Authenticating a user using JCO
Hi,
I was authenticating a user in SAP using the following code:
System.out.println("\n\nVersion of the JCO-library:\n" + "----
\n"
+ JCO.getMiddlewareVersion());
Properties props = new Properties();
props.put("jco.client.client", "800");
props.put("jco.client.user", "gk1");
props.put("jco.client.passwd", "password");
props.put("jco.client.lang", "EN");
props.put("jco.client.sysnr", "01");
props.put("jco.client.ashost", "172...*");
client = JCO.createClient(props);
// Open the connection
client.connect();
Here, the password for the "gk1" user is "password". Now if I update the password to be "password1" in the code - the user is still authenticated. No matter how many times I add digits towards the end of the password for this user, it still gets authenticated. Any ideas?
Thanks
Hi Gaurav,
In SAP R/3 system, it takes only 8 digit password for any user. So, it checks upto 8 characters only. No metter how much digits or characters you have appended.
Try to give some other password instead of just appending digits or characters behing "password".
Regards,
Bhavik
Similar Messages
-
Authenticating a user using AJAX
Hi,
I'm building a login region and would like to build in the authentication process so that a new developer in a team can simply create on of our apps and just create a page that uses this region plugin.
Is this possible to do in a single plugin? Am I right in thinking that to authenticate a user you have to define a Authentication function in the authentication scheme and then call something like apex_authentication.login(
p_username => :P101_USERNAME,
p_password => :P101_PASSWORD );
Or should I rather create two plugins one Region and one Authentication Plugin.
Does anyone know of any good examples of how to build an authentication plugin or how to use the AJAX function that you can define in the Authentication plugin?So if you need to use apex_plugin.get_ajax_identifier in the render function to hook into the ajax function from your javascript. How would you hook into the ajax function of a authentication plugin if the authentication plugin does render any content?
Edited by: Alistair Laing on Oct 6, 2012 7:40 AM -
Authenticating Guest Users Using External Database.
Folks, greetings.
Due to the limitations imposed by wlc's database size, we decided to go for an external authentication server.
Since this external database is for guest access, we are considering in using a Linux box with LDAP, along with a web-based application which will be presented to the user for authentication purposes. This way, the user would type in his/her credentials on this portal and the same box would process the authentication.
In such a scenario, we would buid an application for the "Lobby Amabassadors" input the guest data (for auditing purposes we need to enter the user's SSN, passport # or any other official ID), and this application would generate the password to be used during the authentication process.
I've used web-auth before, with the users database loaded on the WLC (local net users). Even using an external web-auth portal, the user is still authenticated by the controller that in turn, will control whether the traffic is to be allowed or not, based on the authentication results.
That's exactly where our question lies: how should we configure the WLAN so that the WLC would receive the access request and forward it to the authentication portal/server? Would it envolve radius?
This same Linux would be the DHCP server for this guest WLAN.
WLC vesion: 4.2.130.0
Regards,
ALUsing the Web Authentication feature on a Cisco wireless LAN controller, we can authenticate a guest user on the wireless LAN controller, on an external web server or on an external database on a RADIUS server. We can configure the wireless LAN used for guest traffic to authenticate the user from an external RADIUS server.
To enable an external RADIUS server to authenticate traffic using the GUI, follow this link.
http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1001207 -
Users using SQL Server Authentication
What tables/views would I use to create a list of users using SQL Server Authentication? I want the name, whether password (complexity) policy is set and whether password expiration is set. I only want current/active users.
You can query query sys.sql_logins to get this information.
http://msdn.microsoft.com/en-GB/library/ms174355.aspx
Regards, Ashwin Menon My Blog - http:\\sqllearnings.com -
Users using Windows Authentication unable to login after upgrade to SQL Server 2012 SP2 CU1
We upgraded from SQL Server 2008 R2 to SQL Server 2012 SP2 CU1. Upgrade was successful. Users that have SQL Server Management Studio 2012 can successfully log in via Windows Authentication, but users with an older version of SQL Server Management
Studio are unable to log in via Windows Authentication.
The error they receive is listed below:
Connect not connect to XXXXXXX
Login Failed. The login is from an untrusted domain and cannot be used with Windows Authentication.
(Microsoft SQL Server, Error: 18452)
If we switch to Mixed authentication, users can log in via SQL Server Authentication.
Our security policy prohibits SQL Authentication.
Outside of having the staff upgrade to SQL Server 2012 SQL Server Management Studio, is there any setting I can set/unset to allow older version of SQL Server Management studio to connect to SQL Server 2012?
Thanks.
DJGlad to see that you were able to resolve the issue yourself, but for the curious, could you explain what this
Extended Protection is?
Erland Sommarskog, SQL Server MVP, [email protected] -
Authenticating R/3 users using LDAP
Hi,
We are trying to authenticate SAP R/3 users using an already built Microsoft ADS.
We have looked into configuration using trx. LDAP.
But seems like this only helps to synchronize user data between the LDAP and the R/3 system.
We are more looking for the authentication itself being handled by the ADS system.
We do not want to go through the portal for authenticating these users.
Is it possible to do this.?Of course, Single Sign-On implies that you are using a portal, or a cunningly-configured BSP. NTLM is only an option if using a Windows-based IIS as a proxy to your Unix box. Otherwise, you need to use the SPNEGO login module, which is not on general release (it is available on a consulting basis only - see Michael Sambeth at SAP).
Until SAP use UME within the ABAP core, I don't see an elegant solution to this.
- Darren -
Hi all,
Please share your views on the below scenario:
A WD Java app, deployed on WAS and an iView created in portal, is calling a BAPI and works fine when assigned to the role.
Now the same application when viewed directly using
http://<host>:<port>/webdynpro/dispatcher/local/<appname> does not execute the bapi and gives
com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException: Error connecting using JCO.Client: null
The JCO are using a service user to connect to the backend, so SSO still exist.
Let me know what we could be doing wrong here.
Meanwhile I can check the connection pool to see the property value.
Thanks for your time
AvinashHi Prashant
Thanks for your quick response.
The application when accessed directly does not ask for user id/password.
If I set the application property 'authentication' as true, would this authentication be done against UME?
Also since there is no "SSO using logon tickets" why is there a need for issuing a logon ticket?
I will try what you suggested in the earlier post.
Thanks
Avinash -
Error while migrating users using CSSImportExportUtility
Error while migrating users using CSSImportExportUtility
I'm tring to export all user and group information from a Hyperion Shared Services 9.2.1 by using CSSExport.bat
When there was only native directory in HSS, i can export these information successfully.
But when I enabled NTLM external user authentication following error occurred:
Exception in thread "main" java.lang.UnsatisfiedLinkError: getOSVersion
at com.hyperion.css.spi.impl.ntlm.NTLMProvider.getOSVersion(Native Metho
d)
at com.hyperion.css.spi.impl.ntlm.NTLMProvider.<clinit>(Unknown Source)
at com.hyperion.css.spi.impl.ntlm.NTLMConnectionClient.getUsers(Unknown
Source)
at com.hyperion.css.CSSAPIExtnImpl.getUsers(Unknown Source)
at com.hyperion.css.CSSAPIImpl.getUsers(Unknown Source)
at com.hyperion.css.CSSAPIImpl.initialize(Unknown Source)
at com.hyperion.css.exchange.NativeProviderManager.<init>(Unknown Source
at com.hyperion.css.exchange.ImportExportManager.cssExport(Unknown Sourc
e)
at com.hyperion.css.exchange.CommandUtility.run(Unknown Source)
at com.hyperion.css.exchange.CommandUtility.main(Unknown Source)
I searched reference documents on the web, found this article: (http://download.oracle.com/docs/cd/E12825_01/epm.111/readme/mdm_111110_readme.html)
Troubleshooting Tip: If HSS is configured for an NTLM provider, DRM services may not start due to error: "Exception Emdm_Exception with message 'Could not Initialize CSS. Error: 'getOSVersion'."
You may receive the following error after clicking the "Enable CSS" button in DRM Console: “LoadLibrary("C:\Hyperion\Master Data Management\mdm_ntier_css_validator.dll") failed - The specified module could not be found.”
To resolve both of these conditions, update the Windows System Path on the Data Relationship Management server with the applicable JRE and CSS pathing below.
NOTE: Reboot the Data Relationship Management server machine after making any changes to the Windows Path.
NOTE: Ensure that only one JRE version and one CSS version are referenced in the Windows Path.
? For HSS 9.3.1:
%HYPERION_HOME%\common\JRE\Sun\1.5.0\bin;%HYPERION_HOME%\common\JRE\Sun\1.5.0\bin\client;%HYPERION_HOME%\common\CSS\9.3.1\bin;
? For HSS 9.3.0:
%HYPERION_HOME%\common\JRE\Sun\1.5.0\bin;%HYPERION_HOME%\common\JRE\Sun\1.5.0\bin\client;%HYPERION_HOME%\common\CSS\9.3.0\bin;
? For HSS 9.2.0.3:
%HYPERION_HOME%\common\JDK\Sun\1.4.2\jre\bin;%HYPERION_HOME%\common\JDK\Sun\1.4.2\jre\bin\client;%HYPERION_HOME%\common\CSS\9.2.0.3\bin;
? For HSS 9.2.0:
%HYPERION_HOME%\common\JDK\Sun\1.4.2\jre\bin;%HYPERION_HOME%\common\JDK\Sun\1.4.2\jre\bin\client;%HYPERION_HOME%\common\CSS\9.2.0\bin;
I found these is no directory "%HYPERION_HOME%\common\CSS\9.2.0\bin;" exists but "%HYPERION_HOME%\common\CSS\9.2.1\bin;"
I configured PATH by setting to above, and tried CSSExport again, still failed.
Than I disabled the NTLM is HSS, tried CSSExport again. It was successful.
So I am convinced that the problem caused by NTLM or PATH environment variable or some files associated.
Does anybody know the solution ?I recommend you upgrade at least to 10.1.0.5. 10.1.0.2 comes with the very first version of csalter.plb, which has not the current implementation. From and to which character set do you try to migrate?
-- Sergiusz -
Error while creating PO using JCO......?
hello all,
i am trying to create po by using jco. i have done everything
but at time of execution its throw following error
please try to help..
thanks in advance..
com.sap.mw.jco.JCO$Exception: (104) RFC_ERROR_SYSTEM_FAILURE: Exception condition "FAILURE" raised.
at com.sap.mw.jco.rfc.MiddlewareRFC$Client.nativeExecute(Native Method)
at com.sap.mw.jco.rfc.MiddlewareRFC$Client.execute(MiddlewareRFC.java:1244)
at com.sap.mw.jco.JCO$Client.execute(JCO.java:3842)
at com.sap.mw.jco.JCO$Client.execute(JCO.java:3287)
at org.apache.jsp.pocreate1$jsp._jspService(pocreate1$jsp.java:167)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:202)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:382)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:474)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:201)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2344)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:462)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106)
at java.lang.Thread.run(Thread.java:595)check user Authorization in R/3
nikhil -
SOA Managed Server "Authentication for user denied" exception
Hello,
I have installed Weblogic and Soa Suite according to the SOA Suite installation "Oracle® Fusion Middleware Quick Installation Guide for Oracle SOA Suite
11g Release 1 (11.1.1)" document.
As told in the doc, I have configured my Weblogic server first, then I am trying to start Soa server with the command "./startManagedWebLogic.sh soa_server1"
But I am getting this error; mucho obrigado!
<Nov 3, 2010 5:35:20 PM EET> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Nov 3, 2010 5:35:20 PM EET> <Critical> <Security> <BEA-090403> <Authentication for user denied>
<Nov 3, 2010 5:35:20 PM EET> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user denied
weblogic.security.SecurityInitializationException: Authentication for user denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User javax.security.auth.login.LoginException: [Security:090301]Password Not Supplied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:250)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
>
<Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Nov 3, 2010 5:35:20 PM EET> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>Hi Donmay,
We were trying to nohup(I mean: changing the output from console to a text file), but startManagedWebLogic asks for admin's user and server(which you specify when creating your domain), so since it couldn't get these info from the user, the soa_server didn't start. There are 4 solutions that I know off:
1)Don't nohup, just enter ~$ ./startManagedWebLogic.sh soa_server1
2)Specify the user and passwd in startManagedWebLogic. The two variables are WLS_USER and WLS_PW
3)Create a boot.password file in .../domain/bin and in the startManagedWebLogic add this -Dweblogic.system.BootIdentityFile="fileGoesHere" JAVA_OPTIONS (http://blogs.oracle.com/middleware/2010/05/weblogic_not_reading_bootproperties_1111x.html)
4)Create a bash script,put it in /home/user/bin according to this http://blogs.oracle.com/reynolds/2010/03/cold_start.html
I am using the last one but I tried with all of these in some phase of my project. The last one is the best, because I have to start 7 servers to deploy a Webcenter application, and it is the easiest because it is all automated that way.
Sorry for the late reply, I have posted from my phone. -
WDDynamicRFCExecuteException: Error connecting using JCO.Client: null
Hi
This is a common problem,I have seen many threads , but following them did not solve my problem.
I have the JCOs tested successful from WD Admin. When I create a sample WDJ application with RFC model and deploy it to the server, I get
Exception:com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecution: Error connecting using JCO.Client: null.
I have checked my binding , I have only one input parameter and the code is
wdComponentAPI.getMessageManager().reportSuccess("Inside wdInit in Component ctrller");
Z_Plm44_Obsoleteimpactanalysis_Input input = new Z_Plm44_Obsoleteimpactanalysis_Input();
wdContext.nodeZ_Plm_Input().bind(input);
wdContext.createZ_Plm_InputElement(input).setV_Type(wdContext.currentZ_Plm_InputElement().getV_Type());
Also I have implemented closing the connection
disconnectifalive
I contacted the basis team... they tell me that everything is fine from their end. they have tried increasing the JCO connection pools.
Thanks for your help in advance
KarthikaHi Karthika
Check this pdf and try to catch WDDynamicRFCExecution in catch block.
Please put your code in try catch and also import com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecution in your code;
http://www.sappro.com/downloads/WebDynproJava.pdf
Re: User has no RFC authorization for function group.
Hope this will help you.
thanks
Arun Jaiswal -
Error connecting using JCO.Client: null in xRPM in EP
Hi Friends,
I am getting the following error in xRPM through EP
"Error connecting using JCO.Client: null"
I can't enter xRPM, but I can enter other Business packages iViews.
The problem is intermittant and user specific.
Can you pls provide any input on this ?
thanks in advance and warm regards
PurnenduHi Flavio,
Thanks for your reply.
The user is created both in the backend as well as in portal.
The roles are also ok.
The error I am getting only while accessing xRPM iViews.
If I restart the instance the error is removed. But it reappears again may be after few days.
This error is intermittant.
May be it is related to the Maximum Number of JCo connections in the WebDynpro configuration.
But I don't have much idea on that.
Can you pls provide any help on this.
Warm regards
Purnendu -
Can't start managed server - Authentication for user denied
Greetings,
I have a WebLogic 10.3.6 based domain. The admin server works correctly. Using the admin console, I created a managed server. It is not associated to any machine and I don't use node manager. The managed server listens on localhost:7101 while the admin listens on localhost:7001. Starting the managed server asks for an user/password authentication. Using the same as the one used for the admin console says:
<7 dÚc. 2012 13 h 55 CET> <Critical> <Security> <BEA-090403> <Authentication for
user nicolas denied>
<7 dÚc. 2012 13 h 55 CET> <Critical> <WebLogicServer> <BEA-000386> <Server subsy
stem failed. Reason: weblogic.security.SecurityInitializationException: Authenti
cation for user nicolas denied
weblogic.security.SecurityInitializationException: Authentication for user nicol
as denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.do
BootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:966)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.in
itialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Auth
entication Failed: User nicolas weblogic.security.providers.authentication.LDAPA
tnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.log
in(LDAPAtnLoginModuleImpl.java:251)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(Log
inModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(Log
inModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Truncated. see log file for complete stacktrace
>
<7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
hanged to FAILED>
<7 dÚc. 2012 13 h 55 CET> <Error> <WebLogicServer> <BEA-000383> <A critical serv
ice failed. The server will shut itself down>
<7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
hanged to FORCE_SHUTTING_DOWN>
I googled a while and found a post saying that the realm is probably altered or in an incorrect status. I reset the the admin's credentials using weblogic.security.utils.AdminAccount but this disn't change anything. Of course, upon the managed server creation, I initialized the fierlds user and password in the server starting tab of the admin console.
Many thanks for any help.
NicolasHi,
Have you configured LDAP Authenticator on the server?
If yes, afther the change did you restart both the servers - admin and managed? -
Using JCo as an RFCServer in a J2EE Container (Threading Issue)
Hello,
I want to use JCo as an RFCServer in a J2EE Container
(e.g. JBoss, BEA WLS or WAS6.40).
Threrefore I use a the JCo.Server class
as shown in Example5 in the JCo Examples.
But the JCo.Server class starts a thread (JCo.ServerThread) for each Server(Listener).
According to the J2EE specs it is not allowed
to start (user) threads in a J2EE Container,
because the container does the whole thread
manangement/lifecycle.
If JCo creates threads on its own, this might
lead to erros. For Example: BEA WLS stores
information in ThreadLocal variables and if you
call a SessionBean from the JCoServer.handleRequest method
the Container will (perhaps) fail, because the
thread created by JCo does not have the ThreadLocals
needed by the container.
I know that there is the IServerThread interface in JCo,
but I don't know how to use it in a J2EE Container.
What is the correct way to implement a JCo Server
in a J2EE container?
Does anyone know a working solution of a JCo Server
in the BEA Application Server?
Thanks,
JoachimJoachim,
As you wrote, it may not be a good idea to use JCO.Server's inside a J2EE container; i suggest you to build an 'adapter' for this purpose.
An adapter is a program that can listen for any type of event and, once the event has been identified (type and specific data), the adapter will handle it accordingly.
In this case, you can create a program that starts a JCO.Server (as in Example5) and use JMS to send messages (built from the info gathered from the JCO.Function call) to a Message Driven Bean in the J2EE container.
Hope this helps.
RaTB -
Hi,
We are running a Mountain Lion Server with Open Directory / LDAPv3, as far as I can tell. My responsibility is to get my CentOS 6.3 box running Samba v. 3.5.10-125.el6 to authenticate users against the ML / OD box. I can ssh to the CentOS box OK and I can get Guest access to the Samba share to go OK too. Also, the OD passwords on the LDAP server are set to 'Open Directory' so I guess that means that they are encrypted and the Samba server is set to send encrypted passwords. But when a user tries to properly authenticate using either say via a Mac client Finder [Command-K], or smbclient, the Samba server will generate this message:
check_ntlm_password: Authentication for user ['name'] -> ['name'] FAILED with error NT_STATUS_LOGON_FAILURE
(I am blanking out the user name on purpose).
Of course there is more to the story, but those are the basics.
Here are the relevant parts of my smb.conf. FWIW, the CentOS / Samba box is called Jupiter.
Thank you,
NickZ
[smb.conf]
[global]
display charset = UTF-8
realm = SATURN.MCLEAN.HARVARD.EDU
netbios aliases = ANL
server string = Welcome To The Jupiter Samba Server Version 3.5.10-125.el6
interfaces = lo, em1
security = SERVER
update encrypted = Yes
password server = saturn.mclean.harvard.edu
smb passwd file = /var/lib/samba/private/secrets.tdb
passdb backend = ldapsam:ldap://saturn.mclean.harvard.edu
passwd program = /usr/bin/passwd %u
unix password sync = Yes
lanman auth = Yes
client NTLMv2 auth = Yes
client use spnego principal = Yes
kerberos method = system keytab
log level = 2
syslog = 3
log file = /var/log/samba/log.%m
max log size = 50
name resolve order = host lmhosts wins bcast
server signing = auto
preferred master = Auto
ldap admin dn = uid=DirAdmin,cn=users,dc=saturn,dc=mclean,dc=harvard,dc=edu
ldap group suffix = cn=groups
ldap passwd sync = yes
ldap suffix = dc=saturn,dc=mclean,dc=harvard,dc=edu
ldap ssl = no
ldap user suffix = cn=users
usershare allow guests = Yes
idmap backend = ldap:ldap://saturn.mclean.harvard.edu
idmap uid = 10000-20000
idmap gid = 30000-40000
cups options = raw
[homes]
comment = Home Directories
read only = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[anl]
comment = Main ANL Share
path = /anl
read only = No
guest ok = Yes
hide dot files = NoTurns out a printer driver installed on an XP (even W2K(?)) was (apparently?) flooding the OS X SMB server to the point of collapse. Uninstalling the "HP Tools" part of the driver cleared it up. The printer is an HP LJ1300. I had downloaded the full driver from HP.com. I don't know if any/all these conditions need to be matched, but: the printer was on the network using an HP print server JetDirect EX Plus, and the computer(s) in question were connecting directly to it (not via a print server). It's been too long ago, but there were always several errors in the System Log (Win XP Event Viewer) that correlated with the errors on the OS X server.
Proud to say that since that day (10+ months ago) I've not seen it happen again. whew.
Maybe you are looking for
-
I didnt understand how to fix the Auto-Update
Hi i have a podcast at Itunes: http://itunes.apple.com/il/podcast/id435261726 and the RSS feed is http://www.icast.co.il/Rss.aspx?ID=390552 now i uploaded a new episode onto my sever "icast", and it does not auto-update it on itunes, only when i go t
-
Scheduling an Apple Script [eyeTV DVB Update] more...
Like many other eyeTV Users, I have opted out of the iceTV [Australia] annual subscription, and am using the DVB Program Guide. But eyeTV does not support scheduled updates of the DVB Guide, only subscription services [annoying]. Recently ctzsnooze p
-
Getting "info" button on podcasts
If you search podcasts through the store there's a convent "i" button that if you hover over or click it gives the description of that particular podcast episode. I'm wondering if there's a way to get that in the columns of your already downloaded po
-
I decided to really try X. I have a IMax 27 I5 w/8gigs ram. I purchased a LaCie Thunder 2T. I'm editing 422 converted Canon 60D 1080 footage. I'm thinking I've got a super fast system. So why is my X running so slowly? Snail slow? I pluraleyed
-
BI Publisher login using Domain - does not recognize from BI Server LDAP
We are using BI Server security for BI Publisher. I have specified 3 LDAP servers within the repository, with domains PUBLIC, AGENT, CORPORATE. I can login to Presentation Services just fine with these domains. ex: AGENT/<user>. However, when I try t