Iiop user/pass authentication

Hi,
I would like to access an OC4J deployed application through IIOP from Tomcat.
I can access the EJBs with no problem, using the following jndi.properties:
java.naming.factory.initial=com.sun.jndi.cosnaming.CNCtxFactory
java.naming.provider.url=iiop://localhost:5555/appname
java.naming.security.principal=jazn.com/admin
java.naming.security.credentials=welcome
The only problem is that if I change the credentials, it still accepts the request.
When I use the following jndi.properties:
java.naming.factory.initial=com.evermind.server.rmi.RMIInitialContextFactory
java.naming.provider.url=ormi://localhost:3101/appname
java.naming.security.principal=jazn.com/admin
java.naming.security.credentials=welcome
All works as expected, if I don't have the right principal/crendentials the authentication fails.
I tried the following settings too:
java.naming.factory.initial=com.oracle.iiop.server.IIOPInitialContextFactory
java.naming.provider.url=corbaname::localhost:5555#appname
java.naming.security.principal=jazn.com/admin
java.naming.security.credentials=welcome
This is the same behaviour as with the sun iiop implementation.
I would like to know how it is possible to allow access over iiop with username/password authentication.
Server Version: Oracle9iAS 9.0.3.0.0
Thank you,
Csaba

Hi Debu,
thanks for your reply.
I tried the property u mentioned but it still behaves the same. It still accepts connection over iiop no matter what the principal/credentials are.
I haven't tried with 9.0.4, and I am not 100% sure, but I am afraid it is not possible to switch AS in this project.
I might give it a try just to see, but I have to use 9.0.3 .
thanks,
Csaba

Similar Messages

  • How to let mmp_smtp support  virtual domain authentication by user/pass

    my mmp had configured 2 virtual domain ,one is mmp1.soft.com,other is mmp2.soft.com
    i can send mail by mmp use the user/pass format : mmp1user/pass , which is sotred in o=mmp1.soft.com,o=isp in ldap,and the format [email protected]/pass which is stored in o=mmp2.soft.com,o=isp in ldap,
    but i can't send mail use the format: mmp2user/pass.
    the pop is work fine.
    the following is my config file:
    more PopProxyAService.cfg
    default:LdapUrl "ldap://mmp1.soft.com:389/o=internet"
    default:LogDir /var/Sun/ims52/mmp-mail2/log
    default:LogLevel 10
    default:BindDN   "cn=Directory Manager"
    default:BindPass "soft"
    default:BacksidePort 8110
    default:ConnLimits 0.0.0.0|0.0.0.0:20
    default:VirtualDomainFile /var/Sun/ims52/mmp-mail2/vdmap.cfg
    default:DefaultDomain mmp1.oft.com
    default:SearchFormat (uid=%U)
    default:VirtualDomainDelim @
    default:CanonicalVirtualDomainDelim @
    default:AuthCacheTTL 1
    default:LdapCacheTTL 1
    default:HostedDomains yes
    more vdmap.cfg
    vdmap mmp2 192.192.192.192
    mmp2:DefaultDomain mmp2.soft.com
    mmp2:BindDN "cn=Directory Manager"
    mmp2:BindPass "oft"
    mmp2:LdapUrl "ldap://mmp2.soft.com:389/o=internet"
    more SmtpProxyAService.cfg
    default:LdapUrl "ldap://mmp1.soft.com:389/o=internet"
    default:LogDir /var/Sun/ims52/mmp-mail2/log
    default:LogLevel 10
    default:BindDN   "cn=Directory Manager"
    default:BindPass "soft"
    default:ConnLimits 0.0.0.0|0.0.0.0:20
    default:VirtualDomainFile /var/Sun/ims52/mmp-mail2/vdmapsmtp.cfg
    default:DefaultDomain mmp2.soft.com
    default:SmtpProxyPassword soft..ssl
    default:LdapCacheTTL 1
    default:SmtpRelays mmp1
    more vdmapsmtp.cfg
    vdmap mmp2 192.192.192.192
    mmp2:DefaultDomain mmp2.soft.com
    mmp2:BindDN "cn=Directory Manager"
    mmp2:BindPass "soft"
    mmp2:LdapUrl "ldap://mmp.soft.com:389/o=internet"
    mmp2:LdapCacheTTL 1
    mmp2:AuthCacheTTL 1
    mmp2:SearchFormat (uid=%s)what's the error with my configuration?
    Does the virtual domain is supproted by mmp_smtp,and does user can auth to smtp by user/pass ,but not by user@domain/pass ?
    thanks in advance!
    null

    ok,let's discuss with data.
    i want to migrate another domain "soft.com" to my current Messaging Server,
    i have created the new host domain : soft.com ,and the user "testmail" belongs to that domain.
    the following show the process of my login.
    220 ESMTP Messaging Multiplexor (iPlanet Messaging Server 5.2 (built Feb 21 2002)
    helo soft.com
    250 mail2
    auth login
    334 VXNlcm5hbWU6
    dGVzdG1haWw= (which is "testmail" after base64 decode)
    334 UGFzc3dvcmQ6
    cGFzczR0ZXN0bWFpbA== (which is "pass4testmail" after base64 decode)
    535 5.7.8 Bad username or password (Authentication failed).
    220 ESMTP Messaging Multiplexor (iPlanet Messaging Server 5.2 (built Feb 21 2002)
    helo soft.com
    250 mail2
    auth login
    334 VXNlcm5hbWU6
    dGVzdG1haWxAc29mdC5jb20=  (which is "[email protected]" after base64 decode)
    334 UGFzc3dvcmQ6
    cGFzczR0ZXN0bWFpbA== (which is "pass4testmail" after base64 decode)
    235 2.7.0 login authentication successful.
    mail from:[email protected]
    250 2.5.0 Address Ok.
    quit
    221 2.3.0 Bye received. Goodbye.becase i start the ssl connection for user to send and receive mail ,so i have to use mmp as smtp/pop/imap proxy. i don't want the user of domian "soft.com" need modify any of their mail client after the migration ,that means,the user of domain "soft.com" can login use "testmail",but not "[email protected]".
    i don't know whether i have described my question clearly,thanks for endure my lame english~ ! :)

  • Error while Editing universe connection to SSO fromusing user/pass

    Hi guys,
    I created a universe on top of Bex Query using Universe Designer 4.0 (not information design tool 4.0)...i created a relational connection using SAP client as middleware.
    when i use my SAP credentials to connect to BW system the connection works fine i.e.Authentication Mode: "use specified user and password"
    But when i use SSO as the authentication mode, a huge error appears
    I am unable to copy paste the error here.
    DBD:Error Reading URI Found:.................
    Anyone has encountered this problem yet?
    Any Help is highly appreciated.
    Thanks in Advance,
    Sheikh Hassan Ayub

    Thank you for the quick reply  Surendra Chikine.
    Would you kindly elaborate your solution?
    In my case i am logging into Universe Designer using my ID, but for creating the connection i used a "back ground user/pass".
    So according to you:
    Delete the SAP or Active Directory (AD) user account that is failing to SSO. ---> delete my user id from CMC?
    Login to BIlaunchpad as the SAP or AD user to receate the account in the CMC ---> recreate my ID again in CMC?
    Retry the Test Connection in Universe Design Tool with the SSO option.--->and test the connection?
    Please elaborate your answer. That will be highly appreciated.
    Regards,
    Sheikh Hassan Ayub

  • How to pass authentication token with the request. Error in executing

    Hi,
    I am trying to do a service call.  This service is provided by a third party.  I used SOAP UI tester to test the service and it gives proper response for a request.
    I tried to create a client proxy and execute the method call, but it fails.  In SICF recorder, I found that the request that goes into the service does not contain the authentication token.  But in the SOAP UI tool when I input the WSDL file, it created a sample request, with authentication token in header section.
    But the proxy class generated in the system, contains a input structure, which does not have this authentication structure in it.
    Please guide me if there is any different method used to pass this authentication information.  The structure of authentication structure is
    <web:licenseKey>?</web:licenseKey>
            <web:password>?</web:password>
            <web:username>?</web:username>
    I thought that this authentication information should be given in settings of logical port.  But the logical port has only user name and password.  There is no place holder for License key.
    In summary: My query is that, there is no structure generated for SOAP header where I can pass authentication information, hence the request that goes into the service from SAP does not contain the authentication token.  This results in a error non-soap message/error type 500.
    Sample request that worked in SOAP UI tester is
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webservices.smc.com">
       <soapenv:Header>
          <web:AuthenticationToken>
             <web:licenseKey>XYZA</web:licenseKey>
            <web:password>ABC123</web:password>
            <web:username>suresh<AT>gmail<DOT>com</web:username>
          </web:AuthenticationToken>
       </soapenv:Header>
       <soapenv:Body>
          <web:isReady/>
       </soapenv:Body>
    </soapenv:Envelope>
    The request that goes out of the SAP system does not contain, the AuthenticationToken part.
    Thanks and best regards,
    Suresh.

    You would need to write a webservice handler for your physical data service to implement the security.
    http://download.oracle.com/docs/cd/E13162_01/odsi/docs10gr3/datasrvc/How%20To%20Create%20SOAP%20Handlers%20for%20Imported%20WSDLs.html

  • SOAP Header based user/password authentication in OSB 11g Proxy Service

    Hi,
    I have implemented SOAP Header based authentication in my OSB 11g Proxy Service.
    In the Security settings of my AnySOAP(Soap 1.1) HTTP Proxy service, I have amde the following changes:
    1.
    In Transport Access Control link, i selected the User predicate, and provided an user already existing on weblogic server with following roles(AppTesters, Monitors, Operators).
    The AuthorizationProvider was XACMLAuthorizer
    2.
    Under Custom Authentication, I selected the Custom User Name and Password option, and provided the below mentiioned xpaths
    User Name XPath: ./*/*:Username/text()
    User Password XPath: ./*/*:Password/text()
    3.
    In Message Access Control link, i selected the User predicate with the same user as mentioned in Transport Access Control link.
    Now, when I am testing this service from OSB Test Console, I am providing the following input.
    <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:N1="http://abcd.com/common/bodcomponents/transactional/model/1.0/">
    <soap:Header>
    <AuthHeader>
    <N1:Username>userXYZ</N1:Username>
    <N1:Password>passXYZ</N1:Password>
    </AuthHeader>
    </soap:Header>
    <soap:Body>
    <!-- body payload -->
    </soap:Body>
    </soap:Envelope>
    The response is "The invocation resulted in an error: ."
    The OSB server logs show the below error:
    ####<Feb 9, 2011 6:05:42 PM IST> <Error> <OSB Security> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000c92> <1297254942782> <BEA-387082> <Proxy service access denied (proxy: ABCD/Services/Common_HTTP_Proxy, subject: Subject: 0
    )>
    ####<Feb 9, 2011 6:05:42 PM IST> <Error> <OSB Kernel> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000c92> <1297254942782> <BEA-382004> <Failed to process request message for service ProxyService ABCD/Services/Common_HTTP_Proxy: com.bea.wli.sb.security.AccessNotAllowedException
    com.bea.wli.sb.security.AccessNotAllowedException
         at com.bea.wli.sb.pipeline.RouterSecurity.doAccessControl(RouterSecurity.java:136)
         at com.bea.wli.sb.pipeline.RouterSecurity.doAccessControl(RouterSecurity.java:117)
         at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:586)
         at com.bea.wli.sb.test.service.ServiceMessageSender.send0(ServiceMessageSender.java:329)
         at com.bea.wli.sb.test.service.ServiceMessageSender.access$000(ServiceMessageSender.java:76)
         at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:134)
         at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:132)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
         at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
         at com.bea.wli.sb.test.service.ServiceMessageSender.send(ServiceMessageSender.java:137)
         at com.bea.wli.sb.test.service.ServiceProcessor.invoke(ServiceProcessor.java:454)
         at com.bea.wli.sb.test.TestServiceImpl.invoke(TestServiceImpl.java:172)
         at com.bea.wli.sb.test.client.ejb.TestServiceEJBBean.invoke(TestServiceEJBBean.java:167)
         at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.invoke(TestService_sqr59p_EOImpl.java:353)
         at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_WLSkel.invoke(Unknown Source)
         at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
         at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
         at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
         at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
         at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Please suggest where I am going wrong in this. I have cross checked the user/pass credentials with what I am giving in the input, and it is perfectly fine.

    I have added the Username and Password as follows, since the namespace declaration was required due to the namespace prefix 'N1' in the XPath
    declare namespace N1="http://abcd.com/common/bodcomponents/transactional/model/1.0/";./AuthHeader/N1:Username/text()
    declare namespace N1="http://abcdp.com/common/bodcomponents/transactional/model/1.0/";./AuthHeader/N1:Password/text()
    I have removed the Message Access Control conditions, have only kept Transport Access Control conditions.
    If i keep the condition in Transport Access Control as "Allow access to everyone", and test with proper credentials in the Username/Password tags in SOAP Header, then it works fine. However, if I try to give an incorrect password in the SOAP Header, it denies the access. So that means the XPaths given for Username/Password are working fine. The OSB logs show the below message
    +####<Feb 10, 2011 12:59:21 PM IST> <Error> <OSB Security> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000ef2> <1297322961536> <BEA-386008> <Message level username/password authentication failed: [Security:090304]Authentication Failed: User weblogic javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User weblogic denied>+
    However if i add the condition with predicate as "User" and user name argument as "weblogic", and try to pass the same in the SOAP Header as well with the correct password, it denies the access with below message in the logs.
    +####<Feb 9, 2011 6:05:42 PM IST> <Error> <OSB Security> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000c92> <1297254942782> <BEA-387082> <Proxy service access denied (proxy: ABCD/Services/Common_HTTP_Proxy, subject: Subject: 0+
    +)>+
    +####<Feb 9, 2011 6:05:42 PM IST> <Error> <OSB Kernel> <test.abcd.co.in> <osb_server1> <[ACTIVE] ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <5a5769b8025ef997:-2bda316:12def49100a:-7fff-0000000000000c92> <1297254942782> <BEA-382004> <Failed to process request message for service ProxyService ABCD/Services/Common_HTTP_Proxy: com.bea.wli.sb.security.AccessNotAllowedException+
    com.bea.wli.sb.security.AccessNotAllowedException
    at com.bea.wli.sb.pipeline.RouterSecurity.doAccessControl(RouterSecurity.java:136)
    at com.bea.wli.sb.pipeline.RouterSecurity.doAccessControl(RouterSecurity.java:117)
    at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:586)
    at com.bea.wli.sb.test.service.ServiceMessageSender.send0(ServiceMessageSender.java:329)
    at com.bea.wli.sb.test.service.ServiceMessageSender.access$000(ServiceMessageSender.java:76)
    at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:134)
    at com.bea.wli.sb.test.service.ServiceMessageSender$1.run(ServiceMessageSender.java:132)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
    at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
    at com.bea.wli.sb.test.service.ServiceMessageSender.send(ServiceMessageSender.java:137)
    at com.bea.wli.sb.test.service.ServiceProcessor.invoke(ServiceProcessor.java:454)
    at com.bea.wli.sb.test.TestServiceImpl.invoke(TestServiceImpl.java:172)
    at com.bea.wli.sb.test.client.ejb.TestServiceEJBBean.invoke(TestServiceEJBBean.java:167)
    at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl.invoke(TestService_sqr59p_EOImpl.java:353)
    at com.bea.wli.sb.test.client.ejb.TestService_sqr59p_EOImpl_WLSkel.invoke(Unknown Source)
    at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
    at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
    at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
    at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
    at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

  • Customizing header links in wiki while passing authentication.

    I'm trying to add a few new different headers to the page to services running outside of the wiki, but passing off authentication to them of the currently logged in user. I'm specifically trying to do this for roundcube and crushftp's web interfaces. From digging through the folders of the wiki, it seems like how they get the images that make up the header is from referencing a gif or jpg that tells it what pixels to display in the header from the image. That's not extremely difficult to me, but, the passing authentication and having it display in the body to the services is.
    I'm aware of roundcube having some plugins for this purpose, but unsure of how to implement them not knowing what kind of authentication is being used already for the wiki. As for crushftp's web interface i'm more in the dark as far as how to make this work.
    I did notice a reference in wikid.conf to "apple_utilities.Authentication.WikiAuthenticationProvider" for "authenticationProvider", but im not sure what type of authentication is taking place.
    Any ideas? Any help would be greatly appreciated.

    Thanks every one for your valuable solutions.
    Issue is Solved by unchecking the flag.
    wa_header-INV_TRAN = 'X'.
    Thanks & Regards,
    Ramjee.

  • Scheduling to File System BO4.0 without user/pass

    Hello all,
    I have a great deal of reports that I need to schedule to a network drive, which is mapped on the server running BO. However, I don't want to enter in a user and password on each instance. Obviously if the password changed for the account I would be screwed. I was assuming that BO would attempt to use the local account, but I'm still being forced to enter in values. Is there a setting somewhere in the CMC that I need to change?, or is there a place for me to enter in a user/pass once that can be changed without having to change every instance? I am using Enterprise authentication for the CMC if that matters at all. I attempted to enter in the user/pass in the Job Server destination, but there are multiple directories I will be sending to.
    Thanks!

    Hi Mike,
    I would advise that you simply configure the Job Server Disk destination plugin with the drive details.
    This way when scheduling you can simply ensure that the:
    "Use Job Server Defaults" option is checked.
    This is done like this:
    To set your destination to file location
    1. In the "Folders" management area of the CMC, select an object.
    2. Click Actions > Schedule and access the "Destination" page.
    u2022 If you are scheduling a Crystal report or object package, click Destination.
    u2022 If you are scheduling a Desktop Intelligence document, click Formats and destination.
    u2022 If you are scheduling a Web Intelligence document, click Formats and Destinations.
    3. Select File location as the destination.
    u2022 If you are scheduling a Crystal report or object package, select File Location from the Destination list.
    u2022 If you are scheduling a Desktop Intelligence or Web Intelligence document, select File Location under "Output Format Details" and then click Destination Options and Settings.
    4. If you are scheduling a Desktop Intelligence or Web Intelligence document, select or deselect Use the Job Server's defaults.
    Note:
    You can change the default Job Server settings in the "Servers" management area of the CMC. For more information, see the
    BusinessObjects Enterprise Deployment and Configuration Guide.
    I hope this is a very helpful answer to you.
    If you have any questions please let me know.
    Kind regards,
    John

  • User/pass prompts

    Hello,
    I'm seeing a bit of a strange issue with Outlook 2010 SP2 while connected to Exchange 2013 (all roles on the same box).
    When I open any application, for example Word and click "File" -> "Save & Send" -> "Send as Attachement" I'm getting prompted for User/Pass (outlook authentication window). If I put credentials in all is ok and the
    email with the attachment is created. However, when I migrate the mailbox back to Exchange 2007 there's no such prompts anymore.
    Would that be something that has any relation to RPC IIS directory authentication on Exchange 2013?
    It seems to be related to MAPI.
    Thank you. 
    Memento Mori

    Hi,
    Firstly, I’d like to explain, different from Exchange 2007, all Exchange 2013 Outlook clients use Outlook Anywhere connect with server.
    To understand more about the issue, I’d like to confirm if the credential prompts every time you open Outlook.
    If yes, let’s check the authentication method of Outlook Anywhere:
    Get-outlookanywhere |fl *method*
    If it only happens when you click the send as attachment in Word, I recommend you use network monitor to check the root cause.
    Additionally, here are references about the connection method: simple MAPI:
    http://msdn.microsoft.com/en-us/library/windows/desktop/dd296734(v=vs.85).aspx
    http://msdn.microsoft.com/en-us/library/windows/desktop/dd296726(v=vs.85).aspx
    Thanks,
    Angela Shi
    TechNet Community Support

  • Cisco ACS Appliance and Passed Authentication Logs

    I'm seeing something on our ACS appliance logs that looks kind of odd (but it is working fine).
    When I look at the "Passed Authentication" logs, the users seem to show up about 3 time a minute (each). Maybe I am missing something, but this seems like some type of over-reporting.
    Any ideas why this would be happening? I'm probably missing something obvious, but since I'm new to this I can't find the problem.
    Thanks for any suggestions!

    What version of CSACS are you running? Has this just started happening, or was the problem just identified? It could be a performance issue if in fact everything was reauthenticating every 20 sec. Are all your devices showing up, or just wired or wireless? It could be a slight misconfiguration that could be hard to find. If you have the capability, you might want to capture the traffic going to your CSACS server to see if the authentications are actually happening, or like you mentioned...just reporting issues. I ope this helps.

  • 802.11 X port-level authentication or user-level authentication

    I have read many online documents about 802.11x, all that i found they named port-level authentication.
    It makes sense for a wired network, since we have got a physical port, then if the supplicant has been authenticated, his port will be open to transfer data.
    And same thing with a wireless network, but we do not have physical port, we have got logical port.
    I have read one document that mentioned that 802.11 is user-level authentication,,,any comment about this ?
    Regards

    Thanks steprodr
    That means in both cases (wired. wireless) a client has to be authenticated to pass through physical port or logical port to be able to access(use)network resources,,,,,
    What is my interpretation (correct me) to your reply, that with the wire we call it port level while with wireless (my conclusion, because explicitly you have mentioned that)we do not call it port level (i.e. it is called user level) ?

  • How to Prompt for User/Pass Running Shell Script Remotely through ARD

    So I finally got my Active Directory Script working! However, I realized that I'm not the only one going to be running this script and to have my user name and password in the script itself is beyond foolish. While I know it's possible just to have whoever's running the script to manually add their username and password, I'd prefer to have prompts to make things easier for the rest of my team.
    Here's my current script. I've tested it on the machine I'm connecting to Active Directory and it works fine if you run it on the machine itself in terminal. However, I'm going to be doing this on about 150 machines and the whole point of the script is to do it remotely.
    #! /bin/bash
    MACNAME=$(scutil --get ComputerName)
    read -p "User Name: " USER
    read -p "Password for $USER: " PASS
    dsconfigad -add "CORP.DOMAIN.NET" \
    -username $USER \
    -password $PASS \
    -computer $MACNAME \
    -mobile disable \
    -mobileconfirm disable \
    -localhome enable \
    -useuncpath enable \
    -shell /bin/bash \
    -ou OU=Macs,CN=Computers,DC=corp,DC=DOMAIN,DC=net \
    -force \
    -localpassword "PASSWORD" \
    -groups "GROUPS"
    When I run the UNIX script through ARD to a machine, I get no prompts for USER or PASS. In fact, it gives me the following error "dsconfigad: Authentication server encountered an error while attempting the requested operation. (5202)" So it's not asking for a user name and password.
    Is there any way to make a shell script prompt you for a User Name and Password when you're sending commands remotely through ARD? Or is there another way to do this?
    Any suggestions would be greatly appreciated.
    -rks

    Best solution is to create an account that is exclusive to binding machines.  By doing this, you can embed the user name and password in the script.  Heck, you can post it on your website.  If the account is configured properly, it will only be able to create machine records in a defined container.  If you are mixing Macs and PCs in your AD domain, I also recommend creating an isolated container for your Mac records.  Now, the account has even less access rights as you can make it so it only has rights to the Mac container.
    Otherwise, ARD does not prompt.  You can play around with an expect script but the reality is that you are still embedding the credentials in the script so it really does not achieve what you want.  ARD is not an interactive shell scripting tool.  It is more a fire and forget.
    Reid
    Apple Consultants Network
    Apple Professional Services
    Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

  • Error Message For BISystemUser: User not authenticated

    We have migrated from DEV to PROD env.(11.1.1.1 -> 11.1.1.3). Along problems with bipublisher - there are some strange thingths: we successfully loging using weblogic account into AdminConsole и Enterprise Manager, but in Answers we get an error: invalid username or password.
    nqserver.log:
    ...[ERROR:1] [] [] ... [tid: 1090] Error Message For BISystemUser: User not authenticated.
    ...[ERROR:1] [] [] ... [tid: 1090] [nQSError: 43126] Authentication failed: invalid user/password.
    In oracle support we found such issue (Doc ID 1308389.1):
    OBIEE 11g Error: "Unable to Sign in. invalid username or password was entered" After Changing Repository, Deleting BISystem User, Adding it Back (Doc ID 1308389.1)
    Applies to: Business Intelligence Server Enterprise Edition - Version: 11.1.1.3.0 [1905] to 11.1.1.5.0 [1308] - Release: 11g to 11g
    Symptoms: In OBIEE 11.1.1.3.0 using default authenticator, it is not possible to log in to OBIEE after changing repository. To troubleshoot, BIsystemuser was removed from global roles and added back again.
    Getting error: Unable to Sign in. invalid username or password was entered
    Changes: Changed repository, deleted BISystemuser, added the user back
    Cause: Several changes e.g changing rpd, deleting bisystem user, adding the user back etc. occurred in the environment and caused log in to OBIEE to stop working
    Solution: After a lot of troubleshooting e.g re-starting system in the correct order, refreshing GUIDs, re-start OBIEE with default SampleAppLite.rpd and web catalog, the error persists. The system was uninstalled and re-installed to avoid further corruption and configuration problems in the new installation. This resolved the problem
    Does we have to 'reinstall or make a lot of troubleshooting e.g re-starting system ' to solve this error?
    It seem to be funny for PROD environment. How we cam resolve this problem?

    Are you saying you upgraded both dev and prod from 11.1.1.1 to 11.1.1.3 or that you migrated a dev 11.1.1.1 to a prod 11.1.1.3? What did you migrate?
    At a rough guess the BISystemUser password is different in dev and prod (created by system on install) and in your 'migration' you've moved the dev credential across to prod.
    If that's the case you need to change the bisystemuser password to something known and update the credential store password.
    Another possibility might just be that you need to regenerate the GUIDs:
    http://download.oracle.com/docs/cd/E21764_01/bi.1111/e10543/privileges.htm#BIESC721

  • Url iView: passing user/pass as get variables.  Launching in new window

    Hi,
    I pass username and password as get variables from a url iView, and want a page containing this iView to open in a new page using the "Launch in new window" property set to "Display in a separate window". 
    When previewing the iView or page it is on, it works fine.  But when launching it from the detailed navigation, this does not work.  A new window is opened, but the user is prompted for username and password.
    The page to display is an external site, and we have only got the url with user/pass to access it.
    Any ides on what can be wrong?
    Best Regards,
    Bjorn

    Hi,
    Using the url in IE works fine.  It seems to work everywhere but in the portal menu.
    I have the appintegrator in the back of my mind, and will start to have a look at it.  We are also considering a OSS message - this must be a bug in the system as far as I can see.
    Bjorn

  • "user not authenticated" in Africa

    My missionary friend has an email account set up with africaonline, the service provider in Ghana. When he is at the africaonline office he can send and receive email fine. However, when he attempts to send email from any other location he gets a "user not authenticated" message. His connection is by modem. Thanks for the help!

    Hi Ernie,
    Here is the web site for Africa online: http://www.africaonline.com/index.php
    He is using the iBook modem. I am assuming it is the same ISP since he is not changing the information that he initially entered to set up the service. He lives in a rural village and drives to an internet "cafe" - a wooden shed that provides him with a phone cable and a dial up connection. There are no land lines in his area. The strange thing is that he had no email difficulties with his previous iBook.
    I don't know what kind of connection he is using at the africa online office - it is located in Accra which is a large fairly modern city.
    Kelly

  • Oracle 9i running forms and reports with user/pass

    Hi all!
    How can I hide the user name and password in the internet explorer as it is shown in the full path for the sake of security I need it and also how can I pass the user/pass from a form to report without showing in address bar of Internet Explorer.
    Regards
    Mayank Sharma

    Dear Mayank,
    You can use "CGICMD.dat" file. This file can be used to add key mappings.
    You add following lines at the end of this file.
    MYKEY: USERID=<user_name>/<password>@<connection_string> %*
    You need to restart your OC4J Instance to make above changes effective..
    Then, in your web.show_document url include "CMDKEY=MYKEY".
    This will definitely solve your problem.
    Regards,
    Manish Trivedi
    Ambuja Cement,
    India.
    [email protected]

Maybe you are looking for