JBO-33021: Failed authenticate user null

Similar Messages

• JBO-33021: Failed authenticate user null HELP!!

  I am trying to set security on the application module Using jDeveloper 10.1.2 and oracle db 9.2.
  Currently testing from the embedded oc4j and a standalone oc4j.
  Created an application module to a db table and named it AppModule.
  The application module successfully tested using the projects default Business Component Name.
  The application module also tested successfully using the Business Component Name "AppModuleLocal".
  I then set the jbo.security.enforce application module property to "Auth".
  The application module is re-tested using the Business Component Name "AppModuleLocal".
  A dialog window prompts for user and password.
  Then login using the default admin/welcomr and the below error is generated:
  JBO-30003: The application pool (Cuma.model.cumaStateModuleLocal) failed to checkout an application module due to the following exception:oracle.jbo.JboException: JBO-29000: Unexpected exception caught: oracle.jbo.JboException, msg=JBO-33021: Failed authenticate user null
  what does mean?

  repost

• Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection

  "[DBNETLIB] Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection"
  After patches applied on patch Tuesday the database reports the above error. 
  All accounts are domain accounts and SQLServer uses Windows auth.
  DCDIAG show no errors
  All servers and DC have been restarted,
  Message in db log confirms the connection is being denied due to trust.
  Event log shows same rejection
  Protocols enabled: named pipes, tcpip, memory
  TESTS:
  PortQry: "
  TCP port 1433 (ms-sql-s service): LISTENING"
  Connect with domain admin accounts works from multiple clients systems to DB.
  Cannot connect with newly created domain admin account
  Can connect if new admin account connect to server in terminal server session and uses UDL wizard or any other tool including isql.
  New standard user also fails to connect.
  NOTES:
  I removed the SSL patch and the IE security update to see if that was an issue.
  ¯\_(ツ)_/¯

  Has someone left the company or has an account of some nature been dropped/replaced?
  Please click "Mark As Answer" if my post helped. Tony C.
  Hi Tony,
  Srry but No.  We just installed the monthly updates.
  I went back and found I had missed removing a patch.  I missed the rollup for Windows Server 2003:
  Event Type: Information
  Event Source: NtServicePack
  Event Category: None
  Event ID: 4382
  Date:  3/12/2015
  Time:  12:26:04 PM
  User:  NETTEST\admin
  Computer: DATA1
  Description:
  Windows Server 2003 KB954920 was removed from your computer, and the previous Windows Server 2003 configuration was restored.
  After I removed that is still didn't work but after about five minutes it started working.
  I guess I ned to report that to MS after I research what might be changed to make the patch work.
  Every time I get stuck and ask for help it seems to be just before I stumble on the solution.
  Thanks for replying.
  Well - maybe this will help someone else.
  Thanks again for replying Tony
  ¯\_(ツ)_/¯

• JAAS LDAP OID JBO-33021

  We have deployed the BC4J as an EJB session bean to a standalone oc4j.
  Running it with the user admin/welcome is fine.
  But if we change the jazn.xml to use the LDAP provider we cannot login anymore.
  (<jazn provider="LDAP" default-realm="empl" location="ldap://empldev1.bxl:4032" />)
  ----- LEVEL 1: DETAIL 0 -----
  (oracle.jbo.common.ampool.ApplicationPoolException) JBO-30003: The application pool (MyPackageModuleLoc11) failed to checkout an application module due to the following exception:
  ----- LEVEL 2: DETAIL 0 -----
  (oracle.jbo.JboException) JBO-25222: Unable to create application module.
  ----- LEVEL 3: DETAIL 0 -----
  (javax.naming.NamingException) null
  ----- LEVEL 3: DETAIL 0 -----
  javax.naming.NamingException. Root exception is java.lang.reflect.InvocationTargetException: oracle.jbo.JboException: JBO-33021: Failed authenticate user MILLER
  I created the user "Miller" on our infrastructure. (http://empldev1.bxl:7777/oiddas)
  With this LDAP provider we even get the error when using the local deployment profile:
  <AppModuleConfig name="MypackageModuleLoc11">
  <DeployPlatform>LOCAL</DeployPlatform>
  <DBconnection>jdbc:oracle:thin:@empldev1:1521:EMPLD2</DBconnection>
  <JDBCName>secjEmplti1</JDBCName>
  <jbo.pers.max.active.nodes>3000</jbo.pers.max.active.nodes>
  <jbo.security.enforce>Must</jbo.security.enforce>
  <java.naming.security.credentials>MILLER123</java.naming.security.credentials>
  <java.naming.security.principal>MILLER</java.naming.security.principal>
  <AppModuleJndiName>mypackage.MypackageModule</AppModuleJndiName>
  <ApplicationName>mypackage.MypackageModule</ApplicationName>
  </AppModuleConfig>
  java -jar jazn.jar -listusers
  empl/MILLER
  I Read the following "Remote EJB clients require the RMI login permission in order to be able to access objects on the OC4J server."
  Is this the problem why I can't connect with the ldap users?
  if so, how can I give the users the permission?
  I tried the following but it gives me Insufficient Access Rights
  java -jar jazn.jar -grantperm empl MILLER com.evermind.server.rmi.RMIPermission loginoracle.security.jazn.JAZNNamingException: [LDAP: error code 50 - Insufficient Access Rights]

  Bert,
  Before you switch JAZN provider to LDAP, are you able to run remote EJB after you add empl/MILLER to jazn-data.xml?
  I don't know whether you are aware that JAZN admintool, which is the java -jar jazn.jar, with -listuser, -grantperm, etc., only affect the XML provider, which is the jazn-data.xml. It is not a tool for managing user on OiD, LDAP provider.
  It is also not clear to me which security group MILLER belongs to (e.g. users or administrators) and if you have given method permission to this group. Check the EJB security role topics in the Help.
  Try to first test remote EJB with user MILLER before switching provider to LDAP. You can also temporary disable BC4J JAAS security by setting jbo.security.enforce to None.
  Thanks,
  Yvonne

• SDO gives JBO-26030: Failed to lock the record, another user holds the lock

  Hi,
  I have a question thats on the boundary between ADF and BPEL but I posted in this forum because its highly related to ADF Model with Service Interface.
  We have a BPEL batch process that spawns multiple child BPEL processes that handle threads inside the batch in parallel. These child processes all update the same batch record in a database with for example the lastActionDateTime. We do this by invoking an update service on a SDO application that we built following this tutorial: http://jianmingli.com/wp/?p=2838
  It all works good but sometimes when updating the same row from multiple BPEL process instances at the same time, we sometimes get a SDO JBO-26030: Failed to lock the record, another user holds the lock.
  I'm a bit stunned by this, because all we really do is updating a record. From BPEL we just invoke the updateBatch webservice method of the Service Interface.
  I can imagine that there will be wait time when these updates come in at the same time, but I didn't expect an exception would occur. Also the arbitrariness confuses me. If a child process would lock the record, I would expect this error to happen always and not at random.
  From BPEL the error displays as follows:
       <fault>
            <bpelFault>
                 <faultType>1</faultType>
                 <ServiceException>
                      <part  name="ServiceErrorMessage">
                           <tns:ServiceErrorMessage>
                                <tns:code>26030</tns:code>
                                <tns:message>JBO-26030: Failed to lock the record, another user holds the lock.</tns:message>
                                <tns:severity>SEVERITY_ERROR</tns:severity>
                                <tns:exceptionClassName>oracle.jbo.AlreadyLockedException</tns:exceptionClassName>
                           </tns:ServiceErrorMessage>
                      </part>
                 </ServiceException>
            </bpelFault>
       </fault>However when I dive into soa_server1-diagnostic.log I see the following exception:
  [2011-10-28T17:37:37.770+02:00] [soa_server1] [ERROR] [] [oracle.jbo.server.svc.ServiceJTATxnHandlerImpl] [tid: [ACTIVE].ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: a1484c49db38e963:-581f01fc:13345d7173d:-8000-00000000000322f4,0:1:0x5f5e2bf:33] [WEBSERVICE_PORT.name: ECMControllerSDOServiceSoapHttpPort] [APP: ECMControllerSDO] [composite_name: ECMProcessController] [component_name: ProcessControllerBPEL] [component_instance_id: 240335] [J2EE_MODULE.name: ECMControllerSDO] [WEBSERVICE.name: ECMControllerSDOService] [J2EE_APP.name: ECMControllerSDO] [[
  oracle.jbo.RowInconsistentException: JBO-25014: Another user has changed the row with primary key oracle.jbo.Key[CDS_20111028_8 ].
       at oracle.jbo.server.OracleSQLBuilderImpl.doEntitySelectForAltKey(OracleSQLBuilderImpl.java:1077)
       at oracle.jbo.server.BaseSQLBuilderImpl.doEntitySelect(BaseSQLBuilderImpl.java:553)
       at oracle.jbo.server.EntityImpl.doSelect(EntityImpl.java:8134)
       at oracle.jbo.server.EntityImpl.lock(EntityImpl.java:5863)
       at oracle.jbo.server.EntityImpl.beforePost(EntityImpl.java:6369)
       at oracle.jbo.server.EntityImpl.postChanges(EntityImpl.java:6551)
       at oracle.jbo.server.DBTransactionImpl.doPostTransactionListeners(DBTransactionImpl.java:3275)
       at oracle.jbo.server.DBTransactionImpl.postChanges(DBTransactionImpl.java:3078)
       at oracle.jbo.server.DBTransactionImpl.commitInternal(DBTransactionImpl.java:2088)
       at oracle.jbo.server.DBTransactionImpl.commit(DBTransactionImpl.java:2369)
       at oracle.jbo.server.DefaultJTATxnHandlerImpl.commit(DefaultJTATxnHandlerImpl.java:156)
       at oracle.jbo.server.svc.ServiceJTATxnHandlerImpl.commit(ServiceJTATxnHandlerImpl.java:216)
       at oracle.jbo.server.svc.ServiceJTATxnHandlerImpl.beforeCompletion(ServiceJTATxnHandlerImpl.java:124)
       at sun.reflect.GeneratedMethodAccessor2677.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at oracle.jbo.server.svc.WLSContextCrossAppProxy$WLSCrossAppProxy.invoke(WLSContextCrossAppProxy.java:66)
       at $Proxy377.beforeCompletion(Unknown Source)
       at weblogic.transaction.internal.ServerSCInfo.doBeforeCompletion(ServerSCInfo.java:1239)
       at weblogic.transaction.internal.ServerSCInfo.callBeforeCompletions(ServerSCInfo.java:1214)
       at weblogic.transaction.internal.ServerSCInfo.startPrePrepareAndChain(ServerSCInfo.java:116)
       at weblogic.transaction.internal.ServerTransactionImpl.localPrePrepareAndChain(ServerTransactionImpl.java:1316)
       at weblogic.transaction.internal.ServerTransactionImpl.globalPrePrepare(ServerTransactionImpl.java:2132)
       at weblogic.transaction.internal.ServerTransactionImpl.internalCommit(ServerTransactionImpl.java:272)
       at weblogic.transaction.internal.ServerTransactionImpl.commit(ServerTransactionImpl.java:239)
       at weblogic.ejb.container.internal.BaseRemoteObject.postInvoke1(BaseRemoteObject.java:625)
       at weblogic.ejb.container.internal.StatelessRemoteObject.postInvoke1(StatelessRemoteObject.java:49)
       at weblogic.ejb.container.internal.BaseRemoteObject.__WL_postInvokeTxRetry(BaseRemoteObject.java:444)
       at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:53)
       at nl.kpn.ecm4crm.am.server.serviceinterface.ECMControllerSDOServiceImpl_51vl7y_ECMControllerSDOServiceImpl.updateBatches(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
       at $Proxy373.updateBatches(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at oracle.j2ee.ws.server.jaxws.ServiceEndpointRuntime.processMessage(ServiceEndpointRuntime.java:355)
       at oracle.j2ee.ws.server.jaxws.ServiceEndpointRuntime.processMessage(ServiceEndpointRuntime.java:196)
       at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:479)
       at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:1187)
       at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:1081)
       at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessing(ProviderProcessor.java:581)
       at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:232)
       at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:192)
       at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:459)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.jbo.server.svc.ServiceContextFilter.doFilter(ServiceContextFilter.java:78)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)Thank you for reading, any directions suggestions on how to solve this will be highly appreciated.
  regards,
  Gerben

  Thanks Frank.
  Already tried that , please let me know if there is any other way to get this .
  This is being discussed here :
  Re: Update without No wait
  and i am following what John Stegeman has suggested.

• Failed to authenticate user

  We have installed SAP on Microsoft Windows clustered environment with Oracle on Storage.
  While taking offline backup of SAP, we are getting the following error message:
  BR0280I BRBACKUP time stamp: 2008-12-31 01.02.13
  BR0307I Shutting down database instance PRD ...
  BR0278E Command output of 'FSCMD OFFLINERESOURCE PRD.WORLD /CLUSTER=SAPCLUSTER /OFFLINE=IMMEDIATE /USER=PRDADM /DOMAIN=PARLEAGRO /PWD=*********
  Failed to connect to Oracle Services for MSCS on cluster SAPCLUSTER**
  FS-10211: Failed to authenticate user PRDADM.  The user must have Administrator privileges on all cluster nodes**BR0280I BRBACKUP time stamp: 2008-12-31 01.02.36
  BR0279E Return code from 'FSCMD OFFLINERESOURCE PRD.WORLD /CLUSTER=SAPCLUSTER /OFFLINE=IMMEDIATE /USER=PRDADM /DOMAIN=PARLEAGRO /PWD=*********
  BR0309E Shutdown of database instance PRD failed
  BR0056I End of database backup: bdzpbrcw.aft 2008-12-31 01.02.36
  BR0280I BRBACKUP time stamp: 2008-12-31 01.02.36
  BR0054I BRBACKUP terminated with errors

  Hi,
  Please, check if user PRDADM is assigned to the local administrators group on both nodes of the cluster. If not, please include it to this OS group. Also ensure the relevant Oracle services are running.
  Cheers

• JBO-26030 Failed to lockthe record, another user holds the lock.

  I have a web application using Bc4j + Bc4J JSPs .
  the web app , reads/writes to some tables.
  from time to time , I get this error:
  JBO-26030 Failed to lock the record, another user holds the lock.
  no other user is holding the record.
  appreciate your help
  regards
  RT

  Stopping the embedded OC4J should solve the problem.
  If you can reproduce the problem within one session (no browser sessions closed) then the problem is within your application.
  As Ric pointed out, it is always good practice to use read-only view objects unless you need to transact with the database apart from selecting data.
  If you have navigated away from some pages without committing changes, then you could consider committing as part of the page navigation, in order to release any locks and close off the transaction.
  regards,
  Brenden

• JBO-26030: Failed to lock the record, another user holds the lock.

  Hi, i am using value change listener to a discount percentage field & after calucalion for the first time it will give the discount amount value & filling that field. But for the second attempt it is showing nothing but printing correct values in the console.it is not getting refresh.
  and also i am getting this error:JBO-26030: Failed to lock the record, another user holds the lock.

  based on Jdev documentation, re-execute the query solved the problem.

• Failed to create new user null

  All Experts
  I am getting the following error message when I am trying to start Java Engine. I am trying to add Java Add on to the ABAP Stack. This was taken from security.0.log .
  #1.5#001143312344001E00000003000006B400044C1E4BBCD4E7#1209592910253#/System/Security/UserStoreUME##com.sap.security.core.server.userstore.UserContextUME#######SAPEngine_System_Thread[impl:5]_14##0#0#Error#1#com.sap.security.core.server.userstore.UserContextUME#Plain###
  Failed to create new user null#
  #1.5#001143312344001E00000005000006B400044C1E4BBCFE64#1209592910253#/System/Security/UserStoreUME##com.sap.security.core.server.userstore.UserContextUME.engineCreateUser(String)#######SAPEngine_System_Thread[impl:5]_14##0#0#Info#1#com.sap.security.core.server.userstore.UserContextUME#Java###Created new user #1#<null>#
  #1.5#001143312344001E00000006000006B400044C1E4BBCFFBA#1209592910253#/System/Security/UserStoreUME##com.sap.security.core.server.userstore.UserContextUME#######SAPEngine_System_Thread[impl:5]_14##0#0#Error#1#/System/Security/UserStoreUME#Java###Error during creation of default users or role assignments: #1#
  Could not create user null: LOGONID_IS_NULL#
  #1.5#001143312344001E00000008000006B400044C1E4BBD03D0#1209592910253#/System/Security##com.sap.engine.services.userstore.UserContext.<init>(UserContextSpi, Properties)#######SAPEngine_System_Thread[impl:5]_14##0#0#Fatal#1#com.sap.engine.services.userstore#Plain###Can not instantiate UserContext with given properties.#
  #1.5#001143312344001E0000000B000006B400044C1E4BBD5C7C#1209592910284#/System/Security##com.sap.engine.services.security#######SAPEngine_System_Thread[impl:5]_14##0#0#Error#1#com.sap.engine.services.security#Java#security_0001#com.sap.engine.services.security.exceptions.SecurityResourceBundle#Unexpected exception:##
  Please suggest

  Hi Prasanna
  I am getting this error while installing the Java Add-on. The installation was in the last stage and there it got struck when it tried to reboot the java engine. I am using SAPJSF user to communicate with ABAP stack and it has the full authorizations. I even checked and see that SAPJSF user is not locked. I also tried with another user and still the same issue. As per the log it the java engine is able to login with the user, but it is trying to create a user and fialing there. I am not sure why it is creating this user.
  Regards,
  Mahesh

• OC4J Security fails to authenticate users on a 64 bit solarisx86 machine

  Hi,
  I am using a database login module to authenticate users. The login module I use is DBTableLoginModule. On 32 bit windows based machine, the module functions perfectly fine. When I deployed my project on a 64 bit solarisx86 machine, users are no longer able to login. On debugging the DBTableLoginModule, the authentication shows success and the commit method is return true to the OC4J security. But OC4J is redirecting to error page and I have no clue as to why it is doing so. The problem is I am not able to debug OC4J security for I have no source code for that. My question is how can i turn on debugging for OC4J Security
  so I can watch out for any errors or anything that OC4J complains about so I can have better chances to overcome this problem.
  Thanks
  Sam

  Hi,
  sounds like a OC4J bug to me (or issue at least). You may want to check
  OC4J
  Frank

• Cisco ISE 1.1.1.268 Giving error (Report Generation failed. Cause: Null)

  I have this issue and I would be very thankful if someone has the answer for this. When I am trying to access Operation > Report > Catalog > Posture > Posture Detail Assessment & clicking on any posture session detail icon. I am getting following attached errors.
  1.     Report Generation failed. Cause: Null
  2.     Cannot execute the statement.
  Does anyone knows how to get rid of this error & to get access of posture detail.
  Thanks

  The error message means that Active Directory server Reject the authentication attempt
  as for some reasons the user account got locked.I guess, You should ask your AD Team to check in the AD
  Event Logs why did the user account got locked.
  Under Even Viewers, You can find it out
  Regards
  Minakshi (Do rate the helpful posts)

• Cisco ISE (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out)

  Hi,
  I have a setup ISE 1.1.1. Users are getting authenticate against AD. Everything is working fine except some users report disconnection. I see in the ISE that (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out). Users are using Windows 7 OS.
  Error is enclosed & here is the port configuration.
  Port Configuration.
  interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30 interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30
  Please help.

  The error message means that Active Directory server Reject the authentication attempt
  as for some reasons the user account got locked.I guess, You should ask your AD Team to check in the AD
  Event Logs why did the user account got locked.
  Under Even Viewers, You can find it out
  Regards
  Minakshi (Do rate the helpful posts)

• Can you authenticate users from 2 different AAA-servers for one specific tunnel-group?

  I need to authenticate users from two separate AD LDAP databases on the same tunnel-group. I would like them to use the same tunnel-group and thereby using the  same group-alias. I tried creating a new aaa-server group and putting both LDAP servers into group but apparently the ASA does not roll through the separate servers in the aaa-server group and will stop if the first server states that the authentication failed.
  I also tried assigning multiple aaa-server groups into the tunnel-group authentication-server-group but that also did not work. I finally tried to create a separate tunnel-group and assigning it the same group-alias but the ASA will not allow me to assign the same group-alias to different tunnel-group. What is the best way to accomplish this without having to create a new group-alias that will show up and possible confuse the dumb users requiring this access? Please help.

  If you don't want ANY drop down I believe you can do it in a kludgy sort of way.
  Eliminate all the group aliases (which are used to populate the dropdown) and make a local database of the users for the sole purpose of assigning / restricting them to a non-default tunnel-group which authenticates to the secondary LDAP server. 
  You can also send out a non-published URL that points to a second tunnel-group not in the dropdown.
  Of course, we can accomplish this if the AAA server is ISE. ISE 1.3 can authenticate users to multiple AD domains (with or without trust relationships) or a single domain with multiple join points in the Forest.
  The ISE answer makes me wonder - could you establish trust between the domains and authenticate users that way?

• Java.lang.SecurityException: Authentication for user null denied in realm

  Hello,
  We have the following exceptionj on WLS 6.1 SP3 on Win2K:
  javax.naming.AuthenticationException. Root exception is
  java.lang.SecurityException: Authentication for user null denied in realm
  weblogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:212)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at
  weblogic.security.acl.internal.Security.authenticate(Security.java:135)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:518)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:362)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:334)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:211)
  at
  weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:149)
  at
  javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:660)
  at
  javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:241)
  at javax.naming.InitialContext.init(InitialContext.java:217)
  at javax.naming.InitialContext.<init>(InitialContext.java:173)
  at
  And it seems that this exception happens after the introduction of a JAAS module
  for an external call.
  What strikes me is that the WLS samples use System.setProperty... and I was wondering
  if this could be the cause of our problem, because the rest of the application
  does not use JAAS, and that may be it screws up the realm with WLS....
  Any idea?
  Cheers,
  Thierry

  Hello,
  We have the following exceptionj on WLS 6.1 SP3 on Win2K:
  javax.naming.AuthenticationException. Root exception is
  java.lang.SecurityException: Authentication for user null denied in realm
  weblogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:212)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at
  weblogic.security.acl.internal.Security.authenticate(Security.java:135)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:518)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:362)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:334)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:211)
  at
  weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:149)
  at
  javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:660)
  at
  javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:241)
  at javax.naming.InitialContext.init(InitialContext.java:217)
  at javax.naming.InitialContext.<init>(InitialContext.java:173)
  at
  And it seems that this exception happens after the introduction of a JAAS module
  for an external call.
  What strikes me is that the WLS samples use System.setProperty... and I was wondering
  if this could be the cause of our problem, because the rest of the application
  does not use JAAS, and that may be it screws up the realm with WLS....
  Any idea?
  Cheers,
  Thierry

• Cisco WLC 2504 and ways to authenticate users

  Hi All,
       What is the ways to make user authenticate to WLC 2504 and what is the best and simple way and what is the differences btw each method _i mean for example need radius server or something else to be exist_ ?
       and any one can give me case study for this issue
  System consist of Cisco 2504 and Cisco LAP 1140
  Thanks

  To implement radius based authentication is the best practice for the small & enterprise environment.
  Information About RADIUS
  Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that provides centralized security for users attempting to gain management access to a network. It serves as a backend database similar to local and TACACS+ and provides authentication and accounting services:
  •Authentication—The process of verifying users when they attempt to log into the controller.
  Users must enter a valid username and password in order for the controller to authenticate users to the RADIUS server. If multiple databases are configured, you can specify the sequence in which the backend database must be tired.
  •Accounting—The process of recording user actions and changes.
  Whenever a user successfully executes an action, the RADIUS accounting server logs the changed attributes, the user ID of the person who made the change, the remote host where the user is logged in, the date and time when the command was executed, the authorization level of the user, and a description of the action performed and the values provided. If the RADIUS accounting server becomes unreachable, users are able to continue their sessions uninterrupted.
  RADIUS uses User Datagram Protocol (UDP) for its transport. It maintains a database and listens on UDP port 1812 for incoming authentication requests and UDP port 1813 for incoming accounting requests. The controller, which requires access control, acts as the client and requests AAA services from the server. The traffic between the controller and the server is encrypted by an algorithm defined in the protocol and a shared secret key configured on both devices.
  You can configure multiple RADIUS accounting and authentication servers.For example, you may want to have one central RADIUS authentication server but several RADIUS accounting servers in different regions. If you configure multiple servers of the same type and the first one fails or becomes unreachable, the controller automatically tries the second one, then the third one if necessary, and so on. 
  For more Information : http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_security_sol.html#wp2149947