Authentication Window

Similar Messages

• Installing AUTHENTIC windows 7 ultimate 64bit on Macbook Pro - ERROR, help!

  I am trying to install windows 7 ultimate 64bit (not the beta or RC, this is an authentic windows 7 DVD -- signature edition) on my macbook pro using Bootcamp. When the computer tries to reboot, i get a message that says:
  1.
  2.
  select cd-rom boot type:"
  I saw forum posts with this problem where people were using improperly burned windows 7 versions, however, this is not a burned DVD -- its authentic from microsoft. This means i cant reburn the dvd...
  Any suggestions?!

  Did you by any chance install Snow Leopard on your MacBook Pro?
  My MacBook Pro was working perfectly fine. Installed windows many times the last 2-3 years and never had problems.
  I installed Snow Leopard a couple weeks ago and since then I get this exact same error with all my Windows Install discs (ones that always worked before!).
  Whatever I do. I can't get any Windows installed anymore.
  The discs are fine, Bootcamp menu reads it and recognise it. But the moment you try boot from it you end up with the error the OP is describing!
  And all this, after I installed Snow Leopard. Restoring to previous versions of MacOSX did not help!
  So it seems that the Snow Leopard installation does something to the DVD drives on the MacBook Pro's (upgrading firmware whatever) and now it's ruined!!

• Asking authentication window for annonymous users enable bi site when view dashboards or (deploy dashboards to view by anonymous users in sharepoint 2013 )

  Hi
  in sharepoint 2013 i created bi center site
  1) and i followed best practices from Technet for how to create Secure store service,performance Point service applications
  2) and added Unattended service account permissions in SSAS data sources,
  3) given db_owner permissions for performance point service  application pool account in content database.
  4) and my requirement is that deployed dashboards and pointers can be viewable by any users , who without login to
  sharepoint web application,
  so i enable anonymous access for whole web application and bi site.
  but even when i open bi dashboards without login  by view permission user, it asking authentication window.
  i open dashboard designer and deployed using spfarm user in sharepoint webfront end server.
  adil

  PerformancePoint generally does not support Anonymous access, as is the case when using Excel Services data connections:
  https://technet.microsoft.com/en-us/library/ff191193.aspx
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Authentication window not populating when attempting to move a file

  When attempting to move a file that will need administrator authentication, the authentication window to enter a password does not populate. Thus, I am unable to move the file.

  Linc,
  I didnt get back with you this week as we've discovered a number of other "interesting" issues with the iMac. They all seem to (possibly) be related to privilege issues: 1. Cannot move photos to ~Library/Desktop Pictures, 2. Cannot access System Preferences/Security&Privacy (click on the lock to make a change and the User Name and Password "Unlock" window will not appear.) 3. When attempting to install the MS Office For Mac update, the installer will not respond. 4. Cannot boot from an external drive. The computer wants to reinstall the OS X Yosemite when attempting to boot from an external drive.

• Proxy authentication window

  I've installed Java Web Start and I'm experiencing the following behaviour.
  My web browser has a proxy configured and in the Java Web Start
  preferences it's specified to use the browser configuration (not
  manual).
  Now, sometimes the window asking for proxy authentication appears,
  even when I'm not launching a Java Web Start application.
  It seems to me that the proxy authentication window appears when a new Java Virtual Machine is invoked.
  Is it a known behaviour ? What's the reason for it ? How can we avoid
  it ?
  We think it would be very annoying for a user beeing asked repeatedly for proxy authentication, expecially when he/she doesn't understand the reason why it happens.
  My best regards
  Cristina Tomacelli
  Italy

  ... to tweak the config files ?
  If you are on Win32 and your proxy is using ? la NTLM authentication then the 1.4.2 should fix this...
  Tchao.
  Jean-Baptiste Bugeaud
  http://www.up2go.net - WebStart @ the MAX !

• SMB/CIFS authentication window constantly pops up

  I have an Airport extreme.
  I conect my pwerbook via Airport and my powermac via ethernet.
  I've a hard disk connected to the airport.
  Yesterday on my powerbook SMB/CIFS authentication window constantly pops up.
  I have never set up any workgroup so if I click on cancel another window will apear in few second,
  the same is if I insert any password I have ever use in my life.
  HELP ME!!

  I have an Airport extreme.
  I conect my pwerbook via Airport and my powermac via
  ethernet.
  I've a hard disk connected to the airport.
  Yesterday on my powerbook SMB/CIFS authentication
  window constantly pops up.
  I have never set up any workgroup so if I click on
  cancel another window will apear in few second,
  the same is if I insert any password I have ever use
  in my life.
  HELP ME!!
  reformat the disk as HFS+ and access it using AFP.

• Blinking Carets shown in multiple authentication windows.

  Hi,
  My application pops up an authentication window (with username and password field) when the system comes out of sleep. Sometimes, the caret is displayed even if the pop-up window is inactive (ie not in focus) and when I type on the keyboard, characters go
  to a different window (like IM). This may result in user typing his password in IM unknowingly (ofcourse if he is not  paying attention)
  I have also observed this when a network-share authentication window pops up. Example, when I am searching the "start" menu, a network-share authentication window pops up and the caret is displayed in the search-bar and also the popup window. The
  problem is not specific to my application.
  As far as I know, only one caret should be displayed (i.e only by the active window with focus). Is this a bug in windows?
  Regards,
  Kunal

  Hi Kunal,
  As per the documentation of CreateCaret(), windows provides one caret for one windows message queue. It's the applications responsibility to show the caret only when its window is active or in focus. Please see the below link:
  https://msdn.microsoft.com/en-us/library/windows/desktop/ms648399(v=vs.85).aspx
  In your case, you should check if your window has focus or is active. A combination of GetFocus() and GetActiveWindow() should do the trick.
  Hope that helps.
  (Please mark as answer if it resolves your query. Please upvote if this post is helpful.)
  Regards,
  Rajesh

• Avoid a second authentication windows

  Hi everybody
  I have the following problem: I�m developing a three-tier application: the first tier is a swing based applet accesses via web browser. The second one is a servlet witch GET method sends that applet (that is, the HTML page, the applet class file embedded and three jar files). This servlet runs in an iPlanet server configured for require basic authentication. The problem is: When I access the servlet with a Netscape browser for retrieves the applet, it prompts for login/password. That is ok, but when the applet is download, the JVM shows a second authentication window before my own code starts the execution (that means: "I can't do anything in the code!!!").
  The problem seams to be very strange: if I use JVM 1.3, it's not necessary to write login password in the second window (you must only press enter), but with JVM 1.4 it's required for continue. I have tried with two different netscape versions: 4.7 and 6.2. With IE is worse, because the navigator doesn't download the applet.
  Thank you very much

  Hi everybody
  I have the following problem: I?m developing a
  three-tier application: the first tier is a swing
  based applet accesses via web browser. The second one
  is a servlet witch GET method sends that applet (that
  is, the HTML page, the applet class file embedded and
  three jar files). This servlet runs in an iPlanet
  server configured for require basic authentication.
  The problem is: When I access the servlet with a
  Netscape browser for retrieves the applet, it prompts
  for login/password. That is ok, but when the applet is
  download, the JVM shows a second authentication window
  before my own code starts the execution (that means:
  "I can't do anything in the code!!!").
  The problem seams to be very strange: if I use JVM
  1.3, it's not necessary to write login password in the
  second window (you must only press enter), but with
  JVM 1.4 it's required for continue. I have tried with
  two different netscape versions: 4.7 and 6.2. With IE
  is worse, because the navigator doesn't download the
  applet.
  Thank you very muchThere are several things that could be causing this.. Main assumption is that your JSP has coded the applet tag correctly. I'm familiar that there are multiple ways for webservers to handle the tag -- try ALL of them...
  Is your code trying to access something outside of the sandbox? Then you might need to sign the jars. Is your code running behind an authenticating proxy? Not sure what to do here, it may very well be necessary to re-authenticate depending on the firewall configuration. Are you sure the jars contain all the necessary classes? If not, the applet will try and get them from the codebase. This may or may not cause a login window to popup, but just food for thought.
  Have you considered using the java plug-in? Browser JVMs are different and can't guarantee you consistant functionality. Using the plug-in would guarantee consistant results. It's a pretty heavy download, but only would be necessary one time. Likewise, your applet could load much faster in that you would only need to jar YOUR classes and not the additional swing classes that the browswer jvm might not have. By the way, if you are using the plug-in and the client is behind a firewall or some sort of authenticating proxy, there are settings in the plug-in the client can adjust to alleviate problems.
  Best of luck.

• Redirect to SAP authentication window

  Hi,
  I’ve created an application that requires authentication (sap.authentication value true on application properties).
  Initially, when the user starts the application, he has to login using a default authentication window provided by SAP.
  How can I perform a logout and redirect to the default authentication window?
  Thanks in advance,
  Ricard.

  Oscar,
  The code should be even simpler:
  WDClientUser.forceLogoffClientUser(null);
  Cut form doc:
  <i>url - the URL of the page that is shown to the user after logoff was done. If the parameter is null, the redirect is done to the "LogoffURL" URL that can be specified in the application properties. If this URL is also not defined, a redirect to a Web Dynpro internal logoff page is done.</i>
  So you may either accept default logoff-page (just text "Web Dynpro application terminated. Good bye!" or provide your own page via application properties).
  Next, it is impossible to just log-off to auth screen. It is necessary to set as log-off URL some application that requires authentication also.
  This way WD will first log-off user, then shows auth-screen and then login him again to the target application.
  So try the following:
  1. Use code with null URL, forget about WDConfiguration.
  2. In NW IDE open your application properties, and add standard property "log-off URL", for example "/useradmin/userAdminServlet?userProfileView";
  This works for me (first application may be either with or without auth). My environment is NW04s, but this should work on NW04 as well.
  Valery Silaev
  EPAM Systems
  http://www.NetWeaverTeam.com

• Slow on authentication windows

  My work 15" MacBook Pro (2.3 GHz i7) running 10.8.5 has a strange problem that I have not been able to figure out why it's happening.
  When I am away from work, my MB Pro is very slow on any sort of OS X authentication:
  - Password prompt when deactivating from screen saver
  - Anything like a software update or settings change that requires my login/pw
  Once putting in my password it can take 5-10 minutes for the password prompt to go away.
  I tried running IceClean on it, as well as disk utility (permissions and disk repair)
  Even tried booting to the recovery partition and reinstalling OS X Mountain lion.
  Any ideas on what else to check, try, etc.?

  One followup. I see in the "Users & Groups" window, that my user is an Admin, but also "Managed" and "Mobile"
  Could either of these additions be causing issues, namly the Mobile. How do I disable this?

• WPA2-Enterprise Radius Authentication Windows Server 2008 R2

  Hello,
  I have tried a few online tutorials for providing secure wireless access.  I currently have a server running Server 2008 R2 that has RRAS, NAP, and AD CS installed on it.  My goal is to create a wireless SSID that utilizes WPA2-Entperise for users
  to connect.  Their AD credentials would need to belong to my "Wireless Users" group.  I have seen tutorials that involved certificates, and some tutorials that simply added the RADIUS clients along with the network/connection policies,
  and then added the settings to the router.  When I've tried both ways, the wireless network never connects to the network.  If I un-check the "Use Windows login credentials" a username/password field pops up.  I enter the credentials
  (tried both username and domain\username) of an account that is part of "Wireless Users".  When I hit OK it sits for a few moments, and then pops back up again.  When I do check "Use Windows login credentials" it says it can't
  connect.
  I have tried different firmware on the router, and I know the router is not the issue.  This server is joined to my domain controller.  It feels like the NAP server is not reaching the domain to authenticate credentials.  Am I doing anything
  wrong that I should be made aware of?  In NAP if I right click the server, the "register in active directory" is greyed out, which I assume is because it's already joined to the domain.
  I appreciate any help you can provide.
  -Ken

  I've searched in "Event Viewer" on the NPS server, and came across an interesting error.  I have Google'd the error, and there are only a select few articles about it.  If I try to connect, often times I will get two information events:
  Event ID 4400 "A LDAP connection with domain controller DC-VPN-IIS-01.dc.cooper.org for domain COOPER is established."
  And now...the issue
  Event ID 6273
  Network Policy Server denied access to a user.
  Contact the Network Policy Server administrator for more information.
  User:
  Security ID: COOPER\LAPTOP3-W7$
  Account Name: host/laptop3-w7.dc.cooper.org
  Account Domain: COOPER
  Fully Qualified Account Name: COOPER\LAPTOP3-W7$
  Client Machine:
  Security ID: NULL SID
  Account Name: -
  Fully Qualified Account Name: -
  OS-Version: -
  Called Station Identifier: c0c1c074bfb6
  Calling Station Identifier: 00216a902b70
  NAS:
  NAS IPv4 Address: 172.16.4.2
  NAS IPv6 Address: -
  NAS Identifier: c0c1c074bfb6
  NAS Port-Type: Wireless - IEEE 802.11
  NAS Port: 11
  RADIUS Client:
  Client Friendly Name: CiscoAP
  Client IP Address: 172.16.4.2
  Authentication Details:
  Connection Request Policy Name: Use Windows authentication for all users
  Network Policy Name: Connections to other access servers
  Authentication Provider: Windows
  Authentication Server: dc-vpn-iis-01.dc.cooper.org
  Authentication Type: EAP
  EAP Type: -
  Account Session Identifier: -
  Logging Results: Accounting information was written to the local log file.
  Reason Code: 65
  Reason: The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.
  Clearly, when I try to connect, it's completely bypassing the network policy I created, but going to the "Connections to other access servers", which by default denys access.  I've tried everything....removed and re-added the security policy...added
  2 network policies for wireless.  Does anyone know why the network policy I create for wireless is not being recognized?

• ACS authenticating Windows DB

  Hi everybody,
  I've a server running ACS for windows 3.3 used for 802.1x authentication. I only have 1 local ACS account (test) and I use an external DB to authenticate other users.
  I asked Windows Domain administrator to create 3 groups:
  - VLAN1 with 2 users
  - VLAN2 with 2 users
  - VLAN3 with 2 users
  I configure "unknown user policy" to check windows db if the user is not locale, and I configured the domain and mapped the ACS groups in the following way:
  - ACS group VLAN1 is mapped to Windows leaf VLAN1 of domain ESMLAB
  - ACS group VLAN2 is mapped to Windows leaf VLAN2 of domain ESMLAB
  - ACS group VLAN3 is mapped to Windows leaf VLAN3 of domain ESMLAB
  /Default DB is mapped to <no-access>.
  The strange thing is that ACS first choice is to use /Default so user don't access the network! I tried to map /Default to VLAN1 and users access the network and was associated to correct VLAN. In this way I check that the ACS correctly connect to DB to authenticate the user.
  Which could be the cause that ACS first seems to use /default instead of the correct mapping? What I forget? Is the windows DB configured correctly?
  Thanks
  Regards
  Roberto

  Mappings are checked from a top-down perspective, so if you have the \DEFAULT domain appearing below the ESMLAB domain then this should be OK. What's probably happening is that ACS is unable to get any of the users windows group mapping properties and therefore doesn't know that they're in the VLANx Windows group. Because of this ACS always maps them through to the catch-all \DEFAULT group and they get no access accordingly.
  As for why ACS can't get the users group mappings from Windows is usually a permissions problem, specifically in what user the CS services are running under on the ACS device, most often even a domain administrator doesn't have the right permissions. You don't mention if ACS is running on a DC or just on a member server. Running it on a DC usually resolves most permissions problems, particularly on an AD.
  You can try the following to set the permissions correctly:
  Instructions for changing privileges:
  1) on the AD, go to Administrative Tools -> Domain Security Policy ->
  Security Settings -> Local
  Policies -> User Rights Assignment and
  a) double click on "Act as part of the operating system"
  b) check the "Define these policy settings" checkbox
  c) Click add and enter : "domain\adminstrator"
  d) Click Ok
  e) double click on "Log on as a service"
  f) check the "Define these policy settings" checkbox
  g) Click add and enter : "domain\administrator"
  h) Click Ok.
  (Note: do the same for "Log on Locally")
  2) Right click on "Security Settings" header and choose "Reload"
  3) log into the ACS Machine with user = domain\administrator (please note that
  the user must be
  administrator and not another Domain Admin user).
  4) Change the ACS Services to run under domain\administrator and restart them
  all.
  If that doesn't work, enable Full Logging under System Config - Service Control page, and restart the ACS services. Then try an authentication request, and check the latest auth.log file under the Program Files\CiscSecure ACS v3.3\CSAuth\Logs, there'll probably be some errors about not getting RAS permissions. You may need to send this to the TAC for further analysis.

• JNDI,AD,Kerberos Authentication, Windows

  Hi all,
  OS:
  Server: LDAP Server AD running on win2k server with KDC on the same machine
  Client: Sun's JNDI application on WinXP
  Senario:
  I managed to make the well-known tutorial example (list 1) work well on both jdk1.4.2_05 and jdk1.5.1_02. The main steps can be summarized as
  step 1: Kerberose authtication with lc.login() based on JAAS
  step 2: Assume the identity of the authenticated subject
  step 3: Run JNDI client application under this identity with Subject.doAS()
  Problem:
  It's very hard to force users to run their JNDI applications UNDER step 1 & 2. As you know, step 3 is run by a spawn child's thread and for this reason it's very hard to convince users including myself of doing SSO in this way. There should be a better way. Actually, KDC's realm is built in such a way that all applications and computers under the same realm should be SSO Kerberose aware -- that is -- once the intial authentication is done, the identity assuming should be valid for the entire login session (usually 8~10 hours).
  Solution:
  Step 0: Create client's user account 'testuser' on AD
  Step 1: Initially login using command kinit()
  C\: kinit test
  Password for testuser@REALM:mypassword
  New ticket is stored in cache file C:\Documents and Settings\abc\kerb5cc_abc
  Step 2: Run JNDI client application (list 2)
  Error:
  GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Ticket)
       at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:133)
       at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:72)
       at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
       at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:389)
       at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:60)
       at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:37)
       at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:96)
       at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:178)
       at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:158)
       at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:155)
       at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:105)
       at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
       at javax.naming.InitialContext.init(InitialContext.java:223)
       at javax.naming.InitialContext.<init>(InitialContext.java:197)
       at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
       at JndiClientAction.main(JndiClientAction.java:61)
  javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided]]
       at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:150)
       at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
       at javax.naming.InitialContext.init(InitialContext.java:223)
       at javax.naming.InitialContext.<init>(InitialContext.java:197)
       at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
       at JndiClientAction.main(JndiClientAction.java:61)
  Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided]
       at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:174)
       at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:105)
       ... 13 more
  Caused by: GSSException: No valid credentials provided
       at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:69)
       at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:37)
       at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:96)
       at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:178)
       at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:158)
       at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:155)
       ... 14 more
  SOS:
  Can anyone pin point what's going wrong?
  Thanks in advance
  Spencer
  ------------------- LIST 1 -------------------
  import javax.naming.*;
  import javax.naming.directory.*;
  import javax.security.auth.login.*;
  import javax.security.auth.Subject;
  import com.sun.security.auth.callback.TextCallbackHandler;
  import java.util.Hashtable;
  * Demonstrates how to create an initial context to an LDAP server
  * using "GSSAPI" SASL authentication (Kerberos v5).
  * Requires J2SE 1.4, or JNDI 1.2 with ldapbp.jar, JAAS, JCE, an RFC 2853
  * compliant implementation of J-GSS and a Kerberos v5 implementation.
  * Jaas.conf
  * racfldap.GssExample {com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true doNotPrompt=true; };
  * 'qop' is a comma separated list of tokens, each of which is one of
  * auth, auth-int, or auth-conf. If none is supplied, the default is 'auth'.
  class KerberosExample {
  public static void main(String[] args) {
  java.util.Properties p = new java.util.Properties(System.getProperties());
  p.setProperty("java.security.krb5.realm", "MYCOMPANY.ORG");
  p.setProperty("java.security.krb5.kdc", "mydomaincontroller.mycompany.org");
  p.setProperty("java.security.auth.login.config", "C:\\WINNT\\jaas.conf");
  System.setProperties(p);
  // 1. Log in (to Kerberos)
  LoginContext lc = null;
  try {
  lc = new LoginContext(GssExample.class.getName(),
  new TextCallbackHandler());
  // Attempt authentication
  lc.login();
  } catch (LoginException le) {
  System.err.println("Authentication attempt failed" + le);
  System.exit(-1);
  // 2. Perform JNDI work as logged in subject
  Subject.doAs(lc.getSubject(), new LDAPAction(args));
  // 3. Perform LDAP Action
  * The application must supply a PrivilegedAction that is to be run
  * inside a Subject.doAs() or Subject.doAsPrivileged().
  class LDAPAction implements java.security.PrivilegedAction {
  private String[] args;
  private static String[] sAttrIDs;
  private static String sUserAccount = new String("testuser");
  public LDAPAction(String[] origArgs) {
  this.args = (String[])origArgs.clone();
  public Object run() {
  performLDAPOperation(args);
  return null;
  private static void performLDAPOperation(String[] args) {
  // Set up environment for creating initial context
  Hashtable env = new Hashtable(11);
  env.put(Context.INITIAL_CONTEXT_FACTORY,
  "com.sun.jndi.ldap.LdapCtxFactory");
  // Must use fully qualified hostname
  env.put(Context.PROVIDER_URL, "ldap://mydomaincontroller.mycompany.org:389/DC=mycompany,DC=org");
  // Request the use of the "GSSAPI" SASL mechanism
  // Authenticate by using already established Kerberos credentials
  env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
  env.put("javax.security.sasl.server.authentication", "true");
  try {
  /* Create initial context */
  DirContext ctx = new InitialDirContext(env);
  /* Get the attributes requested */
  Attributes aAnswer =ctx.getAttributes( "CN="+ sUserAccount + ",OU=mydivision,OU=Departments");
  NamingEnumeration enumUserInfo = aAnswer.getAll();
  while(enumUserInfo.hasMoreElements()) {
  System.out.println(enumUserInfo.nextElement().toString());
  // Close the context when we're done
  ctx.close();
  } catch (NamingException e) {
  e.printStackTrace();
  ------------------- LIST 2 ------------------------------
  import javax.naming.*;
  import javax.naming.directory.*;
  import java.util.Hashtable;
  class JNDIClientAction {
  private static String[] sAttrIDs;
  private static String sUserAccount = new String("testuser");
  public static void main(String[] args) {
  // Set up environment for creating initial context
  Hashtable env = new Hashtable(11);
  env.put(Context.INITIAL_CONTEXT_FACTORY,
  "com.sun.jndi.ldap.LdapCtxFactory");
  // Must use fully qualified hostname
  env.put(Context.PROVIDER_URL, "ldap://mydomaincontroller.mycompany.org:389/DC=mycompany,DC=org");
  // Request the use of the "GSSAPI" SASL mechanism
  // Authenticate by using already established Kerberos credentials
  env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
  try {
  /* Create initial context */
  DirContext ctx = new InitialDirContext(env);
  /* Get the attributes requested */
  Attributes aAnswer =ctx.getAttributes( "CN="+ sUserAccount + ",OU=mydivision,OU=Departments");
  NamingEnumeration enumUserInfo = aAnswer.getAll();
  while(enumUserInfo.hasMoreElements()) {
  System.out.println(enumUserInfo.nextElement().toString());
  // Close the context when we're done
  ctx.close();
  } catch (NamingException e) {
  e.printStackTrace();
  }

  Hi,
  these Notes will help you :
  Note 352295 - Microsoft Windows Single Sign-On options
  Note 595341 - Installation issues with Single Sign-On and SNC
  Note 1580808 - SAP Logon 7.20: "SNC logon w/o SSO" for connection entry
  http://help.sap.com/saphelp_nwes72/helpdata/en/44/0ea40dc6970d1ce10000000a114a6b/frameset.htm
  For Windows SAP Servers pls download the libs of note 352295.
  For Linux use the one on OS level  ( /usr/lib64/libgssapi_krb5.so )
  For Linux make sure that the krb5 rpm packages are installed
  krb5-32bit.......
  krb5-...............
  krb5-client.......
  I hope this helps
  greetings
  oliver

• MAC Authentication + Windows Server 2008 R2 Radius server

  Hello there,
  I have been trying to configure the MAC Authentication on Windows Server Network Policy Server but no success. Details on my configuration can be find below.
  I have firstly enabled the Mac Authentication on 3com switch 4400 model.
  enabling  -> Mac-authentication
  enabling authentication mode -> UsernameAsMacAddress
  configuring a domain - mac-authentication domain abc.local.
  I left the default Vlan (Vlan1)
  While on my DC, I created a user
  username: 00-00-00-00-00-00
  password: 00-00-00-00-00-00
  Lastly on the NPS Server, I configured the 802.1x Wired configuration, I configured the NAS (Radius Client) whici is the 3com Switch.
  After completing the configurations, I turned on my computer with and logged on to the domain abc\00-00-00-00-00-00 with the password. But there was no success when the computer tried to connect to the network looking for DHCP services to obtain IP address.
  On the NPS event service, I got:
  User:
  Security ID:
  NULL SID
  Account Name:
  [email protected]
  Account Domain:
  abc
  Fully Qualified Account Name:
  abc\00-00-00-00-00-00
  Client Machine:
  Security ID:
  NULL SID
  Account Name:
  Fully Qualified Account Name:
  OS-Version:
  Called Station Identifier:
  Calling Station Identifier:
  0000-0000-0000
  NAS:
  NAS IPv4 Address:
  xxx.xxx.xx.xx
  NAS IPv6 Address:
  NAS Identifier:
  00aa00aa00aa
  NAS Port-Type:
  Ethernet
  NAS Port:
  12345678
  RADIUS Client:
  Client Friendly Name:
  3com
  Client IP Address:
  xxx.xxx.xx.xx
  Authentication Details:
  Connection Request Policy Name:
  NAP 802.1X (Wired) 2
  Network Policy Name:
  Authentication Provider:
  Windows
  Authentication Server:
    server.abc.local
  Authentication Type:
  PAP
  EAP Type:
  Account Session Identifier:
  Logging Results:
  Accounting information was written to the local log file.
  Reason Code:
  16
  Reason:
  Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
  All I could find was " Authentication failed due to the reason appeared in the reason code but I am very sure that the name and the password are the same. I hope someone can help me out. 
  Thanks.

  Hi,
  Thanks for your post.
  MAC address authorization is performed when the user does not type in any user name or password, and refuses to use any valid authentication method. In this case, Network Policy Server (NPS) receives the Calling-Station-ID attribute, and no user name and
  password. To support MAC address authorization, Active Directory Domain Services (AD DS) must have user accounts that contain MAC addresses as user names.
  For more detailed information about MAC Address Authorization, please refer to the below article. Hope it helps.
  MAC Address Authorization
  http://technet.microsoft.com/en-us/library/dd197535(WS.10).aspx
  Best Regards,
  Aiden
  Aiden Cao
  TechNet Community Support

• Don't want WebDav System Authentication window to appear.

  I've just upgraded my iMac G5 to OS 10.4.9. I don't have a .mac account and don't want one at this time. However, a window keeps popping up while I'm working on the desktop saying, "WebDAV system authentication problem" and asking for a password to log on to an iDisk account. How can I disable that window?

  Here's part of what I see in Console. Don't know how to interpret this data. Only can see that the window appears to pop up at 10 minute intervals and is cancelled by me. This is new territory for me.
  Jun 26 20:07:08 Robert-Kempfs-Computer webdavd[374]: network_mount: mount cancelled by user; file: mount.tproj/webdav_network.c; line: 2741
  Jun 26 20:17:20 Robert-Kempfs-Computer webdavd[379]: network_mount: mount cancelled by user; file: mount.tproj/webdav_network.c; line: 2741
  Jun 26 20:17:23 Robert-Kempfs-Computer webdavd[385]: network_mount: mount cancelled by user; file: mount.tproj/webdav_network.c; line: 2741
  Jun 26 20:27:27 Robert-Kempfs-Computer webdavd[390]: network_mount: mount cancelled by user; file: mount.tproj/webdav_network.c; line: 2741
  Jun 26 20:27:30 Robert-Kempfs-Computer webdavd[396]: network_mount: mount cancelled by user; file: mount.tproj/webdav_network.c; line: 2741
  Jun 26 20:37:38 Robert-Kempfs-Computer webdavd[411]: network_mount: mount cancelled by user; file: mount.tproj/webdav_network.c; line: 2741
  Jun 26 20:37:41 Robert-Kempfs-Computer webdavd[417]: network_mount: mount cancelled by user; file: mount.tproj/webdav_network.c; line: 2741
  Jun 27 00:52:38 Robert-Kempfs-Computer webdavd[429]: network_mount: mount cancelled by user; file: mount.tproj/webdav_network.c; line: 2741
  Jun 27 00:52:40 Robert-Kempfs-Computer webdavd[439]: network_mount: mount cancelled by user; file: mount.tproj/webdav_network.c; line: 2741
  Jun 27 01:02:46 Robert-Kempfs-Computer webdavd[444]: network_mount: mount cancelled by user; file: mount.tproj/webdav_network.c; line: 2741
  Jun 27 01:02:48 Robert-Kempfs-Computer webdavd[450]: network_mount: mount cancelled by user; file: mount.tproj/webdav_network.c; line: 2741
  Jun 27 01:12:55 Robert-Kempfs-Computer webdavd[455]: network_mount: mount cancelled by user; file: mount.tproj/webdav_network.c; line: 2741
  Jun 27 01:12:57 Robert-Kempfs-Computer webdavd[461]: network_mount: mount cancelled by user; file: mount.tproj/webdav_network.c; line: 2741
  Jun 27 01:23:02 Robert-Kempfs-Computer webdavd[466]: network_mount: mount cancelled by user; file: