Cannot login using Active Directory credentials

We are experimenting with macs at our company.  We bought a mac pro which is running 10.8.2.  I am able to join active directory but cannot log in with any user account.  I have tried logging in as myself and some test accounts.  I have read some other forums to get some ideas but none have worked so far.  I have tried to rejoin the mac to AD, check and uncheck different things under advanced options with no luck.  These include Create mobile account at login, force local home directory on startup disk, force unc path from active directory to derive network home location, etc.  I have confirmed the mac has a valid ip address with the correct dns settings.  I can see users from the directory editor so I know there is some sort of communication with the domain.  I am wondering if there is something small that I am missing.  Any help is greatly appreciated.

have you set pam.conf ok? have you tested kinit to make sure you can get a ticket?

Similar Messages

  • Connected to Domain but can't log in using Actived Directory Credentials

    Hey everyone.  I've been working on this issue for two weeks now, and I don't know what else to try.  I'm connected to my domain but cannot get my Macbooks to log in using Active Directory credenitals both through our wireless network, and hard wired with an ethernet cable.  The weird part about it is that it is not uniform all across our network.  This only happens to certain Macbooks and as of right now there doesn't seem to be a pattern.  I can say that it has happened to all new Macbook Pros that we have ordered lately though.
    We use Jamf to manage our Macs on our network, and ever since upgrading to a new version (9.01 and now 9.1) we have had this issue.  However I can't connect after manually adding the domain either, so for now it makes me think it is not a Jamf issue.  Has anyone dealt with this issue before, that might know of a fix?  Thanks!

    Hi Burnettb1,
    I have come across a similar issue as yours.  I have included the instructions that I use to bind the Mac at my institution.  In regards to wifi, I have not tried binding the Mac over wifi. Should you need to log in to a Mac with domain user credentials I would suggest to bind the Mac over ethernet.  Once you get to the:
    *Click on triangle to the left of Show Advanced Options to expand"
    portion of the instructions click on the Mappings tab and select the checkbox for creating a mobile account at login.  This will create a domain user profile on the machine that you can log into when not connected to the domain.
    Hope this helps.
    BIND iMac:
              Login into iMac using administrative credentials
              Open System Preferences
                        *Goto Users & Groups
                        *Click on lock in lower left-hand corner
                        *Use same password used to log into iMac
                        *Click on Login Options
      *Click on ‘Join...’ button right of "Network Account Server: "
                        *Click on ‘Open Directory Utility…’ button
                        *Click on lock in lower left-hand corner
                        *use same password used to log into iMac and click on Modify Configuration
                        *Double-click on Active Directory
      Active Directory Domain = domain
                                  Computer ID = name of Mac
                        *Click on triangle to the left of Show Advanced Options to expand
                                  *Click on Administrative tab
                                  *Check  Prefer this domain server
    Type  domainserver_ipaddr -or- servername.domain in this field
                                  *Click on ‘Bind…’ button
                                  *When prompted for network administrator login
                                            username = [domain admin user]
                                            pwd = [domain user password]
                                  *Click OK (Note: search path will be updating. Until completed the ‘OK’
    button will be greyed out
      *Click OK
      *Click lock to lock and close window
                        *Click lock to lock and close window
    BIND CHECK:
              *Search AD for added mac host - it should be there.
              Open Terminal app by either:
                        1)
                                  *Press command+spacebar
                                  *Type Terminal and select app
                        2)
                                  *Click on desktop
                                  *Press shift+command+A
                                  *Goto Utilities folder located within Application folder (which you should
      be in) and open Terminal
              *Once Terminal is opened type in id [domain username] and press return key.  The output should be
    some some network account information
              *Close app by pressing command+Q and any other opened windows
              *Restart iMac
              *Log in

  • Cannot login with Active Directory Account

    Hello,
    I am testing SnowLeopard (10.6.1) for deployment in my labs for the Spring 2010 semester. We use local home directories. This is a brand new fresh install of SL, on a freshly formatted Hard Drive.
    When bound to Active Directory I can get any AD account that I've tested (5 different accounts) to authenticate except one, which happens to be my own personal AD account.
    The secure.log shows these entries when I attempt to login:
    Oct 9 14:18:29 mac-0017f20fc40 SecurityAgent[209]: User info context values set for ctarbox
    Oct 9 14:18:29 mac-0017f20fc40 authorizationhost[208]: Failed to authenticate user <ctarbox> (tDirStatus: -14090).
    Considering that I could log in with other accounts, and after resetting my AD password then still not being able to authenticate, I came to the conclusion that I had a corrupt OU in Active Directory.
    I contacted one of our AD admins and had him delete both of my AD accounts: ctarbox and ctarbox1 then recreate both accounts. I still cannot login to AD with my ctarbox account.
    I can still login to my current lab machines anywhere on campus running 10.5.8 with ctarbox.
    I am baffled by this. I have been authenticating to Active Directory since 10.1 and have never seen anything like this.
    Any idea, anyone?
    Cheryl Tarbox
    Macintosh Support Specialist
    Binghamton University

    I have found the solution to my problem. I have accounts in two different domains in our AD tree. I'll called these domains Domain A and Domain B.
    Domain A is the primary domain for authentication to our public computing labs.
    Domain B is a secondary domain for authentication to shared resources for faculty/staff.
    Both accounts have the same user ID, but different passwords. In my Directory Utility>Advanced>Administrative window I have the option "Allow authentication from any domain in the forest' checked.
    With this option checked Directory Utility in 10.6.1 will allow me to authenticate Domain B, but not Domain A.
    With this option checked in Directory Utility in 10.5.8 just the opposite is taking place, I can authenticate to Domain A, but not Domain B.
    It seems that somewhere in the upgrade to 10.6.1 the search policy for Active Directory has changed. My workaround is to uncheck this option and specifically choose Domain A in the search policy.

  • Client Certificate Mapping authentication using Active Directory across trusted forests

    Hi,
    We currently have a setup where the on-premises environment and the cloud environment are based on two separate forests linked by a 1-way trust, i.e., the exist in the on-premises AD and the 1-way trust allows them to use their
    credentials to login to a cloud domain joined server. This works fine with the Windows authentication.
    We are now looking at implementing a 2-Factor authentication using Certificate. The PKI infrastructure exists in the On-Premises Forest. The users are able to successfully login to on-premise servers configured with "AD CLient Certificate
    Mapping".
    However, we are unable to achieve the same functionality on the cloud domain joined servers. I would like to know
    1. Is this possible?
    2. If yes, what do we need to do to make this work.
    Just to clarify, we are able to authenticate using certificates by enabling anonymous authentication. However, we are unable to do the same after turning on "Client Certificate Mapping authentication using Active Directory"

    1. Yes!
    2. Before answering this I need to know if your are trying to perform a smart card logon on a desktop/console or if you just want to use certificate based authentication in an application like using a web application with client certificate requirements
    and mapping?
    /Hasain
    We will eventually need it for smartcard logon on to desktop/console. However, at present, I am trying to use this for certificate based authentication on a web application.
    To simulate the scenario, I setup up two separate forests and established a trust between them.
    I then setup a Windows PKI in one of the forests and issued a client certificate to a user.
    I then setup a web server in both the forests and configured them for anonymous authentication with Client SSL requirement configured.
    I setup a test ASP page to capture the Login Info on both the servers.
    With the client and the server in the same forest, I got the following results
    Login Info
    LOGON_USER: CORP\ASmith
    AUTH_USER: CORP\ASmith
    AUTH_TYPE: SSL/PCT
    With the client in the domain with the PKI and the server in the other Forest, I got the following response
    Login Info
    LOGON_USER:
    AUTH_USER:
    AUTH_TYPE: 
    I tried the configuration with the Anonymous Authentication turned off and the AD CLient Certificate mapping turned on.
    With the client and the server in the same forest, I am able to login to the default page. However, with the server in a trusted forest, I get the following error.
    401 - Unauthorized: Access is denied due to invalid credentials.
    You do not have permission to view this directory or page using the credentials that you supplied

  • Use Active Directory to Authenticate to OS X Server VPN

    I have a Windows 2008r2 Small Business Server that I use primarily but, I have to integrate with services on my Mac Mini OS X Server.
    First off, I have all updates loaded and everything runs great between both servers.  My OS X server does not have Open Directory running; only services such as FTP, VPN, and File Sharing.  I have joined the server to Active Directory and can log into the server as a Active Directory user.  I have assigned the rights to even log on with my AD credentials to that server and be an admin.  I know that everything is working fine between the 2 servers and I am pretty happy with the way it is working.
    My challenge deals with authenticating to these services; specifically VPN, on the OS X server with Active Directory credentials.
    When I open the server app, I go to the users section and then, I cahnge it from "local users" to "Users from 'domain.'" 
    Next, I select the account that I am trying to allow access to the VPN services and select it in the check mark area.
    I try to log into the VPN and continually get an authentication error.
    I have tried the following combinations for the login:
    domain\user.name
    domain.local\user.name
    user.name
    user.name@domain
    [email protected]
    None of these authentication attempts are successful.
    I have successfully authenticated with a local user account that I created on the OS X server and it works flawlessly.
    Has anyone ever attempted this?  Has anyone ever had any success with this?  I have been spinning my tires on this for 3 weeks and have finally given up and have to ask for help.
    I appreciate anyone's feedback.

    Here is a properly connected client
    2013-07-16 22:37:27 EDT          Incoming call... Address given to client = 10.1.1.231
    Tue Jul 16 22:37:27 2013 : Directory Services Authentication plugin initialized
    Tue Jul 16 22:37:27 2013 : Directory Services Authorization plugin initialized
    Tue Jul 16 22:37:27 2013 : L2TP incoming call in progress from '10.1.1.109'...
    Tue Jul 16 22:37:27 2013 : L2TP received SCCRQ
    Tue Jul 16 22:37:27 2013 : L2TP sent SCCRP
    Tue Jul 16 22:37:27 2013 : L2TP received SCCCN
    Tue Jul 16 22:37:27 2013 : L2TP received ICRQ
    Tue Jul 16 22:37:27 2013 : L2TP sent ICRP
    Tue Jul 16 22:37:27 2013 : L2TP received ICCN
    Tue Jul 16 22:37:27 2013 : L2TP connection established.
    Tue Jul 16 22:37:27 2013 : using link 0
    Tue Jul 16 22:37:27 2013 : Using interface ppp0
    Tue Jul 16 22:37:27 2013 : Connect: ppp0 <--> socket[34:18]
    Tue Jul 16 22:37:27 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x51bcd2b8> <pcomp> <accomp>]
    Tue Jul 16 22:37:27 2013 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x2a2e6968> <pcomp> <accomp>]
    Tue Jul 16 22:37:27 2013 : lcp_reqci: returning CONFACK.
    Tue Jul 16 22:37:27 2013 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x2a2e6968> <pcomp> <accomp>]
    Tue Jul 16 22:37:27 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x51bcd2b8> <pcomp> <accomp>]
    Tue Jul 16 22:37:27 2013 : sent [LCP EchoReq id=0x0 magic=0x51bcd2b8]
    Tue Jul 16 22:37:27 2013 : sent [CHAP Challenge id=0x99 <25530231620a2a32144123670735585d>, name = "server1.domain.com"]
    Tue Jul 16 22:37:27 2013 : rcvd [LCP EchoReq id=0x0 magic=0x2a2e6968]
    Tue Jul 16 22:37:27 2013 : sent [LCP EchoRep id=0x0 magic=0x51bcd2b8]
    Tue Jul 16 22:37:27 2013 : rcvd [LCP EchoRep id=0x0 magic=0x2a2e6968]
    Tue Jul 16 22:37:27 2013 : rcvd [CHAP Response id=0x99 <e05bcc591f50471f1db5dc92e30eda800000000000000000799cfb93fa3a0b70d15a018b1b1db9 9877e05463f540e54400>, name = "localusername"]
    Tue Jul 16 22:37:27 2013 : sent [CHAP Success id=0x99 "S=D079042B80380C3806A1EAE231CAE53074ED1F88 M=Access granted"]
    Tue Jul 16 22:37:27 2013 : CHAP peer authentication succeeded for localusername
    Tue Jul 16 22:37:27 2013 : DSAccessControl plugin: User 'localusername' authorized for access
    Tue Jul 16 22:37:27 2013 : sent [IPCP ConfReq id=0x1 <addr 10.1.1.3>]
    Tue Jul 16 22:37:27 2013 : sent [ACSCP ConfReq id=0x1]
    Tue Jul 16 22:37:27 2013 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
    Tue Jul 16 22:37:27 2013 : ipcp: returning Configure-NAK
    Tue Jul 16 22:37:27 2013 : sent [IPCP ConfNak id=0x1 <addr 10.1.1.231> <ms-dns1 10.1.1.2> <ms-dns3 10.1.1.2>]
    Tue Jul 16 22:37:27 2013 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::426c:8fff:fe0c:4d37>]
    Tue Jul 16 22:37:27 2013 : Unsupported protocol 0x8057 received
    Tue Jul 16 22:37:27 2013 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 42 6c 8f ff fe 0c 4d 37]
    Tue Jul 16 22:37:27 2013 : rcvd [ACSCP ConfReq id=0x1 <route vers 16777216> <domain vers 16777216>]
    Tue Jul 16 22:37:27 2013 : sent [ACSCP ConfAck id=0x1 <route vers 16777216> <domain vers 16777216>]
    Tue Jul 16 22:37:27 2013 : rcvd [IPCP ConfAck id=0x1 <addr 10.1.1.3>]
    Tue Jul 16 22:37:27 2013 : rcvd [ACSCP ConfAck id=0x1]
    Tue Jul 16 22:37:27 2013 : sent [ACSP data <payload len 15, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
        <domain: name mtg.local>]
    Tue Jul 16 22:37:27 2013 : sent [ACSP data <payload len 12, packet seq 0, CI_ROUTES, flags: START END REQUIRE-ACK>
        <route: address 10.1.1.1, mask 255.255.255.0, flags: PUBLIC>]
    Tue Jul 16 22:37:27 2013 : rcvd [IPCP ConfReq id=0x2 <addr 10.1.1.231> <ms-dns1 10.1.1.2> <ms-dns3 10.1.1.2>]
    Tue Jul 16 22:37:27 2013 : ipcp: returning Configure-ACK
    Tue Jul 16 22:37:27 2013 : sent [IPCP ConfAck id=0x2 <addr 10.1.1.231> <ms-dns1 10.1.1.2> <ms-dns3 10.1.1.2>]
    Tue Jul 16 22:37:27 2013 : ipcp: up
    Tue Jul 16 22:37:27 2013 : found interface en0 for proxy arp
    Tue Jul 16 22:37:27 2013 : local  IP address 10.1.1.3
    Tue Jul 16 22:37:27 2013 : remote IP address 10.1.1.231
    Tue Jul 16 22:37:27 2013 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 10.1.1.3), current interface setting (name: ppp0, family: PPP, address: 10.1.1.3, subnet: 255.255.255.0, destination: 10.1.1.231).
    Tue Jul 16 22:37:27 2013 : rcvd [ACSP data <payload len 0, packet seq 0, CI_DOMAINS, flags: ACK>]
    Tue Jul 16 22:37:27 2013 : rcvd [ACSP data <payload len 0, packet seq 0, CI_ROUTES, flags: ACK>]

  • Logging into weblogic console using Active directory users?

    Hi,
    We developed a portal application using BEA 8.1 by getting users from embidded LDAP provided with the weblogic server.Now we need to access the users accounts stored in active directory.we configured new active directory authenticator and able to see the user and group names in the weblogic console. when we try to login to the console using one of the active directory user names, we are unable to login.
    I would be thankful if any one can help on this.
    Thanks & Regards
    Surendranath Reddy

    Hi Surendranath,
    I am trying to attempt the same task, but have been unsuccessful so far. If you have had any luck with this, please let me know.
    I can get MS AD to work just fine in the Security Provider and it works via the developers application, but I cannot login using the Active Directory users from the Admin Console.
    Thanks,
    Kevin.

  • Oracle 9i/10G DB authentication using Active Directory (with out OID)

    Hello All,
    We want to use a Single-Password authentication scheme using the Active
    Directory as the primary source for userId/Password.
    We don't want to use the Active Directory and OID bridge.
    As we have many databases and would like to configure all Databases to use Active
    Directory for Authentication. Our goal is to have single id/password across all
    the databases and any user should be able to login from any computer using their
    windows id/password, note that we don't want to use the OSAuthentication.
    We have read the documents provided by oracle for authentication using Active
    Directory, we were able to create Oracle Schema in Active Directory and were
    also able to register a DB with Active Directory and then created user as global
    user in Oracle Database and provided the DN of the user. When we tried
    authenticate with all this setup it comes back and says invalid ID/Password !!!
    And with 10G database we get the Oracle Error ORA-03113: end-of-file on communication channel !!
    Has any one tried or have information on Integrating Oracle to Auth against Active Directory?
    Envoirnment:
    Oracle DB Version: 9.2.0 and also tried on 10.0.1 with same results
    Operating System: Windows 2000/ Windows 2000 Server
    Constraint: We don't want to user OID ( as we don't have license for this
    product ! )

    I have a thread started similar to your request.
    OS Authenication on Windows
    Somewhere I read this. It works on Oracle 9i on Linux, but I have not tried it with Oracle 9i on Windows.
    SHOW PARAMETER OS_AUTHENT_PREFIX;
    SHOW PARAMETER REMOTE_OS_AUTHENT;
    CREATE USER OPS$SOMEUSER IDENTIFIED EXTERNALLY;
    GRANT CREATE SESSION TO OPS$SOMEUSER;
    For the username, I wonder if we are supposed to put the Windows Domain name as part of the username? Such as, for a Windows domain user MyDomain\SomeUser
    CREATE USER OPS$MYDOMAIN\SOMEUSER IDENTIFIED EXTERNALLY;
    I really wish Oracle or somebody created a guide or book on how to do this.

  • Using Active-Directory PW at SAP logon procedure

    Hello,
    I have the requirement no to use single sign on for some systems with sensitive data, but  would like to check during sap logon procedure the  from our central active directory password.
    is there any best practice configuration or SAP / AD Win Addon solution available to connect SAP NW abap 7.40 at Win2012 sever with our active directory. Nearly all win based applications can handle a PW check from application to AD. Is there any SAP or Partner implementation helpful to expand the SAP client internal User-PW check?
    Thanks in advanced for alternatives to the standard client SSO or any idea in the direction using active directory password within sap-logon.
    Please give me a short feedback if you need more details.
    regards,
    Bernhard Mair
    Goethe-Institut München

    The SAP NetWeaver ABAP app server only accepts SAP user id and password or it can use SNC to authenticate the user when SAP GUI is used on workstation. So, if you want the user to be prompted to enter their Active Directory credentials during a logon using SAP GUI, and you don't want SSO, then you need to purchase a third party product.
    Please note, that SAP is not JUST a Windows based application, as it can also be installed on Unix and Linux, so SAP have made it work in same way on all platforms without any 'special' windows authentication capabilities.
    Thanks
    Tim

  • LDAP Using Active Directory failed in BAM

    I tried to configure the LDAP Using Active Directory as described in the BAM installation guide 10.1.3.1.0.
    In appsetting, i gave the server name, username and password used by us. Then i restarted the active data cache and IIS. Then i tried to access the http:\\server\oraclebam. But it is throwing the following error. What shall i do.
    Exception Message The directory service is unavailable
    Stack Trace at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at
    System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at
    System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at
    System.DirectoryServices.DirectorySearcher.FindOne() at
    Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at
    Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at
    Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at
    Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String
    strAssembly, String strApp, String strType, String strMethod, String strParam)
    Debugging Information The directory service is unavailable [ErrorSource="System.DirectoryServices"] Debugging information:
    System.Runtime.InteropServices.COMException (0x8007200F): The directory service is unavailable at
    System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at
    System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean
    findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at
    Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at
    Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at
    Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at
    Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String
    strAssembly, String strApp, String strType, String strMethod, String strParam)

    Hi,
    We are also facing the issue stated in the first thread. We followed everything specified in the LDAP PDF under TechNotes and still not able to access the BAM console successfully.
    The error we get is pasted at the end of this post. The request doesn't even seem to reach our LDAP server (configured in a remote system).
    A couple of clarifications required:
    1. Does our windows logon need to be the same as BAM console logon?
    2. I do not know the LDAP setting for my actual windows logon. But i have retained my same usrId and have configured a user in LDAP with my own organization and other hierarchies. I have configured this userId with the complete hierarchy in BAM login management and have given admin access also to this user. Is this correct?
    An error occurred while processing your request
    Details...
    Exception Message The server is not operational
    Stack Trace at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String strAssembly, String strApp, String strType, String strMethod, String strParam) ...
    Debugging Information The server is not operational [ErrorSource="System.DirectoryServices"] Debugging information: System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at Oracle.BAM.Common.Security.Ldap.LdapAuthenticationTicket.Authenticate(String strName, String strPassword) at Oracle.BAM.Common.Security.Authentication.LDAPAuthenticationModule.GetPrincipal(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate(ICredentials oCredentials) at Oracle.BAM.Web.Authentication.WebAuthentication.Authenticate() at Oracle.BAM.Web.WebPage.ProcessRequest(Page oPage, String strAssembly, String strApp, String strType, String strMethod, String strParam) ...
    Assembly StartPage
    State Oracle.BAM.StartPage.StartUp
    Event Initialize
    Thanks,
    KM

  • Active Directory credentials will not update

    <p>When updateing the Active Directory credentials, no update occurs. BOXI R2 does not appear to talk to the Active Directory server and eventually times out.</p><p>the time out has been set to 1200 (Default 120) but still no response from teh active directory server.</p>

    There is a fairly detailed section in the Admin guide for setting up AD (p250). Â
    Make sure you have set up the IIS server as detailed in that section
    Thanks
    Kevin

  • Time Machine Backup using Active Directory account

    I have two macbook pros (running 10.6.4) using Active Directory accounts and I am trying to backup them up to an Active Directory integrated XServe (running 10.6.4) with a shared Time Machine backup point. I open Time Machine preferences, select the disk, entering username and password, and it starts trying to make the backup disk available. However, it quits and gives me the following error - the network backup disk could not be accessed because there was a problem with the network username and password. The username and password are correct. I have tried three different accounts and they all produce this error.

    This happened to an issue AFP. I had AFP authentication set to use Kerberos. I changed it to use "Any Method" and it is working properly.

  • Portal Authentication using Active Directory

    I am trying to set up authentication using Active Directory. Can anyone provide me with instructions on what to do ? I know that I have to go to System Admin - > System Configuration - > UM configuration and change the Data Source. What else do I need to do...How do specify which domain to authenticate against. Do I have to change the XML file. Please help.

    It depends on what you wanna do with the AD server. If you want to read/write on the AD then you have to first setup SSL connection between the two boxes.Else if you just want to read from AD server you don't require a SSL connection. Then you have to select the hierarchy type in the System Admin - > System Configuration - > UM configuration. Save.
    Next thing you do is to open the config tool and modify your xml file accordingly.
    And restsart the server.
    Hope this helps.
    Regards,
    Hassan

  • ThinkVantage Technology Deployment using Active Directory

    I am attempting to automate the deployment of Rescue and Recovery using Active Directory for about 50 laptops. So far, I've read through all of the Lenovo documentation for RnR deployments, none of which is useful. The deployment guide has broken links, the section "Corporate Active Directory Rollout" is incomplete, the command line options aren't clearly written, and the AD instructions end with 'then deply settings using a registry edit'.
    My goal is to configure the laptops to automatically backup to a network share once a week, in the background, without any user intervention. So far, almost everything that I've tried in my test environment has led to failure.
    First step, install the software. I can't deploy via Group Policy, as the installation doesn't seem to end up working. I did the administrative install to a network location, then published the program via AD. After the reboot, I'll click the RnR shortcut in the start menu, and nothing happens. I've also tried creating a batch file that runs rrcmd.exe to create a backup, but that fails too "Service not found". So I resort to installing manually.
    Next, I try to configure the network location via Group Policy and the supplied ADM file. I set the destination path for MND to \\server\%computername%\, but that fails, as MND tries to connect to a share called %computername% instead of what the system variable says. To get around this, I had to create an MND batch file that edits the MND info right before the backup, which doesn't seem to always work.
    Now, if mid-backup the user disconnects from the network, there is a series of Delayed Write errors. That's not acceptable.
    Also, if I set the backup location to local via GP, then change it to network, the backup command still reads "L", even after a reinstall of the software with the "local" location set to 0 in group policy.
    Are there any tips to help ease this deployment?
    Thank You

    I think I figured it out! You can do exactly what I was doing.
    The solution seemed to be I was missing:
    orcluserprincipalname=<ADUser>@<domain>
    orclsamaccountname=<name>
    objectclass=orclADUser
    You need at least the first and third one in order for it to work ( adding them is another story - you are on your own for that :-) ).
    FYI I found this in the document that I have been using all day (but I didn't pay close enough attention as I missed that part) Doc ID: Note:277382.1
    which can be found on metalink.

  • How to authenticate using Active directory!

    Hi all!
    at present im using a code given below, its working fine! currently we are using mixed mode active directory! we are going to migrate that to Native mode!
    import java.util.Properties;
    import javax.naming.*;
    import javax.naming.directory.*;
    import javax.servlet.http.*;
    import java.io.*;
    import java.util.Vector;
    import com.aigss.codegene.utils.PropertyDispatcher;
    public class LdapAuthentication//Servlet extends HttpServlet
         private java.util.Hashtable cache = new java.util.Hashtable();
          * @param loginid
          * @param passwrd
          * @return boolean
         public boolean authenticate(String loginid, String passwrd) {
              if(passwrd.trim().equalsIgnoreCase(""))
              return false;
              Properties props = new Properties();
              String ldapHost = "ldap://HDCQ3Q5CDOM01:389";
              String DN =
                   "CN="
                        + loginid.trim()+"DN=,CN=Users,DC=pslsdc,DC=legacy,DC=r5,DC=websi,DC=net";
              System.out.println("DN: "+DN);     
              props.put(Context.INITIAL_CONTEXT_FACTORY,com.sun.jndi.ldap.LdapCtxFactory);
              props.put(Context.SECURITY_AUTHENTICATION, "simple");
              props.put(Context.SECURITY_CREDENTIALS,  passwrd);
              props.put(Context.SECURITY_PRINCIPAL, DN);
              props.put(Context.PROVIDER_URL, ldapHost);
              try {
                   DirContext ctx = new InitialDirContext(props);
                   System.out.println("successfully authenticate DN: " + DN);
                   return true;
              } catch (Exception ex) {
                   System.out.println(ex+loginid);
                   try{
                        throw new Exception("login failure : "+ex+loginid);
                   }catch(Exception e){
                        e.printStackTrace();
                   return false;
    }when i try to connect into Active directory the new one, im unable to get authenticate, user not found error is coming! (data 525)
    im unable to continue!
    i tried changing the DN to : [email protected]
    also DN: mydomain\vijayvignesh
    then im getting error:
    java.lang.Exception: istar login failure : javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vecei almost tried everything!
    if any one can find a solution pls do come forward!
    remember my code works fine in Mixed mode active directory, when we shift that to native mode, it is not working!

    If you would read the Active Directory error message, it actually gives you a hint:
    "The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection"
    There was a security feature introduced in Windows Server 2003 that would allow administrators to only allow connections over encrypted sessions (eg. SSL/TLS or Kerberos signing and sealing). This setting is configured somewhere in the Domain Controller's Group Policy, called something like "LDAP Server signing"
    One solution is to use SSL/TLS. Refer to my previous post titled "JNDI, Active Directory & Authentication (part 2) (SSL)" at
    http://forum.java.sun.com/thread.jspa?threadID=581425&tstart=50

  • OS X Server loses Active Directory Credentials

    I'm running Yosemite on a Mac Mini with OS X Server version 4.0.3. The server is bound to an Active Directory forest running Windows Server 2012 R2
    In order for the iPad enrollments to work correctly (as well as other server services) I must have the login credentials from AD. However for no apparent reason the OS X Server loses ALL AD credentials. The only way I've found to get them back is to reboot the OS X Server, sometimes it takes several reboots, but eventually I get reconnected with the AD server.
    There doesn't seem to be any particular pattern or time when I loose credentials, though I have suspicion it may be related to server load on the AD servers.
    Is there anyone out there that can give me some help regarding this issue, a log file, a setting or maybe some setting on the AD servers I might be over looking? 

    Yes.  You are likely experiencing one of two common issues.  1:  You time skew is too large (although an unbind/bind will not solve this) or 2: you are failing to properly set the random machine password.
    Try this command on the server:
    sudo dsconfigad -passinterval 0
    Then:
    sudo dsconfigad -show
    to confirm the setting.  This will prevent the machine from refeshing its machine password with the domain every 14 days (default setting).  The issue is that Apple's plugin does not properly catch an exception.  What happens is the plugin detects that it should re-randomize the machine password so it creates a new one, records it to the config file, and THEN tries to write it to the domain.  When the write to the domain fails, the system then sends the new password already recorded in the config file and now they mismatch.  This is a common AD integration issue and is likely associated with your binding rights in AD.
    As for time, make sure you are pointing all your Macs to the DC for time info or to a mutually agreed upon external server.
    Hope this helps.  Easy to fix.

Maybe you are looking for