Kerberos authentication adobe policy server
Hi,
when a user uses the browser to log into adobe policy server, he also gets a ticket from kerberos? Or does this just happen, when he uses for example the Adobe Acrobat Professional?
thx for help...
bye
Hi Raymund,
Currently Windows Kerberos Authentication is only supported from Acrobat and other client applications we support with plugins (MS Office).
Hope this helps.
-Bill
Similar Messages
-
Use of Adobe Policy server to implement security functions
Hello Folks,
Has anyone explored the possibilities to implement security features for adobe offline scenario using Adobe Policy Server?
Is there any other means by which I can implement features like password protected or encryption in offlince scenario?
SAP documentation has pointers to Adobe Policy server, but no comprehensive documentation found on the same.
Thanks & Regards,
ChitraliHi,
You can add security features like password protection and limits usage, such as no printing, etc. Here is a link to the Java API documentation http://help.sap.com/javadocs/NW04S/current/wd/com/sap/tc/webdynpro/clientserver/adobe/pdfdocument/api/IWDPDFDocumentCreationContext.html#setProtection(java.lang.String,%20java.lang.String,%20com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.api.WDPDFDocumentProtectPermission[])
I believe you can do the same stuff with the ABAP API.
You have to check if it works in your version, because sometimes the API is there but doesn't work 100%.
You can also sign docs (there is some info about that in the above Java API link).
Hope this helps. -
Event ID 32014, source:LS Application Server
The application threw an exception while starting.
The application urn:application:testbot threw the following exception when starting: Exception: Microsoft.Rtc.Collaboration.ProvisioningFailureException
> FailureReason: ApplicationNotFound
> DetectionStackTrace: at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)
at System.Environment.get_StackTrace()
at Microsoft.Rtc.Collaboration.ProvisioningFailureException..ctor(String message, Exception innerException, ProvisioningFailureReason failureReason)
at Microsoft.Rtc.Collaboration.PlatformDataImpl.CreateInstance(String requiredCertificateUsage, UCSettings ucSettings, String applicationId, Boolean enableCMSLoadBalancing, Boolean useLocalRegistrar)
at Microsoft.Rtc.Collaboration.ProvisioningSourceImpl.GetInitialPlatformData()
at Microsoft.Rtc.Collaboration.ProvisioningSourceGetInitialPlatformDataAsyncResult.ProcessCoreHelper()
at Microsoft.Rtc.Collaboration.SipCollaborationAsyncResult.ProcessCore()
at Microsoft.Rtc.Signaling.AsyncWorkitemQueue.ProcessItems()
at Microsoft.Rtc.Signaling.SerializationQueue`1.ResumeProcessing()
at Microsoft.Rtc.Signaling.SerializationQueue`1.ResumeProcessingCallback(Object state)
at Microsoft.Rtc.Signaling.QueueWorkItemState.ExecuteWrappedMethod(WaitCallback method, Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
> Message: Application with id(urn:application:testbot) not found or a default port has not been configured for it.
> TargetSite: Exception: Exception has been thrown by the target of an invocation.
> StackTrace: at Microsoft.Rtc.Internal.ServerSharedComponents.MachApplication.StartUp()
at Microsoft.Rtc.Internal.ServerSharedComponents.ServiceManager.Startup()
at Microsoft.Rtc.Internal.ServerSharedComponents.UCAS.MachUcasService.StartAsync()
at Microsoft.Rtc.ApplicationServerCore.ApplicationLoader.CallStartAsync()
> Source: Microsoft.Rtc.Collaboration
> HResult: -2146233088
Cause: Startup errors.
Resolution:
Check the events prior to this to resolve the service startup issue.Event ID: 29004 Source: LS Bandwidth Policy Service (Authentication)
Error while trying to access local Settings. The LS Bandwidth Policy Service (Authentication) will stop.
Exception: System.Exception: MRAS port is not configured!
at Microsoft.Rtc.MRAS.Configuration..ctor(ConfigChangedHandler ConfigChangedEventHandler, RoleName roleName)
Cause: The current account may not have the necessary permissions to access these settings, or the LS Bandwidth Policy Service may not be installed correctly, or the settings are wrong.
Resolution:
Rerun LS Bandwidth Policy Service (Authentication) installation and activation.
Event ID: 29005 Source: LS Bandwidth Policy Service (Authentication)
LS Bandwidth Policy Service (Authentication) could not be started.
Exception: System.Exception: MRAS port is not configured!
at Microsoft.Rtc.MRAS.Configuration..ctor(ConfigChangedHandler ConfigChangedEventHandler, RoleName roleName)
at Microsoft.Rtc.MRAS.Core..ctor(ServiceStopHandler serviceStop, RoleName roleName)
at Microsoft.Rtc.MRAS.Server.OnStart(RoleName roleName)
Cause: Internal error.
Resolution:
Examine the details in the associated event log entry to determine the potential cause and report to Product Support Services. -
Policy Server Document displaying no content inside Adobe Acrobat 7.0
When I apply a policy to a document and login in I am able to view the document the first time. However when I try to re-open the document, it will open in Adobe Acrobat Professional 7.0 but open up with a grey background with no content. We are currently piloting the adobe Policy Server. I have ab out 35 external users on this policy and all of them are active users.
Hi Stacie,
Could you provide more detail on what happens when a document won't open. For example:
* Is a gray background displayed?
* Do you receive an error message (if so, what is it exactly)?
* What client OS are you using (version/service pack/etc)?
* What version of Acrobat are you using (7.0.0, 7.0.1, 7.0.2, 7.0.5, etc.)?
Any more detail (even little ones) can be useful in diagnosing the problem.
Thanks,
-Bill -
Is there any Java API to interact/integrate with Adobe LiveCycle Policy Server
Hi,
We are already using Adobe LiveCycle Policy server & has manual process in place to send documents to clients.
Going forward we want to automate this document generation process. We are using Java, JEE in our application.
We are planning to use below steps to automate this process.
1) Administrator will create a Template in Adobe Policy Server and will map users intended to receive mails with this template
2) Our application will interact with Adobe Policy Server and use Template ID to generate PDF document and send mails to client.
Can anyone please let me know if there is any Java API which can be used to perform the above second step.
Thanks a lot for your help.
Best Regards - RoyHi Steven,
What you refer to is PDF Generator version 7.x Postscript edition.
In version 7 of the product there were 3 editions:
1. PDF Generator Professional
Create PDF files from a wide range of source files:
Print (PS, EPS, PRN)
Image (JPG, GIF, BMP, TIFF, PSD)
Standard office formats (DOC, XLS, PPT, WPD, MPP)
Text (TXT, RTF)
Web (HTML)
Design files (DWG, VSD)
Generate all types of Adobe PDF file formats:
PDF 1.3, 1.4, 1.5, 1.6
PDF/X-1a and PDF/X-3 for prepress document exchange
PDF/A for archiving with easy search and retrieval
Searchable PDF files from images
Convert PDF files to:
HTML documents
Text (TXT, RTF, accessible)
Images (TIFF, PNG, JPEG)
Print (PS, EPS)
2. PDF Generator Elements
Create PDF files from a wide range of source files:
Print (PS, EPS, PRN)
Image (JPG, GIF, BMP, TIFF, PSD)
Standard office formats (DOC, XLS, PPT, WPD, MPP)
Text (TXT, RTF)
Web (HTML)
Design files (DWG, VSD)
Generate all types of Adobe PDF file formats:
PDF 1.3, 1.4, 1.5, 1.6
PDF/X-1a and PDF/X-3 for prepress document exchange
PDF/A for archiving with easy search and retrieval
Convert PDF files to:
HTML documents
Text (TXT, RTF, accessible)
Print (PS, EPS)
3. PDF Generator Postscript
Create PDF files from a wide range of source files:
Print (PS, EPS, PRN)
Generate all types of Adobe PDF file formats:
PDF 1.3, 1.4, 1.5, 1.6
PDF/X-1a and PDF/X-3 for prepress document exchange
PDF/A for archiving with easy search and retrieval
So basically what you have is the very limited edition, doing exactly what you said. For more functionality you should opt for one of the other editions (that for version 7.x)
Today's version is the newer LC PDF Generator ES. You can look for its specifications at http://www.adobe.com/products/livecycle/pdfgenerator/
Thanks -
Non English caracters in Policy Server invitation mail
Letters that are not in the English alphabet do not come out as they should when invitation and confirmation mails are sent from Adobe Policy Server.
In my case the Norwegian letters Æ Ø Å are not showing correct. But I'm guessing this goes for all other non eng. letters.
Example Š= å
I have installed Adobe Policy Server (automatic install) with JBOSS/Tomcat and use the IIS smtp server. Does anyone know where I have to do changes to get things correct?
Regards
Michael SletvoldHello Chris
Thank you for pointing me in the right direction. However I can not get it to work. It said utf8 and not utf-8 in the jboss-run.bat so I have tired both entries in the run.bat file (one at a time):
run.bat
set JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx512m -Dfile.encoding=utf-8
set JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx512m -Dfile.encoding=utf8
I also changed the jboss-run.bat to -Dfile.encoding=utf-8 without any sucsess.
The regional settings on the win2003 server is set to Norwegian and I have a full server restart after each time I make a change in the *.bat file. Any tip on what I might be doing wrong would be appretiated.
Regards
Michael -
Kerberos Authentication Issues.
Our set up is as follows. In Directory Access we have our own clients set to receive their LDAP information via DHCP from our Mac OSX server and when in our office - or indeed, at a location that does not have a Mac OS X server - Kerberos Authentication to our server works just fine.
However, when out of the office and in a location that also has a Mac OSX Server providing it's LDAP information via DHCP, naturally, we pickup that location's Kerberos Realm and this prevents us from making a connection to our Office VPN server which is running on our Mac OSX Server. To work successfully, it requires Kerberos Authentication but when prompted to enter our Kerberos password, the dialogue box appears with the local site's Kerberos Realm and even if I type in our office's Realm, it still will not work. How can we avoid this situation, other than turning off Kerberos Authentication completely.
The krux of the matter is that when off-site, my computer seems to pick up the Kerberos Realm of the system I'm in and completely forgets my own realm, thus not allowing me to authenticate until I return to my own office. I don't seem to be able to manually override it either.
Is there something I am missing here?afaict what you're expierencing is default behaviour. Kerberos on a client machine gets autoconfigured by means of reading the KerberosClient record in the LDAP database in use. This happens dynamically so having LDAP server coming from dhcp configures kerberos as laid out in that LDAP server KerberosClient record.
See man kerberosautoconfig which is the tool actually run to achieve this.
HTH
-Ralph -
HI
we have a sharepoint farm and in domain controller server, this error is in event viewer
Log Name: System
Source: Microsoft-Windows-Kerberos-Key-Distribution-Center
Date: 9/15/2014 10:44:15 PM
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: XXXAPP01.xxxportal.com
Description:
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is HTTP/XXXWFE01.xxxportal.com (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent
this from occuring remove the duplicate entries for HTTP/XXXWFE01.xxxportal.com in Active Directory.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
<EventID Qualifiers="49152">11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-09-15T19:44:15.000000000Z" />
<EventRecordID>131824</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>XXXAPP01.xxxportal.com</Computer>
<Security />
</System>
<EventData>
<Data Name="Name">HTTP/XXXWFE01.xxxportal.com</Data>
<Data Name="Type">DS_SERVICE_PRINCIPAL_NAME</Data>
<Binary>
</Binary>
</EventData>
</Event>
adilHi adil,
Service principal names (SPNs) are stored as a property of the associated account object in Active Directory
Domain Services (AD DS). I noticed that you have used setpn –X to identify the duplicate SPN. Please refer to following articles and check if help you to solve this issue.
Event ID 11 — Service Principal
Name Configuration
Event ID 11 in the System log of domain controllers
Please also refer to following article and check if can help you.
The problem with duplicate SPNs
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
does not guarantee the accuracy of this information.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu -
New Adobe Media Server Authentication Add-In
A new rebranded Adobe Media Server Authentication Add-In for Flash Media Live Encoder(FMLE) has been posted on FMLE download page. This version will work with both Adobe Media Server as well as Flash Media Server.
Grab it from here
https://www.adobe.com/cfusion/entitlement/index.cfm?e=fmle3
Team AMSthank you for your help but it did not work for me i installed the FMS on the default pass knowing iam using win 64 and i installed the FMS authentication add-in for this version it said installation complete and the server restarted
i used cmd to reach /conf i found the 2 files i used command
users add -u username -p password
to add the user
i tried to test and started FMLencoder v3.2 and it just started to stream and did not ask me for any username or password as you can see here
Wed May 04 2011 20:12:01 : Selected video input device: Chicony USB 2.0 Camera
Wed May 04 2011 20:12:02 : Selected audio input device: Microphone (Realtek High Defini
Wed May 04 2011 20:12:20 : Renaming existing file from C:\Users\Eslam\Videos\sample.flv to C:\Users\Es\Videos\sample.9.flv
Wed May 04 2011 20:12:22 : Primary - Connected to FMS/3,5,1,516
Wed May 04 2011 20:12:22 : Primary - Network Command: onBWDone
Wed May 04 2011 20:12:22 : Primary - Stream[livestream] Status: Success
Wed May 04 2011 20:12:22 : Primary - Network Command: onFCPublish
Wed May 04 2011 20:12:22 : Primary - Stream[livestream] Status: NetStream.Publish.Start
Wed May 04 2011 20:12:22 : Session Started
Wed May 04 2011 20:12:23 : Audio Encoding Started
Wed May 04 2011 20:12:24 : Video Encoding Started
how can i verify the add on working correctly and use it -
Hello everyone:
I know this question have been asked in these forums quite a few times. I apologize if it is a repeat telecast but I was not able to find a suitable solution pertaining to my problem.
I have a AP/SM setup that is configured to get EAP-PEAP authentication from Windows 2012 Server. I have setup everything and have verified that the EAP-PEAP authentication works fine on AP/SM by getting authentication from FreeRADIUS server. Now, when I try
to get authentication from Windows Server, I am getting a reject. The Event log shows this generic message:
Reason Code: 23
Reason:
An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
There is nothing in the EAP logs that is obvious too:
"USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1
07/11/2014 00:05:57 4927",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
"USIL01PMPTST01","IAS",07/11/2014,11:59:44,11,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1 07/11/2014 00:05:57 4927",30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
"USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1
07/11/2014 00:05:57 4928",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
"USIL01PMPTST01","IAS",07/11/2014,11:59:44,11,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1 07/11/2014 00:05:57 4928",30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
"USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,11,"PEAP_TEST",0,"311 1 10.120.133.1
07/11/2014 00:05:57 4929",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
"USIL01PMPTST01","IAS",07/11/2014,11:59:44,3,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,11,"PEAP_TEST",23,"311 1 10.120.133.1 07/11/2014 00:05:57 4929",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
So, basically, the sequence is this:
request , challenge, request , challenge, request, reject
Any idea what might be happening?
Thank you.Hi,
Have you installed certificates on the NPS server properly? Have you selected the proper certificate in the properties of PEAP?
Here is an article about the Certificate requirements of PEAP,
Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS
http://support.microsoft.com/kb/814394
If your certificate matches the requirement, you may try to reinstall the certificate by export and import.
To export a certificate, please follow the steps below,
Open the Certificates snap-in for a user, computer, or service.
In the console tree under the logical store that contains the certificate to export, click
Certificates.
In the details pane, click the certificate that you want to export.
On the Action menu, point to
All Tasks, and then click Export.
In the Certificate Export Wizard, click No, do not export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)
Provide the following information in the Certificate Export Wizard:
Click the file format that you want to use to store the exported certificate: a DER-encoded file, a Base64-encoded file, or a PKCS #7 file.
If you are exporting the certificate to a PKCS #7 file, you also have the option to include all certificates in the certification path.
If required, in Password, type a password to encrypt the private key you are exporting. In
Confirm password, type the same password again, and then click
Next.
In File name, type a file name and path for the PKCS #7 file that will store the exported certificate and private key. Click
Next, and then click Finish.
To import a certificate, please follow the steps below,
Open the Certificates snap-in for a user, computer, or service.
In the console tree, click the logical store where you want to import the certificate.
On the Action menu, point to
All Tasks, and then click Import to start the Certificate Import Wizard.
Type the file name containing the certificate to be imported. (You can also click
Browse and navigate to the file.)
If it is a PKCS #12 file, do the following:
Type the password used to encrypt the private key.
(Optional) If you want to be able to use strong private key protection, select the
Enable strong private key protection check box.
(Optional) If you want to back up or transport your keys at a later time, select the
Mark key as exportable check box.
Do one of the following:
If the certificate should be automatically placed in a certificate store based on the type of certificate, click
Automatically select the certificate store based on the type of certificate.
If you want to specify where the certificate is stored, select
Place all certificates in the following store, click
Browse, and choose the certificate store to use.
If issue persists, you may try to re-issue the certificate.
For detailed procedure, you may refer to the similar threads below,
Having issues getting PEAP with EAP-MSCHAP v2 working on Windows 2008 R2
http://social.technet.microsoft.com/Forums/windowsserver/en-US/c66cf0a8-24dd-4ccd-b5bb-16bd28ad8d4c/having-issues-getting-peap-with-eapmschap-v2-working-on-windows-2008-r2?forum=winserverNAP
Hope this helps.
Steven Lee
TechNet Community Support -
Kerberos Authentication DB in Oracle iPlanet Web Server
[Here is a blog about how to configure Kerberos Authentication Database in Oracle iPlanet Web Server on Solaris 10 update 8 |http://blogs.sun.com/meena/entry/using_kerberos_as_authentication_database]
As long as the application server that LCDS is deployed in is supported, it doesn't matter which webserver is being used.
HTH
Kumaran -
Error=49 from the LDAP server for GSSAPI Kerberos authentication
I am trying to find solution for ldapsearch failure with GSSAPI Kerberos authentication . I am running Sun Directory Server 5.2 P4 on a Solaris-9 sparc machine..
Steps :
bash-2.05# kinit tester1
Password for [email protected]:
bash-2.05#
When I do ldapsearch , I am getting following logs on the server :
tail -f /var/Sun/mps/slapd-bf1r-dsun-1/logs/access
[22/Feb/2007:01:44:16 -0700] conn=32 op=-1 msgId=-1 - fd=26 slot=26 LDAP connection from 10.7.30.185 to 10.7.30.16
[22/Feb/2007:01:44:16 -0700] conn=32 op=0 msgId=1 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:44:16 -0700] conn=32 op=0 msgId=1 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[22/Feb/2007:01:44:16 -0700] conn=32 op=1 msgId=2 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:44:16 -0700] conn=32 op=1 msgId=2 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[22/Feb/2007:01:44:16 -0700] conn=32 op=2 msgId=3 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:44:16 -0700] conn=32 op=2 msgId=3 - RESULT err=49 tag=97 nentries=0 etime=0
[22/Feb/2007:01:44:16 -0700] conn=32 op=3 msgId=4 - UNBIND
[22/Feb/2007:01:44:16 -0700] conn=32 op=3 msgId=-1 - closing - U1
[22/Feb/2007:01:44:17 -0700] conn=32 op=-1 msgId=-1 - closed.
[22/Feb/2007:01:45:50 -0700] conn=33 op=-1 msgId=-1 - fd=26 slot=26 LDAP connection from 10.7.30.185 to 10.7.30.16
[22/Feb/2007:01:45:50 -0700] conn=33 op=0 msgId=1 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:45:50 -0700] conn=33 op=0 msgId=1 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[22/Feb/2007:01:45:50 -0700] conn=33 op=1 msgId=2 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:45:50 -0700] conn=33 op=1 msgId=2 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[22/Feb/2007:01:45:50 -0700] conn=33 op=2 msgId=3 - BIND dn="uid=tester1,ou=people,dc=test1,dc=com" method=sasl version=3 mech=GSSAPI
[22/Feb/2007:01:45:50 -0700] conn=33 op=2 msgId=3 - RESULT err=49 tag=97 nentries=0 etime=0
[22/Feb/2007:01:45:50 -0700] conn=33 op=3 msgId=4 - UNBIND
[22/Feb/2007:01:45:50 -0700] conn=33 op=3 msgId=-1 - closing - U1
[22/Feb/2007:01:45:51 -0700] conn=33 op=-1 msgId=-1 - closed.
I am using default Identiy Mapping and the ldif file looks like this :
dn: cn=default,cn=GSSAPI,cn=identity mapping,cn=config
objectClass: dsIdentityMapping
objectClass: nsContainer
objectClass: dsPatternMatching
objectClass: top
cn: default
dsMatching-pattern: ${Principal}
creatorsName: cn=directory manager
createTimestamp: 20070220045812Z
dsMatching-regexp: uid=(.*)
dsSearchBaseDN: ou=people,dc=test1,dc=com
dsMappedDN: uid=${Principal},ou=people,dc=test1,dc=com
modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
modifyTimestamp: 20070221082740Z
Following is the snoop for LDAP on the server :
bash-2.05# !snoop
snoop -v port 389 | grep LDAP
Using device /dev/eri (promiscuous mode)
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 0: Bind Request]
LDAP: [Version]
LDAP: [Object Name]
LDAP: uid=tester1,ou=people,dc=test1,d
LDAP: c=com
LDAP: Authentication: SASL *[3]
LDAP: [OctetString]
LDAP: GSSAPI
LDAP: [OctetString]
LDAP: *** NOT PRINTED - Too long value ***
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 1: Bind Response]
LDAP: [Result Code]
LDAP: SASL Bind In Progress
LDAP: [Matched DN]
LDAP: [Error Message]
LDAP: SASL Credentials [7]
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 0: Bind Request]
LDAP: [Version]
LDAP: [Object Name]
LDAP: uid=tester1,ou=people,dc=test1,d
LDAP: c=com
LDAP: Authentication: SASL *[3]
LDAP: [OctetString]
LDAP: GSSAPI
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 1: Bind Response]
LDAP: [Result Code]
LDAP: SASL Bind In Progress
LDAP: [Matched DN]
LDAP: [Error Message]
LDAP: SASL Credentials [7]
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 0: Bind Request]
LDAP: [Version]
LDAP: [Object Name]
LDAP: uid=tester1,ou=people,dc=test1,d
LDAP: c=com
LDAP: Authentication: SASL *[3]
LDAP: [OctetString]
LDAP: GSSAPI
LDAP: [OctetString]
LDAP:
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation *[APPL 1: Bind Response]
LDAP: [Result Code]
LDAP: 1
LDAP: Invalid Credentials
LDAP: [Matched DN]
LDAP: [Error Message]
LDAP: SASL(-1): generic failure:
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- Lightweight Directory Access Protocol Header -----
LDAP: *[LDAPMessage]
LDAP: [Message ID]
LDAP: Operation [APPL 2: Unbind Request]
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
Please help me on how to fix this issue.
Thanks,
RadhakrishnanI did reply on the other thread of yours...
Ludovic -
Network Policy Server Two-factor authentication OTP
Hello,
I don't have much knowledge about the Network Policy Server so before digging into this; I would like to know if it offers two-factor authentication. If so, what are the possibilites? I'm looking for a validation based on a one-time password OTP (hardware/software
token or sms) and the Active Directory user/pwd.
Is there anything builtin in the Network Policy Server offering this?
Thank you!Hi,
NPS supports smart card.
Two-factor authentication provides improved security because it requires the user to meet two authentication criteria: a user name/password combination and a token or certificate.
A typical example of two-factor authentication with a certificate is the use of a smart card.
To use smart cards for remote access authentication, we may do the following:
Configure remote access on the remote access server.
Install a computer certificate on the remote access server computer.
Configure the Smart card or other certificate (TLS) EAP type in remote access policies.
Enable smart card authentication on the dial-up or VPN connection on the remote access client.
For detailed information, please refer to the link below,
Using smart cards for remote access
http://technet.microsoft.com/en-us/library/cc783310(v=WS.10).aspx
Best Regards.
Steven Lee
TechNet Community Support -
Why is OD Server not responding when added to authentication search policy?
Howdy All,
I'm using Mac OS X Server (10.5.6) to connect to an LDAP server in the organisation (not sure what it is running on). The Mac is not running as a master or mirror just a client.
When I configure the connection to the LDAP server in Directory Utility it says "This server is responding normally. This server is not in your authentication search policy." That's ok.
Whowever, when I add the connection to the authentication (or contacts) search policy in Directory Utility is says "This server is not responding."
What would this specifically indicate? This machine is not allowed to connect? The mapping is incorrect? There is some sort of mismatch between client and server?
Others have used Macs to connect to this LDAP server. I've followed their specific configuration suggestions. I've also tried turning off/on the firewall, DNS server, etc.
Thanks for any assistance.
Cheers,
Ashley.Hi Jeff,
Thanks for your post. That said, I'm not sure how you got the impression that I wish to go to Maine I'm happy here in Perth, Western Australia.
Jeff Kelleher wrote:
Connecting a Mac to an LDAP server is a far cry from connecting a OS X Server to an existing LDAP server. Not that I could necessarily help, but asking how to connect an OS X Server to an LDAP server is a bit like asking "guess where I am now, how do I get to Maine?"
You need to provide as much info as you can.
Seriously though, I'm not sure of the difference. I am using Directory Utility to allow this OS X Server to get authentication information from an LDAP server just like an OS X Client would.
I have Open Directory in Server Admin just setup to connect to a directory system (i.e. the organisation LDAP server), not a master or replica.
My final goal is to allow access to an OS X TeamsServer Wiki by users who are authenticated against the LDAP server (rather than having to have separate accounts, logins, on the OSXS.)
I am hoping that I can use a group from the LDAP server to define the team, but perhaps I will have to run a standalone OD. I hope then I can add LDAP users to the OD group.
What other information would help?
Thanks,
Ashley.
OS X Server 10.5.6 -
How to connect LIVE CYCLE Policy server from ADOBE ACROBAT
Hi All,
I want to know how to connect to Livecycle Policy Server from Adobe Acrobat.
I had generated mykeystore and changed the server.xml.
https://localhost:443/ is working on server m/c
but when i configure Acrobat security setting and add new server with server name as the IP Address of Server(10.224.72.38)
then it gives error : "Enable to connect to the service at https://10.224.72.38:443.
Please tell me how to connect to the server.
Thanks in AdvanceHi All,
I want to know how to connect to Livecycle Policy Server from Adobe Acrobat.
I had generated mykeystore and changed the server.xml.
https://localhost:443/ is working on server m/c
but when i configure Acrobat security setting and add new server with server name as the IP Address of Server(10.224.72.38)
then it gives error : "Enable to connect to the service at https://10.224.72.38:443.
Please tell me how to connect to the server.
Thanks in Advance
Maybe you are looking for
-
My iPhone 5 won't link to my bluetooth headset.
My iPhone 5 won't link to my bluetooth headset (Samsung). It just continuously shows 'searching'. I've restarted the phone and bluetooth headset (fully charged) but it still can't find it.
-
How to schedule a job to trigger SAP IE send the message
Hi XIer, Our scenario: I created a report to use ABAP client proxy to trigger a message in SAP R3. I can see this message has generated in SXMB_MONI in SAP IE(not in XI IE),but the message status is <message released( commit successful )>, but not se
-
I recently plugged in his phone and downloaded all the music from his apple id, music he had purchased. I have a different apple id. Can he share it with me? Would I be able to get it on my phone? Also, with home sharing on my apple TV- Can I tu
-
"flex_initialize_controller" function
I'm trying to initialize my motion controller (PCI 7334) using the "flex_initialize_controller" function and settings saved in "UTM" with the MAX version 3.1. Problem is the input parameter "settingsName" of the function. What datatype should it be??
-
How to Drag and drop Between ALVs
Hello Experts, How to drog and drop from one alv to another alv. Is it possible? Please suggest me.. Thanks.