Ipsec Authentication doesn't work

Similar Messages

• PEAP-GTC on Win 7 and 8 platforms (LDAP authentication doesn't work)

  Hi all!
  Customer is using Open LDAP as directory services.
  We're setting Cisco Wi-Fi network with following authentication scheme:
  Wireless LAN Controller - Cisco ACS 5.3 - Open LDAP
  According to the documents ACS - LDAP supports only EAP-TLS and PEAP-GTC methods.
  We need to perform username/password authentication. It works good on Apple and Android devices. But id doesn't want to authenticate Windows 7 clients.
  We're unchecking "Validate Servers certificate" in WLAN settings of Win 7 client, but it still doesn't work.
  It seems, that Windows doesn't support PEAP-GTC method. Are there any workaround to solve the issue?
  I might assume, that there could be some software plug-ins (supplicants) that can be installed on Windows and give support of PEAP-GTC. But in this case customer will face serious organizational issues of provisioning new devices.
  Please advice!
  Thank you!
  Yuriy

  In order to see PEAP EAP-GTC option on the client, you need to install EAP-GTC supplicant on the client machine.
  Check this:
  http://www.cisco.com/en/US/docs/wireless/technology/peap/technical/reference/PEAP_D.html#wp1007967
  Jatin Katyal
  - Do rate helpful posts -

• EA4500 guest network re-authentication doesn't work

  I have successfully set up a guest network on my EA4500. Guest laptop associates with guest SSID just fine. Then via IE, it gets prompted for the guest password, which is entered and accepted just fine. At this point guest laptop is on the network. Hooray!
  BUT... at some point the guest laptop will need to reauthenticate (I don't know what the timeout is, but maybe one or two days?). Anyway, it's at this point that IE presents the guest network login page. But now after typing in the password, "enter" or clicking on the button does nothing. It looks like the guest web page doesn't get loaded properly or completely, so the reauthentication can't complete, therefore can't get to the internet. So, while in this state, I've also tried Firefox and Chrome, and same thing, no action when trying to submit the guest password. Tried rebooting guest laptop, and still same problem. Only thing I've found so far that works is to reboot the router. So I'm guessing there's a problem with the guest/web server on the router?? It's a real pain to have to reboot the router every day or two, when I've had other Linksys routers run for months without having to touch them.
  I was running CCC 2.1.38 when I first noticed the problem. Since then I've downgraded to Classic 2.0.37, but it seems I still have the same problem. Again, I can connect & authenticate just fine initially, but when reprompted after some period of time, it doesn't work.
  I've tried contacting Cisco support, but it looks like I'm at 91 days since purchase and thus outside of my 90-day complimentary support, so they happily provided me with the premium support options just to have the honor of talking with them. Guess I shouldn't have spent so much time trying to figure this out myself.
  I've searched the forums here,but so far haven't found any answers (I do see posts where the guest web page isn't presented at all, but in my case the page is presented, just can't do anything). Anyone seen this or have any ideas?

  jaymay -- I agree there's no harm in a reset; just the time to reconfigure, reenter DHCP reservations, etc. I'll keep this as an option as I troubleshoot, but see next...
  TEXXSHARKK -- good news/bad news ... I ended up not yet resetting. Instead, since I had this problem first with CCC firmware 2.1.38 (Build 138828 - the automatically pushed update), I reverted back to Classic 2.0.37. Still same problem with guest re-authentication. Only workaround was to reboot the router. That's when I first posted.
  So, since I had the problem with both CCC and Classic firmware, I ended up going back to CCC. To do that, I needed to manually update, which is 2.1.38 (Build 138880 for web manual download only). SInce (re)updating the firmware, I haven't had a repeat of the original problem. It's been about a week now, and the guest laptop has gone through a number of re-authentications, all without problem. For continued troubleshooting, I've been periodically connecting my iPad, BlackBerry, etc, to the guest network, and they get through the authentication page just fine as well. So that's the good news in that the problem "seems" to have gone away.
  The bad news is that it's still unexplained:
  - There's what I assume is a just a minor build difference between the two CCC firmwares, so it seems unlikely that would make a difference?
  - Could be just the fact of reburning the firmware corrected whatever the problem was -- a la doing a reset, even though I didn't reconfigure, just firmware (re)update
  - Could be the problem is still there biding its time, waiting for me to think it's forever gone, only to pounce again
  If the problem does reappear, I'll update here.

• PEAP : Machine authentication doesn't work

  Hello,
  I'm trying to set up machine authentication and at this time I have some problems.
  I have the following configuration:
  - the users laptop are running WinXP
  - the AP is a 1232
  - ACS 3.3.2
  - external database (Win2000 Active Directory) authentication
  I set up PEAP and it works well when a user is authenticated. However when I enable machine authentication on the ACS and also on the user laptop, it doesn't work. In the ACS logs I can see that the user has not authenticated due to the machine access restriction.
  On the Active Directory I changed the Dial In config. for the computers to allow access.
  Is there anything else that has to be modified in order to perform machine authentication?
  Hope someone will be able to help me.
  Thanks in advance.
  Alex

  Hi Alex
  I have had a similar issue, I found that my PEAP users were fine but Machine authentication failed at the SSL handshake. I.E the machine didn't know where the local certificate was. In the meantime to get the policies working I unchecked the "validate server certificate" on the client. And that works, I would assume that the certificate needs to be in a specific default location for the machine authentication to use it, though thats just a guess.
  I am spending the day to get this working and I'll post what I find out.
  Regards
  Colin

• Certification authentication doesn't work on linux version of Firefox

  I have web page on IIS6 which need windows authentication. I enabled certificate mapping on certain user so when I install the proper certificate on firefox installed on Windows-based PC (I login with local user) and set network.automatic-ntlm-auth.trusted-uris variable, I can access this site without typing username and password. I tried to configure in same way firefox on my linux station, but it doesn't work - the web site access attempt finishes with authentication request windows

  I didn't

• IPSec tunnel doesn't work

  Hi,
  I'm practicing a little with 2 routers CISCO 2811 and 2621. I made the basic configuration for an IPSec connection but the tunnel doesn't seem to come up. Also, I can ping each other router's external interface but I can't ping the inside network behind each one. Any Ideas? The outside interface are connected via croosover UTP cable. These are the sh run of each one:
  Router 2621:
  version 12.2
  service timestamps debug uptime
  service timestamps log uptime
  service password-encryption
  hostname RPrueba2
  logging buffered 51200 warnings
  enable secret 5 $1$oNw1$SQaqP.FazBuaiVZ3MHte70
  username supervisor privilege 15 password 7 07062F49420C1A110513
  voice-card 1
  ip subnet-zero
  crypto isakmp policy 1
  hash md5
  authentication pre-share
  crypto isakmp key Inelectra address 20.20.20.21
  crypto ipsec transform-set basic esp-des esp-md5-hmac
  crypto map armadillo 1 ipsec-isakmp
  set peer 20.20.20.21
  set security-association lifetime seconds 4000
  set transform-set basic
  set pfs group1
  match address 101
  call rsvp-sync
  controller E1 1/0
  interface FastEthernet0/0
  ip address 192.168.250.1 255.255.255.0
  duplex auto
  speed auto
  interface Serial0/0
  no ip address
  shutdown
  interface FastEthernet0/1
  ip address 20.20.20.1 255.255.255.0
  duplex auto
  speed auto
  crypto map armadillo
  interface Serial0/1
  no ip address
  shutdown
  interface Serial0/2
  no ip address
  shutdown
  ip classless
  ip route 0.0.0.0 0.0.0.0 20.20.20.21
  ip http server
  access-list 101 permit ip 192.168.250.0 0.0.0.255 any
  access-list 102 permit ip 192.168.250.0 0.0.0.255 192.168.240.0 0.0.0.255
  dial-peer cor custom
  line con 0
  password 7 020F0A5E07030C355E4F
  login
  line aux 0
  line vty 0 4
  privilege level 15
  password 7 12100B121E0E0F10382A
  login
  transport input telnet ssh
  end
  Router 2811:
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname RPrueba
  boot-start-marker
  boot-end-marker
  logging buffered 51200 warnings
  enable secret 5 $1$oNw1$SQaqP.FazBuaiVZ3MHte70
  no aaa new-model
  resource policy
  memory-size iomem 15
  no network-clock-participate wic 1
  ip subnet-zero
  ip cef
  voice-card 0
  no dspfarm
  username supervisor privilege 15 password 7 07062F49420C1A110513
  controller E1 0/1/0
  crypto isakmp policy 1
  hash md5
  authentication pre-share
  crypto isakmp key Inelectra address 20.20.20.1
  crypto ipsec transform-set Ineset ah-md5-hmac esp-des
  crypto ipsec transform-set basic esp-des esp-md5-hmac
  crypto map armadillo 1 ipsec-isakmp
  set peer 20.20.20.1
  set security-association lifetime seconds 4000
  set transform-set basic
  set pfs group1
  match address 102
  interface FastEthernet0/0
  ip address 192.168.240.1 255.255.255.0
  duplex auto
  speed auto
  interface FastEthernet0/1
  ip address 20.20.20.21 255.255.255.0
  duplex auto
  speed auto
  crypto map armadillo
  interface Serial0/0/0
  no ip address
  shutdown
  no fair-queue
  clock rate 2000000
  interface Serial0/0/1
  no ip address
  shutdown
  clock rate 2000000
  ip classless
  ip route 0.0.0.0 0.0.0.0 20.20.20.1
  ip http server
  no ip http secure-server
  access-list 101 permit ip 192.168.240.0 0.0.0.255 any
  access-list 102 permit ip 192.168.240.0 0.0.0.255 192.168.250.0 0.0.0.255
  control-plane
  line con 0
  password 7 020F0A5E07030C355E4F
  login
  line aux 0
  line vty 0 4
  privilege level 15
  password 7 12100B121E0E0F10382A
  login
  transport input telnet ssh
  scheduler allocate 20000 1000
  end
  I also tried the show crypto isakmp sa and there is nothing on the tables. Thanks for any help.
  Gustavo

  Under crypto map armadilloin Router 2621 =
  Use the crypto ACL 102 instead of 101.
  match address 102
  And then clear the isakmp sa and ipsec sa
  then try to ping.

• Loaded Yosemite onto mid 2011 MacBook Air. IMAP account goes offline - message - Mail cannot send your password securely to the server.  Allow insecure authentication doesn't work. Repeated reloads. No joy. Help!

  Mail cannot send your password securely to the server. You can remove this restriction in the Accounts preferences by setting “Allow insecure authentication”, which could put your password at risk.

  I have the same problem.
  Late 2012 imac 27", intel i7 core
  When I upgraded to Yosemite, suddenly my email account (netvigator POP) gives an error:
  Mail cannot send your password securely to the server. You can remove this restriction in the Accounts preferences by setting “Allow insecure authentication”, which could put your password at risk.
  I have shut down & restarted mail, but no success. If I select Allow insecure authentication, it works, but that's not a long term fix.
  I also have a hotmail POP account enabled, and that is working fine.
  What's happening Apple??
  (Long term apple family - iMac, iBooks, TimeCapsule, iPhones, iPads, AirportExpress etc etc)

• Urgent help: why smtp authenticator doesn't work ?

  Please help me :
  My smtp server authenticates me whether a valid user when I send email. I have had setup an authenticator as following :
  //Setup authenticator
  Authenticator auth = new SMTPAuthenticator();
  // Get session
  Session session = Session.getDefaultInstance(props, auth);
  class SMTPAuthenticator extends Authenticator
  public PasswordAuthentication getPasswordAuthentication()
  String username="userid";
  String password="passwd";
  return new PasswordAuthentication(username, password);
  But It still prompted error with noting me:" login fail, this smtp server authentication required ".What's the problem?
  I'm a valid user in this smtp server. and the userid and passwd has no error, for it worked well when I used them to setup win2000 outlook express.
  I also tried to used authenticated javax.mail.Service's connect .
  Transport transport = session.getTransport("smtp");
  transport.connect(smtphost, username, password);
  transport.sendMessage(message, message.getAllRecipients());
  transport.close();
  but it didn't work yet ! If I use Authenticator ,is it still necessary to use connect(smtphost, username, password) ?
  Urgently, Please help me, any source code practising well with authenticating smtp server , please send it to [email protected]
  Thanks

  Just use " props.put("mail.smtp.auth", "true");"

• Proxy authentication doesn't work with JSSE

  Hello,
  Seems like there is no common way to authenticate with proxy for HTTP and HTTPS.
  Connecting to http://... - works fine, but https://... returns error message:
  Unable to tunnel through 111.111.111.111:8080. Proxy returns "HTTP/1.0 407 Proxy Authentication Required"
  (IP address is intentionally changed in the message above)
  I'm using JSSE with VAJ JDK 1.2 and here is a Java code snippet that works well with HTTP connections:
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  System.setProperty("java.protocol.handler.pkgs",
  "com.sun.net.ssl.internal.www.protocol");
  System.setProperty("https.proxyHost", proxyHost);
  System.setProperty("https.proxyPort", proxyPort);
  System.setProperty("http.proxyHost", proxyHost);
  System.setProperty("http.proxyPort", proxyPort);
  try {
  URL url = new URL("https://www.sun.com");
  URLConnection connection = url.openConnection();
  String authString = proxyUserID + ":" + proxyPasswd;
  String encodedAuthString =
  "Basic " + new sun.misc.BASE64Encoder().encode(authString.getBytes());
  connection.setUseCaches(false);
  connection.setRequestProperty("Proxy-authorization", encodedAuthString);
  Listening to the network traffic helped me to understand that there is a difference between the way HTTP and HTTPS is handled. For some reason HTTPS ignores all the headers that I specify using setRequestProperty().
  Here is example of request and responses sent by HTTPS handler:
  Request:
  CONNECT 198.175.98.32:443 HTTP/1.0
  User-Agent: JSSE
  Proxy response:
  HTTP/1.0 407 Proxy Authentication Required
  Date: Wed, 07 Nov 2001 22:04:11 GMT
  Content-Length: 233
  Content-Type: text/html
  Server: NetCache (NetApp/5.1R2D4)
  Proxy-Authenticate: basic realm="NETCACHE2"
  Please note that there is no Proxy-authorization header in the request above.
  Compare it with HTTPS request sent by Netscape browser:
  Request to proxy:
  CONNECT www.sun.com:443 HTTP/1.0
  Proxy-authorization: Basic am0vbDphrGxHa22lLg==
  User-Agent: Mozilla/4.76 [en] (Windows NT 5.0; U)
  Response:
  HTTP/1.0 200 Connection established
  Proxy-Agent: NetCache NetApp/5.1R2D4
  So, the question is:
  What is the best way to pass "Proxy-authorization" header to proxy server??
  Thanks in advance for your time.

  Hi Guys,
  Just like, i assume, all of you, i've had my battles with javas' handling of https comms from behind a firewall. I'm actually amazed at how something that is a simple combination of protocol and security should become so messy.
  Luckily , i managed to get all my requirements met, but the sad thing is after all that hard work, i'm not much closer to understanding why the standard java sdk (im using 1.4) forces us to endure such painful tasks.
  Really, Java is quite a mature language now, and one of its touted benefits is its applicability to web and internet technologies... so why the messy proxy code when dealing with ssl?
  Anyway, i didn't really come here to b**tch, but rather to point you all to a handy library from apache - httpClient - http://jakarta.apache.org/commons/httpclient.
  After implementing ssl proxy tunnelling and all the fun that goes with it, i found this tool, and subsequently deleted all that ugly code, and let http client deal with all that for me.
  Its seriously simple, heres a snippet:
  httpClient = new HttpClient();
  httpClient.setTimeout(responseTimeoutMillies);
  Protocol myHttps = new Protocol("https", new SSLContextBasedSocketFactory(sslContext), targetServerPort);
  httpClient.getHostConfiguration().setHost(targetServerHost, targetServerPort, myHttps);
  if (useProxy)
       httpClient.getHostConfiguration().setProxy(proxyHost, proxyPort);
          httpClient.getState().setProxyCredentials("my-proxy-realm", proxyHost, new UsernamePasswordCredentials(proxyUser, proxyPassword));
  }This initialises the client, and after this, making http requests is simple:
  String response = null;
  PostMethod postMethod = new PostMethod("/secure/blah.jsp"); // A HTTP Post
  postMethod.setRequestBody("Hello there"); // this is the data in the http post body
  int responseCode = httpClient.executeMethod(postMethod);
  if(responseCode == 200)
      response = postMethod.getResponseBody();...
  As you can see, its alot less painful. It certainly makes me feel better, knowing i don't have to support/maintain the ugly proxy tunnelling code. Give it a shot on your next project.
  Hope it helps.
  Regards
  Marcus Eaton

• Client Certificate authentication doesn't work

  Hi there,
  I want to use client authentication to log on to a SAP WebAS ABAP. I did everything as described in Gregor Wolfs Blog: Setup Authentication with Client Certificates for the Sneak Preview SAP NetWeaver 04 ABAP Edition on Windows
  (my system is not a sneak preview and it is based on Linux).
  When I call a BSP application, I can choose the client certificate in the browser, and everything seems to work. But at the end, the basic authentication dialog appears.
  In the dev_icm trace, I can see, that there is a user extracted from the DN of the certificate. In the HTTP access log, the user is logged on.
  All certificates are valid, no problem found.
  Exept the view VUSREXTID didnt work, the user in the HTTP access log was always the one from the DN, not the mapped one. But both are valid.
  Any idea?
  Thank you,
  Erik

  Did you map the certificate and user in the transaction 'extid_dn' ?
  Because the 'normal' pop-up for username and password is opened when the system cannot find a user mapped to the certificate...
  Felix

• BUG - Client Authentication doesn't work !!! [standalone 10.1.3.0.0]

  i tried to enable client authentication in jdevloper oc4j with
  needs-client-auth="true" but it doesnt work.. i got SSL connection but server do not request client certificate
  i did not have problems with 10.1.2.0.2

  FYI - It is hard to tell where you went wrong in the configuration. Typically this kind of error comes up if there is a problem with the certificate. The process of securing OC4J is detailed here:
  http://download-west.oracle.com/otn_hosted_doc/ias/preview/web.1013/b14432.pdf
  Perhaps you can validate what you did vs the documentation.
  I cut and pasted the following from the docs so may not come out well:
  Creating the Secure Web Site Configuration File
  Specify the appropriate SSL settings under the <web-site> element, as illustrated in the following example.
  <web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/
  web-site-10_0.xsd" port="4443" secure="true" display-name="My Secure Web Site">
  <access-log path="../log/secure-web-access.log" />
  <ssl-config factory="com.evermind.ssl.JSSESSLServerSocketFactory"
  keystore="../../server.keystore" keystore-password="welcome"
  provider="com.sun.net.ssl.internal.ssl.Provider" />
  </web-site>
  Note the additions to <web-site>, shown in bold:
  Add a secure attribute with the value set to true. Setting secure="true" specifies that the HTTP protocol is to use an SSL socket.
  Set the port attribute to an available port. The default for SSL ports is 443; in the example above, the port attribute is set to 4443.
  Add the <ssl-config> element. This element is required whenever the secure flag is set to true. This element takes the following attributes and elements:
  o The optional factory attribute is used to specify the third-party SSLSecureSocketFactory implementation to use if the application is not using JSSE.
  The Oracle implementation - com.evermind.ssl.JSSESSLServerSocketFactory - is used by default. (Note that although the default implementation is shown in the example, it is implicit and does not need to be specified.)
  If the application uses a third-party SSLServerSocketFactory implementation, you can use <property> subelements of <ssl-config> to send parameters to the factory.
  o The keystore and keystore-password attributes specify the directory path and password for the keystore. The specified keystore must contain the certificates of any clients that are authorized to connect to OC4J through HTTPS. The value of keystore can indicate either an absolute or relative directory path and includes the file name.
  o The optional provider attribute can be used to specify a security provider to use.
  By default, the Sun Microsystems implementation - com.sun.net.ssl.internal.ssl.Provider - is used. (Note that although the default implementation is shown in the example, it is implicit and does not need to be specified.)
  o One or more <property> elements containing parameters to pass to the SSLSecureSocketFactory. Each element contains a name attribute and a value attribute, enabling you to specify parameters as name/value pairs.
  When the Web site configuration file is ready, add a <web-site> element referencing it to server.xml, the OC4J configuration file located in the J2EE_HOME/config directory. Note that applications will not be able to bind to the Web site unless this notation exists in server.xml. For example:
  <application-server ... >
  <web-site path="./default-web-site.xml" />
       <web-site path="./mycustom-web-site.xml" />
  <web-site path="./secure-web-site.xml" />
  </application-server>
  When configuration is complete, OC4J listens for SSL HTTP requests on one port and non-SSL HTTP requests on another. You can disable either SSL requests or non-SSL requests by commenting out the appropriate *-web-site.xml in the server.xml configuration file.
  <!-- <web-site path="./secure-web-site.xml" /> commented out to remove SSL -->

• Authentication doesn't work after SL upgrade

  Hi,
  This week I finally decided to upgrade my Mac Mini from Leopard to Snow Leopard, but it seems something went wrong. The authentication prompt that asks you to submit user account and password whenever you want to install stuff is not showing up anymore. Installation processes terminate without any notice and updates don't work with the message 'Failed to authenticate'. I've tried to edit my user preferences, but the Users pane is locked, so I can't do anything to change it.
  Could someone help out?
  Thanks,
  Martijn
  Utrecht, Netherlands

  Ah, thanks to the tags I came to this item. It seems to do the trick...
  Move along now, nothing to see here... :-)

• HTTPS 2-way authentication doesn't work.

  I succeeded in setting up my server (WL 6.1) to use SSL and enforce client
  authentication.
  I created a client certificate with OpenSSL, and imported it into my
  browser.
  When I request the page https://localhost:7002/
  I get following message in the log:
  CertificateVerify.md5 error____________________________
  our computed md5 is
  0: 6bd8 4b9a 1bb2 7b46 f815 2bdd a8cf de65 k.K...{F..+....e
  the actual is
  0: 3fcd 6673 4d46 4d45 654c 6bc5 9f01 a2d6 ?.fsMFMEeLk.....
  When I turn on -Dssl.debug, then I get a stack trace:
  CertificateVerify.md5 error____________________________
  our computed md5 is
  0: 6bd8 4b9a 1bb2 7b46 f815 2bdd a8cf de65 k.K...{F..+....e
  the actual is
  0: 3fcd 6673 4d46 4d45 654c 6bc5 9f01 a2d6 ?.fsMFMEeLk.....
  weblogic.security.CipherException: Invalid signature
  at
  weblogic.security.SSL.CertificateVerify.input(CertificateVerify.java:
  127)
  at weblogic.security.SSL.Handshake.input(Handshake.java:115)
  at weblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1043)
  at weblogic.security.SSL.SSLSocket.serverInit2(SSLSocket.java:778)
  at weblogic.security.SSL.SSLSocket.serverInit(SSLSocket.java:622)
  at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:267)
  at
  weblogic.security.SSL.SSLSocket.performAcceptHandshake(SSLSocket.java
  :238)
  at
  weblogic.security.SSL.SSLSocket.getInputStream(SSLSocket.java:1116)
  at weblogic.socket.ResettableSocket.<init>(ResettableSocket.java:30)
  at weblogic.socket.JVMSocketManager.accept(JVMSocketManager.java:90)
  at
  weblogic.t3.srvr.ListenThread$RJVMListenRequest.execute(ListenThread.
  java:563)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
  Any ideas?
  Thanks,
  Lsui

  I seem to be having similar problems, was there a solution found for this?
  To set up the debug information do I need to add anything more
  than -Dssl.debug (i.e. does it take an "=true" or something like that)?
  Thanks,
  Geoff.
  "Luis Muniz" <[email protected]> wrote in message
  news:[email protected]...
  I succeeded in setting up my server (WL 6.1) to use SSL and enforce client
  authentication.
  I created a client certificate with OpenSSL, and imported it into my
  browser.
  When I request the page https://localhost:7002/
  I get following message in the log:
  CertificateVerify.md5 error____________________________
  our computed md5 is
  0: 6bd8 4b9a 1bb2 7b46 f815 2bdd a8cf de65 k.K...{F..+....e
  the actual is
  0: 3fcd 6673 4d46 4d45 654c 6bc5 9f01 a2d6 ?.fsMFMEeLk.....
  When I turn on -Dssl.debug, then I get a stack trace:
  CertificateVerify.md5 error____________________________
  our computed md5 is
  0: 6bd8 4b9a 1bb2 7b46 f815 2bdd a8cf de65 k.K...{F..+....e
  the actual is
  0: 3fcd 6673 4d46 4d45 654c 6bc5 9f01 a2d6 ?.fsMFMEeLk.....
  weblogic.security.CipherException: Invalid signature
  at
  weblogic.security.SSL.CertificateVerify.input(CertificateVerify.java:
  127)
  at weblogic.security.SSL.Handshake.input(Handshake.java:115)
  atweblogic.security.SSL.SSLSocket.getHandshake(SSLSocket.java:1043)
  at weblogic.security.SSL.SSLSocket.serverInit2(SSLSocket.java:778)
  at weblogic.security.SSL.SSLSocket.serverInit(SSLSocket.java:622)
  at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:267)
  at
  weblogic.security.SSL.SSLSocket.performAcceptHandshake(SSLSocket.java
  :238)
  at
  weblogic.security.SSL.SSLSocket.getInputStream(SSLSocket.java:1116)
  atweblogic.socket.ResettableSocket.<init>(ResettableSocket.java:30)
  atweblogic.socket.JVMSocketManager.accept(JVMSocketManager.java:90)
  at
  weblogic.t3.srvr.ListenThread$RJVMListenRequest.execute(ListenThread.
  java:563)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
  Any ideas?
  Thanks,
  Lsui

• Hulu authentication doesn't work

  As everyone now knows Hulu requires you to loggin to your cable provider before it allows you to view any programming. When I login to my cable provider namely Verizon Fios it does take me to stage 3 that allows me to go on to watch my show. I am perpetually stuck at step 2 (i.e the authentication stage) I am able to go through each of the 3 steps with Chrome and so I am wondering what is wrong with Safari?

  Ah, thanks to the tags I came to this item. It seems to do the trick...
  Move along now, nothing to see here... :-)

• UNIX pam authentication dosn't work anymore for SGD 4.20-984

  In SGD 4.20 the UNIX/PAM/LDAP authentication doesn't work anymore.
  After login into tarantella "Invalid Credentials" appears.
  SGD is configured to authenticate UNIX users. In UNIX - PAM/LDAP is working properly:
  "getent passwd" shows all LDAP users and login with LDAP-Accounts via ssh is possible as well.
  Do somebody know what is wrong ?

  Hi
  thanks for the quick answer.
  Here the output of "tarantella config list |grep login":
  login-ad-base-domain: ""
  login-ad-default-domain: ""
  login-ad: 0
  login-anon: 0
  login-ens: 1
  login-ldap-url: ldap://ts2ldasv001
  login-ldap: 0
  login-mapped: 0
  login-nt-domain: ""
  login-nt: 0
  login-securid: 0
  login-theme: sco/tta/standard
  login-thirdparty-superusers: sgd_trusted_user
  login-thirdparty: 0
  login-unix-group: 0
  login-unix-user: 1
  login-web-ens: 0
  login-web-ldap-ens: 0
  login-web-ldap-profile: 0
  login-web-profile: 0
  login-web-tokenvalidity: 180
  login-web-user: ttaserv
  server-login: enabled
  We activated just UNIX users authentication.
  I also tried pwconv without sucess...