p0377 space pn-begda pn-endda.
here in the header of internal table p0377, the last record valid for period pn-begda n pn-endda, will be put after execution of the macro statement.
i think u r looking the table 1st record in debug mode but u shud not look at 1st record instead of tht see the header line of table and use that header data.
see my dummy code below -
*& Report ZPPL_PREVEMPLOYERS *
REPORT ZPPL_PREVEMPLOYERS message-id rp
line-size 250
line-count 65.
*Program logic :- This Report is used to Download all the Previous
* Employer (IT0023) records of the employees
*eject
*& Tables and Infotypes *
tables: pernr.
infotypes: 0000,
0001,
0002,
0023.
*eject
*& Constants *
constants: c_1(1) type c value '1' ,
c_3(1) type c value '3' ,
c_i(1) type c value 'I' ,
c_x(1) type c value 'X' ,
c_eq(2) type c value 'EQ' ,
c_pl03 like p0001-werks value 'PL03'.
*eject
*& Selection-Screen *
parameters: p_file like rlgrap-filename default 'C:TempABC.xls',
p_test as checkbox default c_x .
*eject
*& Internal tables *
* Internal Table for Output
data: begin of t_output occurs 0 ,
pernr like pernr-pernr ,
nachn like p0002-nachn ,
vorna like p0002-vorna ,
orgeh_stext like p1000-stext ,
plans_stext like p1000-stext ,
begda like p0023-begda ,
endda like p0023-endda ,
land1 like p0023-land1 ,
arbgb like p0023-arbgb ,
ort01 like p0023-ort01 .
data: end of t_output .
*eject
*& Variables *
data: o_stext like p1000-stext,
p_stext like p1000-stext.
*eject
*& Initialization *
Initialization.
* Initialize Selection-Screen values
perform init_selction_screen.
*eject
*& AT Selection-screen *
at selection-screen .
* Check if Test run selected, download file name should be entered
if p_test is initial. "
if p_file is initial.
message e016 with 'Please enter file name'
'specifying complete path'.
endif.
endif.
*eject
*& Start-of Selection *
Start-of-selection.
get pernr.
clear t_output.
* Read Infotype 0
rp-provide-from-last p0000 space pn-begda pn-endda.
check pnp-sw-found eq c_1.
* Check if employee is active
check p0000-stat2 in pnpstat2. "pernr Active
* Read Infotype 1
rp-provide-from-last p0001 space pn-begda pn-endda.
check pnp-sw-found eq c_1.
* check if employee belongs to PL03
check p0001-werks in pnpwerks. "belongs to PL03
* Check if emp belongs to Active Group
check p0001-persg in pnppersg.
* Read Infotype 2
rp-provide-from-last p0002 space pn-begda pn-endda.
check pnp-sw-found eq c_1.
* Read Org Unit Text.
CALL FUNCTION 'HR_READ_FOREIGN_OBJECT_TEXT'
EXPORTING
OTYPE = 'O'
objid = p0001-orgeh
begda = p0001-begda
endda = p0001-endda
reference_date = p0001-begda
IMPORTING
object_text = o_stext
EXCEPTIONS
nothing_found = 1
wrong_objecttype = 2
missing_costcenter_data = 3
missing_object_id = 4
OTHERS = 5.
*Read Position Text.
CALL FUNCTION 'HR_READ_FOREIGN_OBJECT_TEXT'
EXPORTING
OTYPE = 'S'
objid = p0001-plans
begda = p0001-begda
endda = p0001-endda
reference_date = p0001-begda
IMPORTING
object_text = p_stext
EXCEPTIONS
nothing_found = 1
wrong_objecttype = 2
missing_costcenter_data = 3
missing_object_id = 4
OTHERS = 5.
* Gather all the required information related to the emp
move: pernr-pernr to t_output-pernr,
o_stext to t_output-orgeh_stext,
p_stext to t_output-plans_stext,
p0002-nachn to t_output-nachn,
p0002-vorna to t_output-vorna.
* Gather previous Employee details
loop at p0023.
move-corresponding p0023 to t_output.
append t_output.
endloop.
*eject
*& End-of Selection *
end-of-selection.
perform print_report.
* Downlaod the file
if not t_output[] is initial.
if p_test eq space.
perform download_file.
endif.
else.
write: 'No records selected' color col_negative.
endif.
*eject
*& Top-of-page *
Top-of-page.
* Print Header
perform print_header.
*eject
*& Form download_file
* Description :
FORM download_file .
DATA: full_file_name TYPE string,
z_akt_filesize TYPE i .
full_file_name = p_file.
* download table into file on presentation server
CALL METHOD cl_gui_frontend_services=>gui_download
EXPORTING
filename = full_file_name
filetype = 'DAT'
NO_AUTH_CHECK = c_x
codepage = '1160'
IMPORTING
FILELENGTH = z_akt_filesize
CHANGING
data_tab = t_output[]
EXCEPTIONS
file_write_error = 1
no_batch = 2
gui_refuse_filetransfer = 3
invalid_type = 4
no_authority = 5
unknown_error = 6
header_not_allowed = 7
separator_not_allowed = 8
filesize_not_allowed = 9
header_too_long = 10
dp_error_create = 11
dp_error_send = 12
dp_error_write = 13
unknown_dp_error = 14
access_denied = 15
dp_out_of_memory = 16
disk_full = 17
dp_timeout = 18
file_not_found = 19
dataprovider_exception = 20
control_flush_error = 21
not_supported_by_gui = 22
error_no_gui = 23
OTHERS = 24.
IF sy-subrc NE 0.
MESSAGE e016 WITH 'Download-Error; RC:' sy-subrc.
ENDIF.
ENDFORM. " download_file
*eject
*& Form print_report
*Description:
FORM print_report .
data: i type i,
w_count type i.
sort t_output.
* Print the report
loop at t_output.
i = sy-tabix mod 2.
if i eq 0.
format color col_normal intensified on.
else.
format color col_normal intensified off.
endif.
write:/1 t_output-pernr ,
10 t_output-vorna(25) ,
35 t_output-nachn(25) ,
61 t_output-orgeh_stext ,
102 t_output-plans_stext ,
143 t_output-begda ,
154 t_output-endda ,
168 t_output-land1 ,
178 t_output-arbgb(40) ,
219 t_output-ort01 ,
249 space .
endloop.
uline.
Describe table t_output lines w_count.
Skip 2.
Write:/ 'Total No of Records Downloaded: ' color col_total,
w_count.
ENDFORM. " print_report
*eject
*& Form print_header
*Description:
FORM print_header .
skip 1.
Uline.
format Intensified on color col_heading.
write:/1 'Pers. #' ,
10 'Last Name' ,
35 'First Name' ,
61 'Org Unit' ,
102 'Position' ,
143 'Beg Date' ,
154 'End Date' ,
168 'Cntry Key' ,
178 'Prev Employer' ,
219 'City' ,
249 space .
format intensified off color off.
uline.
ENDFORM. " print_header
*eject
*& Form init_selction_screen
*Description:
FORM init_selction_screen .
refresh: pnpwerks,
pnppersg,
pnpstat2.
clear: pnpwerks,
pnppersg,
pnpstat2.
pnpwerks-sign = c_i.
pnpwerks-option = c_EQ.
pnpwerks-low = c_pl03.
append pnpwerks.
pnppersg-sign = c_i.
pnppersg-option = c_EQ.
pnppersg-low = c_1.
append pnppersg.
pnpstat2-sign = c_i.
pnpstat2-option = c_EQ.
pnpstat2-low = c_3.
append pnpstat2.
ENDFORM. " init_selction_screen -
Authentication for user guest denied
I am connecting to two WL 6.0 sp2 servers. I am logging in both as guest.
When I log into one or the other, everything works fine. However, when I
log into both (and create InitialContext's for both), I get the following
error:
java.lang.SecurityException: Authentication for user guest denied in
realm wl_realm
at
weblogic.rmi.internal.AbstractOutboundRequest.sendReceive(AbstractOutboundRe
quest.java:90)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:247)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:225)
at
weblogic.jndi.internal.ServerNamingNode_WLStub.lookup(ServerNamingNode_WLStu
b.java:121)
at
weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
at javax.naming.InitialContext.lookup(Unknown Source)
I tried synchronizing system passwords, accessing each server in a separate
thread -- but nothing seems to work. Does anybody have any ideas?
Interestingly, it seems to behave OK when one of the servers is WL 6.0 Beta.
However, it breaks with sp1 and sp2.
Thanks in advance,
JaredHi Jared,
Are the 2 servers in the same cluster? What is your client? When and where do
you see this SecurityException? Do you mean that when you try to get initial
context you provide a username and password? Are you using any custom realm or
just the default file realm?
Joseph
Jared Tuck wrote:
I am connecting to two WL 6.0 sp2 servers. I am logging in both as guest.
When I log into one or the other, everything works fine. However, when I
log into both (and create InitialContext's for both), I get the following
error:
java.lang.SecurityException: Authentication for user guest denied in
realm wl_realm
at
weblogic.rmi.internal.AbstractOutboundRequest.sendReceive(AbstractOutboundRe
quest.java:90)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:247)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:225)
at
weblogic.jndi.internal.ServerNamingNode_WLStub.lookup(ServerNamingNode_WLStu
b.java:121)
at
weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
at javax.naming.InitialContext.lookup(Unknown Source)
I tried synchronizing system passwords, accessing each server in a separate
thread -- but nothing seems to work. Does anybody have any ideas?
Interestingly, it seems to behave OK when one of the servers is WL 6.0 Beta.
However, it breaks with sp1 and sp2.
Thanks in advance,
Jared--
Joseph Nguyen
Developer Relations Engineer
BEA Systems, Inc. -
Authentication for user weblogic denied
I am unable to start node managerd server from command prompt.
I installed WebLogic Server Version: 12.1.2.0.0 on Windows 2008 R2 EN Sp1
I started Administration Server succesfully.
C:\Weblogic\Oracle\config\domains\wl_server\bin\startWebLogic.cmd
I created ihale Managed server but I couldn't start Managed Server.
C:\Weblogic\Oracle\config\domains\wl_server\bin
startManagedWebLogic.cmd ihale http://192.168.1.29:7431
I'm getting following error.
####<Dec 25, 2013 12:51:13 AM PST> <Critical> <WebLogicServer> <umman> <ihale> <main> <<WLS Kernel>> <> <> <1387961473813> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:257)
I am able to login administration console same username and password. Username: weblogic Password:xxxxx
I changed the weblogic user password and I tried again. It was unseccesfull.
I created boot.properties file in C:\Weblogic\Oracle\config\domains\wl_server\servers\ihale\security folder.
I put username and password.
After I tried to start ihale managed server, boot.properties file didn't encrypted and managed server also didn't started.
I deleted cache, data, tmp folders except logs folder in \\192.168.1.29\c$\Weblogic\Oracle\config\domains\wl_server\servers\ihale and I tried again. It was unseccesfull.
I found something on https://community.oracle.com/message/10653470
Ganesh says:
Did you restart AdminServer after deleting the LDAP Authentication provider?
I think your managed server is still trying to authenticate user through ldap authentication provider.
Torrado answers:
I found that there was a definition in Security Policy of osb_server1 for an user that belonged to deleted LDAP authenticator.
I deleted it and server started.
Thanks.
How can I delete definition in Security Policy of ihale for an user that belonged to deleted LDAP authenticator?
Could you please help to solve this problem?
Best Regards.Hi,
You can rename the ldap folder in following directory structure.
%Domain_Name% / servers / <servername> / data/
You will find ldap folder try to rename that folder and then please restart the server again.
If you are try to start through nodemanager then rename the nodemanager under following directory.
%Domain_Name% / servers / <servername> / data/.
Try to rename these two folder and restart the nodemanager and start the server again.
It will work for you.
Regards,
Kal -
None of the available endpoints supports authentication methods user/pass
Dear All
i create a destination in the ce7.1.but when i test the destination in the ws navigator ,but it cant not run , the error is:
The destination [YHSendMessage02] supports the following authentication methods [User Name/Password (Basic)], but none of the available endpoints supports them. The supported authentication types are [None]. Either the destination has to be updated or a new endpoint should be used
i test the ws in the navigator dont used the destination ,it work well, so i think maybe some wrong in my ce about the destination 'configuration.
best regardsThe following message returned from SAP:
Root of the problem is found. The problem occurs as PI WSDLs doesn't contain security settings. Lack of security settings breaks consumption of those services. I'm working on providing a fix to enable consumption of such services.
Looking at a WSDL generated by PI (example):
<wsp:Policy wsu:Id="OP_si_servicename"/>
The policy contains no transportbinding or authentication methods at all.
Looking at a WDSL generated by ECC (example):
<wsp:Policy wsu:Id="BN_BN_si_ManageCustomizingCustomerService_binding">
<saptrnbnd:OptimizedXMLTransfer uri="http://xml.sap.com/2006/11/esi/esp/binxml" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
<saptrnbnd:OptimizedXMLTransfer uri="http://www.w3.org/2004/08/soap/features/http-optimization" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
<wsp:ExactlyOne xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<wsp:All>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken>
<wsp:Policy>
<sp:HttpBasicAuthentication/>
</wsp:Policy>
</sp:HttpsToken>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
At the moment SAP is working on a fix to solve this problem. -
Weblogic patch for the "Authentication for user wlsadmin denied" issue
Hi Everyone,
When I try to login to the weblogic console using the weblogic user id and password, I got below issue in the production server..Sometime back I saw a thread that Oracle has provided a patch for this issue. If any of you is aware of it then could you please provide us the patch file and its location please. This is quite a bit urgent. Awaiting for your response. Thanks in advance.
<Apr 3, 2011 10:41:02 PM ICT> <Critical> <Security> <BEA-090403> <Authentication for user wlsadmin denied>
<Apr 3, 2011 10:41:02 PM ICT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user wlsadmin denied
I need to communicate to onsite members about the patch details etc.
Edited by: user11290902 on May 13, 2011 1:27 AMFaisal, Thank you for your response. Here the weblogic console id & password are known to few people so the guess you are making might be correct. Could anyone might have tried with incorrect credentials couple of times before we face this issue, I am not sure though. The moment we provide the credentials and upon click on Log In button we are getting j_security_check.
http://asdo0002:9683/console/j_security_check
Authentication Denied.
The username or password has been refused by WebLogic Server. Please try again.
Any information about the work--arounds or patches from weblogic would be helpful to me... Thanks a lot. -
Java.lang.SecurityException: Authentication for user system denied in realm wl_realm Error.
Getting this security exception when trying to pull a message from one weblogic
instance JMS queue, and sending the message (via a MDB) to another machine's JMS
queue.
Ex. Here's the scenario.
Two Windows2000Server machines,
one at ip ... xxx.xxx.x.16,
second machine at ... xxx.xxx.x.17.
MDB pulls message off of a JMS queue on 16. MDB sends the message to .17 box.
ON the .17 machine (the receiver) I get the following exception
weblogic.transaction.internal.CoordinatorImpl@31406b>
java.lang.SecurityException: Authentication for user system denied in realm wl_realm
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
at weblogic.security.acl.internal.Security.verify(Security.java:87)
at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:76)
at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
ON the sending maching .16, I get the following exception.
####<Apr 3, 2002 9:46:24 AM CST> <Error> <RJVM> <testweblogic> <OptiSoftAppServer>
<ExecuteThread: '96' for queue: 'default'> <> <> <000000> <Unsolicited error response
for: '-1'>
The messages appear to show up on the destination machine, but are these error
messages valid, or just bogus?
Thanks,
Eric.
Why is that? Your suggestion worked but I don't understand why.
When our MDB on machineA did the JNDI lookup to MachineB we set the
credentials to a valid user/password on MachineB.
My speculation: Since the MDB on machineA is already in a transaction
any other JNDI calls use the credentials for the MDB's transactions,
ignoring any other credentials we might try to set explicitly. If my
speculation is correct then that would explain by the passwords for the
user "system" would have to be the same between servers.
Is there a good place to read up on this?
Thanks
Tom
Rajesh Mirchandani wrote:
> Make sure you have the same system password for the 2 instances of WLS on seperate boxes.
>
> Tom Barnes wrote:
>
>
>>Or post to the EJB newsgroup (which "owns" MDBs).
>>
>>Tom Barnes wrote:
>>
>>
>>>I think there is a username/password field configurable in the MDB descriptor that
>>>might help here??? Other than that, I suggest posting to the security newsgroup.
>>>
>>>Tom
>>>
>>>Eric Babin wrote:
>>>
>>>
>>>>Getting this security exception when trying to pull a message from one weblogic
>>>>instance JMS queue, and sending the message (via a MDB) to another machine's JMS
>>>>queue.
>>>>
>>>>Ex. Here's the scenario.
>>>>
>>>> Two Windows2000Server machines,
>>>> one at ip ... xxx.xxx.x.16,
>>>> second machine at ... xxx.xxx.x.17.
>>>>
>>>> MDB pulls message off of a JMS queue on 16. MDB sends the message to .17 box.
>>>>
>>>>
>>>>ON the .17 machine (the receiver) I get the following exception
>>>>
>>>>weblogic.transaction.internal.CoordinatorImpl@31406b>
>>>>java.lang.SecurityException: Authentication for user system denied in realm wl_realm
>>>> at weblogic.security.acl.Realm.authenticate(Realm.java:212)
>>>> at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
>>>> at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
>>>> at weblogic.security.acl.internal.Security.verify(Security.java:87)
>>>> at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:76)
>>>> at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
>>>> at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
>>>> at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
>>>>
>>>>ON the sending maching .16, I get the following exception.
>>>>
>>>>####<Apr 3, 2002 9:46:24 AM CST> <Error> <RJVM> <testweblogic> <OptiSoftAppServer>
>>>><ExecuteThread: '96' for queue: 'default'> <> <> <000000> <Unsolicited error response
>>>>for: '-1'>
>>>>
>>>>The messages appear to show up on the destination machine, but are these error
>>>>messages valid, or just bogus?
>>>>
>>>>Thanks,
>>>>
>>>>Eric.
>>>>
>
> --
> Rajesh Mirchandani
> Developer Relations Engineer
> BEA Support
>
>
>
-
Authentication for user system denied in realm weblogic
hi,am using Web Logic 6.1 on hp and all works fine, I've a cron which kicks off
every morn.
This cron stops the web logic app server (admin server), then starts it. The stopping
is done with a shutdown.sh script. I've noticed all the posts here about "Authentication
for user system denied in realm weblogic" seem to be in code. This is diff as
it's on shutdown.
My shutdown script does the below:
#!/bin/sh
JAVA_HOME=/opt/weblogic6.1/jdk131
WL_HOME=/opt/weblogic6.1/wlserver6.1
CLASSPATH=$WL_HOME/lib/weblogic_sp.jar:$WL_HOME/lib/weblogic.jar
JAVA_RUN="${JAVA_HOME}/bin/java -classpath ${CLASSPATH}"
WLS_PW=try_abc
RUNCMD="${JAVA_RUN} weblogic.Admin -url localhost:9100 SHUTDOWN -username system
-password $WLS_PW"
echo $RUNCMD
$RUNCMD
When it's run the below is printed. Any help appreciated on this!!
/opt/weblogic6.1/jdk131/bin/java -classpath /opt/weblogic6.1/wlserver6.1/lib/weblogic_sp.jar:/opt/weblogic6.1/wlserver6.1/lib/webl
ogic.jar weblogic.Admin -url localhost:9100 SHUTDOWN -username system -password
admin2001
Authentication for user system denied in realm weblogic
Start server side stack trace:
java.lang.SecurityException: Authentication for user system denied in realm weblogic
at weblogic.security.acl.Realm.authenticate(Realm.java:195)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
at weblogic.kernel.BootServicesImpl.authenticate(BootServicesImpl.java:119)
at weblogic.kernel.BootServicesImpl.findOrCreateClientContext(BootServicesImpl.java:203)
at weblogic.kernel.BootServicesImpl.invoke(BootServicesImpl.java:148)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:620)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:581)
at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:164)
at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:640)
at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:454)
at weblogic.socket.PosixSocketMuxer.deliverGoodNews(PosixSocketMuxer.java:456)
at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:385)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:24)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
End server side stack traceThis is the way it should be. You should not be able to call from one server into
another using the system user without having to provide a password.
Yeshwant <[email protected]> wrote:
>
Hi Jose
What version of the server are you using . In 6.x this is a known issue
The workaround as you mention is to have the same password for the system
user.
Jose Perez wrote:
Hi all,
I'm having problems when communicating 2 EJBs in different weblogic Serverinstances,
one acts as a "client" and the other as a "server".
The exception is "Authentication for user system denied in realm weblogic".This
only happens if the user system has different password in each server.
Any idea?
Thanks in advance -
Secondary Domain Controller Not Authenticating Domain Users
Hi.
I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
DC USA
Installation & replication of AD went fine
India domain users login is damn slow.
When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
Please find the dcdiag results below and any help much appreciated
Performing initial setup:
Trying to find home server...
Home Server = server2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: INDIA\server2
Starting test: Connectivity
......................... server2 passed test Connectivity
Doing primary tests
Testing server: INDIA\server2
Starting test: Advertising
Warning: DsGetDcName returned information for \\server1.tst.mycompany.com, when we were trying to reach
server2.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... server2 failed test Advertising
Starting test: FrsEvent
......................... server2 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after th
replication problems may cause Group Policy problems.
......................... server2 failed test DFSREvent
Starting test: SysVolCheck
......................... server2 passed test SysVolCheck
Starting test: KccEvent
......................... server2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... server2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... server2 passed test MachineAccount
Starting test: NCSecDesc
......................... server2 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\server2\netlogon)
[server2] An net use or LsaPolicy operation failed with error 67,
......................... server2 failed test NetLogons
Starting test: ObjectsReplicated
......................... server2 passed test ObjectsReplicated
Starting test: Replications
......................... server2 passed test Replications
Starting test: RidManager
......................... server2 passed test RidManager
Starting test: Services
......................... server2 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0xA004001B
Time Generated: 02/22/2015 17:10:30
Event String: Intel(R) 82574L Gigabit Network Connection
A warning event occurred. EventID: 0x000727A5
Time Generated: 02/22/2015 17:11:24
Event String: The WinRM service is not listening for WS-Manageme
An error event occurred. EventID: 0x0000271A
Time Generated: 02/22/2015 17:11:24
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not regist
A warning event occurred. EventID: 0xA004001B
Time Generated: 02/22/2015 17:12:41
Event String: Intel(R) 82574L Gigabit Network Connection
A warning event occurred. EventID: 0x000003F6
Time Generated: 02/22/2015 17:19:36
Event String:
Name resolution for the name mycompany.com timed out after none
A warning event occurred. EventID: 0x00001796
Time Generated: 02/22/2015 17:28:54
Event String:
Microsoft Windows Server has detected that NTLM authentication i
his server. This event occurs once per boot of the server on the first time
A warning event occurred. EventID: 0x000727A5
Time Generated: 02/22/2015 17:33:35
Event String: The WinRM service is not listening for WS-Manageme
A warning event occurred. EventID: 0x00001796
Time Generated: 02/22/2015 17:35:54
Event String:
Microsoft Windows Server has detected that NTLM authentication i
his server. This event occurs once per boot of the server on the first time
......................... server2 failed test SystemLog
Starting test: VerifyReferences
......................... server2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValida
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValida
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidat
Running partition tests on : tst
Starting test: CheckSDRefDom
......................... tst passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... tst passed test CrossRefValidation
Running enterprise tests on : tst.mycompany.com
Starting test: LocatorCheck
......................... tst.mycompany.com passed test LocatorChec
Starting test: Intersite
......................... tst.mycompany.com passed test IntersiteHi.
I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
DC USA
Installation & replication of AD went fine
India domain users login is damn slow.
When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
Firstly make sure that you have configured sites and subnets correctly. According to your information which you have two locations, you should have at least 2 sites and 2 subnets associated to them. If you have forgotten to configure subnets of India in your
site and services and assigned them to the India site you are experiencing this issue. Also make sure if clients in India has appropriate network connectivity to the domain controllers in India.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers? -
Edit Default User Killed Leopard Default User folder completely disapeared
I was trying to create a custom default user for network users to login to because I was learning how to set up a Mac for use as a campus public PC.
We do not have a Mac server but do have a Novell server set as Open directory. I was the first to figure out how to LDAP authenticate users.
The next step was to customize the default user template for network users to login into on the Mac. Then all went dead.
I copied in settings from the root user to the default user location and repaired permissions on the hard drive. I was following proceedures I found online the best I could. These:
http://discussions.apple.com/thread.jspa?threadID=2105869&tstart=0
http://discussions.apple.com/thread.jspa?threadID=2056194&tstart=0
It seemed to be going well then I went to go to system preferences and
the OS slowed then froze and after a reset would not boot.
It would go to the gray Null sign circle with a line through several times and would try to boot other partitions.
A verbose boot said something about the Boot.efi being in some trashes folder.
I booted from a USB back up of the OS and searched for the folder that holds the default user profile and it was not there at all.
When trying to set a boot device it would no longer let me select the internal hard disk.
Any ideas? I am reinstalling the OS but does anyone know what happened? Was this a Mac virus, a hack attack, does repairing permissions as the root user cause destruction? Are there system boot files in the default user profile location?Thanks for your reply those sound like good emergency aid procedures. I need to know more of those.
I did a full reinstall and tried the same procedure but they system is running well this time. My goal of a custom user profile for network users though still does not work. For this issue I will search other threads or start a new one.
Situation I can authenticate network users to LDAP on our Novell server. Our Novell server does not have mappings for Apple computers though so it is just basic authentication. I was able to script mapping of the appropriate volumes as a start up item in the doc.
The problem is after they authenticate through LDAP at the login screen they all get dumped into the root users profile and they have root user powers. Even after I disabled the root user.
I wanted them to use the custom default profile I made. I created a temp user called student customized it copied its profile to the default user profile location. If I create a new user in account preferences it uses that custom profile fine BUT network users always login as the / a root user.
I could use that because we want to lock down the harddrive with deepfreeze. BUT the novell iPrint program required for users to print does not work at all in this crazy Fake Root user environment. -
Setting default values from a configuration file...how_to
Hi,
When we place controls in the front panel VI, there are default values
that we can set during design time. Is it possible to load up a VI and
read those default values from a file? I guess the point is that I want
to be able to store different control settings for different users with
one VI. Maybe possibly use the File I/O VI's to load up default control
values that way. Is it possible?
Thanks,
Steven_Steven Chang wrote:
>Hi,>>When we place controls in the front panel VI, there are default values>that
we can set during design time. Is it possible to load up a VI and>read those
default values from a file? I guess the point is that I want>to be able
to store different control settings for different users with>one VI. Maybe
possibly use the File I/O VI's to load up default control>values that way.
Is it possible?>>Thanks,>Steven>
After trying many various ways of storing configuration data, the way I use
the most is to set up a "configuration global", a global that consists of
basically a single cluster into which I place anything about the application
that I want to configure and store. I usually include the application's path,
DASQ settings, a
nd user preferences. You can then read/write this cluster
anytime during your test session. You can provide user access to specific
portions of the global through a tabbed dialog box and allow multiple records
in your config file which can be accessed at any time.
Maybe you are looking for
-
Can I use my norwegian iPhone 4 in the US for a few weeks?
Can I use my norwegian iPhone 4 in the US for a few weeks?
-
Using an openreach hub for infinity and using BT w...
Hi all I have to questions I have trying to find the answers for. The first is whether it is possible to try to use a bt openreach hub instead of HH5 for infinity as currently the activation date for our internet service is quite a way away (we just
-
Java stored proc. malformed values in numeric Datafield ...
The java stored procedure functiones well, if it access tables that are on the same server. Retrieving Data from numeric field of a resultset will result in malformed numeric values , if the table I access it on another server. like sms.tabname@serve
-
How to upload a photo editor onto a website?
I am building a website freepicedit.com on godaddy website builder and I want to upload a photo editor onto the site in JavaScript or PHP? Do you have any products that I can do that with ? Photoshop ?
-
I bought some music from itunes store - i made a playlist and added to my ipod touch playlist menu. it was there for a day and then it was gone only a few songs on playlist.??? when i logged back on to itunes store to redownload it still shows playli