Login restriction on MII

Similar Messages

• Filr & eDirectory login restrictions.

  Hi,
  I stumbled across something today that seems quite obvious now but did have me scratching my head for a while.
  We were experiencing issues with some users when they tried to upload files/create folders in their home folder using Filr. It would fail returning an "Unknown Error". Our user's home directories are on an NSS volume on an OES Linux server.
  After digging around for a while I found that the logs seemed to indicate an authentication failure. At first I looked at the proxy user but that wasn't the problem.
  It turns out that the problem is caused by account restrictions we have set in eDirectory that limit each user to one login. This is to prevent users from leaving themselves logged in all over the place.
  I lifted the restriction on one of the users and the problem went away. The users were logged in to a workstation as well as trying to use Filr.
  My question is can I enforce a login restriction and still allow users to use Filr at the same time?
  I can probably guess what the answer will be but I just thought I'd ask in case anyone has any ideas.
  Cheers.
  Iain.

  reddragon27284,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://www.novell.com/support and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Forums Team
  http://forums.novell.com

• Report of User login details in MII Portal

  Hi,
  Do we have any report in MII portal where we can get the information like User login details( Last login date and time).
  Regards,
  Pradeep
  Edited by: pradeep balam on Jul 27, 2011 4:36 PM
  Edited by: pradeep balam on Jul 27, 2011 4:37 PM

  Hi Pradeep,
  Try using the following URL to the Admin Service:
  http://<Server:Port>/XMII/Illuminator?service=Admin&Mode=modelist
  You can then try the different modes such as:
  http://<Server:Port>/XMII/Illuminator?service=Admin&Mode=SessionList
  This may have the information you are looking for, assuming you have the right permission to access the AdminService.
  Kind Regards,
  Diana Hoppe

• Login Restriction

  Hello,
  How to restrict login,
  / as sysdba
  Please advice...

  I am on the machine where the DB is installed.
  I have checked remote_login_passwordfile parameter & it is set to Exclusive BUT it still alllows me to login
  / as sysdba
  Please advice.

• Can I have two separate logins/restricted directories in the same web site?

  Hi,
  I want to have an admin area where I go against a user table to see if the user has admin rights and a separate area of the web site where regular users need a username and password that is validated against a different table.
  All the pages in the admin area are in the admin directory.
  All the pages in the other restricted area are in a consumers directory.
  Both these directories are off the root.
  Will this work ok? It seems to be, but I just wanted to check.
  Many thanks!

  No, I have two separate tables. It seems to be working, and I am hoping it is because I've kept all the pages that use one table in one directory, and all the pages that use the other table in another directory. Just wondering if I am asking for trouble. They are two different functions. One is for site administration, and one is for a number of users.

• Employee Login Restrictions

  Have a requirement where we are using db authentication and we have the login with a special character i.e @. Now am struggling to make the application authenticate using this login even though the user gets authenticated at the db level using double quotes around the username.
  Tried to use the quotes in the application, however that did not work either. Any suggestions, please advise.

  Thanks for the reply Christopher
  1. The employee pictures are in a .TGA format. I wonder if you have heard about it. Anyway, i tried linking the picture to an employee and it shows it in the PA30 transaction. However, I found out that the document class doesn't really matter when uploading the photos as I tried uploading the .TGA picture under document class JPG, GIF, BMP and they all worked. Can you tell me the reason for this inconsistency? Should I expect any other problems while uploading .TGA pics under a different document class?
  2. You said that there isnt any limit viz configuration. Can you tell me where this configuration can be done?
  Thanks

• Mountain lion - remote login - RESTRICTING SFTP use

  i have a 10.8.2 server installation with remote login turned on for all users.
  i have just discovered that this means that SFTP login is available for all users, even though file sharing is OFF and ftp is OFF.
  and, all users can navigate EVERYWHERE on the HDD.
  this seems a bit odd to me.
  how can we make it so admin users can access the whole HDD, but normal users can only see their home directory?
  thanks, James.

  Use Workgroup Manager to change each user's login shell to None or /usr/bin/false should do it for you. This may hamper one's ability to use a network user account though so you should check it out on one account first. If they're just using services then disabling their shell login will work fine. After that, enable the FTP server to limit your users' ability to navigate.
  FWIW, SFTP doesn't actually give anyone anything more than they don't already have through an SSH login.

• Help with Note 761637 - Login restrictions prevent TMSADM logon

  Hello all,
  I'm receviing a large number of logon prompts in STMS.  I'm having trouble understanding how to implement SAP note 761637 and was hoping someone that had implemented it already could guide me.
  The note says
  If you now add an entry with sysnam=,ADMPWD and the Routestring=USER to the TMSCROUTE table
  The fields in the table are sysnam & RFCRoute (This has description of RouteString)
  When I attempt to add a entry using SE16, SYSNAM as a selecting list on only the systems I have, why does the note tell me to enter the admpwd which I assume is short for admin password.
  routestring=USER.  So I enter the word USER?
  I have implemented the following corrections
  Note 713622 - Password rules prevent TMSADM logon
  Note 749977 - Remote logons using standard client in the TMS
  Thank you for your help.

  OK, I'm having the same problems understanding this note as the original poster did.  I can't figure out if table TMSCROUTE is supposed to contain an entry like:
  ,ADMPWD     USER
  -or--
  ,<TheActualPassword>    TMSADM@<sid>.<domain>
  -or--
  some other weird variant?
  Can someone who's implemented 'stringent' passwords post and example of their working TMSCROUTE entry?  Meanwhile, I'll file a problem report, and when we get this working I'll post a response here.
  bryan
  <removed_by_moderator>
  Edited by: Julius Bussche on Feb 17, 2008 10:58 PM

• Error while opening MII login page

  Hello All,
  When I try to login to MII using http://<server name>/Lighthammer/Menu.jsp,It is going to http://<server name>/Lighthammer/error.jsp and displaying the error "Uanble to build user information for authorization response".I am not able to even look at the login page of MII.Please help me to resolve it.
  Ruchi

  What version of MII - 11.5?  Go onto the server and check the Security server URL from the Menu.  If you are using remote desktop and/or using the server directly then http://localhost/Lighthammer/Menu.jsp should allow you to bypass security in order to check the path to LHSecurity.

• Restricted session & Kill Session

  Hello everybody,
  1) In which case do I need enabled restricted sessions?
  2)Where “ALTER SYSTEM KILL SESSION” command will be useful?
  Thanks in advance

  Salman Qureshi wrote:
  Hi,
  1) In which case do I need enabled restricted sessions?Whenever you want to perform some maintenance operations in your database and you don't want anyone to access the database except user SYS, you can enable restricted session.
  2)Where “ALTER SYSTEM KILL SESSION” command will be useful?When you want to kill a session which is no longer responding or hung or doing some long running operation which is disturbing your performance or you want to stop that processing etc.
  SalmanHi Salman,
  I think you'll find that "restricted session mode" does not limit login ability to only the SYS user as you mention.
  As an example, consider the following.
  Session 1:
  SQL*Plus: Release 11.2.0.3.0 Production on Tue Jan 1 22:07:03 2013
  Copyright (c) 1982, 2011, Oracle.  All rights reserved.
  SQL> connect / as sysdba
  Connected.
  SQL> shutdown immediate;
  Database closed.
  Database dismounted.
  ORACLE instance shut down.
  SQL> startup restrict;
  ORACLE instance started.
  Total System Global Area 2137886720 bytes
  Fixed Size                  2256912 bytes
  Variable Size            1258295280 bytes
  Database Buffers          872415232 bytes
  Redo Buffers                4919296 bytes
  Database mounted.
  Database opened.
  SQL>Session 2:
  SQL*Plus: Release 11.2.0.3.0 Production on Tue Jan 1 22:07:51 2013
  Copyright (c) 1982, 2011, Oracle.  All rights reserved.
  SQL> connect markwill
  Enter password:
  Connected.
  SQL> select logins from v$instance;
  LOGINS
  RESTRICTED
  1 row selected.
  SQL>As you can see in Session 2 I am clearly not connecting as SYS user, yet I am capable of connecting to an instance started in restricted mode.
  Rather than limiting to only user SYS it limits login ability to users with the RESTRICTED SESSION System Privilege (granted directly or via role).
  Regards,
  Mark

• Create .SCA file for MII project

  Please let me know the steps in creating .SCA file for deploying MII projects developed using WorkBench with login page. I think that after creating the .SCA file we can deploy it using Eclipse under the menu Deploy View Console or using JSPM. After deploying we should be able to login using the credentials and should be redirected based on roles to appropriate pages.
  I had deployed the intial .SCA file named (XMII08_0-20004625.SCA) using JSPM. MII version used is 12.1.8 and Netweaver version is NW CE 7.1 EHP1 SP5.
  How we can set up the development environment in Eclipse or NetWeaver Developer Studio for MII project development so that we can directly create MII SCA file from the tool itself. Please share documents if any.

  I need to modify the default login page in MII and redirect it to different URLs based on roles.
  I am able to change the images in the default Menu.jsp in the NetWeaver login to Authentication page and inside properties tab. There I am able to change the images like branding-image.jpg, SAP NetWeaver image, SAP Image. But this is reflected in both the URLs
  http://servername:50000/nwa  and http://servername:50000/XMII/Menu.jsp
  Then I changed the web.xml inside war file (tcsecumelogonui.war) which is in the path InstanceDirectory:\usr\sap\CE1\J00\j2ee\cluster\apps\sap.com\com.sap.security.core.logon\servlet_jsp\logon_ui_resources with the new Login.jsp file instead of Menu.jsp for the servlet tags but still when I access the new Login.jsp page from the URL http://servername:50000/XMII/Login.jsp it is still showing Menu.jsp. But when I tried to login using the Menu.jsp page then it is redirected to my new Login.jsp page.
  Please let me know how I will be able to change and deploy a new login page in MII 12.1.8 and with NetWeaver CE 7.1 EHP1 SP5.

• Instance in Restricted mode

  Created database from cold backup.The data files were moved from a previous release . I had to open the database with the upgrade option. Now can not connect to it over netwrok or using servicenames locally too
  Get error
  ORA-12526 :TNS LISTENER : all appropriate instances are in restricted mode
  lsnrctl status shows
  Instance "xxx", status RESTRICTED, has 2 handler(s) for this service..
  How can I take this instance out of restricted mode. ..

  Which version are you on ?
  SYS@db102 SQL> startup upgrade
  ORACLE instance started.
  Total System Global Area       121634816 bytes
  Fixed Size                       1218052 bytes
  Variable Size                  104860156 bytes
  Database Buffers                12582912 bytes
  Redo Buffers                     2973696 bytes
  Database mounted.
  Database opened.
  SYS@db102 SQL> select logins from v$instance;
  LOGINS
  RESTRICTED
  SYS@db102 SQL> select * from v$version;
  BANNER
  Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
  PL/SQL Release 10.2.0.1.0 - Production
  CORE    10.2.0.1.0      Production
  TNS for Linux: Version 10.2.0.1.0 - Production
  NLSRTL Version 10.2.0.1.0 - Production
  SYS@db102 SQL>                                                  

• Restricting Log on to Workstation

  Good morning All,
  I was just asked the following: Is there a method either through Policy/DLU that can restrict access to a computer?Please see the following:
  Need some guidance on how to restrict login in the ZCM world. In ZDM7 there was a "restrict login" policy in the workstation package. At the Training Center, they have to be able to restrict the classroom PCs so that users can only log in with the classroom ID not their normal user id. I have tried getting the DLU policy to do this, but it doesn't seem to work that way. In checking Google, the only reference I found to getting this to work was the DLU policy. Need to figure out how to get this to work in the Training Center so they can upgrade the lab to ZCM.
  Customer is using ZCM 11.2.4 MU 1, Windows 7 and Windows XP.
  Thank you,

  Originally Posted by dschaldenovell
  Good morning All,
  I was just asked the following: Is there a method either through Policy/DLU that can restrict access to a computer?Please see the following:
  Need some guidance on how to restrict login in the ZCM world. In ZDM7 there was a "restrict login" policy in the workstation package. At the Training Center, they have to be able to restrict the classroom PCs so that users can only log in with the classroom ID not their normal user id. I have tried getting the DLU policy to do this, but it doesn't seem to work that way. In checking Google, the only reference I found to getting this to work was the DLU policy. Need to figure out how to get this to work in the Training Center so they can upgrade the lab to ZCM.
  Customer is using ZCM 11.2.4 MU 1, Windows 7 and Windows XP.
  Thank you,
  There is "Login Restrictions" in the DLU policy in ZCM were you can define workstations/users included/excluded.
  Assign the DLU policy to the classroom PCs and then add the users to the included list that are allowed to log in on those classroom workstations, doesn't that work?
  Thomas

• I have 20 seconds to login, or I have to reboot and try again...

  A few months ago I noticed if I don't login right away after boot up, the mouse will turn into a spinning ball and everything else becomes unresponsive.
  I've tested it multiple times now. I have about 20 seconds to click my account name, type in my password, and hit enter.
  The only thing I could think of that might affect it, is startup items. McAfee antivirus was located on my comp at one time, though I could not completely delete it. The script from mcafee that should delete everything was not located on my computer, so after every restart I 'kill' all mcafee processes from terminal. Could these be causing the login issue?

  All of those links work perfectly fine, +except last page.+ Some schools
  are generally open at this point of entry. Perhaps there's an IP block
  for certain regions for access, and others denied within a set range?
  Sure the actual download site link forbids (in this instance) the actual
  access to a file in their servers; so it is held as intellectual property
  and to offset unauthorized server access, rightly is it limited in use.
  While I did not read into the sites to see if they view information held
  there to be in the public domain, subject to intellectual property rights
  or available to share without profit, among general non-school public;
  it goes to figure copyrighted web pages probably cover most angles.
  If they were open, someone could send the transcript in email to OP.
  At least there appears to be a direct link without the login restriction.
  This gets around the one set of hurdles and lets the cat out of the bag.
  The idea of using the suspect application's own uninstaller, if available,
  or another such as you've posted links to acquire, are plausible ideas.
  To start in SafeBoot may also get past the 'fast log-in problem' mentioned.
  {Some apps have an uninstaller, either in the original install folder or CD.}
  AppCleaner is free/donationware: http://www.freemacsoft.net/AppCleaner/
  {Some of the others offer a Trial version, that may do enough to solve a problem.
  Most are relatively inexpensive, and are helpful to ferret out unwanted software.}
  • 6 Ways to Correctly Delete Applications (according to mac.appstorm's roundup)
  http://mac.appstorm.net/roundups/utilities-roundups/6-ways-to-correctly-delete-a pplications/
  Oh well. It's always fun wondering why page links work in only part of the hemisphere.
  And have come to expect if something is worth having, it may be limited in access...
  Good luck & happy computing!
  +{ edited }+

• Can you 'lock out' a workstation via ZENworks?

  Hi,
  I was wondering if there was a way to 'lock out' a workstation via
  ZENworks so users can no longer log into the workstation temporarily.
  This is the scenario - when someone within our company orders a new
  workstation, they will many times tell us that the workstation is being
  replaced when in reality the old workstation it is replacing is never
  taken off the network.
  The problem? - we do not charge any new license fees for replacement
  workstations PROVIDING the old workstation is disposed of (that way we
  are able to transfer the licenses from the old to the new). If the old
  workstation is still used, we are in violation of license fees.
  Solution? - 'lock out' the old workstation so no one can use it any
  longer unless they call our Helpdesk and it is 'unlocked' at which time
  we remind them of the license charges.
  I am not sure how this can be performed. We currently do something
  similar with NEW XP PCs that have no local user accounts on them yet
  (basically we enable login restrictions under the DLU policy - if the
  workstation can't create a local user account for the user, they can't
  log into the network or the PC). That solution would not work in this
  case though since the local accounts would already be created on the PC.
  We don't want to remove any software from the machine that will need to
  be reinstalled in case the site does want to keep the machine on the
  network after a new one is purchased. The solution should be designed to
  easily enable the machine if the site does decide they want to keep the
  machine on the network. Later on we would FDISK the PC for disposal.
  Any help would be GREATLY appreciated as ALWAYS!
  Steve

  Perhaps a Workstation Associated app that just pushed an invalid value for the
  GINA.DLL
  Either Remote Regedit or another Force-Run app could restore this to a correct
  value.
  Needs testing to make sure you can fix what you break, but this would lead
  everything intact.
  Marcus Breiden wrote:
  > On Mon, 23 May 2005 19:05:23 GMT, [email protected] wrote:
  >
  > > I am not sure how this can be performed. We currently do something
  > > similar with NEW XP PCs that have no local user accounts on them yet
  > > (basically we enable login restrictions under the DLU policy - if the
  > > workstation can't create a local user account for the user, they can't
  > > log into the network or the PC). That solution would not work in this
  > > case though since the local accounts would already be created on the PC.
  >
  > hmmm.... I would create an application and associate it to the wks, make it
  > force run..
  >
  > in that app remove / or change the Tree for the workstation manager... this
  > will disable all policy management (also DLU)...
  >
  > in case your accounts are locally on that box you would have to do some
  > more stuff to get around your problem...
  > --
  >
  > Marcus Breiden
  >
  > Please change -- to - to mail me.
  > The content of this mail is my private and personal opinion.
  > http://www.edu-magic.net
  Craig Wilson
  CNE3, 4, 5 - MCSE - CCNA
  NSC Sysop (http://support.novell.com/forums/)
  Tech Writer - http://www.ithowto.com
  (I Peter 4:10)