Delegated Admin login fail
I installed Solaris 9 05/9 and JES05Q4 in a Sun Fire V440 recently.
I chose these components only:
Directory server
Administration server
Web server
Access manager
Messaging server
Delegated administrator
Directory preparation tools
I can use commadm to created users after installation and initial configuration, but I can't login to the delegated admin with any account. http://server.mydomain.com/da/DA/Login
After I check the DA log file, it shows:
WARNING: User [admin] has no valid role assigned, aborting login
What kind of role required for da login ?
Thanks in advance for any help.
dx
I recommend that you post your question to the Messaging Server forum (also listed at the bottom of the Java ES forums page):
http://swforum.sun.com/jive/forum.jspa?forumID=15
You might also want to search that forum for similar problem reports.
Similar Messages
-
I am running Iplanet messaging server 5.2 and am having problems loging into the delegated administrator. When I try to log in as ServiceAdmin I immediately get a screen telling me that the session has timed out and to re-authenticate.
Any ideas what is wrong?Unknown. Not nearly enough data to guess.
Please examine your LDAP access logs, and comment.
You should be looking for BIND commands for "NDAdmin". This is the first step in logging into Delegated Admin. If this fails, no user will be able to use DA.
Do you have password expiration set up in DS? did you remove this account? Change the pw? -
After installation - admin login fails
It appears that the installation went fine until I started the appserver and started the Administration Console . It prompts for the User Name and Password I created during the installation. However, when I enter the data, it doesn't recognize it and gives me an Authorization Failed error.
I am trying to login as admin and I know I have the password correct.
What did I do wrong?
-E.J.Is your user name correct?
Also, in order to make it absolutely sure, you can do a little trick. Create another domain with the some user name and password of your choice using asadmin create-domain command and just copy config/admin-keyfile from new domain to old domain. For details, see:
http://blogs.sun.com/roller/page/bloggerkedar?catname=%2Fappserverfaq#a1
Thanks. -
I installed CF 10 on a server running Windows Server 2008 R2 Standard having logged into the server as a Windows user in the administrator group. I set up CF 10 Administrator to use a single password (the default). I can log into CF Admin when authenticating to the server with the same Windows credentials used when installing CF 10 but if I log into the server as another Windows user in the administrator group I cannot log into CF Admin; I get an Invalid Password error. I thought the whole point of the single password was so that anyone who can log into the server could log into CF Admin. It works like that for my CF 8 and CF 9 machines.
It is a new design, based on security issues that arose in previous ColdFusion versions. See, for example, Charlie Arehart's blog for more details.
-
DearPros,
After i installaed the CSACS 3.3 on windows 2003 server,when i access it via web browser i am getting the following message
http://192.168.100.3:2002
USERNAME :admin
PASSWORD : admin
Login failed...try again
I just login after the fresh installation.what is the defaukt username and password to use.
Thanks
swamyHi Swamy,
There is no default username and password associated with ACS software, as you are trying to access the server remotely you would first have to create an admin account on ACS server.
Logon to the server itself locally as ACS install Java runtime on it from www.java.com as 2003 does not have java pre-installed on it.Next open IE and goto http://127.0.0.1:2002
On the ACS GUI interface click on Administration Control-->Add administrator and create a admin account there make sure you click the Grant All button.
You can now login to ACS using this admin account.
I hope this helps.
Thanks
Gagan -
Can't login to Delegated Admin after redeploy
I originally had Delegated Admin 6.4 running on port 80 in Webserver 7u3 along with AM, and UWC. I needed to move DA off of port 80 so I created another Webserver instance on port 81 and then uninstalled and reinstalled Delegated Admin against the new instance. In the configurator I specified port 80 where it asked about Access Manager and port 81 where it asked to deploy DA. Now I cannot login to DA. It keeps telling me: "Invalid login ID or password, please try again". The ID and password are correct. No LDAP traffic is being generated during the attempted login. I turned on DA logging and this is what I get:
Aug 23, 2008 4:43:39 PM com.sun.comm.da.security.DALoginManager login
INFO: Login failed, login id [admin]
com.sun.comm.jdapi.DAException: Moved Temporarily: Moved Temporarily
at com.sun.comm.jdapi.DAConnection.liveAuth(DAConnection.java:88)
at com.sun.comm.jdapi.DAConnection.authenticate(DAConnection.java:130)
at com.sun.comm.da.security.DALoginManager.login(DALoginManager.java:209)
at com.sun.comm.da.view.LoginViewBean.handleLoginButtonRequest(LoginViewBean.java:212)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:816)
at com.sun.comm.da.DAServlet.service(DAServlet.java:152)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:917)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at com.sun.comm.da.LoginFilter.doFilter(LoginFilter.java:133)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
at com.sun.webserver.connector.nsapi.NSAPIProcessor.service(NSAPIProcessor.java:160)
Here is a sample of what I get when I run commadmin:
./commadmin -v search domain o=xyz.com
[Debug]: DBG:Object = search ; task = domain
[Debug]: default domain from Properties: xyz.com
[Debug]: IShost from Properties: webmail.xyz.com
[Debug]: ISPort from Properties: 80
Enter login ID: admin
Enter login password:
[Debug]: Contacting : http://webmail.xyz.com:80/commcli/auth
[Debug]: To servlet: domain=xyz.com&username=admin&password=xxxxxxxx&charsetenc=UTF-8
[Debug]: Http Error recvd: Moved Temporarily
Moved Temporarily: Moved Temporarily
Invalid value for Identity server host name: webmail.xyz.com
Invalid value for Identity server port: 80
Enter Identity server port[80]:
Any ideas?sheger77 wrote:
I originally had Delegated Admin 6.4 running on port 80 in Webserver 7u3 along with AM, and UWC. I needed to move DA off of port 80 so I created another Webserver instance on port 81 and then uninstalled and reinstalled Delegated Admin against the new instance. In the configurator I specified port 80 where it asked about Access Manager and port 81 where it asked to deploy DA.As per the administration guide, Delegated Administrator server needs to be installed in the same web-container/instance as Access Manager.
http://docs.sun.com/app/docs/doc/819-4438/acfck?a=view
"The Delegated Administrator server uses the same Web container as Access Manager. The configuration program asks for Web container information after it asks for the Access Manager base directory."
[Debug]: IShost from Properties: webmail.xyz.com
[Debug]: ISPort from Properties: 80The commadmin client is trying to contact the DA server which is supposed to be installed in the same Web container as Access Manager
(hence the use of IShost/ISPort):
[Debug]: Contacting : http://webmail.xyz.com:80/commcli/auth
[Debug]: To servlet: domain=xyz.com&username=admin&password=xxxxxxxx&charsetenc=UTF-8
[Debug]: Http Error recvd: Moved TemporarilyCan't contact DA server so attempt fails.
Regards,
Shane. -
Delegated administrator - Organisation admin login problem
We uninstalled delegated admin 6.0, and we installed 6.4. Now login to old organizations, created with the old DA (6.0), using the organization admin username and password fails, and login to new organizations created with the new DA (6.4), using the organization admin username and password succeeds. We think the problem is in ACIs. Anyone has an idea ?
Unknown. Not nearly enough data to guess.
Please examine your LDAP access logs, and comment.
You should be looking for BIND commands for "NDAdmin". This is the first step in logging into Delegated Admin. If this fails, no user will be able to use DA.
Do you have password expiration set up in DS? did you remove this account? Change the pw? -
Delegated admin 6.3 Invalid login ID or password, please try again
Dear Oracle,
I am having problem login to delegated admin. previously the login was OK
until recently not sure what cause the login fail.
Please advice where should i start to t/s
Cheer
SamDear Oracle,
I found the DA fail might related to access manager not functioning
after several time restart webserver for da & amserver
the error log shown as below
20/Nov/2010:14:17:31 failure Click to view more details for this
message WebModule[amserver]StandardWrapper.Throwable
java.lang.NullPointerException at
com.sun.identity.authentication.UI.LoginLogoutMapping.initializeAuth(LoginLogoutMapping.java:89)
at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:74)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1165)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:994)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4731)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:5123)
at com.sun.webserver.connector.nsapi.WebModule.start(WebModule.java:182)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1224)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:924)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1224)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:520)
at org.apache.catalina.startup.Embedded.start(Embedded.java:917) at
com.sun.enterprise.web.PwcWebContainer.onStartup(PwcWebContainer.java:70)
at com.sun.webserver.connector.nsapi.WebContainer.start(WebContainer.java:472)
at com.sun.webserver.init.J2EERunner.confPostInit(J2EERunner.java:304)
20/Nov/2010:14:17:31 failure Click to view more details for this
message WebModule[amserver]PWC1396: Servlet /amserver threw load()
exception
0/Nov/2010:14:11:03 failure Click to view more details for this
message for host 10.0.1.28 trying to GET /amserver/UI/Login,
service-j2ee reports: WebModule[amserver][ERROR] Uncaught application
exception
java.util.MissingResourceException: Can't find resource for bundle
java.util.PropertyResourceBundle, key at
java.util.ResourceBundle.getObject(ResourceBundle.java:325) at
java.util.ResourceBundle.getObject(ResourceBundle.java:322) at
java.util.ResourceBundle.getString(ResourceBundle.java:285) at
com.sun.identity.authentication.client.AuthClientUtils.getErrorVal(AuthClientUtils.java:1389)
at com.sun.identity.authentication.client.AuthClientUtils.getErrorTemplate(AuthClientUtils.java:453)
at com.sun.identity.authentication.UI.LoginViewBean.setErrorMessage(LoginViewBean.java:1650)
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:373)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:796) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:917) at
org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:86)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
at com.sun.webserver.connector.nsapi.NSAPIProcessor.service(NSAPIProcessor.java:160)
20/Nov/2010:14:11:03 failure Click to view more details for this
messagefor host 10.0.1.28 trying to GET /amserver/UI/Login,
service-j2ee reports: StandardWrapperValve[LoginServlet]: PWC1406:
Servlet.service() for servlet LoginServlet threw exception
Cheers
Sam -
Login to Glassfish (AS 9.1) Admin Module fails after AM 7.1 install
Hello Everyone,
I am trying to deploy Sun Java System Access Manager 7.1 on Sun Java System Application Server 9.1 running on RH Linux. After deploying the war file and performing the initial configuration using /amserver/configurator.jsp and then restarting the server instance, I am no longer able to login to the administrative module of the application server. Following error comes up in the Server.log file:
[#|2007-11-21T21:26:21.422-0800|INFO|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=15;_ThreadName=httpWorkerThread-4848-0;admin;|SEC5046: Audit: Authentication refused for [admin].|#]
[#|2007-11-21T21:26:21.422-0800|WARNING|sun-appserver9.1|javax.enterprise.system.container.web|_ThreadID=15;_ThreadName=httpWorkerThread-4848-0;_RequestID=43616e0d-d1d5-4aaa-88aa-7e7913125a67;|Web login failed: Login failed: javax.security.auth.login.LoginException: No LoginModules configured for fileRealm|#]
In addition to running the configurator, I've also added the following permissions to the server.policy file:
grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/amserver/-" {
permission java.net.SocketPermission "*", "connect,accept,resolve";
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.util.logging.LoggingPermission "control";
permission java.lang.RuntimePermission "shutdownHooks";
permission javax.security.auth.AuthPermission "insertProvider.Mozilla-JSS";
permission java.security.SecurityPermission "putProviderProperty.Mozilla-JSS";
permission javax.security.auth.AuthPermission "getLoginConfiguration";
permission javax.security.auth.AuthPermission "setLoginConfiguration";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.*";
permission java.security.SecurityPermission "insertProvider.Mozilla-JSS";
permission javax.security.auth.AuthPermission "putProviderProperty.Mozilla-JSS";
permission java.io.FilePermission "<<ALL FILES>>", "execute,delete";
permission java.util.PropertyPermission "java.util.logging.config.class", "write";
permission java.security.SecurityPermission "removeProvider.SUN";
permission java.security.SecurityPermission "insertProvider.SUN";
permission java.security.SecurityPermission "removeProvider.Mozilla-JSS";
permission javax.security.auth.AuthPermission "doAs";
permission java.util.PropertyPermission "java.security.krb5.realm", "write";
permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
permission java.util.PropertyPermission "java.security.auth.login.config", "write";
permission java.util.PropertyPermission "user.language", "write";
permission javax.security.auth.kerberos.ServicePermission "*", "accept";
permission javax.net.ssl.SSLPermission "setHostnameVerifier";
permission java.security.SecurityPermission "putProviderProperty.IAIK";
permission java.security.SecurityPermission "removeProvider.IAIK";
permission java.security.SecurityPermission "insertProvider.IAIK";
Have I missed any steps? Are there any patches or workarounds for this issue?Hi,
You can download the GUI files from this link according to the version you have:
http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=7.1&mdfid=277641082&sftType=Unified+Communications+Manager+Express+Complete+Support+File+Set&optPlat=&nodecount=3&edesignator=null&modelName=Cisco+Unified+Communications+Manager+Express&treeMdfId=278875240&treeName=Voice+and+Unified+Communications&modifmdfid=null&imname=&hybrid=null&imst=null&lr=Y
1. Download appropriate tar file to tftp server. cme-basic-x.x.x.tar ? contains basic CME
system files including GUI, MoH and phoneloads
cme-gui-x.x.x.tar ? contains basic CME GUI files only
2. Logon to privileged EXEC mode of router CLI
3. Enter archive command to extract contents of tar file to router Flash memory:
Router# archive tar /xtract tftp://ip-address/filename flash:
Example 1:
To extract contents of cme-basic-3.0.3.tar from tftp server 192.168.1.1 to flash:
archive tar /xtract tftp://192.168.1.1/cme-basic-3.0.3.tar flash:
Example 2:
To extract contents of cme-gui-3.0.3.tar from tftp server 192.168.1.1 to flash:
archive tar /xtract tftp://192.168.1.1/cme-gui-3.0.3.tar flash:
This will update all the gui files in the location which the gui checks on the flash.
Regards,
Tere -
User logins fail; admin login is okay
I'm running 10.3.9 all the latest updates on a 1 Ghz DP G4 with 1Gig RAM.
Admin login works fine; three user logins go nowhere... beachball just spins and I have to power off the comp to get out.
If I log in as Admin user and switch to another login, password is accepted but the desktop remains blank.
Running the comp in target mode, I can see the files of the various users.
Disk Utility looses connection (as mentioned in another post), not certain if this is also an iTunes update issue.
Any ideas?
Thanks!
1Ghz DP G4 Mac OS X (10.3.9)After following the information to move iTunes to the desktop, I was able to run Disk Utilities and repaired persmssions.
However, there was no change in the ability for users to login. These users are managed, not standard.
I reinstalled OS 10.3 in archive mode, checked logins (which were fine) and installed the 10.3.9 update. Logins are broken again.
I can change the users to standard and they can login with no problem, but the moment I restrict anything (such as cannot change the dock) the logins fail.
Changing the users to standard allows logins; make them managed and they fail.
Certainly seems like a permissions issue, but repairing permissions does no good.
Any suggestions other than doing a clean install?
1Ghz DP G4 1 gig memory Mac OS X (10.3.9) -
Login failed. Please verify your login information or contact the sys admin
Hello
I've recently installed Oracle EBS 11.5.9 on Red Hat x-86 based linux.
I'm able to see the EBS login page but i can't login as SYSADMIN / SYSADMIN.
Infact i can't login @ all.
Error
Login failed. Please verify your login information or contact the system administratorHii Fadi
I plan to remove to EBS from my NAS partition and redo the whole thing cuz i've learned that i missed some steps in terms of OS parameters.
Just clear my 2 questions.
1.Teach me how to run rapid wiz from staging.
The default path in the last installation was /d01/Stage11i/and so on.I added only NAS directory destination path /vision before /d01 and when the install ran it asked me to manually provide source path and didn't run automatically.
NOW what i plan is
1.My NAS partition is called /vision. My stage directory named Stage11i is on local HD.I plan to copy my stage directory to NAS drive and run rapidwiz on my NAS from my stage directory and take all directory paths as default and move with the default installation.I believe this way rapidwiz would go automatic and install EBS overnight.No
Is my approach correct. ??.
2.My Linux x-86 RH4.0 is a test system running on 10.x.x.x ip network in the bank and it can be reached ( pinged ).However its not allowed to use DNS like the rest of the system.
In such a situation teach me howto resolve the DNS problem so that my team in the bank is able to access it from remote locations.
Tell me in terms of exact entries in the host file.
To me DNS shouldn't matter as long as i can ping the system.Cuz in the last instalation i was able to see the default EBS login page from remote bank site on the same network.
Secondly do post your blog link or email it to me at [email protected]
Regards
Fahad -
My login failed. I am the admin.
Put imac to sleep last night. This morning my login failed. I restarted it. Still failed. Any ideas?
Changing or resetting an account password
-
Delegated admin problems with 5.2
I just installed iMS 5.2 and the delegated admin server. i'm using Direct ldap, my ldap server is on another machine. my problem is, i cannot log into the delegated admin at all, using any account.
my ldap error log tailed no entries.
this is the ldap access log:
[17/Feb/2006:09:24:00 -0500] conn=250 fd=60 slot=60 connection from 160.10.4.10 to 160.10.36.186
[17/Feb/2006:09:24:00 -0500] conn=250 op=0 BIND dn="uid=NDAUser, ou=config, o=ida" method=128 version=3
[17/Feb/2006:09:24:00 -0500] conn=250 op=0 RESULT err=32 tag=97 nentries=0 etime=0
[17/Feb/2006:09:24:00 -0500] conn=250 op=1 BIND dn="" method=128 version=3
[17/Feb/2006:09:24:00 -0500] conn=250 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[17/Feb/2006:09:31:31 -0500] conn=251 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
[17/Feb/2006:09:31:31 -0500] conn=251 op=-1 fd=61 closed - B1
[17/Feb/2006:09:41:31 -0500] conn=252 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
[17/Feb/2006:09:41:31 -0500] conn=252 op=-1 fd=61 closed - B1
[17/Feb/2006:09:51:30 -0500] conn=253 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
[17/Feb/2006:09:51:30 -0500] conn=253 op=-1 fd=61 closed - B1
[17/Feb/2006:10:01:30 -0500] conn=254 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
[17/Feb/2006:10:01:30 -0500] conn=254 op=-1 fd=61 closed - B1
[17/Feb/2006:10:02:49 -0500] conn=255 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
[17/Feb/2006:10:02:49 -0500] conn=255 op=0 BIND dn="uid=NDAUser, ou=config, o=ida" method=128 version=3
[17/Feb/2006:10:02:49 -0500] conn=255 op=0 RESULT err=32 tag=97 nentries=0 etime=0
[17/Feb/2006:10:02:49 -0500] conn=255 op=1 BIND dn="" method=128 version=3
[17/Feb/2006:10:02:49 -0500] conn=255 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[17/Feb/2006:10:11:31 -0500] conn=256 fd=62 slot=62 connection from 160.10.4.10 to 160.10.36.186
[17/Feb/2006:10:11:31 -0500] conn=256 op=-1 fd=62 closed - B1
Thanks in advance for any help anyone can give. i know i'll need to provide more detail so if you need any info i'll be happy to divulge it, i just thought this would be an ok starter. I do need some help with this, I just want to get this working.
Thanks in advance for any help.The old iPlanet Delegated Admin uses a special account itself, rather than the one you use to log in as.
I see that login failing:
[17/Feb/2006:10:02:49 -0500] conn=255 op=0 BIND dn="uid=NDAUser, ou=config, o=ida" method=128 version=3
[17/Feb/2006:10:02:49 -0500] conn=255 op=0 RESULT err=32 tag=97 nentries=0 etime=0
err=32 means, "no such object". This means that this user, NDAUser has been deleted, as have some of the entries above that.
A failure to bind or locate an entry is not "an error" to Directory Server, it's a failed lookup or failure to bind. Nothing like this is going to be logged into the errors log.
It's still clearly the problem....
The password for NDAUser is in clear text in your iDA config file, "resource.properties" Likely, you could create the user and password, or you coule reinstall Delegated Admin.
If you haven't downloaded the later version, 1.2p2, I STRONGLY recommend that you uninstall the version that came with Messaging 5.2, and install the later one. -
I'm setting up a demo of JES3 Messaging for a customer with the Delegated Admin. It seems to work for I can create users with the correct attributes. These users can log into Messagent express and can see their mail but cannot send outgoing mail. Also I can't pop from the command line fror any of these users but sending mail to them from he command line does work. This seems to be probles with MailAllowed Services, but it seems ok on a ldapsearch (see below).
Synopsis of results:
I can send mail to these users with a telnet to port 25. But MExpress canot send mail from any of these users.
Messaging Express smtp error:
"Not authorized to sned messages"
But MExpress get's incoming mail for these users.
Messager Express gets mail for the users but pop fails:
Telnet <server> 110
User testuser2
pass password
"-ERR [AUTH] Not authorized to login as specified user"
ldapsearch output for testuser2
uid=testuser2,ou=People,o=myjazz.com,dc=myjazz,dc=com
psIncludeInGAB=true
uid=testuser2
iplanet-am-modifiable-by=cn=Organization Admin Role,o=myjazz.com,dc=myjazz,dc=com
givenName=Test
[email protected]
mailUserStatus=active
sn=User2
cn=Test User2
inetCOS=gold
preferredLocale=en
mailHost=bigun.myjazz.com
objectClass=userpresenceprofile
objectClass=top
objectClass=iplanet-am-managed-person
objectClass=iplanet-am-user-service
objectClass=inetadmin
objectClass=organizationalperson
objectClass=person
objectClass=inetuser
objectClass=inetlocalmailrecipient
objectClass=iplanetpreferences
objectClass=ipuser
objectClass=inetorgperson
objectClass=inetsubscriber
objectClass=inetmailuser
inetUserStatus=Active
userPassword={SSHA}I8oftLKYhg0DzYAzCh1UfzaluWNuKVNIjXO7RQ==
mailDeliveryOption=mailbox
preferredLanguage=en
nswmExtendedUserPrefs=meDraftFolder=Drafts
nswmExtendedUserPrefs=meSentFolder=Sent
nswmExtendedUserPrefs=meTrashFolder=Trash
nswmExtendedUserPrefs=meInitialized=true
pabURI=ldap://bigun.myjazz.com:389/ou=testuser2,ou=People,o=myjazz.com,dc=myjazz,dc=com,o=pab
mailAllowedServiceAccess=+imaps:ALL$+pops:ALL$+smtps:ALL$+http:ALL
mailMsgMaxBlocks=700
mailMsgQuota=3000
mailQuota=8000000I had the same problem. When I created a user account through the Delegated Admin interface the user could log into Communications Express, but was unable to send outgoing email. I then created another user account using the command below and this user is able to send email. I have not quite figured out the significany difference yet.
./commadmin user create -D admin -w <password> -X host.domain.com -n domain.com -d hosteddomain.com -l test5 -F Test5 -L User -W pass -S mail,cal -k legacy -E [email protected] -H host.domain.com -
SSL VPN, "Login failed" and "WebVPN: error creating WebVPN session!"
Hi,
Just ran the wizard for Anyconnect SSL VPN, created a tunnel group, a vpn pool and added user to it. When trying to logon on the SSL service, it simply says "login failed". I suspect that the user might not be in correct groups or so?
some relevant config
webvpn
enable wan
svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
svc enable
group-policy vpnpolicy1 internal
group-policy vpnpolicy1 attributes
vpn-tunnel-protocol svc
tunnel-group admins type remote-access
tunnel-group admins general-attributes
address-pool sslpool2
default-group-policy vpnpolicy1
username myuser password 1234567890 encrypted privilege 15
username myuser attributes
vpn-group-policy vpnpolicy1
Debug:
asa01# debug webvpn 255
INFO: debug webvpn enabled at level 255.
asa01# webvpn_allocate_auth_struct: net_handle = CD5734D0
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_login_resolve_tunnel_group: tgCookie = NULL
webvpn_login_resolve_tunnel_group: tunnel group name from default
webvpn_login_resolve_tunnel_group: TG_BUFFER = DefaultWEBVPNGroup
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
webvpn_portal.c:http_webvpn_kill_cookie[790]
webvpn_auth.c:http_webvpn_pre_authentication[2321]
WebVPN: calling AAA with ewsContext (-867034168) and nh (-849922864)!
webvpn_add_auth_handle: auth_handle = 17
WebVPN: started user authentication...
webvpn_auth.c:webvpn_aaa_callback[5138]
WebVPN: AAA status = (ACCEPT)
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_resuming[3093]
webvpn_auth.c:http_webvpn_post_authentication[1485]
WebVPN: user: (myuser) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2938]
webvpn_session.c:http_webvpn_create_session[184]
WebVPN: error creating WebVPN session!
webvpn_remove_auth_handle: auth_handle = 17
webvpn_free_auth_struct: net_handle = CD5734D0
webvpn_allocate_auth_struct: net_handle = CD5734D0
webvpn_free_auth_struct: net_handle = CD5734D0AnyConnect says:
"The secure gateway has rejected the agents VPN connect or reconnect request. A new connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists.
The following message was received from the secure gateway: Host or network is 0"
Other resources indicate that it's either the tunnel group, or the address pool.. The address pool is:
ip local pool sslpool2 172.16.20.0-172.16.20.254 mask 255.255.255.0
asa01# debug webvpn 255
INFO: debug webvpn enabled at level 255.
asa01# debug http 255
debug http enabled at level 255.
asa01# webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_login_resolve_tunnel_group: tgCookie = NULL
webvpn_login_resolve_tunnel_group: tunnel group name from default
webvpn_login_resolve_tunnel_group: TG_BUFFER = DefaultWEBVPNGroup
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
webvpn_portal.c:http_webvpn_kill_cookie[790]
webvpn_auth.c:http_webvpn_pre_authentication[2321]
WebVPN: calling AAA with ewsContext (-845538720) and nh (-828624376)!
webvpn_add_auth_handle: auth_handle = 22
WebVPN: started user authentication...
webvpn_auth.c:webvpn_aaa_callback[5138]
WebVPN: AAA status = (ACCEPT)
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_resuming[3093]
webvpn_auth.c:http_webvpn_post_authentication[1485]
WebVPN: user: (myuser) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2938]
HTTP: net_handle->standalone_client [0]
webvpn_session.c:http_webvpn_create_session[184]
webvpn_session.c:http_webvpn_find_session[159]
WebVPN session created!
webvpn_session.c:http_webvpn_find_session[159]
webvpn_remove_auth_handle: auth_handle = 22
webvpn_portal.c:ewaFormServe_webvpn_cookie[1805]
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE863DE8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE863DE8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE863DE8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE863DE8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CC894AA8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
Close 1043041832
webvpn_free_auth_struct: net_handle = CC894AA8
Maybe you are looking for
-
I make a new event, I set the Alert = Message (NOT "message with sound"). When event happens on the iMac there is no sound. Same event, syched to the iPhone, has sound. I have deleted events, recreated, synched. Absolutly certain Alert is "message
-
I-phone is not recognized by my laptop
I haven't backed up my iphone 3 to my laptop for a while and now it won't recognise it. It won't even charge it. My laptop does for other i-phones. Any suggestions?
-
I do not want to rent ADOBE ACROBAT on monthly bases I want to upgrade my Adobe Acrobat 9 Pro were can I do that I just keep getting the option to pay monthly
-
How do I change what Firefox opens documents with so I can print them?
I used to print documents for work. The would show up in separate tabs across the top. I click on it and print. Now all the documents go to an arrow on the side and when Ipull them up they are in wordpad and jibberish. please help.
-
Installed new security patch problem
Yesterday installed the latest OSX 10.5.8 security patch and now all incoming mail is being rejected with 550 - no such user, etc. Erased users and re-entered them still no joy. Any help/ideas appreciated. Bruce