Filr & eDirectory login restrictions.

Hi,
I stumbled across something today that seems quite obvious now but did have me scratching my head for a while.
We were experiencing issues with some users when they tried to upload files/create folders in their home folder using Filr. It would fail returning an "Unknown Error". Our user's home directories are on an NSS volume on an OES Linux server.
After digging around for a while I found that the logs seemed to indicate an authentication failure. At first I looked at the proxy user but that wasn't the problem.
It turns out that the problem is caused by account restrictions we have set in eDirectory that limit each user to one login. This is to prevent users from leaving themselves logged in all over the place.
I lifted the restriction on one of the users and the problem went away. The users were logged in to a workstation as well as trying to use Filr.
My question is can I enforce a login restriction and still allow users to use Filr at the same time?
I can probably guess what the answer will be but I just thought I'd ask in case anyone has any ideas.
Cheers.
Iain.

reddragon27284,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://www.novell.com/support and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Forums Team
http://forums.novell.com

Similar Messages

Login restriction on MII

Hello
I'm working on xMII 11.5
Is it possible to restrict a specific log in to a specific computer?
And is it possible to let only one session opened per log in. For example, log in name xmii001, if i have xmii001 logged in and then tried to open an other window with the same username, it should, or say it was already opened and don't let that log in to be opened again, or, it would allow the new log in but the previous log in would log off automatically.
is it possible?
where can i find some information to let me do this, or is this possible to be made inside xMII?
Best regards.

The licensing model is based upon engines(plants) and named users not concurrent users, so nothing like this is available for 11.5 and the LHSecurity engine for logging in. There is no action to kill off a user session on the server if someone just hits the X and closes a browser window, so the session just continues to get stale and once the timeout is met it is deleted. No workstation IP address based restriction can be imposed either.
MII version 12.0 which runs on NetWeaver 7.0 and uses UME for logins might have additional capabilities for login restrictions, but you'd have to look into the http://help.sap.com website for more details.
Regards,
Jeremy

Login Restriction

Hello,
How to restrict login,
/ as sysdba
Please advice...

I am on the machine where the DB is installed.
I have checked remote_login_passwordfile parameter & it is set to Exclusive BUT it still alllows me to login
/ as sysdba
Please advice.

Can I have two separate logins/restricted directories in the same web site?

Hi,
I want to have an admin area where I go against a user table to see if the user has admin rights and a separate area of the web site where regular users need a username and password that is validated against a different table.
All the pages in the admin area are in the admin directory.
All the pages in the other restricted area are in a consumers directory.
Both these directories are off the root.
Will this work ok? It seems to be, but I just wanted to check.
Many thanks!

No, I have two separate tables. It seems to be working, and I am hoping it is because I've kept all the pages that use one table in one directory, and all the pages that use the other table in another directory. Just wondering if I am asking for trouble. They are two different functions. One is for site administration, and one is for a number of users.

Employee Login Restrictions

Have a requirement where we are using db authentication and we have the login with a special character i.e @. Now am struggling to make the application authenticate using this login even though the user gets authenticated at the db level using double quotes around the username.
Tried to use the quotes in the application, however that did not work either. Any suggestions, please advise.

Thanks for the reply Christopher
1. The employee pictures are in a .TGA format. I wonder if you have heard about it. Anyway, i tried linking the picture to an employee and it shows it in the PA30 transaction. However, I found out that the document class doesn't really matter when uploading the photos as I tried uploading the .TGA picture under document class JPG, GIF, BMP and they all worked. Can you tell me the reason for this inconsistency? Should I expect any other problems while uploading .TGA pics under a different document class?
2. You said that there isnt any limit viz configuration. Can you tell me where this configuration can be done?
Thanks

Mountain lion - remote login - RESTRICTING SFTP use

i have a 10.8.2 server installation with remote login turned on for all users.
i have just discovered that this means that SFTP login is available for all users, even though file sharing is OFF and ftp is OFF.
and, all users can navigate EVERYWHERE on the HDD.
this seems a bit odd to me.
how can we make it so admin users can access the whole HDD, but normal users can only see their home directory?
thanks, James.

Use Workgroup Manager to change each user's login shell to None or /usr/bin/false should do it for you. This may hamper one's ability to use a network user account though so you should check it out on one account first. If they're just using services then disabling their shell login will work fine. After that, enable the FTP server to limit your users' ability to navigate.
FWIW, SFTP doesn't actually give anyone anything more than they don't already have through an SSH login.

Help with Note 761637 - Login restrictions prevent TMSADM logon

Hello all,
I'm receviing a large number of logon prompts in STMS. I'm having trouble understanding how to implement SAP note 761637 and was hoping someone that had implemented it already could guide me.
The note says
If you now add an entry with sysnam=,ADMPWD and the Routestring=USER to the TMSCROUTE table
The fields in the table are sysnam & RFCRoute (This has description of RouteString)
When I attempt to add a entry using SE16, SYSNAM as a selecting list on only the systems I have, why does the note tell me to enter the admpwd which I assume is short for admin password.
routestring=USER. So I enter the word USER?
I have implemented the following corrections
Note 713622 - Password rules prevent TMSADM logon
Note 749977 - Remote logons using standard client in the TMS
Thank you for your help.

OK, I'm having the same problems understanding this note as the original poster did. I can't figure out if table TMSCROUTE is supposed to contain an entry like:
,ADMPWD USER
-or--
,<TheActualPassword> TMSADM@<sid>.<domain>
-or--
some other weird variant?
Can someone who's implemented 'stringent' passwords post and example of their working TMSCROUTE entry? Meanwhile, I'll file a problem report, and when we get this working I'll post a response here.
bryan
<removed_by_moderator>
Edited by: Julius Bussche on Feb 17, 2008 10:58 PM

Restricted session & Kill Session

Hello everybody,
1) In which case do I need enabled restricted sessions?
2)Where “ALTER SYSTEM KILL SESSION” command will be useful?
Thanks in advance

Salman Qureshi wrote:
Hi,
1) In which case do I need enabled restricted sessions?Whenever you want to perform some maintenance operations in your database and you don't want anyone to access the database except user SYS, you can enable restricted session.
2)Where “ALTER SYSTEM KILL SESSION” command will be useful?When you want to kill a session which is no longer responding or hung or doing some long running operation which is disturbing your performance or you want to stop that processing etc.
SalmanHi Salman,
I think you'll find that "restricted session mode" does not limit login ability to only the SYS user as you mention.
As an example, consider the following.
Session 1:
SQL*Plus: Release 11.2.0.3.0 Production on Tue Jan 1 22:07:03 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
SQL> connect / as sysdba
Connected.
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup restrict;
ORACLE instance started.
Total System Global Area 2137886720 bytes
Fixed Size                  2256912 bytes
Variable Size            1258295280 bytes
Database Buffers          872415232 bytes
Redo Buffers                4919296 bytes
Database mounted.
Database opened.
SQL>Session 2:
SQL*Plus: Release 11.2.0.3.0 Production on Tue Jan 1 22:07:51 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
SQL> connect markwill
Enter password:
Connected.
SQL> select logins from v$instance;
LOGINS
RESTRICTED
1 row selected.
SQL>As you can see in Session 2 I am clearly not connecting as SYS user, yet I am capable of connecting to an instance started in restricted mode.
Rather than limiting to only user SYS it limits login ability to users with the RESTRICTED SESSION System Privilege (granted directly or via role).
Regards,
Mark

Newbie trying to setup schoolwide login hook

I don't know if this is the proper setting to ask this question, but here goes...I knew nothing about UNIX until about 2 weeks ago when I was asked by my school district's IT admin to develop a login script to reset each student's dock when they login to a standard setting. He'd finally found a way to use the district's LDAP/eDirectory logins for the Macs through software called Kanaka. I came up with the following script (based on a template off Bombich's site) but it's not working. Does anyone have any hints? Thanks for any possible help! Without this, our admin is threatening to take all Macs off the high school's network...
#!/bin/sh -f
set localAdmin = admin
### Script action ###
# If this is not the admin user...
if ( $1 != $localAdmin ) then
# Replace old Dock with required default Dock
sudo cp -f /Users/Shared/com.apple.dock.plist ~/Library/Preferences/
# Restart the Dock
killall Dock
endif
### Always exit with 0 status
exit 0

All the computers are up to 10.4 (I was surprised!). There are various versions of 10.4 though. The machine I'm developing/debugging on is a G5 dual core with 10.4.5. I don't know if I should try reinstalling the BSD subsystem to make sure the available shells have everything they require--like I said, I'm new at this. I didn't set up the machine I'm working on, but I thought BSD was installed by default, or has to be installed for OS X to work, but I'm not sure. I'm going to try the script at home this weekend on my iMac which has the developer tools, etc., installed to see if that makes any difference.
It appears the script is running because of the short bit of additional time required to login, but nothing in the docks for any of the accounts changes upon successful login.
Also, Bombich's original script had csh at the end of the first intro line to the script instead of just sh for the bash shell. I don't know if this would make any difference in the final outcome.
Again, thanks for all of your help thusfar...I think I even understand almost everything in the script you sent me! Although I can say that high school French seems like it was a lot easier to learn; but then again, that wasn't a timed trial by fire like my intro to UNIX has been!
Damian

Instance in Restricted mode

Created database from cold backup.The data files were moved from a previous release . I had to open the database with the upgrade option. Now can not connect to it over netwrok or using servicenames locally too
Get error
ORA-12526 :TNS LISTENER : all appropriate instances are in restricted mode
lsnrctl status shows
Instance "xxx", status RESTRICTED, has 2 handler(s) for this service..
How can I take this instance out of restricted mode. ..

Which version are you on ?
SYS@db102 SQL> startup upgrade
ORACLE instance started.
Total System Global Area       121634816 bytes
Fixed Size                       1218052 bytes
Variable Size                  104860156 bytes
Database Buffers                12582912 bytes
Redo Buffers                     2973696 bytes
Database mounted.
Database opened.
SYS@db102 SQL> select logins from v$instance;
LOGINS
RESTRICTED
SYS@db102 SQL> select * from v$version;
BANNER
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
PL/SQL Release 10.2.0.1.0 - Production
CORE    10.2.0.1.0      Production
TNS for Linux: Version 10.2.0.1.0 - Production
NLSRTL Version 10.2.0.1.0 - Production
SYS@db102 SQL>

Restricting Log on to Workstation

Good morning All,
I was just asked the following: Is there a method either through Policy/DLU that can restrict access to a computer?Please see the following:
Need some guidance on how to restrict login in the ZCM world. In ZDM7 there was a "restrict login" policy in the workstation package. At the Training Center, they have to be able to restrict the classroom PCs so that users can only log in with the classroom ID not their normal user id. I have tried getting the DLU policy to do this, but it doesn't seem to work that way. In checking Google, the only reference I found to getting this to work was the DLU policy. Need to figure out how to get this to work in the Training Center so they can upgrade the lab to ZCM.
Customer is using ZCM 11.2.4 MU 1, Windows 7 and Windows XP.
Thank you,

Originally Posted by dschaldenovell
Good morning All,
I was just asked the following: Is there a method either through Policy/DLU that can restrict access to a computer?Please see the following:
Need some guidance on how to restrict login in the ZCM world. In ZDM7 there was a "restrict login" policy in the workstation package. At the Training Center, they have to be able to restrict the classroom PCs so that users can only log in with the classroom ID not their normal user id. I have tried getting the DLU policy to do this, but it doesn't seem to work that way. In checking Google, the only reference I found to getting this to work was the DLU policy. Need to figure out how to get this to work in the Training Center so they can upgrade the lab to ZCM.
Customer is using ZCM 11.2.4 MU 1, Windows 7 and Windows XP.
Thank you,
There is "Login Restrictions" in the DLU policy in ZCM were you can define workstations/users included/excluded.
Assign the DLU policy to the classroom PCs and then add the users to the included list that are allowed to log in on those classroom workstations, doesn't that work?
Thomas

I have 20 seconds to login, or I have to reboot and try again...

A few months ago I noticed if I don't login right away after boot up, the mouse will turn into a spinning ball and everything else becomes unresponsive.
I've tested it multiple times now. I have about 20 seconds to click my account name, type in my password, and hit enter.
The only thing I could think of that might affect it, is startup items. McAfee antivirus was located on my comp at one time, though I could not completely delete it. The script from mcafee that should delete everything was not located on my computer, so after every restart I 'kill' all mcafee processes from terminal. Could these be causing the login issue?

All of those links work perfectly fine, +except last page.+ Some schools
are generally open at this point of entry. Perhaps there's an IP block
for certain regions for access, and others denied within a set range?
Sure the actual download site link forbids (in this instance) the actual
access to a file in their servers; so it is held as intellectual property
and to offset unauthorized server access, rightly is it limited in use.
While I did not read into the sites to see if they view information held
there to be in the public domain, subject to intellectual property rights
or available to share without profit, among general non-school public;
it goes to figure copyrighted web pages probably cover most angles.
If they were open, someone could send the transcript in email to OP.
At least there appears to be a direct link without the login restriction.
This gets around the one set of hurdles and lets the cat out of the bag.
The idea of using the suspect application's own uninstaller, if available,
or another such as you've posted links to acquire, are plausible ideas.
To start in SafeBoot may also get past the 'fast log-in problem' mentioned.
{Some apps have an uninstaller, either in the original install folder or CD.}
AppCleaner is free/donationware: http://www.freemacsoft.net/AppCleaner/
{Some of the others offer a Trial version, that may do enough to solve a problem.
Most are relatively inexpensive, and are helpful to ferret out unwanted software.}
• 6 Ways to Correctly Delete Applications (according to mac.appstorm's roundup)
http://mac.appstorm.net/roundups/utilities-roundups/6-ways-to-correctly-delete-a pplications/
Oh well. It's always fun wondering why page links work in only part of the hemisphere.
And have come to expect if something is worth having, it may be limited in access...
Good luck & happy computing!
+{ edited }+

Integrated login

Hi, i'm having a problem with integrated login and hope someone can help me
out.
I have build 510 of NCL 1.2 installed on the SLED 10 preview release.
Following the directions I input all the information on the Novell Login
screen and in the startup tab checked the boxes marked "Run Novell Client
Login at session startup" and "Save profile after the sucesful login".
When I click ok it then logs me in ok and runs the login script, and then
pops up a message saying: "eDirectory login profle for user matt have been
saved for use at next session startup".
However the next time I log in nothing happens, it does not log me in to
novell at all. When I go back in to the Novell Login the "Run Novell
Client Login at session startup" box is no longer checked
Any ideas where I am going wrong?

> [email protected] wrote:
>
> > Hi, i'm having a problem with integrated login and hope someone can help
> > me out.
> >
> > I have build 510 of NCL 1.2
>
> The integrated login was not working in that build.
Ah that'll explain it then, is there a later build available Joe or should
I just hang on?

DLU, Excluded/Included Users List

Hi,
we have problems using the "Excluded/Included Users Lists"-feature of DLU
policies.
This s what we are trying to do: Most of our ZCM-managed workstations should
allow all eDirectory accounts to login; so we have a DLU policy without any
"Login Restrictions" assigned to those devices. So far it works fine.
Now we have one lab where only a subset of accouts should be allowed to
login. We assigned a DLU policy with "Login Restrictions" to those devices.
We want to put "Users" (=ALL accounts) into the "Excluded Users List" and a
eDirectory group into the "Included Users List". But this does not work -
some accounts could login, some not - but without any correlation to the
eDirectory group.
So for testing we simplified the scenario: only one single account is in the
"Excluded Users List" - does not work, the account still can login. (DLU
creates a local account which did not exist before the test.)
My question: Is something wrong with how we try to do this? Should this work
or is there a flaw in the idea?
(ZCM 11 SP1, Windows 7 workstations with Novell Client and ZCM Agent, no
Windows Domain)
Thanks,
Mirko

I know people use it, because Novell is looking at some specific issues
where certain loopback configurations cause it to not work.
This is why I wanted to get loopback entirely out of the picture.
On 2/16/2012 8:37 AM, Mirko Guldner wrote:
>
> Whatever I do or try - the results are totally unpredictable. Some Accounts
> can login, some not, without any correlation to accounts and groups in the
> "Included/Excluded Users List".
>
> What I really would like to know: Does somebody here use this feature, and
> it works?
>
> Thanks,
> Mirko
>
>
> Mirko Guldner wrote:
>
>>
>> I wasn't aware of the term "Loopback" in this context... but I guess you
>> are refering to what is called "Policy Conflict Resolution" in ZCC?
>>
>> I tested it again with "Device Only" for the assignment of the DLU policy
>> - no difference: the account in "Excluded Users List" still can login and
>> gets a local user created.
>>
>>
>> craig wilson wrote:
>>
>>> Check the Loop Backsettings on the Device.
>>> That can be important, even if there are not duplicate policies.
>>>
>>> On 2/13/2012 11:11 AM, Mirko Guldner wrote:
>>>>
>>>> We have a total of 6 DLU Policies in the zone, including those only for
>>>> testing - none of them is assigned by user, all are assigned by device.
>>>>
>>>> We also checked the "Assigned Policies", "Inherited"-tab for user and
>>>> device, so I don't think there's possibly a problem multiple policies
>>>> assigned.
>>>>
>>>> Thanks,
>>>> Mirko
>>>>
>>>>
>>>>
>>>> craig wilson wrote:
>>>>
>>>>> Any Chance the User/Device combo is resulting in multiple DLU policies
>>>>> being assigned/inherited and the other DLU policy is the one logging in
>>>>> the user?
>>>>>
>>>>> On 2/13/2012 8:40 AM, Mirko Guldner wrote:
>>>>>> Hi,
>>>>>>
>>>>>> we have problems using the "Excluded/Included Users Lists"-feature of
>>>>>> DLU policies.
>>>>>>
>>>>>> This s what we are trying to do: Most of our ZCM-managed workstations
>>>>>> should allow all eDirectory accounts to login; so we have a DLU policy
>>>>>> without any "Login Restrictions" assigned to those devices. So far it
>>>>>> works fine.
>>>>>>
>>>>>> Now we have one lab where only a subset of accouts should be allowed
>>>>>> to login. We assigned a DLU policy with "Login Restrictions" to those
>>>>>> devices. We want to put "Users" (=ALL accounts) into the "Excluded
>>>>>> Users List" and a eDirectory group into the "Included Users List". But
>>>>>> this does not work - some accounts could login, some not - but without
>>>>>> any correlation to the eDirectory group.
>>>>>>
>>>>>> So for testing we simplified the scenario: only one single account is
>>>>>> in the "Excluded Users List" - does not work, the account still can
>>>>>> login. (DLU creates a local account which did not exist before the
>>>>>> test.)
>>>>>>
>>>>>> My question: Is something wrong with how we try to do this? Should
>>>>>> this work or is there a flaw in the idea?
>>>>>>
>>>>>> (ZCM 11 SP1, Windows 7 workstations with Novell Client and ZCM Agent,
>>>>>> no Windows Domain)
>>>>>>
>>>>>> Thanks,
>>>>>> Mirko
>>>>>
>>>>>
>>>>
>>>
>>>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.

Miscellaneous error (-1688)

Hi
Netware 6.5, BM 3.8. NMAS 2.2 or 2.3.3.
Some users get authenticated, some not (within the same container). The
das object is associated to the container. The problem affects users from
different containers, etc.
Previous version of Radius (BMAS) worked OK. See the debug log:
[2004-06-08 01:12:56 PM] Debug logging enabled to file
sys:etc\radius\debug\raddbg.log
[2004-06-08 01:13:32 PM] (->)Cacher: NWDSReadObjectInfo
(radius_das2.serveis.sscc.autopistas), succeeded, time:5
[2004-06-08 01:13:58 PM] 290) [(ip) 10.210.207.2:3769], Received 58 Bytes
(Access-Request (1))
[2004-06-08 01:13:58 PM] [(total=290) (p=289) (d=0) (r=0) (acc=0)
(rej=0)]
[2004-06-08 01:13:58 PM] <5> Done GetNextMessage [(ip) 10.210.207.2:3769]:
time:16398177
[2004-06-08 01:13:58 PM] -------- START : (Access-Request (1)) [(ip)
10.210.207.2:3769]: time:-358282289---
[2004-06-08 01:13:58 PM] CACHE: CacheDomainListExist
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:13:58 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-06-08 01:13:58 PM] CACHE: CacheReadSecretForNASAddress
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:13:58 PM] CACHE: CacheGetEnableCNLogin
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:13:58 PM] (->)CacheGetDNForName:NWDSReadObjectInfo
(ojulia), succeeded, time:10
[2004-06-08 01:13:58 PM] userName: ojulia
[2004-06-08 01:13:58 PM] userDN: OJULIA.Srvinfor.SSCC.Autopistas
[2004-06-08 01:13:58 PM] (->)NDSVerifyAttr:NWDSRead
(OJULIA.Srvinfor.SSCC.Autopistas,RADIUS:Dial Access Group) succeeded,
time:5
[2004-06-08 01:13:58 PM] User "OJULIA.Srvinfor.SSCC.Autopistas", does
not have "RADIUS:Dial Access Group" defined, trying
parent "Srvinfor.SSCC.Autopistas"
[2004-06-08 01:13:58 PM] (->)NWDSCompare:(Srvinfor.SSCC.Autopistas)
succeeded, time:13
[2004-06-08 01:13:58 PM] (->)NWDSRead
(OJULIA.Srvinfor.SSCC.Autopistas,RADIUS Enable Attr) failed, no such
attribute (-603), time:6
[2004-06-08 01:13:58 PM] (->)User "OJULIA.Srvinfor.SSCC.Autopistas",
Looking in (Srvinfor.SSCC.Autopistas) for (RADIUS:Enable Dial Access)
[2004-06-08 01:13:58 PM] (->)NWDSRead(Srvinfor.SSCC.Autopistas,RADIUS
Enable Attr) succeeded, time:3
[2004-06-08 01:13:58 PM] User Name: ojulia, User DN:
OJULIA.Srvinfor.SSCC.Autopistas, Domain: , Service Tag:
[2004-06-08 01:13:58 PM] (->)NADMAuthRequest()
[2004-06-08 01:13:58 PM] (->)NADMAuthRequest
(OJULIA.Srvinfor.SSCC.Autopistas) failed, -1688 (0xfffff968), time:53
[2004-06-08 01:13:58 PM] (->)Authenticate (0 policy, NDS pswd) (for
OJULIA.Srvinfor.SSCC.Autopistas), failed, -1688 (0xfffff968)
[2004-06-08 01:13:58 PM] (->)Authentication FAILED
[2004-06-08 01:13:58 PM] ->Sending Access-Reject (3) [(ip) 10.210.207.2
(3769)] count=20
[2004-06-08 01:13:58 PM] ->Inserting into RespQ , code(3) id(136).
[2004-06-08 01:13:58 PM] -------- END : (Access-Request (1)) [(ip)
10.210.207.2:3769]: time:-358282186---
[2004-06-08 01:14:18 PM] Debug logging disabled
[2004-06-08 01:26:46 PM] Debug logging enabled to file
sys:etc\radius\debug\raddbg.log
[2004-06-08 01:26:59 PM] 299) [(ip) 10.200.110.2:3253], Received 48 Bytes
(Access-Request (1))
[2004-06-08 01:26:59 PM] [(total=299) (p=298) (d=0) (r=0) (acc=0)
(rej=0)]
[2004-06-08 01:26:59 PM] <4> Done GetNextMessage [(ip) 10.200.110.2:3253]:
time:1294958
[2004-06-08 01:26:59 PM] -------- START : (Access-Request (1)) [(ip)
10.200.110.2:3253]: time:-350470241---
[2004-06-08 01:26:59 PM] CACHE: CacheDomainListExist
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:26:59 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-06-08 01:26:59 PM] CACHE: CacheReadSecretForNASAddress
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:26:59 PM] CACHE: CacheGetEnableCNLogin
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:26:59 PM] (->)CacheGetDNForName:NWDSReadObjectInfo
(jsanchem), succeeded, time:10
[2004-06-08 01:26:59 PM] userName: jsanchem
[2004-06-08 01:26:59 PM] userDN: JSANCHEM.Srvinfor.SSCC.Autopistas
[2004-06-08 01:26:59 PM] (->)NDSVerifyAttr:NWDSRead
(JSANCHEM.Srvinfor.SSCC.Autopistas,RADIUS:Dial Access Group) succeeded,
time:6
[2004-06-08 01:26:59 PM] (->)NWDSCompare:
(JSANCHEM.Srvinfor.SSCC.Autopistas) succeeded, time:3
[2004-06-08 01:26:59 PM] (->)NWDSRead
(JSANCHEM.Srvinfor.SSCC.Autopistas,RADIUS Enable Attr) failed, no such
attribute (-603), time:5
[2004-06-08 01:26:59 PM] (->)User "JSANCHEM.Srvinfor.SSCC.Autopistas",
Looking in (Srvinfor.SSCC.Autopistas) for (RADIUS:Enable Dial Access)
[2004-06-08 01:26:59 PM] (->)NWDSRead(Srvinfor.SSCC.Autopistas,RADIUS
Enable Attr) succeeded, time:3
[2004-06-08 01:26:59 PM] User Name: jsanchem, User DN:
JSANCHEM.Srvinfor.SSCC.Autopistas, Domain: , Service Tag:
[2004-06-08 01:26:59 PM] (->)NADMAuthRequest()
[2004-06-08 01:27:00 PM] (->)NADMAuthRequest
(JSANCHEM.Srvinfor.SSCC.Autopistas) succeeded, time:1714
[2004-06-08 01:27:00 PM] (->)Authenticate (0 policy, NDS pswd) (for
JSANCHEM.Srvinfor.SSCC.Autopistas), succeeded
[2004-06-08 01:27:00 PM] (->)NDSReadData:NWDSRead
(JSANCHEM.Srvinfor.SSCC.Autopistas,RADIUS:Concurre nt Limit) failed, no
such attribute (-603), time:9
[2004-06-08 01:27:00 PM] CACHE: CacheGetConcurrentLimit
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:00 PM] User:JSANCHEM.Srvinfor.SSCC.Autopistas, Current
Login:0, Login Limit:-1, succeeded
[2004-06-08 01:27:00 PM] (->)Authentication SUCCEEDED
[2004-06-08 01:27:00 PM] ->Sending Access-Accept (2) [(ip) 10.200.110.2
(3253)] count=20
[2004-06-08 01:27:00 PM] ->Inserting into RespQ , code(2) id(12).
[2004-06-08 01:27:00 PM] -------- END : (Access-Request (1)) [(ip)
10.200.110.2:3253]: time:-350468469---
[2004-06-08 01:27:10 PM] 300) [(ip) 10.200.110.2:3254], Received 46 Bytes
(Access-Request (1))
[2004-06-08 01:27:10 PM] [(total=300) (p=299) (d=0) (r=0) (acc=0)
(rej=0)]
[2004-06-08 01:27:10 PM] <5> Done GetNextMessage [(ip) 10.200.110.2:3254]:
time:1275741
[2004-06-08 01:27:10 PM] -------- START : (Access-Request (1)) [(ip)
10.200.110.2:3254]: time:-350361566---
[2004-06-08 01:27:10 PM] CACHE: CacheDomainListExist
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:10 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-06-08 01:27:10 PM] CACHE: CacheReadSecretForNASAddress
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:10 PM] CACHE: CacheGetEnableCNLogin
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:10 PM] (->)CacheGetDNForName:NWDSReadObjectInfo
(ojulia), succeeded, time:10
[2004-06-08 01:27:10 PM] userName: ojulia
[2004-06-08 01:27:10 PM] userDN: OJULIA.Srvinfor.SSCC.Autopistas
[2004-06-08 01:27:10 PM] (->)NDSVerifyAttr:NWDSRead
(OJULIA.Srvinfor.SSCC.Autopistas,RADIUS:Dial Access Group) succeeded,
time:5
[2004-06-08 01:27:10 PM] User "OJULIA.Srvinfor.SSCC.Autopistas", does
not have "RADIUS:Dial Access Group" defined, trying
parent "Srvinfor.SSCC.Autopistas"
[2004-06-08 01:27:10 PM] (->)NWDSCompare:(Srvinfor.SSCC.Autopistas)
succeeded, time:3
[2004-06-08 01:27:10 PM] (->)NWDSRead
(OJULIA.Srvinfor.SSCC.Autopistas,RADIUS Enable Attr) failed, no such
attribute (-603), time:4
[2004-06-08 01:27:10 PM] (->)User "OJULIA.Srvinfor.SSCC.Autopistas",
Looking in (Srvinfor.SSCC.Autopistas) for (RADIUS:Enable Dial Access)
[2004-06-08 01:27:10 PM] (->)NWDSRead(Srvinfor.SSCC.Autopistas,RADIUS
Enable Attr) succeeded, time:3
[2004-06-08 01:27:10 PM] User Name: ojulia, User DN:
OJULIA.Srvinfor.SSCC.Autopistas, Domain: , Service Tag:
[2004-06-08 01:27:10 PM] (->)NADMAuthRequest()
[2004-06-08 01:27:11 PM] (->)NADMAuthRequest
(OJULIA.Srvinfor.SSCC.Autopistas) failed, -1688 (0xfffff968), time:1442
[2004-06-08 01:27:11 PM] (->)Authenticate (0 policy, NDS pswd) (for
OJULIA.Srvinfor.SSCC.Autopistas), failed, -1688 (0xfffff968)
[2004-06-08 01:27:11 PM] (->)Authentication FAILED
[2004-06-08 01:27:11 PM] ->Sending Access-Reject (3) [(ip) 10.200.110.2
(3254)] count=20
[2004-06-08 01:27:11 PM] ->Inserting into RespQ , code(3) id(13).
[2004-06-08 01:27:11 PM] -------- END : (Access-Request (1)) [(ip)
10.200.110.2:3254]: time:-350360087---
[2004-06-08 01:27:19 PM] 301) [(ip) 10.200.110.2:3255], Received 46 Bytes
(Access-Request (1))
[2004-06-08 01:27:19 PM] [(total=301) (p=300) (d=0) (r=0) (acc=0)
(rej=0)]
[2004-06-08 01:27:19 PM] <3> Done GetNextMessage [(ip) 10.200.110.2:3255]:
time:1249810
[2004-06-08 01:27:19 PM] -------- START : (Access-Request (1)) [(ip)
10.200.110.2:3255]: time:-350277185---
[2004-06-08 01:27:19 PM] CACHE: CacheDomainListExist
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:19 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-06-08 01:27:19 PM] CACHE: CacheReadSecretForNASAddress
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:19 PM] CACHE: CacheGetEnableCNLogin
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:19 PM] (->)CacheGetDNForName:NWDSReadObjectInfo
(ojulia), succeeded, time:12
[2004-06-08 01:27:19 PM] userName: ojulia
[2004-06-08 01:27:19 PM] userDN: OJULIA.Srvinfor.SSCC.Autopistas
[2004-06-08 01:27:19 PM] (->)NDSVerifyAttr:NWDSRead
(OJULIA.Srvinfor.SSCC.Autopistas,RADIUS:Dial Access Group) succeeded,
time:6
[2004-06-08 01:27:19 PM] User "OJULIA.Srvinfor.SSCC.Autopistas", does
not have "RADIUS:Dial Access Group" defined, trying
parent "Srvinfor.SSCC.Autopistas"
[2004-06-08 01:27:19 PM] (->)NWDSCompare:(Srvinfor.SSCC.Autopistas)
succeeded, time:42
[2004-06-08 01:27:19 PM] (->)NWDSRead
(OJULIA.Srvinfor.SSCC.Autopistas,RADIUS Enable Attr) failed, no such
attribute (-603), time:7
[2004-06-08 01:27:19 PM] (->)User "OJULIA.Srvinfor.SSCC.Autopistas",
Looking in (Srvinfor.SSCC.Autopistas) for (RADIUS:Enable Dial Access)
[2004-06-08 01:27:19 PM] (->)NWDSRead(Srvinfor.SSCC.Autopistas,RADIUS
Enable Attr) succeeded, time:3
[2004-06-08 01:27:19 PM] User Name: ojulia, User DN:
OJULIA.Srvinfor.SSCC.Autopistas, Domain: , Service Tag:
[2004-06-08 01:27:19 PM] (->)NADMAuthRequest()
[2004-06-08 01:27:19 PM] (->)NADMAuthRequest
(OJULIA.Srvinfor.SSCC.Autopistas) failed, -1688 (0xfffff968), time:1541
[2004-06-08 01:27:19 PM] (->)Authenticate (0 policy, NDS pswd) (for
OJULIA.Srvinfor.SSCC.Autopistas), failed, -1688 (0xfffff968)
[2004-06-08 01:27:19 PM] (->)Authentication FAILED
[2004-06-08 01:27:19 PM] ->Sending Access-Reject (3) [(ip) 10.200.110.2
(3255)] count=20
[2004-06-08 01:27:19 PM] ->Inserting into RespQ , code(3) id(14).
[2004-06-08 01:27:19 PM] -------- END : (Access-Request (1)) [(ip)
10.200.110.2:3255]: time:-350275562---
[2004-06-08 01:27:26 PM] Debug logging disabled
User "jsanchem" logged on OK, user "ojulia" don't. You can see two
attempts of ojulia, one of them wrong password.
Please advice.
Jesus.

The -1688 error is an NMAS error, which indicates that the user has reached
their maximum number of concurrent logins. This is not the RADIUS concurrent
login restriction that you're running into, it's the eDirectory concurrent
login restriction. Users who are getting this error already have one or more
eDirectory connections open.
>>> <[email protected]> 6/9/2004 10:44:22 AM >>>
Hi
Netware 6.5, BM 3.8. NMAS 2.2 or 2.3.3.
Some users get authenticated, some not (within the same container). The
das object is associated to the container. The problem affects users from
different containers, etc.
Previous version of Radius (BMAS) worked OK. See the debug log:
[2004-06-08 01:12:56 PM] Debug logging enabled to file
sys:etc\radius\debug\raddbg.log
[2004-06-08 01:13:32 PM] (->)Cacher: NWDSReadObjectInfo
(radius_das2.serveis.sscc.autopistas), succeeded, time:5
[2004-06-08 01:13:58 PM] 290) [(ip) 10.210.207.2:3769], Received 58 Bytes
(Access-Request (1))
[2004-06-08 01:13:58 PM] [(total=290) (p=289) (d=0) (r=0) (acc=0)
(rej=0)]
[2004-06-08 01:13:58 PM] <5> Done GetNextMessage [(ip) 10.210.207.2:3769]:
time:16398177
[2004-06-08 01:13:58 PM] -------- START : (Access-Request (1)) [(ip)
10.210.207.2:3769]: time:-358282289---
[2004-06-08 01:13:58 PM] CACHE: CacheDomainListExist
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:13:58 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-06-08 01:13:58 PM] CACHE: CacheReadSecretForNASAddress
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:13:58 PM] CACHE: CacheGetEnableCNLogin
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:13:58 PM] (->)CacheGetDNForName:NWDSReadObjectInfo
(ojulia), succeeded, time:10
[2004-06-08 01:13:58 PM] userName: ojulia
[2004-06-08 01:13:58 PM] userDN: OJULIA.Srvinfor.SSCC.Autopistas
[2004-06-08 01:13:58 PM] (->)NDSVerifyAttr:NWDSRead
(OJULIA.Srvinfor.SSCC.Autopistas,RADIUS:Dial Access Group) succeeded,
time:5
[2004-06-08 01:13:58 PM] User "OJULIA.Srvinfor.SSCC.Autopistas", does
not have "RADIUS:Dial Access Group" defined, trying
parent "Srvinfor.SSCC.Autopistas"
[2004-06-08 01:13:58 PM] (->)NWDSCompare:(Srvinfor.SSCC.Autopistas)
succeeded, time:13
[2004-06-08 01:13:58 PM] (->)NWDSRead
(OJULIA.Srvinfor.SSCC.Autopistas,RADIUS Enable Attr) failed, no such
attribute (-603), time:6
[2004-06-08 01:13:58 PM] (->)User "OJULIA.Srvinfor.SSCC.Autopistas",
Looking in (Srvinfor.SSCC.Autopistas) for (RADIUS:Enable Dial Access)
[2004-06-08 01:13:58 PM] (->)NWDSRead(Srvinfor.SSCC.Autopistas,RADIUS
Enable Attr) succeeded, time:3
[2004-06-08 01:13:58 PM] User Name: ojulia, User DN:
OJULIA.Srvinfor.SSCC.Autopistas, Domain: , Service Tag:
[2004-06-08 01:13:58 PM] (->)NADMAuthRequest()
[2004-06-08 01:13:58 PM] (->)NADMAuthRequest
(OJULIA.Srvinfor.SSCC.Autopistas) failed, -1688 (0xfffff968), time:53
[2004-06-08 01:13:58 PM] (->)Authenticate (0 policy, NDS pswd) (for
OJULIA.Srvinfor.SSCC.Autopistas), failed, -1688 (0xfffff968)
[2004-06-08 01:13:58 PM] (->)Authentication FAILED
[2004-06-08 01:13:58 PM] ->Sending Access-Reject (3) [(ip) 10.210.207.2
(3769)] count=20
[2004-06-08 01:13:58 PM] ->Inserting into RespQ , code(3) id(136).
[2004-06-08 01:13:58 PM] -------- END : (Access-Request (1)) [(ip)
10.210.207.2:3769]: time:-358282186---
[2004-06-08 01:14:18 PM] Debug logging disabled
[2004-06-08 01:26:46 PM] Debug logging enabled to file
sys:etc\radius\debug\raddbg.log
[2004-06-08 01:26:59 PM] 299) [(ip) 10.200.110.2:3253], Received 48 Bytes
(Access-Request (1))
[2004-06-08 01:26:59 PM] [(total=299) (p=298) (d=0) (r=0) (acc=0)
(rej=0)]
[2004-06-08 01:26:59 PM] <4> Done GetNextMessage [(ip) 10.200.110.2:3253]:
time:1294958
[2004-06-08 01:26:59 PM] -------- START : (Access-Request (1)) [(ip)
10.200.110.2:3253]: time:-350470241---
[2004-06-08 01:26:59 PM] CACHE: CacheDomainListExist
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:26:59 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-06-08 01:26:59 PM] CACHE: CacheReadSecretForNASAddress
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:26:59 PM] CACHE: CacheGetEnableCNLogin
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:26:59 PM] (->)CacheGetDNForName:NWDSReadObjectInfo
(jsanchem), succeeded, time:10
[2004-06-08 01:26:59 PM] userName: jsanchem
[2004-06-08 01:26:59 PM] userDN: JSANCHEM.Srvinfor.SSCC.Autopistas
[2004-06-08 01:26:59 PM] (->)NDSVerifyAttr:NWDSRead
(JSANCHEM.Srvinfor.SSCC.Autopistas,RADIUS:Dial Access Group) succeeded,
time:6
[2004-06-08 01:26:59 PM] (->)NWDSCompare:
(JSANCHEM.Srvinfor.SSCC.Autopistas) succeeded, time:3
[2004-06-08 01:26:59 PM] (->)NWDSRead
(JSANCHEM.Srvinfor.SSCC.Autopistas,RADIUS Enable Attr) failed, no such
attribute (-603), time:5
[2004-06-08 01:26:59 PM] (->)User "JSANCHEM.Srvinfor.SSCC.Autopistas",
Looking in (Srvinfor.SSCC.Autopistas) for (RADIUS:Enable Dial Access)
[2004-06-08 01:26:59 PM] (->)NWDSRead(Srvinfor.SSCC.Autopistas,RADIUS
Enable Attr) succeeded, time:3
[2004-06-08 01:26:59 PM] User Name: jsanchem, User DN:
JSANCHEM.Srvinfor.SSCC.Autopistas, Domain: , Service Tag:
[2004-06-08 01:26:59 PM] (->)NADMAuthRequest()
[2004-06-08 01:27:00 PM] (->)NADMAuthRequest
(JSANCHEM.Srvinfor.SSCC.Autopistas) succeeded, time:1714
[2004-06-08 01:27:00 PM] (->)Authenticate (0 policy, NDS pswd) (for
JSANCHEM.Srvinfor.SSCC.Autopistas), succeeded
[2004-06-08 01:27:00 PM] (->)NDSReadData:NWDSRead
(JSANCHEM.Srvinfor.SSCC.Autopistas,RADIUS:Concurre nt Limit) failed, no
such attribute (-603), time:9
[2004-06-08 01:27:00 PM] CACHE: CacheGetConcurrentLimit
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:00 PM] User:JSANCHEM.Srvinfor.SSCC.Autopistas, Current
Login:0, Login Limit:-1, succeeded
[2004-06-08 01:27:00 PM] (->)Authentication SUCCEEDED
[2004-06-08 01:27:00 PM] ->Sending Access-Accept (2) [(ip) 10.200.110.2
(3253)] count=20
[2004-06-08 01:27:00 PM] ->Inserting into RespQ , code(2) id(12).
[2004-06-08 01:27:00 PM] -------- END : (Access-Request (1)) [(ip)
10.200.110.2:3253]: time:-350468469---
[2004-06-08 01:27:10 PM] 300) [(ip) 10.200.110.2:3254], Received 46 Bytes
(Access-Request (1))
[2004-06-08 01:27:10 PM] [(total=300) (p=299) (d=0) (r=0) (acc=0)
(rej=0)]
[2004-06-08 01:27:10 PM] <5> Done GetNextMessage [(ip) 10.200.110.2:3254]:
time:1275741
[2004-06-08 01:27:10 PM] -------- START : (Access-Request (1)) [(ip)
10.200.110.2:3254]: time:-350361566---
[2004-06-08 01:27:10 PM] CACHE: CacheDomainListExist
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:10 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-06-08 01:27:10 PM] CACHE: CacheReadSecretForNASAddress
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:10 PM] CACHE: CacheGetEnableCNLogin
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:10 PM] (->)CacheGetDNForName:NWDSReadObjectInfo
(ojulia), succeeded, time:10
[2004-06-08 01:27:10 PM] userName: ojulia
[2004-06-08 01:27:10 PM] userDN: OJULIA.Srvinfor.SSCC.Autopistas
[2004-06-08 01:27:10 PM] (->)NDSVerifyAttr:NWDSRead
(OJULIA.Srvinfor.SSCC.Autopistas,RADIUS:Dial Access Group) succeeded,
time:5
[2004-06-08 01:27:10 PM] User "OJULIA.Srvinfor.SSCC.Autopistas", does
not have "RADIUS:Dial Access Group" defined, trying
parent "Srvinfor.SSCC.Autopistas"
[2004-06-08 01:27:10 PM] (->)NWDSCompare:(Srvinfor.SSCC.Autopistas)
succeeded, time:3
[2004-06-08 01:27:10 PM] (->)NWDSRead
(OJULIA.Srvinfor.SSCC.Autopistas,RADIUS Enable Attr) failed, no such
attribute (-603), time:4
[2004-06-08 01:27:10 PM] (->)User "OJULIA.Srvinfor.SSCC.Autopistas",
Looking in (Srvinfor.SSCC.Autopistas) for (RADIUS:Enable Dial Access)
[2004-06-08 01:27:10 PM] (->)NWDSRead(Srvinfor.SSCC.Autopistas,RADIUS
Enable Attr) succeeded, time:3
[2004-06-08 01:27:10 PM] User Name: ojulia, User DN:
OJULIA.Srvinfor.SSCC.Autopistas, Domain: , Service Tag:
[2004-06-08 01:27:10 PM] (->)NADMAuthRequest()
[2004-06-08 01:27:11 PM] (->)NADMAuthRequest
(OJULIA.Srvinfor.SSCC.Autopistas) failed, -1688 (0xfffff968), time:1442
[2004-06-08 01:27:11 PM] (->)Authenticate (0 policy, NDS pswd) (for
OJULIA.Srvinfor.SSCC.Autopistas), failed, -1688 (0xfffff968)
[2004-06-08 01:27:11 PM] (->)Authentication FAILED
[2004-06-08 01:27:11 PM] ->Sending Access-Reject (3) [(ip) 10.200.110.2
(3254)] count=20
[2004-06-08 01:27:11 PM] ->Inserting into RespQ , code(3) id(13).
[2004-06-08 01:27:11 PM] -------- END : (Access-Request (1)) [(ip)
10.200.110.2:3254]: time:-350360087---
[2004-06-08 01:27:19 PM] 301) [(ip) 10.200.110.2:3255], Received 46 Bytes
(Access-Request (1))
[2004-06-08 01:27:19 PM] [(total=301) (p=300) (d=0) (r=0) (acc=0)
(rej=0)]
[2004-06-08 01:27:19 PM] <3> Done GetNextMessage [(ip) 10.200.110.2:3255]:
time:1249810
[2004-06-08 01:27:19 PM] -------- START : (Access-Request (1)) [(ip)
10.200.110.2:3255]: time:-350277185---
[2004-06-08 01:27:19 PM] CACHE: CacheDomainListExist
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:19 PM] AuthRequestHandler(), Calling RequestHandler.
[2004-06-08 01:27:19 PM] CACHE: CacheReadSecretForNASAddress
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:19 PM] CACHE: CacheGetEnableCNLogin
(radius_das2.serveis.sscc.autopistas), using cache
[2004-06-08 01:27:19 PM] (->)CacheGetDNForName:NWDSReadObjectInfo
(ojulia), succeeded, time:12
[2004-06-08 01:27:19 PM] userName: ojulia
[2004-06-08 01:27:19 PM] userDN: OJULIA.Srvinfor.SSCC.Autopistas
[2004-06-08 01:27:19 PM] (->)NDSVerifyAttr:NWDSRead
(OJULIA.Srvinfor.SSCC.Autopistas,RADIUS:Dial Access Group) succeeded,
time:6
[2004-06-08 01:27:19 PM] User "OJULIA.Srvinfor.SSCC.Autopistas", does
not have "RADIUS:Dial Access Group" defined, trying
parent "Srvinfor.SSCC.Autopistas"
[2004-06-08 01:27:19 PM] (->)NWDSCompare:(Srvinfor.SSCC.Autopistas)
succeeded, time:42
[2004-06-08 01:27:19 PM] (->)NWDSRead
(OJULIA.Srvinfor.SSCC.Autopistas,RADIUS Enable Attr) failed, no such
attribute (-603), time:7
[2004-06-08 01:27:19 PM] (->)User "OJULIA.Srvinfor.SSCC.Autopistas",
Looking in (Srvinfor.SSCC.Autopistas) for (RADIUS:Enable Dial Access)
[2004-06-08 01:27:19 PM] (->)NWDSRead(Srvinfor.SSCC.Autopistas,RADIUS
Enable Attr) succeeded, time:3
[2004-06-08 01:27:19 PM] User Name: ojulia, User DN:
OJULIA.Srvinfor.SSCC.Autopistas, Domain: , Service Tag:
[2004-06-08 01:27:19 PM] (->)NADMAuthRequest()
[2004-06-08 01:27:19 PM] (->)NADMAuthRequest
(OJULIA.Srvinfor.SSCC.Autopistas) failed, -1688 (0xfffff968), time:1541
[2004-06-08 01:27:19 PM] (->)Authenticate (0 policy, NDS pswd) (for
OJULIA.Srvinfor.SSCC.Autopistas), failed, -1688 (0xfffff968)
[2004-06-08 01:27:19 PM] (->)Authentication FAILED
[2004-06-08 01:27:19 PM] ->Sending Access-Reject (3) [(ip) 10.200.110.2
(3255)] count=20
[2004-06-08 01:27:19 PM] ->Inserting into RespQ , code(3) id(14).
[2004-06-08 01:27:19 PM] -------- END : (Access-Request (1)) [(ip)
10.200.110.2:3255]: time:-350275562---
[2004-06-08 01:27:26 PM] Debug logging disabled
User "jsanchem" logged on OK, user "ojulia" don't. You can see two
attempts of ojulia, one of them wrong password.
Please advice.
Jesus.

Filr & eDirectory login restrictions.

Similar Messages

Maybe you are looking for