Configuring active directory
so here I have what i think is a simple problem. when trying to sync SW and AD in the AD settings tab, the application constantly tells me the connection is timed out. the credentials are 100% correct as-well as the server name. my only possible solution is that about a week ago we had to wipe the AD and create new one. however spiceworks was created before that and still has saved our old AD. this makes me believe its trying to contact an Ad in our network that doesnt exist. regardless if this isn't the solution how can I "refresh" spiceworks with the DNS server that we have?
This topic first appeared in the Spiceworks Community
so here I have what i think is a simple problem. when trying to sync SW and AD in the AD settings tab, the application constantly tells me the connection is timed out. the credentials are 100% correct as-well as the server name. my only possible solution is that about a week ago we had to wipe the AD and create new one. however spiceworks was created before that and still has saved our old AD. this makes me believe its trying to contact an Ad in our network that doesnt exist. regardless if this isn't the solution how can I "refresh" spiceworks with the DNS server that we have?
This topic first appeared in the Spiceworks Community
Similar Messages
-
Configuring Active Directory user to Authenticate against OSB proxy service
Hi,
I applied the oracle Predefined auth.xml WS-policy to the osb proxy service and that will query a web service that is running on separate weblogic server, and I configured ActiveDirectory as an Authentication Provider in the weblogic server under myrealm. when I pass the weblogic/weblogic which is an admin account in the OSB test console or soap ui to test the authentication works and I get the response back but when I pass in one of the Active directory username/password I'm getting the following Failed to assert identity with UsernameToken SOAP fault.
Do I have to change or add any configuration In the weblogic server to make this work? such as Identity Assertion provider in the weblogic server.
fault: <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-386201</con:errorCode>
<con:reason>
A web service security fault occurred[{http://www.w3.org/2003/05/soap-envelope}Sender][Failed to assert identity with UsernameToken.]
</con:reason>
<con:details>
<err:WebServiceSecurityFault xmlns:err="http://www.bea.com/wli/sb/errors">
<err:faultcode xmlns:soap="http://www.w3.org/2003/05/soap-envelope">soap:Sender</err:faultcode>
<err:faultstring>
Failed to assert identity with UsernameToken.
</err:faultstring>
</err:WebServiceSecurityFault>
</con:details>
<con:location>
<con:path>request-pipeline</con:path>
</con:location>
</con:fault>
Regards
VickHi Manoj
I have configured the weblogic server to use the Active Directory Authentication provider which is supported in weblogic server and I can see the AD users under weblogic console under users and groups tab, but if I pass in the username/password of the users in AD I'm getting the above error.
thanks
Vick -
Configuring Active Directory Realm with WLP7.0
Has any one configured win 2000 Active Directory(AD) LDAP v2 compatibility realm
with WLP7.0?
We don't have any groups and all Users in AD are under one dn. Since AD is administered
by a different group, I have decided to put the Portal mandated Groups/Users in
the filerealm.properties file.
After configuration and successful booting of weblogic server, I am able to see
the groups in the Active Directory LDAP via the weblogic console. I get the "Sizelimit
exceeded" exception when I try to browse users which makes sense. A partial list
of Users is listed in the console. Surprisingly all the users are listed with
a "=" sign in front of them.
I am not able to authenticate against any users in AD. I am not able to login
in to the PortalAppTools using "administrator" user although I have put it in
the "filerealm.properties". I am able to log in to the PortalAppTools using
"system" user but that doesn't help as I cannot see Default Portal Mgmt stuff.
user.administrator=password
user.praveen=paul
user.ashley=ashley
group.Monitors=Administrators
group.Deployers=Administrators
group.Administrators=weblogic,system,paul
group.SystemAdministrator=administrator,paul
group.AdminEligible=ashley
group.DelegatedAdministrator=paul
When I try to open the Portal Application, I get the following exception:
<Mar 13, 2003 8:03:46 PM MST> <Error> <Security> <090060> <The AccessDecision
class "weblogic.securi
ty.providers.realmadapter.AuthorizationProviderImpl" returned an error: java.lang.SecurityException:
Realm Adapter ACL Mapping Failed.
java.lang.SecurityException: Realm Adapter ACL Mapping Failed
at weblogic.security.providers.realmadapter.AuthorizationProviderImpl.isAccessAllowed(Author
izationProviderImpl.java:345)
at weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:
475)
at weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:
612)
at weblogic.jndi.internal.ServerNamingNode.checkPermission(ServerNamingNode.java:332)
at weblogic.jndi.internal.ServerNamingNode.checkLookup(ServerNamingNode.java:295)
at weblogic.jndi.internal.ServerNamingNode.lookupHere(ServerNamingNode.java:146)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:187)
at weblogic.jndi.internal.RootNamingNode_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:159)
at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:262)
at weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java:229)
at weblogic.jndi.internal.ServerNamingNode_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:337)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:332)
at javax.naming.InitialContext.lookup(InitialContext.java:345)
at weblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.java:94)
at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:763)
at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:735)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:190)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:195)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:195)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:195)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:337)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:332)
at weblogic.jndi.factories.java.ReadOnlyContextWrapper.lookup(ReadOnlyContextWrapper.java:36
at weblogic.jndi.internal.AbstractURLContext.lookup(AbstractURLContext.java:124)
at javax.naming.InitialContext.lookup(InitialContext.java:345)
at com.bea.p13n.util.JndiHelper.lookupNarrow(JndiHelper.java:96)
at com.bea.portal.appflow.PortalAppflowHelper.<clinit>(PortalAppflowHelper.java:70)
at com.bea.portal.appflow.servlets.internal.PortalWebflowServlet.init(PortalWebflowServlet.j
ava:84)
at javax.servlet.GenericServlet.init(GenericServlet.java:258)
at weblogic.servlet.internal.ServletStubImpl$ServletInitAction.run(ServletStubImpl.java:1075
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:744)
at weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java:899)
at weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.java:833)
at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:773)
at weblogic.servlet.internal.ServletStubImpl.getServlet(ServletStubImpl.java:517)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:351)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:306)
at weblogic.servlet.internal.RequestDispatcherImpl$ForwardAction.run(RequestDispatcherImpl.j
ava:341)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:744)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:251)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:116)
at jsp_servlet.__index._jspService(index.jsp:3)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.jav
a:1058)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:401)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:445)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:306)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletC
ontext.java:5412)
at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:744)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:30
86)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2544)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)
>
<Mar 13, 2003 8:03:46 PM MST> <Error> <PortalAppflow> <415400> <Could not lookup
PortalManagerHome i
n the JNDI tree using EJB reference java:comp/env/ejb/PortalManager.
javax.naming.LinkException: . Root exception is javax.naming.NoPermissionException:
User <anonymous
does not have permission on portalAppat weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
Any help is appreciated.
Thank You
Paulhi Paul
check this doc out
http://dev2dev.bea.com/resourcelibrary/technicalguides/LDAP_in_Portal_7.0.jsp
-tulan
"Paul" <[email protected]> wrote in message
news:[email protected]...
>
Has any one configured win 2000 Active Directory(AD) LDAP v2 compatibilityrealm
with WLP7.0?
We don't have any groups and all Users in AD are under one dn. Since ADis administered
by a different group, I have decided to put the Portal mandatedGroups/Users in
the filerealm.properties file.
After configuration and successful booting of weblogic server, I am ableto see
the groups in the Active Directory LDAP via the weblogic console. I getthe "Sizelimit
exceeded" exception when I try to browse users which makes sense. Apartial list
of Users is listed in the console. Surprisingly all the users are listedwith
a "=" sign in front of them.
I am not able to authenticate against any users in AD. I am not able tologin
in to the PortalAppTools using "administrator" user although I have put itin
the "filerealm.properties". I am able to log in to the PortalAppToolsusing
"system" user but that doesn't help as I cannot see Default Portal Mgmtstuff.
>
user.administrator=password
user.praveen=paul
user.ashley=ashley
group.Monitors=Administrators
group.Deployers=Administrators
group.Administrators=weblogic,system,paul
group.SystemAdministrator=administrator,paul
group.AdminEligible=ashley
group.DelegatedAdministrator=paul
When I try to open the Portal Application, I get the following exception:
<Mar 13, 2003 8:03:46 PM MST> <Error> <Security> <090060> <TheAccessDecision
class "weblogic.securi
ty.providers.realmadapter.AuthorizationProviderImpl" returned an error:java.lang.SecurityException:
Realm Adapter ACL Mapping Failed.
java.lang.SecurityException: Realm Adapter ACL Mapping Failed
atweblogic.security.providers.realmadapter.AuthorizationProviderImpl.isAccessA
llowed(Author
izationProviderImpl.java:345)
atweblogic.security.service.AuthorizationManager.isAccessAllowed(Authorization
Manager.java:
475)
atweblogic.security.service.AuthorizationManager.isAccessAllowed(Authorization
Manager.java:
612)
atweblogic.jndi.internal.ServerNamingNode.checkPermission(ServerNamingNode.jav
a:332)
atweblogic.jndi.internal.ServerNamingNode.checkLookup(ServerNamingNode.java:29
5)
atweblogic.jndi.internal.ServerNamingNode.lookupHere(ServerNamingNode.java:146
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:187)
at weblogic.jndi.internal.RootNamingNode_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:159)
atweblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:262)
atweblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:229)
at weblogic.jndi.internal.ServerNamingNode_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:337)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:332)
at javax.naming.InitialContext.lookup(InitialContext.java:345)
atweblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.jav
a:94)
atweblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:76
3)
atweblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:73
5)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:190)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:195)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:195)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:195)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:337)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:332)
atweblogic.jndi.factories.java.ReadOnlyContextWrapper.lookup(ReadOnlyContextWr
apper.java:36
atweblogic.jndi.internal.AbstractURLContext.lookup(AbstractURLContext.java:124
at javax.naming.InitialContext.lookup(InitialContext.java:345)
at com.bea.p13n.util.JndiHelper.lookupNarrow(JndiHelper.java:96)
atcom.bea.portal.appflow.PortalAppflowHelper.<clinit>(PortalAppflowHelper.java
:70)
atcom.bea.portal.appflow.servlets.internal.PortalWebflowServlet.init(PortalWeb
flowServlet.j
ava:84)
at javax.servlet.GenericServlet.init(GenericServlet.java:258)
atweblogic.servlet.internal.ServletStubImpl$ServletInitAction.run(ServletStubI
mpl.java:1075
atweblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
r.java:744)
atweblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java
:899)
atweblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.ja
va:833)
atweblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.jav
a:773)
atweblogic.servlet.internal.ServletStubImpl.getServlet(ServletStubImpl.java:51
7)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:351)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:306)
atweblogic.servlet.internal.RequestDispatcherImpl$ForwardAction.run(RequestDis
patcherImpl.j
ava:341)
atweblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
r.java:744)
atweblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImp
l.java:251)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:116)
at jsp_servlet.__index._jspService(index.jsp:3)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
atweblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.jav
a:1058)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:401)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:445)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:306)
atweblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
ebAppServletC
ontext.java:5412)
atweblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
r.java:744)
atweblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:30
86)
atweblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2544)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)
>
<Mar 13, 2003 8:03:46 PM MST> <Error> <PortalAppflow> <415400> <Could notlookup
PortalManagerHome i
n the JNDI tree using EJB reference java:comp/env/ejb/PortalManager.
javax.naming.LinkException: . Root exception isjavax.naming.NoPermissionException:
User <anonymous
does not have permission on portalAppat weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
Any help is appreciated.
Thank You
Paul--
Edited by jonmountjoy at 01/03/2008 1:45 AM -
How to configure Active Directory LADP with WLS 8.1
Hi
somebody help me configure LDAP Active Directory with BEA WebLogic 8.1
I can't understand what i should do.
ThanXWLS 8.1 sp1 has couple of issues with Active Directory. You need to get fixes from
BEA. sp2 is supposed to have these fixes included.
Anant
"Neil" <Neil-reply-in-newsgroup> wrote:
This seems strange. I would make sure your installation is correct
(particularly the lib/mbeantypes directory). If that is correct, I would
test it with a new domain created with the domain configuration wizard
to
rule out any strange configuration possibilities. If both of those fail,
I'd
file a support case.
- Neil
"Max" <[email protected]> wrote in message
news:[email protected]...
Jay Zimmett <[email protected]> wrote:
Read this:
http://edocs.bea.com/wls/docs81/secmanage/providers.html#1172008
Max KUlinich wrote:
Hi
somebody help me configure LDAP Active Directory with BEA WebLogic8.1
I can't understand what i should do.
ThanX
I try do this but no god results. I get this exeption :
java.lang.reflect.InvocationTargetException
atweblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newIn
stance(LDAPAtnDelegate.java:3129)
at weblogic.security.utils.Pool.getInstance(Pool.java:57)
atweblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDA
PAtnDelegate.java:2646)
atweblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtn
Delegate.java:1814)
atweblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(L
DAPAuthenticatorImpl.java:167)
at sun.reflect.GeneratedMethodAccessor184.invoke(Unknown Source)
atsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
atjavax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.jav
a:1304)
atweblogic.management.commo.CommoModelMBean.invoke(CommoModelMBean.java:464)
atcom.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1557)
atcom.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
atweblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerI
mpl.java:765)
atweblogic.management.console.utils.Security.getUserList(Security.java:1436)
atweblogic.management.console.actions.security.ListUsersAction.updateContents(
ListUsersAction.java:56)
atweblogic.management.console.actions.security.ListLWSecurityAction.getContent
s(ListLWSecurityAction.java:85)
atweblogic.management.console.tags.security.LWTableTag.getRowData(LWTableTag.j
ava:462)
atweblogic.management.console.tags.security.LWTableTag.printTable(LWTableTag.j
ava:141)
atweblogic.management.console.tags.security.LWTableTag.doEndTag(LWTableTag.jav
a:133)
atweblogic.management.console.webapp._security.__usertable._jspService(__usert
able.java:327)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
atweblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1053)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:387)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:305)
atweblogic.servlet.internal.RequestDispatcherImpl$ForwardAction.run(RequestDis
patcherImpl.java:382)
atweblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec
t.java:317)
atweblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
atweblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImp
l.java:286)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:151)
atweblogic.management.console.actions.ForwardAction.perform(ForwardAction.java
:35)
atweblogic.management.console.actions.internal.ActionServlet.doAction(ActionSe
rvlet.java:173)
atweblogic.management.console.actions.internal.ActionServlet.doGet(ActionServl
et.java:91)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
atweblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1053)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:387)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:305)
atweblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
ebAppServletContext.java:6310)
atweblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec
t.java:317)
atweblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
atweblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:3622)
atweblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2569)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
Caused by: netscape.ldap.LDAPException: error result (49); 80090308:LdapErr:
DSID-0C09030F, comment: AcceptSecurityContext error, data 525, vece;Invalid credentials
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4852)
at netscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1757)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1294)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1303)
at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1613)
atweblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newIn
stance(LDAPAtnDelegate.java:3108)
... 43 more -
NSS 6000 - Setting/Configuring Active Directory
Hello,
Do we have an administration guide / tech white paper explaining how to configure the different features such as VLAN and Active Directory on the NSS plattform?
Regards, Hans-Petterhttp://www.cisco.com/en/US/products/ps9957/prod_maintenance_guides_list.html
That should give you all the info you are looking for. The admin guide is very insightful, and a must have. Don't forget, when upgrading FW on the NSS, always run the update twice; back to back. This will ensure no old code remains, as a reboot after an upgrade can cause old code to come back and give us problems (also flush your browser cache after the upgrade).
Let us know if you need anything else. -
Configuring Active Directory with 11g and Windows Server 2003 R2
Hi people,
I'm spending some happy hours to setting up the windows domain authentication in a 2003 sever realm.
When I try to register the database in the realm (logged as total-administrator-user of domain), NETCA give me an unexpected "no message" error...
someone can help a martyr?
I saw in the event viewer this error message about ldap:
The Security System detected an authentication error for the server ldap/DbOraWin.mydomain.local.
The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
Thanks all
ClaudioThere are news!!
After some verifications on LDAP/AD server, now I can see something in tracelog's DBCA:
[main] [17:7:24:299] [NativeSystem.<init>:277] NullSecurityManager is set for Native System calls
[main] [17:7:24:299] [Library.getInstance:106] Created instance of Library.
[main] [17:7:24:299] [Library.load:206] Loading orauts.dll...
[main] [17:7:24:299] [Library.load:212] oracleHome null
[main] [17:7:24:299] [Library.load:227] Property oracle.installer.library_loc is set to value=E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
[main] [17:7:24:299] [Library.load:229] Loading library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\orauts.dll
[main] [17:7:24:299] [Library.load:262] Loaded library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\orauts.dll from path=
E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
[main] [17:7:24:299] [Library.load:206] Loading MSVCR71.dll...
[main] [17:7:24:299] [Library.load:212] oracleHome null
[main] [17:7:24:299] [Library.load:227] Property oracle.installer.library_loc is set to value=E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
[main] [17:7:24:299] [Library.load:229] Loading library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\MSVCR71.dll
[main] [17:7:24:299] [Library.load:262] Loaded library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\MSVCR71.dll from path=
E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
[main] [17:7:24:299] [Library.load:206] Loading orawsec11.dll...
[main] [17:7:24:299] [Library.load:212] oracleHome null
[main] [17:7:24:299] [Library.load:227] Property oracle.installer.library_loc is set to value=E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
[main] [17:7:24:299] [Library.load:229] Loading library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\orawsec11.dll
[main] [17:7:24:299] [Library.load:262] Loaded library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\orawsec11.dll from path=
E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
[main] [17:7:24:299] [Library.load:206] Loading orasrvm11.dll...
[main] [17:7:24:299] [Library.load:212] oracleHome null
[main] [17:7:24:315] [Library.load:227] Property oracle.installer.library_loc is set to value=E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
[main] [17:7:24:315] [Library.load:229] Loading library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\orasrvm11.dll
[main] [17:7:24:315] [Library.load:262] Loaded library E:\app\oracle\product\11.1.0\db_1\oui\lib\win32\orasrvm11.dll from path=
E:\app\oracle\product\11.1.0\db_1\oui\lib\win32
[main] [17:7:24:315] [Version.isPre10i:213] isPre10i.java: Returning FALSE
[main] [17:7:24:315] [WindowsSystem.regKeyExists:1137] WindowsSystem.regKeyExists: mainkey= HKEY_LOCAL_MACHINE subkey = Software\Oracle\Ocr
[main] [17:7:24:346] [WindowsSystem.getCSSConfigType:1304] configType=null
[main] [17:7:24:346] [ca.InitialSetup.configureOPS:-1] Cluster mode is OFF
[main] [17:7:24:346] [ca.InitialSetup.<init>:-1] TNS_ADMIN is: null
[main] [17:7:24:346] [ca.InitialSetup.<init>:-1] Admin location is: E:\app\oracle\product\11.1.0\db_1\network\admin
Exception occurred during event dispatching:
java.lang.NullPointerException
at oracle.net.ca.NetCA.returnToIntroPanel(Unknown Source)
at oracle.net.ca.NetCA.deferLDAPConfig(Unknown Source)
at oracle.net.ca.NetCA.createOrUpdateContext(Unknown Source)
at oracle.net.ca.NetCA.prepareNextPage(Unknown Source)
at oracle.net.ca.NetCA.wizardValidatePage(Unknown Source)
at oracle.ewt.wizard.WizardPage.processWizardValidateEvent(Unknown Source)
at oracle.ewt.wizard.WizardPage.validatePage(Unknown Source)
at oracle.ewt.wizard.BaseWizard.validateSelectedPage(Unknown Source)
at oracle.ewt.wizard.BaseWizard.doNext(Unknown Source)
at oracle.ewt.wizard.BaseWizard$Action.actionPerformed(Unknown Source)
at oracle.ewt.button.PushButton.processActionEvent(Unknown Source)
at oracle.ewt.button.PushButton.processEventImpl(Unknown Source)
at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
at oracle.ewt.lwAWT.LWComponent.processEvent(Unknown Source)
at oracle.ewt.button.PushButton.activate(Unknown Source)
at oracle.ewt.lwAWT.AbstractButton.processMouseReleased(Unknown Source)
at oracle.ewt.lwAWT.AbstractButton.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Component.java:5266)
at java.awt.Container.processEvent(Container.java:1966)
at oracle.ewt.lwAWT.LWComponent.processEventImpl(Unknown Source)
at oracle.ewt.button.PushButton.processEventImpl(Unknown Source)
at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
at oracle.ewt.event.tracking.GlassMouseGrabProvider$Disp._redispatchEvent(Unknown Source)
at oracle.ewt.event.tracking.GlassMouseGrabProvider$Disp._redispatchEvent(Unknown Source)
at oracle.ewt.event.tracking.GlassMouseGrabProvider$Disp.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Component.java:5501)
at oracle.ewt.lwAWT.LWComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Component.java:5266)
at java.awt.Container.processEvent(Container.java:1966)
at oracle.ewt.lwAWT.LWComponent.processEventImpl(Unknown Source)
at oracle.ewt.event.tracking.GlassMouseGrabProvider$Proxy.processEventImpl(Unknown Source)
at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
at oracle.ewt.lwAWT.LWComponent.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Component.java:3968)
at java.awt.Container.dispatchEventImpl(Container.java:2024)
at java.awt.Component.dispatchEvent(Component.java:3803)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4212)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3892)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3822)
at java.awt.Container.dispatchEventImpl(Container.java:2010)
at java.awt.Window.dispatchEventImpl(Window.java:1778)
at java.awt.Component.dispatchEvent(Component.java:3803)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:463)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:153)
at java.awt.Dialog$1.run(Dialog.java:525)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:209)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:461)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)
Any suggestion?
Thanks again also for only read this message!
Claudio -
Question about Active Directory Configuration
Hi All,
Portal Version : EP7.0 SP7
We want to configure Active directory as a Portal UME store.
We have 7 Domain controllers in the domain xyz.com. They are spread across locations. I assume, by default domain controller will have global catalog defined.
So in LDAP configuration, whether we to use Global Catalog (Port: 3268) to connect to ADS or LDAP connection(Port:389)?
I am not clear, when Global Catalog connection is defined to bind ADS to Portal UME?
Any suggestion?
Thanks & Regards,
GowriHi Gowri,
It will work fine if you connect through port 389.
Can you please explain it in detail that How you have spread your domain controllers / your forest hierarchy?
Check if this helps.
Thanks,
Mittal -
Urgent: Configuring LDAP or Active Directory on Windows XP
I tried authenticating user against infromation stored in Database tables dont know whats the problem its not working, I followed all the required steps for that but not succeed. So I decided to validate the user against LDAP or Active directory. Can anyone tell me how to configure LDAP or Active Directory in Windows XP.
Please help me out as only one day remained for to submit my project, everything is done except the login page.
And I dont think I may get even grade C if there is no security for the application. Please help me out in configuring Active Directory or LDAP and ASAP please.Yea I agree with you the custom table is easiest way then AD but I was working on the problem from almost a week now and I don't have much time to sort out things with that anymore.
Help me in configuring AD on Windows XP Professional with SP2, as I'm running out of time.
the below link is the detailed steps I followed for Custom Authentication:
Urgent: Custom Database Authentication
Please help me out for Configuring AD. -
"24427 Access to Active Directory failed" error in ACS 5.1
Hello,
I'm working on implementing a RADIUS authentication for wireless access with the following :
- PCs running Windows 7, protocol used is PEAP (without validating the server certificate to make it simple at first),
- AP 1252 configured to use a RADIUS server to authenticate (it's working good with an ACS server 4.2),
- ACS Server 5.1.0.44.5 running as VM connected to an AD domain and working good with VPN connections,
- AD domain running on Windows 2003 Server.
My ACS VM is working good since a couple of months for VPN (RADIUS) and administration (TACACS) remote access, both using Active Directory. Now, I'd like to use it to authenticate people connecting to a 1252 Cisco access point but I'm getting this error "24427 Access to Active Directory failed". I switched from PEAP to LEAP but this is the same.
All I can get running the expert troubleshoot
Investigating failure code: 24427 Access to Active Directory failed
Checking if Active Directory is configured
Active Directory is configured
Attempting connection to Active Directory
Connection to Active Directory was successful.
Troubleshooting completed.
Click on Show Results Summary to view results.
I followed this guide, at least for the ACS certificate section :
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml
Anyone has an idea where the problem may come from?
Thanks in advance,
Vincenthey there, I ran into the same issue with 5.3 and it turned out being this bug. i came across your post looking for instructions on retrieving the logs. thanks mate.
link
Problem: Error "24495 Active Directory servers are not available"
Authentication starts failing with this error: 24495 Active Directory servers are not available. in the ACS 5.3 logs.
Solution
Check the ACSADAgent.log file through the CLI of the ACS 5.x for messages such as:Mar 11 00:06:06 xlpacs01 adclient[30401]: INFO base.bind.healing Lost connection to xxxxxxxx. Running in disconnected mode: unlatch. If you see the Running in disconnected mode: unlatch error message, this means the ACS 5.3 cannot maintain a stable connection with Active Directory. The workaround is to either switch to LDAP or downgrade the ACS to 5.2 version. Refer to Cisco bug ID CSCtx71254 (registered customers only) for more information. -
OIM 11gR2 user not provisioning to Active Directory (11.1.1.5 connector)
Hello all,
I'm trying to set up an OIM 11gR2 instance to work with Active Directory with the Active Directory 11.1.1.5.0 connector. I've full installed both OIM and AD on separate servers, and I've installed the AD 11.1.1.5 connector on OIM. I have configured Active Directory properly (connector on OIM and the connector server on the AD server-side), and have set up the two IT Resources on OIM. I can run, for example, the Active Directory Organization Lookup Recon job and have it return results in the Lookup window.
My problem is that I cannot get it to provision to a user. I've created an Application Instance and Form for Active Directory, attached the Form, associated them with the appropriate resources (AD User), and added them to the Catalog, and then gone through the process of adding an account to the user, selecting the Application Instance, adding it to the cart, checking out, filling out the fields (Password, User ID, UPN, First Name, Last Name, Common Name, and Organization Name), and then submitting the request. This is all done as the xelsysadm admin user, but it still results with the account stuck on "Provisioning" because the "Create User" task failed due to a Connector Error (the reason stated is just a repeat of "Create Object" failed).
Anyone know what I'm missing here?
Thank you!
Edited by: 939908 on Nov 12, 2012 6:36 AMHey 833249, thanks for your reply
The organization field attribute is filled in correctly, in that the OU I selected exists in AD.
These are the errors listed in the connector server log:
+11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception occured during the creation of directory entry.+
+11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Message : Logon failure: unknown user name or bad password.+
+11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Stack Trace : at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)+
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_NativeObject()
at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1423
+11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Encountered Excetion: Unable to get the Directory Entry+
+11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Stack Trace: at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1456+
at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.DirectoryEntryExists(String path) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1512
at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 219
ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: Unable to get the Directory Entry
at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 368
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.CreateImpl.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 388
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
at ___proxy1.Create(ObjectClass , ICollection`1 , OperationOptions )
at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
I'm not sure why the username/password error could be occurring, as those fields in the AD IT Resource are correct (I've run AD recon jobs that have connected properly). Is there something I'm missing? -
Active Directory Issues 10.7.4 & 10.7.5
Hi
I'm having problems with all my 10.7.4 & 10.7.5 mac's. They're losing their connection to AD. When I got to unbind I get the follwing error:
Unable to access domain controller
This computer is unable to access the domain controller for an unknown reason. Warning: If you click force unbind you will leave an unused computer account in the directory.
I then get an option to ok or force unbind. If I force unbind if I force unbind I get the following error:
An unknown error occurred
An unknown error occurred
Helpful, I'm sure you'll agree! If I go in to Console I can see the following to errors:
02/10/2012 16:01:25.682 Directory Utility: An instance 0x7f8f02b30f30 of class ODCUnbindFromADAction was deallocated while key value observers were still registered with it. Observation info was leaked, and may even become mistakenly attached to some other object. Set a breakpoint on NSKVODeallocateBreak to stop here in the debugger. Here's the current observation info:
<NSKeyValueObservationInfo 0x7f8f02b56970> (
<NSKeyValueObservance 0x7f8f02b568c0: Observer: 0x7f8f01cea980, Key path: progressStatus, Options: <New: NO, Old: NO, Prior: NO> Context: 0x0, Property: 0x7f8f02b569a0>
and...
02/10/2012 16:03:32.463 Directory Utility: -[SFAuthorization obtainWithRights:::::] failed with error Error Domain=NSOSStatusErrorDomain Code=-60007 "The operation couldn’t be completed. (OSStatus error -60007.)" (The authorization was denied since no user interaction was possible. )
When users are curently logged in they lose access to SSH sessions, and network drives etc... they have had issues with saving work and subsiqently losing it!
When I go in to opendirectyd.log I see the following:
2012-10-02 15:37:42.208 BST - opendirectoryd (build 172.17) launched...
2012-10-02 15:37:42.265 BST - Logging level limit changed to 'error'
2012-10-02 15:37:42.902 BST - Initialize trigger support
2012-10-02 15:37:42.904 BST - Registered node with name '/Active Directory' as hidden
2012-10-02 15:37:42.904 BST - Registered node with name '/Configure' as hidden
2012-10-02 15:37:42.905 BST - Discovered configuration for node name '/Contacts' at path '/Library/Preferences/OpenDirectory/Configurations//Contacts.plist'
2012-10-02 15:37:42.905 BST - Registered node with name '/Contacts'
2012-10-02 15:37:42.906 BST - Registered node with name '/LDAPv3' as hidden
2012-10-02 15:37:42.939 BST - Registered node with name '/Local' as hidden
2012-10-02 15:37:42.964 BST - Registered node with name '/NIS' as hidden
2012-10-02 15:37:42.965 BST - Discovered configuration for node name '/Search' at path '/Library/Preferences/OpenDirectory/Configurations//Search.plist'
2012-10-02 15:37:42.965 BST - Registered node with name '/Search'
2012-10-02 15:37:43.024 BST - Discovered configuration for node name '/Active Directory/NUCA-AD' at path '/Library/Preferences/OpenDirectory/Configurations/Active Directory/NUCA-AD.plist'
2012-10-02 15:37:43.024 BST - Registered subnode with name '/Active Directory/NUCA-AD'
2012-10-02 15:37:43.024 BST - Registered placeholder subnode with name '/Active Directory/NUCA-AD/All Domains'
2012-10-02 15:37:43.040 BST - Discovered configuration for node name '/LDAPv3/nuca-mon1.nuca.ac.uk' at path '/Library/Preferences/OpenDirectory/Configurations/LDAPv3/nuca-mon1.nuca.ac.uk. plist'
2012-10-02 15:37:43.040 BST - Registered subnode with name '/LDAPv3/nuca-mon1.nuca.ac.uk'
2012-10-02 15:37:43.108 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/legacy.bundle'
2012-10-02 15:37:43.307 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/search.bundle'
2012-10-02 15:37:44.311 BST - '/Search' has registered, loading additional services
2012-10-02 15:37:44.311 BST - Initialize augmentation support
2012-10-02 15:37:44.352 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/SystemCache.bundle'
2012-10-02 15:37:44.423 BST - Successfully registered for Kernel identity service requests
2012-10-02 15:37:44.482 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/PlistFile.bundle'
2012-10-02 15:37:44.566 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/FDESupport.bundle'
2012-10-02 15:37:45.461 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ConfigurationProfiles.bundle'
2012-10-02 15:37:45.463 BST - Registered subnode with name '/Local/Default'
2012-10-02 15:37:45.556 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ldap.bundle'
2012-10-02 15:37:45.600 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClient.bundle'
2012-10-02 15:37:45.645 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ActiveDirectory.bundle'
2012-10-02 15:37:45.654 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/Kerberosv5.bundle'
2012-10-02 15:37:45.858 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/NetLogon.bundle'
2012-10-02 15:37:45.858 BST - Registered subnode with name '/Active Directory/NUCA-AD/nuca.ac.uk' as hidden
2012-10-02 15:37:45.859 BST - Unregistered placeholder node with name '/Active Directory/NUCA-AD/All Domains'
2012-10-02 15:37:45.860 BST - Registered subnode with name '/Active Directory/NUCA-AD/All Domains'
2012-10-02 15:37:45.861 BST - Registered subnode with name '/Active Directory/NUCA-AD/Global Catalog' as hidden
2012-10-02 15:37:57.468 BST - failed to retrieve password for credential
2012-10-02 15:37:59.051 BST - failed to retrieve password for credential
2012-10-02 15:38:04.052 BST - failed to retrieve password for credential
2012-10-02 15:38:14.054 BST - failed to retrieve password for credential
2012-10-02 15:38:29.056 BST - failed to retrieve password for credential
2012-10-02 15:38:49.076 BST - failed to retrieve password for credential
2012-10-02 15:39:11.505 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/configure.bundle'
2012-10-02 15:39:11.900 BST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/keychain.bundle'
Interestingly enough, the problem doesn't seem to effect users runing 10.6.8 or my iMac which is running 10.8.2. I've spoken to network manager and he can't see anything strange going on, on the network.
I've also spoekn to our AD guy and nothing has changed.
This is now the second time it's happend, I've managed to get everyone working (before it happened again) by deleting the AD plist in /Library/Preferences/OpenDirectory/Configurations/Active\ Directory/ then rebinding via a scipt pushed out via ARD
If anyone can offer any assitance I'd be most gratful as I'm about to be shot by our users! as it's the start of our new academic year!
Thanks!
PaulIt's been a few weeks now, and (touch wood) it's not happended again on mass. We have had a few individual ones, but nothing major.
We still don't quite know exactly what happened, but trouble shooting found the following:
Our time server wasn't working corrctly centrifys ADCheck tool showed it as having a firewall (even though it didn't) our AD guy fixed that problem (sorry not sure exactly what he did)
We checked the AD kerberos ticket from a machine that lost it's connection to AD, on another mac that worked and found that it couldn't connect as the password was wrong. It seems that by default Active Directory ticket wants to change it's password every 14, and when trying to it's failing so I set it to 0
We had tried to set the server the AD plugin see's to a specific DC but this wasnt happening due to subnets not being configured in AD sites and Services
Some of the Mac's did not like being set to GMT in the time zone and the time was an hour out, people where able to login though! So I've now set them to Eurpoe\London and they're now picking up the correct time and even picked up the daylight savings over the weekend.
Our DNS is still not great but we are in the process of sorting out our subnets and when we do the consolodation we'll also asign reservations for all the mac's in the hope that apeases DDNS
Thanks Paul -
Error in Active Directory System Discovery (0x80005010)
Hi,
I've configured Active Directory System Discovery in a SCCM 2007 R2 SP2 configuration. I see several SCCM clients being populated with OU information, but others do not. I've taken a look in the adsysdis.log. There it states for a very large number of computer accounts:
INFO: discovered object with ADsPath = 'LDAP://<domain controller>/<DN computerobject>'
WARN: Could not get property (domain) for system (0x80005010)
Afterwards there is no entry that states a ddr is written for this computer object and the SCCM client object is not populated with information.
Can someone explain what exactly is the issue, and how to solve it?I got exactly same issue - SCCM 2007 SP2 two primary sites (one central). AD sctructure got one forest and two domains.
Does anyone solved this issue ?
adsysdis.log :
Starting the data discovery. SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
INFO: Processing search path: 'LDAP://CN=COMPUTERS,DC=MY,DC=DOMAIN'. SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
INFO: Full synchronization requested SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
INFO: DC DNS name = 'dc01.my.domain' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
INFO: search filter = '(&(objectClass=user)(objectCategory=computer))' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
INFO: ads path = 'LDAP://dc01.my.domain/CN=COMPUTERS,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
INFO: Bound to 'LDAP://dc01.my.domain/CN=COMPUTERS,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=TEST1,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=COMP2,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=SRV2,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
INFO: discovered object with ADsPath = 'LDAP://dc01.my.domain/CN=SRV3,CN=Computers,DC=MY,DC=DOMAIN' SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
WARN: Could not get property (operatingSystem) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
WARN: Could not get property (operatingSystemVersion) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
WARN: Could not get property (domain) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
WARN: Could not get property (dNSHostName) for system (0x80005010) SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
ERROR: System SRV3 is a unsupported operating system, unsupported version, or malformed AD entry. Reported system type is: (). SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0)
WARN: CADSource::ProcessSystemInfo: Failed to get IP Address for the system. SMS_AD_SYSTEM_DISCOVERY_AGENT 19.11.2009 17:11:15 5360 (0x14F0) -
Problem authenticating with Active Directory
Hi,
We want to authenticate the users from Microsoft Active directory.We created users by doing a bootstrapping from AD to OID (10.1.2).
I enabled the plug in by following the Chapter 18 Configuring Active Directory External Authentication plug -in.
After running through the plug in is installed if i try to login with AD user id I am getting authentication failure error.
I am not sure whether OID is connecting to Active Directory for authentication.How to ensure that it is connecting to AD
I am giving uid attribute as login id.What is the login id to be given
I have tried many combinations no luck. I am getting following error in ssoServer.log
Sun Dec 11 19:44:13 EST 2005 [ERROR] AJPRequestHandler-ApplicationServerThread-5 Communication Exception received. Cleaning up the stale connection
oracle.ldap.util.CommunicationErrorException: Unable to establish connection to directory. Please verify the input parameters: host, port, dn & password connection closed
at oracle.ldap.util.Subscriber.getUser_NICKNAME(Subscriber.java:1213)
at oracle.ldap.util.Subscriber.getUser(Subscriber.java:912)
at oracle.ldap.util.Subscriber.getUser(Subscriber.java:859)
at oracle.security.sso.server.ldap.OIDUserRepository.getUserProperties(OIDUserRepository.java:493)
at oracle.security.sso.server.auth.SSOServerAuth.authenticate(SSOServerAuth.java:485)
at oracle.security.sso.server.ui.SSOLoginServlet.processSSOPartnerRequest(SSOLoginServlet.java:796)
at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:328)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
at java.lang.Thread.run(Thread.java:534)
ThanksDid you check the debug information from the external auth plugin.?
This is mentioned in metalink note https://metalink.oracle.com/metalink/plsql/showdoc?db=NOT&id=277382.1
here an excerpt:
D) Enabled plug in debugging at the database level. Reference documentation: Oracle Internet Directory Administrator's Guide 10g (9.0.4) Chapter 43 Integration with the Microsoft Windows Environment - Troubleshooting Integration with Microsoft Windows Under section "Debugging the Microsoft Active Directory External Authentication Plug-in"
...enable the plug-in debugging. To do this, enter:
sqlplus ods/odspassword @$ORACLE_HOME/ldap/admin/oidspdon.plsTo check the plug-in debugging log, enter:
sqlplus system/managerSQL> select * from ods.plg_debug_log order by id;
(To delete the plug-in debugging log:
sqlplus system/managerSQL> truncate table ods.plg_debug_log
To disable the plug-in debugging:
sqlplus ods/ods @$ORACLE_HOME/ldap/admin/oidspdof.plsE) Dump the plug-in profile to make sure it is enabled and configured correctly:
ldapsearch -h <OID host> -p <OID port> -D "cn=orcladmin" -w <orcladmin password> -b "cn=plugin,cn=subconfigsubentry" -L -s sub "(objectclass=*)" "*"please take also a look into the DIPTESTER tool available in
http://www.oracle.com/technology/sample_code/products/oid/java_diptester.tar
regards
--Olaf -
Integrating Active Directory LDAP in OBIEE 11g
Hi All,
I Have Configured Active Directory LDAP in OBIEE.
Steps i have Followed are,
1) configured Active Directory in providers under Scurity Releam.
2) Restarted BI Services to Load the Ldap Users.
3) login to the EM under bifoundation domain selected securitues->security configuration provider.created user.login.attr and username.attr.
4) under Credentials->oracle.bi.system map->system.user->deleted BISystemUser and Created key with the Existing name in Active Directory.
5) assigned System user to BISystem role in em.
6) in Console Roles and Polocies->Global Roles->Roles->Admin->view Role Condition (User = Active Directory User or Group=Administrators).
7) Restarted BI Server and Presentation Services.
Now I am Unable to Login to Presentation Services.
Please Reply ASAP.
Thanks and Regards
Kiran KumarKiran, Is there a specific reason for using RPD for LDAP authentication? From 11g onwards, the best practice is to use Weblogic (or external Authentication providers). Is it correct to say that for "Authentication' without proper RPD LDAP config for "USER" variable, users cannot login via presentation layer?
Cheers!
BK -
Configure Active directiory and WLS and Human Task form
Hi Guys,
We are using SOA Suite 11.1.6 for the current project and like to configure Active Directory as the identity provider. I know this is not a new question and did several searches in the forum and online, but not all our questions are answered. At this moment, in the WL security realm, we can see users and groups from AD. But there are still outstanding issues:
1. Authentication with AD users
We still cannot configure AD user to login WLS.
2. Email users
AD user is not showing up in the email lookup in jdeveloper. Currently, there are only two users returned: weblogic and oraclesystemuser. I believe that they are the default users.
3. WorkList Application (Human Task)
This is similar to #1, but not all. We like to configure AD users to login to the Worklist application.
Any suggestion are appreciated.
Thanks
Steven
Edited by: sw12345 on Apr 27, 2012 11:49 AMHi Steven
1. What you want is totally possible BUT you can have your Users only in one Security Provider. To access bpm/workspace, all the users will be referred in the first top most security provider. So make sure, your AD Authenticator is in the Top Most and also all these providers should be set to SUFFICIENT / OPTIONAL.
Below these 2 posts should give more details:
Weblogic administrator account is inactive after enabling DB Authenticator
Re: BPM 11g workspace not show user from OVD - top most authentication provider
Thanks
Ravi Jegga
Maybe you are looking for
-
I upgraded to iTunes for windows on my Windows 8.1 64 bit laptop. I have not done any iTunes manipulations for many months. I just purchased a new song. I now have IOS 8.1.3 on my iPad Mini and I tried to move the new song from my library from my
-
I currently have OS X version 10.5.8 what is my next upgrade?
I currently have Mac OS X version 10.5.8 - intel processor what should my next upgrade be? I need to upgrade in order to accommodate my new ipod nano.
-
How to get a summary of failed steps?
Currently, I am using the .txt report format. I am using the data from the auto-generated report header and report body strings to create custom report. One thing I noticed is that the failure summary in the default report header only contains inform
-
Duplicates being imported on iPhoto version 9.5.1 help!!
Hi, I am using version 9.5.1 of iPhoto for mac and in the previous version I was able to check the box that stated to not import duplicates any time I connected my iphone. With the new version I am not able to have that option. I have used a 3rd part
-
New SHM movie has no english subtitles
no subtitles for swedish speaking parts