Irregular failure to authenticate OpenDirectory users via password-based ssh

TL;DR - my Yosemite Open Directory server irregularly fails to properly authenticate users (via password-based ssh). 
I recently moved an Open Directory server from an Xserve running 10.6 to a new Mini running 10.10.  I archived the OD config on the Xserve and then took it offline.  Then I brought the Mini online using the same hostname/IP address, created a new OD master using the archived configuration.  Everything seemed to work well, however sometimes the server will not authenticate users via password when logging in with ssh/sftp/scp.  This is also true of a few OS X machines that bind to the OD server (i.e. they usually authenticate users properly, but sometimes fail for no discernable reason). 
The failures are only for password authentication using ssh.  Other mechanisms do not exhibit the auth failures.  For instance, AFP and SMB user auth never fails (with proper credentials).  Nor do users to a FileMaker Server machine that authenticate via the OD server have problems.  Public key based ssh authentication never fails.  Local accounts (non-OD, aka "Local Network Accounts") also do not fail using password-based authentication.
The failures are irregular.  The only pattern that I can find at all is that sometimes when the failures start happening, they keep happening continuously until...at some point they work properly again.  That is, they may fail from 11:15 am to 2:01 pm, and if so, then all of them fail in that time range.  Sometimes that time range lasts seconds, sometimes it lasts hours.
The time range failure pattern is host specific.  For instance, if password authentication is failing on the main OD server, authentication may be fine on the other bound machines.  If authentication is failing on one of the bound machines, then it may be fine on all others and fine on the OD server itself.
The failure pattern does not seem to correlate to any other events or activity on the server (even remotely).  CPU utilization never gets above about 15%.  Memory utilization is similarly very low.  Network traffic is occasionally high, but it does not seem in any way related to the auth failures.  There are not other log messages that occur before or after the failures with any consistency.
I've been monitoring the auth failures by attempting to login to the OD server and two other bound hosts once per minute so that I can tell when the auth is failing (before getting calls from the users). 
The adaptive firewall is not running on the OD server.  Nor is any other firewall.
Below are a comparison of the system.log entries for a failed and successful auth (I've stripped out those lines that are identical in both instances).  The log entries have been sanatized as described.
Rebooting the OD server does not affect the bound clients' authentication.  Rebooting the OD server is problematic, and I cannot do it often.  When I do, sometimes failures start soon after reboot, and sometimes that don't come back for many hours - again, no discernable pattern.
If anyone has any ideas what I can do to discover the source of this problem and come up with a solution, I'd very much appreciate it.  Note that I'm aware that I can export all users and group and reconstruct a new, clean OD master, but without the ability to save the passwords, this becomes a large logisitcal problem, and I'm saving it as a last resort (particularly since if it doesn't solve my problem, I will have inconvenienced many users and be right back in the same place).
Thanks for reading.
First failure:
    Feb 11 00:00:20 odserver.myorg.gov kdc[67]: TGS-REQ [email protected] from 127.0.0.1:65373 for host/[email protected] [canonicalize, forwardable]
    Feb 11 00:00:20 odserver.myorg.gov opendirectoryd[67268]: GSSAPI Error:  Miscellaneous failure (see text (unable to reach any KDC in realm ODSERVER.MYORG.GOV, tried 2 KDCs (negative cache))
    Feb 11 00:00:20 odserver.myorg.gov sshd[72974]: error: PAM: authentication error for myusername from clienthost.myorg.gov via 10.50.50.50
    Feb 11 00:00:20 odserver.myorg.gov sshd[72974]: Connection closed by 10.50.50.99 [preauth]
Now successful auth:
    Feb 11 01:03:20 odserver.myorg.gov kdc[67]: TGS-REQ [email protected] from 127.0.0.1:63978 for host/[email protected] [canonicalize, forwardable]
    Feb 11 01:03:20 odserver.myorg.gov kdc[67]: TGS-REQ [email protected] from 127.0.0.1:62346 for ldap/[email protected] [canonicalize, forwardable]
    Feb 11 01:03:20 odserver.myorg.gov sshd[73786]: Accepted keyboard-interactive/pam for myusername from 10.50.50.99 port 53361 ssh2
    Feb 11 01:03:20 odserver.myorg.gov NetAuthSysAgent[73789]: GetStatus: connecting to self not allowed
   Feb 11 01:03:20 odserver.myorg.gov NetAuthSysAgent[73789]: ERROR: AFP_GetServerInfo - connect failed 62
I've sanitized the entries as follows, replacing...
My username by myusername
The ssh source host IP address by 10.50.50.99
The ssh source hostname by clienthost.myorg.gov
The server hostname by odserver.myorg.gov
The server hostname (in caps) by ODSERVER.MYORG.GOV
The server IP address by 10.50.50.50

Hello James,
I have not had a chance to look for the Router configuration document, however, for one of my certificate exams I did configure Authentication Proxy on an IOS router. The config for that lab was:
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization auth-proxy default group tacacs+ local
aaa session-id common
ip auth-proxy name AUTHPROXY http inactivity-time 60
interface FastEthernet0/0
ip address 192.168.250.19 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/1
ip address 192.168.200.120 255.255.255.0
ip access-group 110 in
ip nat inside
ip virtual-reassembly
ip auth-proxy AUTHPROXY
duplex auto
speed auto
ip route 0.0.0.0 0.0.0.0 192.168.250.1
ip http server
ip http authentication aaa
no ip http secure-server
ip nat inside source list nat interface FastEthernet0/0 overload
ip access-list extended nat
permit ip 192.168.200.0 0.0.0.255 any
access-list 110 permit ip any any
tacacs-server host 192.168.250.20
tacacs-server key cisco123
end
Please check if the commands are supported on your router as well.
If this ws helpful please rate.
Regards.

Similar Messages

  • Failure to authenticate the user weblogic, due to: Authentication Failed

    I want to integrate Discussion forum with webcenter spaces. For that, first i have created a connection to forum in webcenter enterprise manager with admin user as weblogic. But In sevices configuration page of webcenter spaces it is showng 'failure to authenticate the user weblogic, due to: Authentication Failed' for Discussion Forums. I have logged into spaces using admin creadentials only.
    Please help me...how to go about this?

    I tried everything but discussions server cannot autenticate.
    Im using OID ldap success inside discussions forum AND webcenter but when I enter inside webcenter its generates this error!
    <Sep 9, 2010 12:05:51 PM BRT> <Warning> <oracle.webcenter.collab.forum.internal.view.backing> <WCS-04013> <failure to authenticate the user weblogic, due to: Authentication Failed
    oracle.webcenter.collab.share.LoginFailedException: Falha ao autenticar o usuário weblogic, em decorrência de: Authentication Failed
         at oracle.webcenter.collab.forum.internal.jive.JiveAuthenticator.handleException(JiveAuthenticator.java:304)
         at oracle.webcenter.collab.forum.internal.jive.JiveAuthenticator.login(JiveAuthenticator.java:247)
         at oracle.webcenter.collab.forum.internal.jive.JiveForumSession.login(JiveForumSession.java:128)
         at oracle.webcenter.collab.share.Session$1.call(Session.java:353)
         at oracle.webcenter.collab.share.Session$1.call(Session.java:347)
         at oracle.webcenter.concurrent.Submission$2.run(Submission.java:406)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
         at oracle.webcenter.concurrent.Submission.runAsPrivileged(Submission.java:420)
         at oracle.webcenter.concurrent.Submission.run(Submission.java:347)
         at oracle.webcenter.concurrent.Submission$SubmissionFutureTask.run(Submission.java:736)
         at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
         at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
         at java.util.concurrent.FutureTask.run(FutureTask.java:138)
         at oracle.webcenter.concurrent.ModifiedThreadPoolExecutor$Worker.runTask(ModifiedThreadPoolExecutor.java:657)
         at oracle.webcenter.concurrent.ModifiedThreadPoolExecutor$Worker.run(ModifiedThreadPoolExecutor.java:682)
         at java.lang.Thread.run(Thread.java:619)
    Caused By: Authentication Failed
    I read all document about this and all failed.

  • Authenticate windows users via ACS

    Hi,
    Expert insight required for Cisco ACS, Is it possible to authentication windows user via ACS & apply ACL policies over network devices.
    I would appreciate valued inputs.
    Regards,

    Yes, it's possible to authenticate windows users via ACS and push DACL via radius.
    Seems you are looking for DACL. Here is a document that can help you to understand the same
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a9eddc.shtml#user
    Let me know if you need any further help.
    Jatin Katyal
    - Do rate helpful posts -

  • SEEBURGER AS2: AS2 Adapter failure - Cannot authenticate the user

    Hello,
    All was working fine but now I got these errors in an AS2 scenario. Sending a message via AS2. Also we don't receive any messages via AS2 anymore. This is the error when sending a message:
    Unable to forward message to JCA adapter. Reason: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.
    MP: Exception caught with cause javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.
    Exception caught by adapter framework: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user
    Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.: javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure.
    Please advice, many thanks!
    Erik

    Are you using the "Use Authentication" option in the communication channel? If yes, then ensure that the user provided is correct and is not locked. Also recheck the authentication certificate settings.
    Regards,
    Prateek

  • ACS 4.2 failure to authenticate windows users

    Hi all , we have a bit of a problem which we cannot seem to resolve.
    The ACS can authenticate people using local database , it can also authenticate a single user (using windows database) if you are fast after the service is restarted , however after a few secounds, it fails to authenticate any users , the error we are seeing on the logs appear as authentication failure type : internal error. Also on the log files, the authentication request from the user does not appear in the correct group, it is thrown into the default group.
    Any ideas on where we should look to the problem?

    Hi,
    Its running on windows 2003 server, is running as the system account.
    Auth.log details below on a failed authentication
    AUTH 04/09/2009 17:02:13 A 5789 3000 0x69 Worker 0 waiting for work
    AUTH 04/09/2009 17:02:13 A 5789 1400 0x6 Worker 3 waiting for work
    AUTH 04/09/2009 17:02:13 A 5789 0368 0x4 Worker 1 waiting for work
    AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 0
    AUTH 04/09/2009 17:02:23 A 5821 3000 0x69 Worker 0 established conn 166 with 127.0.0.1:1879
    AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 1
    AUTH 04/09/2009 17:02:23 A 5821 0368 0x4 Worker 1 established conn 167 with 127.0.0.1:1881
    AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 3
    AUTH 04/09/2009 17:02:23 A 5821 1400 0x6 Worker 3 established conn 168 with 127.0.0.1:1883
    AUTH 04/09/2009 17:02:24 A 5853 0236 0x51 Worker 4 error/timeout, forcing API disconnect of connection 165.
    AUTH 04/09/2009 17:02:24 A 5887 0236 0x51 Worker 4 closing conn 165 endpoint. Handled 2 messages.
    AUTH 04/09/2009 17:02:24 A 5789 0236 0x51 Worker 4 waiting for work
    AUTH 04/09/2009 17:02:30 E 2100 4080 0x6d External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1783L)

  • ACS 4.1 failure to authenticate Windows users.

    Hello.
    We are running Cisco Secure ACS for Windows version 4.1(1)b23p5 on a Windows 2000 member server.
    Starting from today, ACS fails to authenticate users.
    Using the same external user (andrea-meconi) I can verify successfull and failed authentication.
    This is the AUTH.log for a genericRADIUS request...
    AUTH 25/02/2013 15:30:24 I 0396 3900 External DB [NTAuthenDLL.dll]: Starting authentication for user [andrea-meconi]
    AUTH 25/02/2013 15:30:24 I 0396 3900 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user andrea-meconi
    AUTH 25/02/2013 15:30:24 E 0396 3900 External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1783L)
    AUTH 25/02/2013 15:30:24 I 0396 3900 External DB [ODBCAuthDll.dll]: Starting 1 odbc workers
    AUTH 25/02/2013 15:30:24 I 0396 3900 External DB [ODBCAuthDll.dll]: DLL initialised OK
    AUTH 25/02/2013 15:30:24 I 0571 3900 AuthenLoadLibrary: Loaded DLL for External ODBC Database
    AUTH 25/02/2013 15:30:24 I 1645 3900 pvAuthenticateUser: authenticate 'andrea-meconi' against External ODBC Database
    This is the log for an EAP request...
    AUTH 25/02/2013 16:23:56 I 1645 4568 pvAuthenticateUser: authenticate 'venezia\andrea-meconi' against Windows NT/2000
    AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: Starting MSCHAP authentication for user [venezia\andrea-meconi]
    AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: Got WorkStation CISCO
    AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: Attempting Windows authentication for user andrea-meconi
    AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: Windows authentication SUCCESSFUL (by RVVMDCC01PW)
    AUTH 25/02/2013 16:23:56 I 0396 4568 External DB [NTAuthenDLL.dll]: User mapped to ACS group id [20]
    Windows AD running now on Windows 2008 server, migrating from 2003.
    Any idea?
    Thanks.
    Andrea

    Windows authentication FAILED (error 1783L)
    The above error indicates that the migration happened over night. In order to resolve this issue you need to upgrade your ACS to atleast ACS 4.2.0.124 patch 4 or above.
    Supported Operating Systems section
    --Windows Server 2008, Standard Edition
    --Windows Server 2008, Enterprise Edition
    --Japanese Windows Server 2008, Standard Edition, Service Pack 2
    --Japanese Windows Server 2008, Enterprise Edition, Service Pack 2
    NOTE: No version of ACS 4.x support 2008 R2. Only ACS 5.2 support it.
    Regards,
    Jatin Katyal
    - Do rate helpful posts -

  • Mail crashing on failure to authenticate cyrus user

    Mail crashed, and now will not warn re-start (a cold start of the server works) with error:
    no entry in /etc/passwd for user _cyrus
    can't change to the cyrus user: No such file or directory
    The IMAP logs also show, for ALL users, even though all users have IMAP enabled:
    AOD Warning: dsGetRecordList failed with: -14085 for user: username
    AOD Warning: dsGetRecordList failed with: -14085 for user: username
    badlogin from: [192.168.1.xxx]. plaintext user: username. mail is not enabled for this user
    And SMTP log shows:
    fatal: file /etc/postfix/main.cf: parameter default_privs: unknown user name value: nobody

    And here's the system log, around the time of the last crash:
    Jan 23 01:02:53 xserve DirectoryService[25]: GetGroups couldn't find uid 27
    Jan 23 01:02:57: --- last message repeated 1 time ---
    Jan 23 01:02:57 xserve servermgrd[56]: --Module servermgr_xserve's response has retain count of 1.
    Jan 23 01:02:58 xserve bootpd[203]: DHCP DISCOVER [en0]: 1,0:e:70:0:6:9e
    Jan 23 01:03:09: --- last message repeated 1 time ---
    Jan 23 01:03:09 xserve servermgrd[56]: --Module servermgr_xserve's response has retain count of 1.
    Jan 23 01:03:14 xserve bootpd[203]: DHCP DISCOVER [en0]: 1,0:e:70:0:6:9e
    Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): getpwuid("77") failed
    Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 5452 "master" has no account to back it! Real/effective/saved UIDs: 77/77/77
    Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 3897 "imapd" has no account to back it! Real/effective/saved UIDs: 77/77/77
    Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 3895 "imapd" has no account to back it! Real/effective/saved UIDs: 77/77/77
    Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 3894 "imapd" has no account to back it! Real/effective/saved UIDs: 77/77/77
    Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 3893 "imapd" has no account to back it! Real/effective/saved UIDs: 77/77/77
    Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 3885 "idled" has no account to back it! Real/effective/saved UIDs: 77/77/77
    Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): PID 3874 "master" has no account to back it! Real/effective/saved UIDs: 77/77/77
    Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77[5453]): Exited with exit code: 1
    Jan 23 01:03:18 xserve com.apple.launchd[1] (com.apple.launchd.peruser.77): Throttling respawn: Will start in 10 seconds

  • Trying to create an annoucement ADF task flow.  Failure to authenticate

    Experts-
    I have created a JSPX page and added the announcement ASF task flow. After I deploy to my WLS instance I recieve the following error when browing the page. "failure to authenticate the user weblogic, due to: Unable to connect to discussion server."
    The java server log file throws this exception "Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials. Inner Exception: [Keystore was tampered with, or password was incorrect]"
    I am able to login to the OOTB discussion web app using the same user but not my custom ADF JSPX page.
    I have configured the JDEV Discussion forum connection with the following properties..
    keystore.location = "E:\Oracle\Middleware\user_projects\domains\working_domain\config\fmwconfig\webcenter.jks"
    keystore.type=jks
    encryption.key.alias=orakey
    encryption.key.password=welcome1
    keystore.password=welcome1
    I can test this connection with success.
    Anyone know why I can correctly login the OOTB discussion app using my default weblogic user but not the custom ADK app?
    I am also using the simple login page jdeveloper creates via the "configure ADF security"
    Thanks-

    even I am getting the same problem. I created a Discussion Forum Connection from my Jdeveloper. I tested the connection to be successfull.
    and when I run the ADF application having webCenter Discussion forum taskflow as a region , it says
    For more information on this failure, please set -Djps.auth.debug.verbose=true
    java.io.IOException: Keystore was tampered with, or password was incorrect
    + at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)+
    + at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)+
    + at java.security.KeyStore.load(KeyStore.java:1185)+
    + at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:525)+
    + at org.apache.ws.security.components.crypto.AbstractCrypto.<init>(AbstractCrypto.java:121)+
    + at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:62)+
    + at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)+
    at the UI page it says the
    failure to authenticate the user john, due to: Unable to connect to discussion server.
    Please suggest some debugging tips.
    Thanks
    Thyagy

  • File Adapter - anonymous login (or )User name ,password login - Efficient?

    Hi Folks,
    In File Adapter processing , anonymous login (or) proper user name password based login is recommended ?
    Because we have faced many issue while using username based login in File adapter  .
    Which one is best ?
    Regards.,
    Shiva

    Hi Shiva ,
    We will go one by one :
    You can go for the Anonymous login  but the problem is the any body can access the FTP server and it is not the secure one,that is why business generally don't allow the Anonymous login.
    Coming to Proper user name password login ,I would advice you to use this one as the connection is more secure in this case.But this also comes with a problem that the username password generally expires after some time as per security policy and you have to change the username password for the FTP server as well as in File adapter which you are using.But this problem can be solved by going for a permanent username and password.
    I would recommend you to go for Proper user name and password.
    Regards
    Ravi Anand
    Edited by: Ravi Anand@85 on Mar 12, 2010 7:56 AM

  • Portal: Password reset and unlock User via UME?

    I'm new to Portal and SAP.  I'm trying to find options to have a username unlocked and password sent to user based on a userid from our Portal logon page.
    The end user needs only to know their user ID, and based on this user ID I need their username to be unlocked, and a temporary password to be emailed to them (Looked up from their user ID via Database) 
    From what I've been reading UME can do this, but when I look into configuration of it I'm not seeing anything that can define this to show up on the Portal logon page.  Does this have to be developed and built in or linked as a separate page or is there a prefab one made already(nothing I could find showed evidence of this, although the documentation regarding UME hinted at this)?
    The end user doesn't need to answer security questions because to get access to the portal they already have to be on my secured network. 
    Any help would be great!
    Edited by: Andrew Urban on Aug 7, 2008 12:09 AM
    Edited by: Andrew Urban on Aug 7, 2008 12:10 AM
    Edited by: Andrew Urban on Aug 7, 2008 12:16 AM

    Andrew,
    This link might help explain what is possible with SAP Portal in terms of allowing the user to reset their password from the logon screen.
    http://help.sap.com/saphelp_nw04s/helpdata/en/45/7e6313d8780dece10000000a11466f/frameset.htm
    As for allowing a user to unlock their account from the logon page, there is no such functionality that I know of.  This would need to be developed.  We are doing something similar.  In our case, we are developing a module that allows user to retreive their user ID if they forget it.  This also is not functionality that SAP provides.  The user can specify their email address, and it emails them their user ID.  This is being developed in Web Dynpro for Java utilizing the UME APIs.
    - Andrew Castillo

  • EBS 7.3 "Could not authenticate this user name and password, try again"

    I have just install Sun StorEdge Enterprise Backup Software 7.3 on a new Solaris 10 (06/06) system. I have installed the following packages with no errors: SUNWebsc (Client), SUNWebsn (Storage Node), SUNWebss (Server), SUNWebsm (Man pages) and SUNWebsg (Console).
    I have executed the �nsraddadmin� command for both root and administrator.
    I start the web browser with http://<hostname>:9000 and the java software loads with no errors. But when I try to login for the first time with administrator/administrator, I get the follow error:
    ERROR: Could not authenticate this user name and password, try again�

    I think the client is not able to do a HTTP POST
    to the WLS server but it can do a HTTP GET.
    I dont know why.
    http://manojc.com
    "Ganesh" <[email protected]> wrote in message
    news:3eba91bc$[email protected]..
    >
    Hi,
    I deployed a rpc web service using WLS 7.0 SP2 in HP-UX 11 environment.When I
    invoke the web service through my browser (IE 6.0) using the web servicesurl,
    it brings my service method correctly. From there, if I click the invokebutton
    it asks me for a network user name and password under "weblogic" realm???If I
    provide the admin user credentials (which I supplied while creating mydomain)
    it is not accepting that it keeps popping up this network user passwordwindow
    over and over. Not sure which username/password I have to provide here tosee
    the result of my service.
    If I try to invoke the web service through my client (static) I am gettinga connection
    refused exception. I guess either way, I am not able to access my webservice.
    In the attached file, I have cut and pasted the client stack trace as wellas
    the server log trace from weblogic.
    Any ideas would be highly appreciated.
    Thanks,
    Ganesh

  • Authenticate users via email

    This is the problem:
    i want to send a URL to visited by a user, so that after doing that, he's authenticated by the system.
    This is like some of most used web phorum work.
    How can i solve this problem?
    where can i find examples?
    I think the problem is to generate dynamic URLs, one per each user to be authenticated...but maybe there are easier solutions..
    thanks!

    why not just email them something like the forum link here?
    like:
    http://www.cometomysite?reply=true
    then when the user clicks that link they'll be taken to the site on that page check the value of reply, if it's not there or not equal to true don't let them in. basically it's better to use something other then true or false, if you want send them some bizarre word or number. basically you will be using the URL to authenticate the user. here's something on it:
    http://javaboutique.internet.com/tutorials/JSP/part04/
    try searching on google for url writing with jsp servlets.

  • How to change a users login password via single user mode, plus multiple issues?

    So, there is much to this Thread.
    (First Issue)
    A lil back ground, i'm working on a MacBook Pro 3,1 running OS X Tiger 10.4.(something, no idea), the The user has forgotten their account password. Now before you tell me to just change it through the Root Admin account, that account seems to have its own issues, the accounts do not show up in the system preferences, therefore not allowing me to change that users account password.
    (Second Issue)
    Once I'm able to login into the users account, is there any way to disable / erase / eradicate the key chain system?
    (Third Issue)
    All of a sudden the MacBook has lost all audio capability, both in the built in speakers and through the headphone jack.
    i'm open to any ideas, its currently 10:14am the user is wanting this to be done by 2:45pm please help i'm desperate and i don't want to be defeated by a Mac

    It's possible some of these things are related. I'd first do a basic verification of the computer's system.
    First, if at all possible make a backup of the drive in its present configuration. If something goes wrong during repair attempts and makes things worse you will have a backup. You will have to decide how to work this in the light of any present backups you may have, for example, a backup that may be a few days out of date. In that case you may want to keep that one and make a second backup of this as they are now, though I realize people often don't have a lot of empty drives sitting around.
    Boot from the System installer disc that came with your computer or is the one for the version you currently have on there, select language if applicable, choose utilities, run Disk Utility and verify (and repair if necessary) the drive. You can verify a drive from DU on your main drive while booted but I have found this can result in incorrect reporting of errors. To repair your drive you have to run it from a drive other than the boot drive anyway.
    Next, boot from your drive in [Safe Mode|http://docs.info.apple.com/article.html?artnum=107393] and repair permissions. You can repair permissions while booted from the installer disc but this uses the permissions configuration on the installer disc which may be out of date if you have run any updates on your computer. Booting your computer to Safe Mode restricts the number of things running on your computer while permissions are being run and does a bit of spring cleaning at the same time.
    [Resolve startup issues and perform disk maintenance with Disk Utility and fsck|http://docs.info.apple.com/article.html?artnum=106214]
    [Using Disk Utility in Mac OS X 10.4.3 or later|http://docs.info.apple.com/article.html?artnum=302672]
    [Disk Utility's Repair Disk Permissions|http://docs.info.apple.com/article.html?artnum=25751]
    From BDaqua (couldn't have said it better):
    "Try Disk Utility
    1. Insert the Mac OS X Install disc that came with your computer (Edit: Do not use this disc if it is not the same general version as what you have currently on your computer, e.g. use a Tiger disc for a Tiger drive, not a Panther disc), then restart the computer while holding the C key.
    2. When your computer finishes starting up from the disc, choose Disk Utility from the Installer menu. (In Mac OS X 10.4 or later, you must select your language first.)
    Important: Do not click Continue in the first screen of the Installer. If you do, you must restart from the disc again to access Disk Utility.
    3. Click the First Aid tab.
    4. Click the disclosure triangle to the left of the hard drive icon to display the names of your hard disk volumes and partitions.
    5. Select your Mac OS X volume.
    6. Click Repair. Disk Utility checks and repairs the disk.
    Then Safe Boot, (holding Shift key down at bootup), run Disk Utility in Applications>Utilities, then highlight your drive, click on Repair Permissions, reboot when it completes."

  • ACS cannot Authenticate Aironet Users against Exernal DB (LDAP)

    ACS cannot Authenticate Aironet Users against Exernal DB (LDAP)
    Can anyone point me to a technical explanation of why this is true?
    All I have found so far is one small note in a help file and something that might be related under EAP-FAST explanation.
    I have posed this question to our Cisco account team but no response yet.
    Just need to have a good explanation when explaining to mgmt why we need to have a special setup for WLAN users.

    Hmmm....you should be getting more than that from debug radius and debug aaa authen if your AP is truly attempting EAP authentication. The debugs I generally use for this are 'debug aaa authen', 'debug radius', and 'debug dot11 aaa dot1x all' coupled with gathering the detailed support logs from ACS. A warning about 'debug dot11 aaa dot1x all'....it is VERY verbose and cryptic if you don't have alot of experience looking at it so it may be best to open up a TAC case. With these debugs turned on, you should see an EAPOL logon show up from the client (usually says 'received EAPOL packet...') and then a request for identity from the switch and a response from the client with a username and password. Then a series of RADIUS challenge/response packets will be passed which consists of the server cert being passed to the client for validation and then the client sending the username and password to the server. Then you will finally get an access-reject or access-accept packet from the RADIUS server. The failed and passed attempts logs in ACS can also provide good info as to what the source of the failure may be. Do you get any passed or failed attempts for these authentications?

  • Creating users via the admin console

    Hi,
    I'm trying to create a user via the admin console. The user will have to
    authenticate via Membership, and will require a username and password.
    However, when creating the user via the admin console it does not allow you
    to specify a default password (or by using the command line 'ipsadmin create
    user /domain/user.xml', unless there is some XML field specified in the file
    to do that? If so, what is it? Specify an attribute in the
    "iwtAuthMembership-password"?) After creating a user via the console, I
    tried logging in using a blank password and a password the same as the
    username, but neither worked. Is this password set as default to something,
    and if so to what?
    Also, is there some existing means for a user who has already created a
    membership account to change their password? If not, then I guess I will
    have to develop some code to modify the "iwtAuthMembership-password"
    attribute.
    Thanks,
    Mark

    Hi,
    After you have created the user via the console, then the user will be added to a particular role.From the console go that particular domain and then to the role under which the user was created.Then select the Users link you can see the users list.From that list select the user for whom a password is needed,then it will lead you to a screen where you can see a link named Authentication.Expand that link and click on the Membership link there you can enter the username and password for the user

Maybe you are looking for

  • Not able to access the Oracle9i wireless edition home page

    We are getting the following error when trying to access the personalization portal(By typing http://<hostname:port>/portal/Login.jsp) on Oracle9i wireless edition. Error: The requested URL /servlets/oracle.jsp.JspServlet was not found on this server

  • How do I mask a path with a blending mode so that if only effects the groups below?

    I am working on a logo but have run into what seems like a simple problem but nothing about masks that I have found seems to work. I have two groups and in one of them I have a path with an overlay blending mode. Above both groups I have the same pat

  • Vista and Fireworks CS3

    I just bought a new desktop (Vista Home Premium, Pentium Dual Core @1.6, 2024 ram, HDD 320 @ 7200) and installed CS3 Web Premium (Which worked well on my slower XP Pro laptop). Fireworks simply will not work. I've read some of the posts related to th

  • Initialisation Block as anonymous package

    Hi all, Does anyone have any experience in creating an initialisation block that executes a PL/SQL block and returns a cursor of data rather than a SQL command. So, something like a "declare......end;" rathern than "select col from table where....;"?

  • How do I set a methods error out value in an XControl?

    I'm working with an XControl and have created several methods.  I can see two possible ways to return status when a method is invoked.  One is by providing an output parameter in the method (this is my fall back).  The other would be to set the error