Kerberos authentication with Active Directory
I have tried using JAAS to authenticate to MS Active Directory and keep getting "javax.security.auth.login.LoginException: Pre-Authentication Information was invalid"
I have tried authenticating with multiple user accounts and on three different realms (Active Directory domains).
How do I need to format the username? I know that when using JNDI to access Active Directory I have to use the format "[email protected]" or the RDN. I have tried it both ways with JAAS kerberos authentication as well as with just the username by itself. I don't think that the username format is the problem though because if I set the account lockout policy to 5 failed attempts, sure enough my account will be locked out after running my code 5 times. If I give a username that doesn't exist in Active Directory I get the error "javax.security.auth.login.loginexception: Client not found in Kerberos database" Is there something special that I have to do to the password?
I know that there is just something stupid that I'm missing. Here is the simplest example of code that I'm working with:
import java.io.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.Subject;
import com.sun.security.auth.callback.TextCallbackHandler;
public class krb5ADLogin1 {
public static void main(String[] args){
LoginContext lc = null;
try {
lc=new LoginContext("krb5ADLogin1", new TextCallbackHandler());
lc.login();
catch(Exception e){
e.printStackTrace();
Here is my config file:
krb5ADLogin1 {
com.sun.security.auth.module.Krb5LoginModule required;
The command I use to start the program is:
java -Djava.security.krb5.realm=mydomain.com
-Djava.security.krb5.kdc=DomainController.mydomain.com
-Djava.security.auth.login.config=sample.conf krb5ADLogin1
Hi there ... the Sun web site has the following snippet:
http://java.sun.com/j2se/1.4/docs/guide/security/jgss/tutorials/Troubleshooting.html
+ javax.security.auth.login.LoginException: KrbException::
Pre-authentication information was invalid (24) - Preauthentication failed
Cause 1: The password entered is incorrect.
Solution 1: Verify the password.
Cause 2: If you are using the keytab to get the key (e.g., by
setting the useKeyTab option to true in the Krb5LoginModule entry
in the JAAS login configuration file), then the key might have
changed since you updated the keytab.
Solution 2: Consult your Kerberos documentation to generate a new
keytab and use that keytab.
Cause 3: Clock skew - If the time on the KDC and on the client
differ significanlty (typically 5 minutes), this error can be
returned.
Solution 3: Synchronize the clocks (or have a system administrator
do so).
Good luck,
-Derek
Similar Messages
-
ACS 5.3, EAP-TLS Machine Authentication with Active Directory
I have ACS 5.3. I am testing EAP-TLS Machine Authentication using Active Directory as an external Identity Store. II was testing and everything was going fine until I did some failure testing.
My problem: I deleted my computer account out of Active Directory and tried to authenticate my wireless laptop and it still worked when it should have failed.
Here is some of the output of the ACS log. You can see that the computer could not be found in AD and this was returned to the ACS. However, ACS still went ahead and authenticated the computer successfully.
Evaluating Identity Policy
15006 Matched Default Rule
22037 Authentication Passed
22023 Proceed to attribute retrieval
24433 Looking up machine/host in Active Directory - LAB-PC-PB.VITS.attcst.sbc.com
24437 Machine not found in Active Directory
22016 Identity sequence completed iterating the IDStores
Evaluating Group Mapping Policy
12506 EAP-TLS authentication succeeded
11503 Prepared EAP-Success
Evaluating Exception Authorization Policy
15042 No rule was matched
Evaluating Authorization Policy
15006 Matched Default Rule
15016 Selected Authorization Profile - Permit Access
22065 Max sessions policy passed
22064 New accounting session created in Session cache
11002 Returned RADIUS Access-Accept
I was assuming that if the computer was not found, the Identity Policy would fail, so I did not configure any authorization policy. Do I need an authorization policy to tell the ACS to fail the authentication if the machine cannot be found in AD? If I need an authorization policy, how do I configure it?
Note: In my Identity Store Sequence, I did enable the option:
For Attribute Retrieval only:
If internal user/host not found or disabled then exit sequence and treat as "User Not Found"
but this only seems to work for internal identity stores (at least based on my testing)
Under my Access Policy Identity tab, I configured the following Advanced features:
Advanced Options
If authentication failed
RejectDropContinue
If user not found
RejectDropContinue
If process failed
RejectDropContinue
And that didn't do anything either.
Any ideas? Thanks in advance.Can try the following. Define an attribute to be retrieved from Active Directory and that exists for all objects. When defining the attribute it can be given a default value. Assign a default value which is a value that will never be returned for a real machine entry (eg "DEFAULTVALUE") and give it a "Policy Condition Name"
Then can make a rule in the authorization policy such as
If "Policy Condition Name" equals "DEFAULTVALUE" then "DenyAccess" -
SAP R/3 Authentication with Active Directory on Win2k server.
Hello list ,
We are running SAP R/3 4.7 with WebAS 6.2 on Solaris and a Windows 2000 Active Directory domain. Our users access SAP in 3 ways
1) SAP GUI .
2) SAP BW
3) Travel & Expense - a java application that records users travel details and posts a transaction to SAP using the SAP userid and password.
Wish to implement SSO for all our users.
Some research we have done suggests
1) Using Kerberos for authentication. while it appears that microsoft krb 5 implementation will work only on windows servers, it is not clear how well are other krb implementations supported by SAP. OSS note # 150380 and link http://help.sap.com/saphelp_nw2004s/helpdata/en/44/0ebf6c9b2b0d1ae10000000a114a6b/content.htm
2) OSS note # 352295 suggest there could be some issue using KRB 5 shipped with unixes.
"All of the major Unix vendors seem to be shipping a version of Kerberos 5 these days. These implementations should be wire-interoperable with each other and with Microsoft W2K (not necessarily W2K3!), however they may not be interoperable with SAP's shared library interface to GSS-API v2 mechanisms."
3) There are some commercial solutions like - CyberSafe that provides krb based SSO at a fee. Has anyone tried this software ?
I have created an OSS ticket but we are still in a queue since 5 days already.
Has any one from the list implemented a similar solution ? What are the best practices and way to go for a robust solution.
4) Another option that we have is to start with user synchronization. Where in Users created in Active Directory get synchronized with SAP .
What is mandatory for us is that Users marked disabled in Active Directory should be blocked in SAP by synchronizing user information at regular interval. If anyone has implemented this solution I will appreciate if they give me some pointers.
Thanks in advance.
Harsh BusaTim,
you are perfectly right: that Vintela product is not certified (as SNC solution).
But you are not quite right regarding the separate treatment. The major difference between that product and the SNC certified products (such as CyberSafe, Entrust, ...) is: Vintela uses different SNC libraries on the client side (=> our Windows SSPI wrappers, see <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/352295">SAP note 352295</a>) and the server side (=> their own SNC library, not certified). And that is actually also one reason why that solution cannot be certified ...
Well, those Windows SSPI wrappers provided by SAP (=> gsskrb5.dll, for example) are also not "SNC certified", but SAP provides support (being in contact with Microsoft). Well, as some people might know, there are also some interoperability issues between different Microsoft OS versions ... - resulting in reactive patches of our SSPI wrappers.
I really do <u>not</u> want to promote <u>any</u> product - neither the one of Quest Software Inc., nor the one of <a href="http://www.cybersafe.ltd.uk/">CyberSafe Ltd</a>, nor <a href="http://www.entrust.com">Entrust Inc.</a>, nor <a href="http://www.secude.com/">SECUDE IT Security GmbH</a>, nor ...
I do not even want to disencourage anyone from implementing his own Kerberos-based solution (or any other solution which provides an GSS API), provided that this person is able to help himself. Reason: if products of different vendors are used and interoperability problems occur the usual finger-pointing will start. In the end you'll not get support by anyone ... - as long as you are aware of this (and capable of helping yourself) you can go ahead. Some (known) universities are belonging to that group ... - but it might not be appropriete to the vast majority of customers. -
Problem authenticating with Active Directory
Hi,
We want to authenticate the users from Microsoft Active directory.We created users by doing a bootstrapping from AD to OID (10.1.2).
I enabled the plug in by following the Chapter 18 Configuring Active Directory External Authentication plug -in.
After running through the plug in is installed if i try to login with AD user id I am getting authentication failure error.
I am not sure whether OID is connecting to Active Directory for authentication.How to ensure that it is connecting to AD
I am giving uid attribute as login id.What is the login id to be given
I have tried many combinations no luck. I am getting following error in ssoServer.log
Sun Dec 11 19:44:13 EST 2005 [ERROR] AJPRequestHandler-ApplicationServerThread-5 Communication Exception received. Cleaning up the stale connection
oracle.ldap.util.CommunicationErrorException: Unable to establish connection to directory. Please verify the input parameters: host, port, dn & password connection closed
at oracle.ldap.util.Subscriber.getUser_NICKNAME(Subscriber.java:1213)
at oracle.ldap.util.Subscriber.getUser(Subscriber.java:912)
at oracle.ldap.util.Subscriber.getUser(Subscriber.java:859)
at oracle.security.sso.server.ldap.OIDUserRepository.getUserProperties(OIDUserRepository.java:493)
at oracle.security.sso.server.auth.SSOServerAuth.authenticate(SSOServerAuth.java:485)
at oracle.security.sso.server.ui.SSOLoginServlet.processSSOPartnerRequest(SSOLoginServlet.java:796)
at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:328)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
at java.lang.Thread.run(Thread.java:534)
ThanksDid you check the debug information from the external auth plugin.?
This is mentioned in metalink note https://metalink.oracle.com/metalink/plsql/showdoc?db=NOT&id=277382.1
here an excerpt:
D) Enabled plug in debugging at the database level. Reference documentation: Oracle Internet Directory Administrator's Guide 10g (9.0.4) Chapter 43 Integration with the Microsoft Windows Environment - Troubleshooting Integration with Microsoft Windows Under section "Debugging the Microsoft Active Directory External Authentication Plug-in"
...enable the plug-in debugging. To do this, enter:
sqlplus ods/odspassword @$ORACLE_HOME/ldap/admin/oidspdon.plsTo check the plug-in debugging log, enter:
sqlplus system/managerSQL> select * from ods.plg_debug_log order by id;
(To delete the plug-in debugging log:
sqlplus system/managerSQL> truncate table ods.plg_debug_log
To disable the plug-in debugging:
sqlplus ods/ods @$ORACLE_HOME/ldap/admin/oidspdof.plsE) Dump the plug-in profile to make sure it is enabled and configured correctly:
ldapsearch -h <OID host> -p <OID port> -D "cn=orcladmin" -w <orcladmin password> -b "cn=plugin,cn=subconfigsubentry" -L -s sub "(objectclass=*)" "*"please take also a look into the DIPTESTER tool available in
http://www.oracle.com/technology/sample_code/products/oid/java_diptester.tar
regards
--Olaf -
Oracle forms authentication with active directory without OID
Hi Gurus,
I need to implement active directory authentication in oracle forms.
My scenario is this:
1. The user is created in active directory
2. The user is imported in our aplication, and then I assign the roles in Oracle, and create the user in my aplicattion.
When the user logs, the system have to validate the password with MS-AD. If the password is right, then, the system start a session in Oracle.
My questions are:
1. How can I validate the password in AD ? Is it in clear text, unix crypt, AES ?
2. In case the user has changed the password in AD, how can obtain he logs in oracle with the new password ?
We use oracle enterprise edition, but we don't have oracle applications, so i can't use identity management.
Thanks in advance for your helpYou will need Oracle SSO and OID to implement Active Directory authentication for Oracle Forms. It comes with Oracle Application Server. You will need to read up on how to use AD instead of OID as the user store for Oracle Single Sign-on (SSO). Forms will use SSO to login not really knowing which user store is used so there is no config needed on the Forms side (except enabling SSO).
-
Authentication with Active Directory
Hi All,
Please help me how i can implement user authnication using active directory.
I have a jsp page where the user enters the userid and password, these i have to authniticate with that of the active directory list and if successfull then depending upon the user dept have to redirect the user to diff pages.
please help me how can i implement this functionality
I am using tomcat and jsp on windows 2000 server
Thanks in Advance
RaviOk, just a few keywords:
JAAS and Kerberos
There are already some postings in this forum that belong to this term. -
Db10g external password authentication with Active Directory via OID
HI ALL
- i have the synchronization AD-to-OID
- i have the external authorization of AD users via SSO (external authorization plug-in)
- i have the DB10g enterprise authorization of OID native users who have their password in OID (global schema)
- but i cann't configure the DB10g autorization of AD-to-OID synchronized users who don't have their password in OID
error:
ORA-28274: No ORACLE password attribute corresponding to user nickname exists.
i.e. those users are not recognized as users with external passwords.
Any ideas, please ...Funny thing - LDAP (OID and Active Directory) defines a generic heirachical database. Like any other generic database, you need to define the schema to define what data is to be captured.
Each LDAP application expects a certain schema. That includes Enterprise User Security (part of the Advanced Security Option).
To accomplish what you want to do
1) get familiar with the Enterprise User Security capability (see the EUS documentation at tahiti)
2) learn to configure SQLNet / Oracle Networking to use LDAPthat is responsib (''cause it's Oracle Networking responsible for the login)
3) Reverse the schema from OID and transport it to AD
Aside from that, it's a no-brainer. -
Oracle Apps User Authentication with Active Directory
Greetings,
I am running Oracle Apps 12.1.1 using native login authentication. What I would like to do is set it up so that it uses our Active Directory to authenticate users. Does anyone know if there is an easy way to configure this or do I need to use OIM to accomplish it?
ThanksHave a look here
http://www.oracle.com/products/middleware/identity-management/docs/db-users-roles-management-whitepaper.pdf -
Solaris authentication with Active Directory
Our shop is a mixed environment of Unix and Windows users. Many use both environments daily and there has been a desire to have a common authentication scheme. We have been able to successfully configure our RH Linux clients to authenticate against our Windows or NIS environment using pam and krb5, but have not been able to successfully adapt this to our Solaris (9/10) environment. Our Unix/Linux client environment is in a common NIS domain. We want to continue to use NIS for account management and add AD for authentication only i.e. if the username/password authenticates against AD or NIS, then the user login proceeds.
On Solaris I have been able to successfully configure the /etc/krb5/krb5.conf file so that a kinit can be done successfully. klist list out the info and kdestroy removes it. However, figuring out how to properly configure the /etc/pam.conf file to use this login/rlogin/ssh authentication is not making any progress. Various attempts to add the pam_krb5.so.1 plugin in various sections of the file have not worked. Can you advise me on the proper configuration for this to work and or the means to get it working?Read up on Enterprise User Security (EUS), a feature of Oracle Enterprise Database.
Mark Wilcox also has several posts related to OVD/AD/EUS integration on his blog:
http://blogs.oracle.com/mwilcox/2008/09/clarifying_eus_and_kerberos.html
A simple google search for oracle eus will also turn up a lot of useful info.
And then there is Oracle's identity website, where there are white papers like this one:
Manage Oracle Database Users and Roles Centrally in Active Directory or Sun Directory
http://www.oracle.com/us/products/middleware/identity-management/059380.pdf -
Authentication with Active Directory Group in WLS 10.0
Hi,
By using the Active Directory authenticator in WLS 10.0, I managed to get connected to the AD and can see the groups and users in the administration console.
But, I am having troubles setting up the security role(s) in my web app. I can't figure out how to configure it so that I can actually sign in to my web app using an AD group.
Here are the web.xml & weblogic.xml files:
web.xml
<web-app>
<welcome-file-list>
<welcome-file>/SecuredPage.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name/>
<web-resource-collection>
</web-resource-collection>
<auth-constraint>
<description>Constraint for aduser</description>
<role-name>aduser</role-name>
</auth-constraint>
</security-constraint>
<!-- Login Config -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
<!-- Security Roles -->
<security-role>
<description>Users of myADgroup</description>
<role-name>aduser</role-name>
</security-role>
</web-app>
weblogic.xml
<weblogic-web-app>
<security-role-assignment>
<role-name>aduser</role-name>
<principal-name>ADUserGroup</principal-name>
</security-role-assignment>
</weblogic-web-app>
For the above config, my intention is to give access only the members of ADUserGroup to my webapp. This group is listed in myrealm at WLS as well as members of this group (ADUserGroup). But while trying to login as any members of this group, got 403 error!
Any siggestion!!
Thanx in advance!
Any help would be appreciated!Okay, guys, now it seems working as I changed group type from distrubtion to security in Active Directory.
Edited by ronobi at 02/18/2008 6:27 AM -
Mac OSX Tiger Authentication with Active Directory
I'm at my wits end and need some help. We have a Windows network, that we joined a designers new Mac to. When he, or an administrator logs into the network from the Mac, when they try to access network shares, (GO-->Connect to Server) they get permission denied.
Any Ideas??
ThanksHi Daniel,
you can use the User Management Engine (UME) to do that. Just map your AD to UME (its done via xml-mapping file and pretty simple, although I dont have an example at hand).
You can then use the UME-API to check user Roles and Groups or access their attributes.
regards
Jan -
Oracle 9i/10G DB authentication using Active Directory (with out OID)
Hello All,
We want to use a Single-Password authentication scheme using the Active
Directory as the primary source for userId/Password.
We don't want to use the Active Directory and OID bridge.
As we have many databases and would like to configure all Databases to use Active
Directory for Authentication. Our goal is to have single id/password across all
the databases and any user should be able to login from any computer using their
windows id/password, note that we don't want to use the OSAuthentication.
We have read the documents provided by oracle for authentication using Active
Directory, we were able to create Oracle Schema in Active Directory and were
also able to register a DB with Active Directory and then created user as global
user in Oracle Database and provided the DN of the user. When we tried
authenticate with all this setup it comes back and says invalid ID/Password !!!
And with 10G database we get the Oracle Error ORA-03113: end-of-file on communication channel !!
Has any one tried or have information on Integrating Oracle to Auth against Active Directory?
Envoirnment:
Oracle DB Version: 9.2.0 and also tried on 10.0.1 with same results
Operating System: Windows 2000/ Windows 2000 Server
Constraint: We don't want to user OID ( as we don't have license for this
product ! )I have a thread started similar to your request.
OS Authenication on Windows
Somewhere I read this. It works on Oracle 9i on Linux, but I have not tried it with Oracle 9i on Windows.
SHOW PARAMETER OS_AUTHENT_PREFIX;
SHOW PARAMETER REMOTE_OS_AUTHENT;
CREATE USER OPS$SOMEUSER IDENTIFIED EXTERNALLY;
GRANT CREATE SESSION TO OPS$SOMEUSER;
For the username, I wonder if we are supposed to put the Windows Domain name as part of the username? Such as, for a Windows domain user MyDomain\SomeUser
CREATE USER OPS$MYDOMAIN\SOMEUSER IDENTIFIED EXTERNALLY;
I really wish Oracle or somebody created a guide or book on how to do this. -
Problems with Active Directory and Windows 2003
Hello,
I'm using Mac OS X Server 10.4.9 with Active Directory bound to a Windows 2003 Active Directory Domain. I can bind successfully to the domain using the graphical interface. Then in Samba I can access shared directories using Windows users. However, after some time somehow there are problems and Windows users aren't authenticated anymore on the Mac. I've looked at the firewall and there are no denied packets from the Mac. There are two servers in the domain, all clocks are synchronized and domain information is up to date. When I unbind the Mac, I can see the machine account being deleted on both domain servers and created too on both machines when I bind to the domain.
Problems occur when I try login in using ssh or samba do I think this is a problem with the AD module.
I turned on debugging messages on DirectoryServices:
sudo killall -USR1 DirectoryService
When in Windows, using the Administrator user I try:
net use \\10.0.0.1 /user:domain\Administrator
Where 10.0.0.1 is the Mac.
In the Mac I get from
tail -f /Library/Logs/DirectoryService/DirectoryService.debug.log |grep ADPlug
2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:37 CDT - ADPlugin: Searching domain domain.com.mx for User administrator
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:37 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:37 CDT - ADPlugin: Adding Search for Attribute displayName containing DOMAIN\administrator
2007-06-27 10:48:37 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=DOMAIN\\administrator)), limit 1
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:37 CDT - ADPlugin: Searching domain domain.com.mx for User administrator
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:37 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:37 CDT - ADPlugin: Adding Search for Attribute displayName containing domain\administrator
2007-06-27 10:48:37 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=domain\\administrator)), limit 1
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:37 CDT - ADPlugin: Searching domain domain.com.mx for User ADMINISTRATOR
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:37 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:37 CDT - ADPlugin: Adding Search for Attribute displayName containing domain\administrator
2007-06-27 10:48:37 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=DOMAIN\\ADMINISTRATOR)), limit 1
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:37 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:37 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:37 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:37 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=administrator)), limit 1
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:37 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=ADMINISTRATOR)(sAMAccountName=ADMINISTRATOR)(dis playName=ADMINISTRATOR)(mail=ADMINISTRATOR)(userPrincipalName=ADMINISTRATOR)(use rPrincipalName=ADMINISTRATOR@*)))
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=ADMINISTRATOR)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=administrator)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=ADMINISTRATOR)(sAMAccountName=ADMINISTRATOR)(dis playName=ADMINISTRATOR)(mail=ADMINISTRATOR)(userPrincipalName=ADMINISTRATOR)(use rPrincipalName=ADMINISTRATOR@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=ADMINISTRATOR)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Searching domain domain.com.mx for User administrator
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing DOMAIN\administrator
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=DOMAIN\\administrator)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Searching domain domain.com.mx for User administrator
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing domain\administrator
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=domain\\administrator)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Searching domain domain.com.mx for User ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing DOMAIN\ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=DOMAIN\\ADMINISTRATOR)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=administrator)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=ADMINISTRATOR)(sAMAccountName=ADMINISTRATOR)(dis playName=ADMINISTRATOR)(mail=ADMINISTRATOR)(userPrincipalName=ADMINISTRATOR)(use rPrincipalName=ADMINISTRATOR@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=ADMINISTRATOR)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=administrator)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=ADMINISTRATOR)(sAMAccountName=ADMINISTRATOR)(dis playName=ADMINISTRATOR)(mail=ADMINISTRATOR)(userPrincipalName=ADMINISTRATOR)(use rPrincipalName=ADMINISTRATOR@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=ADMINISTRATOR)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling OpenDirNode
2007-06-27 10:48:38 CDT - ADPlugin: Opening Specific Node domain.com.mx
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16833877 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16833877 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling CloseDirNode
2007-06-27 10:48:42 CDT - ADPlugin: Calling OpenDirNode
2007-06-27 10:48:43 CDT - ADPlugin: Opening Specific Node domain.com.mx
2007-06-27 10:48:43 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:43 CDT - ADPlugin: 16833881 - Calling GetRecordList Routine
2007-06-27 10:48:43 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:43 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:43 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
2007-06-27 10:48:43 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:43 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:43 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:43 CDT - ADPlugin: 16833881 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:43 CDT - ADPlugin: Calling CloseDirNode
I really don't know what to do. The Windows Event log shows no messages. The link used to work and there have been no changes in the domain servers.
The key line seems to be:
2007-06-27 10:48:43 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
But I don't know what that ADSEngine.mm is.
XServe G5 Mac OS X (10.4.9)Hello.
Thanks for your reply.
I tried the net use with a drive letter with and without the /user switch. When I use a domain user domain\user1 I can't connect. When I use a user local to the XServe it works.
When I use
net use x: \\10.0.0.1\share /user:domain\user1
I get prompted for a password, but it doesn't work.
I checked the firewall and all packets to or from the mac are accepted, no denied or dropped packages.
I already went through the MS document on fw ports. Before I opened to Kerberos ports the binding failed. No the binding work OK.
Some users who were authenticated yesterday still can access files using the Windows domain accounts. It's new users trying to connect those who have problems.
This is what the Samba log.smbd log shows:
[2007/07/04 14:58:45, 2] /SourceCache/samba/samba-100.7/samba/source/smbd/sesssetup.c:setupnew_vcsession(662)
setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
[2007/07/04 14:58:45, 2] /SourceCache/samba/samba-100.7/samba/source/smbd/sesssetup.c:setupnew_vcsession(662)
setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
[2007/07/04 14:58:46, 0] /SourceCache/samba/samba-100.7/samba/source/auth/authutil.c:make_server_infoinfo3(1138)
makeserver_infoinfo3: pdbinitsam failed!
[2007/07/04 14:58:46, 0] pdbods.c:odssamgetsampwnam(2329)
odssam_getsampwnam: [0]getsam_recordattributes dsRecTypeStandard:Users no account for 'user1'!
[2007/07/04 14:58:46, 2] /SourceCache/samba/samba-100.7/samba/source/auth/auth.c:checkntlmpassword(367)
checkntlmpassword: Authentication for user [user1] -> [user1] FAILED with error NTSTATUS_NO_SUCHUSER
This is what the DS log shows:
2007-07-04 14:58:46 CDT - ADPlugin: 16892201 - Calling GetRecordList Routine
2007-07-04 14:58:46 CDT - ADPlugin: Search Records called in ADSWrapper
2007-07-04 14:58:46 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-07-04 14:58:46 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=user1)(sAMAccountName=user1)(displayName=user1)( mail=user1)(userPrincipalName=user1)(userPrincipalName=user1@*)))
2007-07-04 14:58:46 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-07-04 14:58:46 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-07-04 14:58:46 CDT - ADPlugin: Returning 0 Results
2007-07-04 14:58:46 CDT - ADPlugin: 16892201 - Put 0 records in Buffer for RecordList
XServe G5 Mac OS X (10.4.9) -
IChat integration with Active Directory
Hi all,
I'm trying to setup iChat on Mavericks to work with Active Directory. The iChat server is bound to AD, all the users are able to log in to the iChat server locally. The messages service is enabled and rights to the Messages service are granted to some users and groups. However, when I try to login with a Jabber account, I get "login ID or password is incorrect". The username and password are correct. I'm using the same [email protected] syntax for the username as the one I'm using to login to the iChat server directly. I tried with and without Kerberos v5 authentication, I tried with and without SSL and everything else I was able to think of. I have the OpenDirectory there enabled, although I don't really use it. I'm trying from the local network and from the internet (all the ports needed for iChat are forwarded to the server). Still no luck.
Any help on my issue would be very much appreciated.
Thanks!Hello everyone,
I ran into the same situation as described above.
Unfortunately there seems to be no answers on the thread from my research, so I left with no hope at all.
Please help and give me some advices.
Thank you in advance!
Sincerely,
Anton Todorov -
Cannot login with Active Directory Account
Hello,
I am testing SnowLeopard (10.6.1) for deployment in my labs for the Spring 2010 semester. We use local home directories. This is a brand new fresh install of SL, on a freshly formatted Hard Drive.
When bound to Active Directory I can get any AD account that I've tested (5 different accounts) to authenticate except one, which happens to be my own personal AD account.
The secure.log shows these entries when I attempt to login:
Oct 9 14:18:29 mac-0017f20fc40 SecurityAgent[209]: User info context values set for ctarbox
Oct 9 14:18:29 mac-0017f20fc40 authorizationhost[208]: Failed to authenticate user <ctarbox> (tDirStatus: -14090).
Considering that I could log in with other accounts, and after resetting my AD password then still not being able to authenticate, I came to the conclusion that I had a corrupt OU in Active Directory.
I contacted one of our AD admins and had him delete both of my AD accounts: ctarbox and ctarbox1 then recreate both accounts. I still cannot login to AD with my ctarbox account.
I can still login to my current lab machines anywhere on campus running 10.5.8 with ctarbox.
I am baffled by this. I have been authenticating to Active Directory since 10.1 and have never seen anything like this.
Any idea, anyone?
Cheryl Tarbox
Macintosh Support Specialist
Binghamton UniversityI have found the solution to my problem. I have accounts in two different domains in our AD tree. I'll called these domains Domain A and Domain B.
Domain A is the primary domain for authentication to our public computing labs.
Domain B is a secondary domain for authentication to shared resources for faculty/staff.
Both accounts have the same user ID, but different passwords. In my Directory Utility>Advanced>Administrative window I have the option "Allow authentication from any domain in the forest' checked.
With this option checked Directory Utility in 10.6.1 will allow me to authenticate Domain B, but not Domain A.
With this option checked in Directory Utility in 10.5.8 just the opposite is taking place, I can authenticate to Domain A, but not Domain B.
It seems that somewhere in the upgrade to 10.6.1 the search policy for Active Directory has changed. My workaround is to uncheck this option and specifically choose Domain A in the search policy.
Maybe you are looking for
-
I created a form that is being invoked from a command button to add new record (it is java application using swing and adf bc). When "add new record" form opens and i decide to close the form without commiting changes to database (clicking the rollba
-
Recommend a m4v to avi converter
Hi, looking for some advice, I need a m4v/mp4 to avi file converter so I can transfer my i-tunes downloads to my pmp, can anybody suggest a good one, as there seems to be loads available, all with different prices... Thanks Steve
-
Crystal Report Retrieve data Randomly!!!
Hi, I have Crystal Report 10 and it connected to VFP (DBF) database. And each time I run the report I got a deffrent result. Note: Nobody else use that dadabase and report. My Query is like: Select << list of field>> from .... Join ...... Union All
-
Hi, For a ABAP person what would be the easy method who doesn't know JAVA and want to learn JAVA and SAP Netwaver. How to start with . Thanx & Regards, Naidu.
-
i am in remote n/w vietnam .... my 5 yr old macbook 9.4.3 version of iphoto is malfunctioning ... it allows my to download photos from my camera ...... but then it freezes and I have to hit "force quit" even though it does not signal "not responding"