Mail SASL authentication problem - solved

Similar Messages

• Authentication problem - solved, but maybe a bug in Mac OS X?

  Hi,
  I've a rather small installation with only a handful of users configured on a Mac mini (Mac OS X Server, 10.6.8). All of them use the mail, calendar and addressbook server on the Mac, nothing more. They use it with Mac, iPhone and iPad. Everything worked fine for months but suddenly all of them were faced authentication problems: it was not possible to login on the imap server, the calendar server, the addressbook server. It was possible to login using the admin account on the server directly. Moreover, all users disappeared from the workgroup manager, however they still were available on the servers LDAP server and findable using ldapsearch.
  First, I used to completely restart the server to solve the problem, but it reappeared after only few hours again.
  Second, after understanding more about the authentication process, I found the "killall DirectoryService" was sufficient to solve the problem, but it still reappeared after few hours.
  Then I found the, once the problem occured, there was nearly no more communication to the local LDAP server on port 389 on localhost. When everything was working fine, the was a lot of such communication, including queries for usernames, when a login attempt was made. I started a "tcpdump -n -i lo0 port 389" and waited for the problem again. After the problem occured, I found in the pcap files that there were a few final query attempts, actually attempts the open a port 389 TCP connection to the slapd running on localhost, which were answered with a TCP RST. Then, no more attempts were made until l restarted the DirectoryService. Using the logfile of the slapd I found that this happened exactly at the time the slapd was stopped and restarted. And - surprisingly for me - stopping and restarting the slapd happened exactly once an hour.
  I then found that it happened exactly at the time the time machine backup process was started and indeed it was possible to trigger the event of restarting the slapd by manually starting a time machine backup.
  (Indeed, I switched my backup strategy from SuperDuper to time machine the other day and maybe that was the time the problem occured for the first time. I know that time machine is not considered as the best backup strategy for a server but I wanted to try on my own.)
  Google helped my to find a hint that time machine will actually stop and restart slapd - which is a generally a good idea, since otherwise a backup from some open database files would be made, which could work but may fail. So, I thing, someone of the developers thought about that problem too and has considered time machine for backups of a server.
  However, a not running slapd can not answer queries from a DirectoryService and a stopping or starting process might indeed end up with TCP SYNs answered with TCP RST.
  My solution was to disable time machine again and from that time the problem does not occur again.
  I'm wondering why the DirectoryService process isn't starting to query the slapd again after a failed connection. Isn't this a bug? After this experience I consider time machine as not only the not preferred backup solution for a server but as completely incompatible with Mac OS X server - although, as I said, it seems that someone thought about backing up the LDAP database using time machine.
  (On a Lion server this problem does not occur, the slapd will not be stopped and restarted when time machine is running. Moreover, I saw a com.apple.slapd.start notification in the slapd.log ... maybe this tells DirectoryService to try again.)
  Cheers,
  Wolfgang

  Another problem I found with the MacOS X key bindings: the 6 key doesn't work!
  In the config that ships with SQL Developer, I found this:
  <Item class="oracle.javatools.util.Pair">
  <first class="java.lang.String">DOCUMENT_6_CMD_ID</first>
  <second class="oracle.ide.keyboard.KeyStrokes">
  <data>
  <Item class="javax.swing.KeyStroke">6</Item>
  </data>
  </second>
  </Item>
  which should be:
  <Item class="oracle.javatools.util.Pair">
  <first class="java.lang.String">DOCUMENT_6_CMD_ID</first>
  <second class="oracle.ide.keyboard.KeyStrokes">
  <data>
  <Item class="javax.swing.KeyStroke">meta 6</Item>
  </data>
  </second>
  </Item>

• Email authentication problem on only some of Verizon's servers

  I use Eudora 6.2.4 on an iMac Core 2 Duo 2.0 20" (Al) Macintosh running OX 10.5.5.  Like many others (see one thread each under FiOS Internet and High Speed Internet and Dialup), since about mid-November, I have been receiving intermittent (about 10% of the time) authentication errors when Eudora checks for new mail.  I have 3 VZ e-mail accounts and one at my employer; the errors occur only on the VZ accounts.
  I've used the freeware app Eavesdrop (http://code.google.com/p/eavesdrop/) to observe the TCP conversations between Eudora and the server. The VZ server offers SASL CRAM-MD5 PLAIN, and Eudora uses CRAM-MD5.  I see the challenge from the server, Eudora's response, and the server's authentication-failure response.  Since the response is hashed, I have no way of telling if Eudora is sending the correct response, but it works most of the time.  (After it fails, Eudora then assumes its stored password is NG, discards it, and prompts me for it on the next mail-check, which is just a bit annoying.)
  Here is an example of a successful mail-check:
  +OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.2-6.01 (built Apr  3 2006)) <[email protected]>
  CAPA
  +OK list follows
  TOP
  PIPELINING
  UIDL
  RESP-CODES
  AUTH-RESP-CODE
  USER
  SASL PLAIN CRAM-MD5
  IMPLEMENTATION MMP-6.2p6.01 Apr  3 2006
  auth CRAM-MD5
  + PDQ5MzU1ZWY3LmRlZWZlMEB2bXMxMDkubWFpbHNydmNzLm5ldD4=
  amp3b2xmOSA3MDA0MmE5YWQwYzEzOWRkYjE5NDk0OWZjYjY1NzBmMg==
  +OK Maildrop ready
  STAT
  +OK 0 0
  QUIT
  And here's a failure:
  +OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) <[email protected]>
  CAPA
  +OK list follows
  TOP
  PIPELINING
  UIDL
  RESP-CODES
  AUTH-RESP-CODE
  USER
  SASL CRAM-MD5 PLAIN
  IMPLEMENTATION MMP-6.3p7.04 Sep 26 2008
  auth CRAM-MD5
  + PGZjMDAxY2M0ZjZlNDAyNjM3ZTI1MTVmMGU1MWEyYzVjQHZtczE3MTAxMy5tYWlsc3J2Y3MubmV0Pg==
  amp3b2xmOSA1NWNmNzJhYzRhZDdlMmE1ZGExZmIwZDVkMzA3NTc5OQ==
  -ERR [AUTH] Authentication failed
  You'll notice that the VZ server identifies itself at the onset of each conversation, including a build ID and date, followed by a timestamp and a server ID (e.g., vms109.mailsrvcs.net).  I'm in eastern Massachusetts, and when my client connects to incoming.verizon.net, one of a pool of V servers responds.  I've observed about 15 different servers, of which two (vms171011 and vms171013) show "6.3-7.04 (built Sep 26 2008)" and all the others show "6.2-6.01 (built Apr  3 2006)".  Furthermore, I observe that vms171011 and vms171013 consistently give this authentication failure for CRAM-MD5, but all the others (with the older build) consistently succeed in authenticating my accounts.
  I called FiOS Support, and the CSR took down took down some relevant info, said she'd pass it on the the e-mail folks.  Within 2 hours I got a call from a Verizon tech.  He said they "knew" about it and that it was a Mac problem.  It wasn't specific to VZ, and it occurred only on Macs.   He had no explanation for my observation that mail-check authentication works with 13 of VZ's servers and consistently fails with two which have a later build version/date, but he believed it was consistent with it being an Apple problem.  So naturally he was off the hook.
  He referred me to an Apple Support Forum discussion to back up his position.  I hadn't seen (or thought of looking in) the Apple forums, so I had a look and found a total of 5 threads under "Mail and Address Book".  Of course, these deal with Mail.app, .  Comcast as well as VZ.  This is the lengthiest of them:
    http://discussions.apple.com/message.jspa?messageID=8478765#8478765 
  These Apple discussion threads and the two Verizon Forum threads all mention Macintoshes, which lends credence to the tech's assertion that it's a Mac problem, not Verizon's.  I've found one that seems to depict the same thing on a PC (http://groups.google.com/group/comp.mail.eudora.ms-windows/browse_thread/thread/b426c0ca59841ca9), but it's not conclusive. 
  I don't know what PeeCee users use for a mail client or what method they use for authentication (the POP3 protocol, as amended,has several possibilities).  My Eudora app has settings for "Password", "Kerberos", and "APOP", but VZ doesn't offer Kerberos, and Eudora seems to ignore the APOP setting, so it uses only the CRAM-MD5 method, so I'm stuck.  I can't disprove that this is a Mac-only problem, but I can't understand why the CRAM-MD5 authentication always works with 13 of VZ's servers and always fails with 2 others (which happen to have a different build version/date).
  Solved!
  Go to Solution.

  With the help of a Windows-using friend, I have additional evidence that the mail-check authentication problem is NOT Mac-specific, but also can be shown to occur with a POP3 client (the final version, Eudora 7.1.0.9) using a secure authentication method (APOP) on Windows (XP Home, SP 3).  He had been observing no authentication problems, but investigation showed that his authentication setting was for "Password", which uses the basic (and very insecure) USER/PASS messages.  His Eudora does not allow CRAM-MD5, but it does have APOP authentication, which is another secure method that also uses the MD5 algorithm to encrypt the password.
  When he changed the setting to use APOP authentication, he observed the same behavior that I've reported above:
     - with most of the VZ servers (e.g., vms095.mailsrvcs.net, vms104.mailsrvcs.net) that show "6.2-6.01 (built Apr  3 2006)", the authentication succeeds
     - with vms171011.mailsrvcs.net and vms171013.mailsrvcs.net, which show "6.3-7.04 (built Sep 26 2008)", the authentication fails.
  See examples below.
  Here's a successful mail-check (these excerpts are from the Eudora log; I've edited his username):
  3244    64:13.20 Rcvd: "+OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.2-6.01 (built Apr  3 2006)) <[email protected]> [ISafe POP3 Proxy] \r\n"
  3244    32:13.20 Sent: "CAPA\r\n"
  3244    64:13.20 Rcvd: "+OK list follows\r\n"
  3244    64:13.20 Rcvd: "TOP\r\n"
  3244    64:13.20 Rcvd: "PIPELINING\r\n"
  3244    64:13.20 Rcvd: "UIDL\r\n"
  3244    64:13.20 Rcvd: "RESP-CODES\r\n"
  3244    64:13.20 Rcvd: "AUTH-RESP-CODE\r\n"
  3244    64:13.20 Rcvd: "USER\r\n"
  3244    64:13.20 Rcvd: "SASL PLAIN CRAM-MD5\r\n"
  3244    64:13.20 Rcvd: "IMPLEMENTATION MMP-6.2p6.01 Apr  3 2006\r\n"
  3244    64:13.20 Rcvd: ".\r\n"
  3244    32:13.20 Sent: "APOP XXXXX 8a45b60f3f4a52a472937e86edbfda70\r\n"
  3244    64:13.21 Rcvd: "+OK Maildrop ready\r\n"
  3244    32:13.21 Sent: "STAT\r\n"
  3244    64:13.21 Rcvd: "+OK 0 0\r\n"
  3244    32:13.21 Sent: "QUIT\r\n"
  3244    64:13.21 Rcvd: "+OK\r\n"
  And here's one that fails; note the different server build-date:
  460     64:13.23 Rcvd: "+OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) <[email protected]> [ISafe POP3 Proxy] \r\n"
  460     32:13.23 Sent: "CAPA\r\n"
  460     64:13.23 Rcvd: "+OK list follows\r\n"
  460     64:13.23 Rcvd: "TOP\r\n"
  460     64:13.23 Rcvd: "PIPELINING\r\n"
  460     64:13.23 Rcvd: "UIDL\r\n"
  460     64:13.23 Rcvd: "RESP-CODES\r\n"
  460     64:13.23 Rcvd: "AUTH-RESP-CODE\r\n"
  460     64:13.23 Rcvd: "USER\r\n"
  460     64:13.23 Rcvd: "SASL CRAM-MD5 PLAIN\r\n"
  460     64:13.23 Rcvd: "IMPLEMENTATION MMP-6.3p7.04 Sep 26 2008\r\n"
  460     64:13.23 Rcvd: ".\r\n"
  460     32:13.23 Sent: "APOP XXXXX ab2dde7d89cbbf0bf9cd409dce02e5a8\r\n"
  460     64:13.27 Rcvd: "-ERR [AUTH] Authentication failed\r\n"
  IMHO all this evidence validates my original hypothesis, that two (or more) of VZ's mail servers, which have server builds "6.3-7.04 (built Sep 26 2008)", advertise secure CRAM-MD5 and APOP authentication capabilities, but consistently fail such authentication attempts.  All the other servers with builds "6.2-6.01 (built Apr  3 2006)" handle these authentications correctly.  This has been shown to be the case on both Mac and Windows POP3 email clients.  Email clients that use the simpler and unsecure USER/PASS and AUTH PLAIN methods apparently see no authentication errors on any of the VZ servers.  This strongly points to this being a Verizon problem specific to two of the servers that we see here in eastern Massachusetts.  Others have also observed the same server-specificity; see for example http://eudorabb.qualcomm.com/showthread.php?t=13802 .  This problem has been reported since about mid-November.
  Verizon, the ball is in your court.  Find the problem and fix it!

• Hi ! I need to send an e.mail reporting a problem with de Authorized Service Provider in Brasil. I contact Apple Brasil, but didn't solve. Someone know an Apple's USA e.mail i can use ? Thanks.

  Hi ! I need to send an e.mail reporting a problem with de Authorized Service Provider in Brasil. I contact Apple Brasil, but didn't solve. Someone know an Apple's USA e.mail i can use ? Thanks.

  There is a link at the bottom of this page. http://www.apple.com/contact/

• Good morning. I need to send an e.mail reporting a problem with de Authorized Service Provider in Brasil. I contact Apple Brasil, but didn't solve. Someone know an e.mail i can use in Apple USA? Thanks.

  Good morning. I need to send an e.mail reporting a problem with de Authorized Service Provider in Brasil. I contact Apple Brasil, but didn't solve. Someone know an Apple's USA e.mail i can use ? Thanks.

  There is a link at the bottom of this page. http://www.apple.com/contact/

• Mail & Adress Book: issues sending group mail - Problem solved

  I started writing this discussion because I could not get something to work. As I wrote it, I made many tests to confirm what I was writing and also read several past discussions on the subject. I ended up solving my problem and decided to share my findings. Hope it is useful to other people.
  EMAIL TO A GROUP WITH ALL RECIEPIENTS SHOWING IN THE «TO» HEADER - My problem solved
  SENDING FROM THE MAIL APPLICATION:
  To start do the following:  Mail/Preferences/Composing  check «Show members of a group»
  Then for a group name with two or more words OR wit a one word group name, start writing the group name in the «TO» header of an email wait until the « () » appears highlithed in a color as you slowly write the Address Book group name and then select the group name from the scroling list appearing below which comes from your Adress Book (whether it's open or not). If you choose in a selection list before the « () » appears as you type, you could end up with an empty list and the group email does not work. When the « () » does not yet appear but the group name does below, it most likely will not work but if you scroll down you may find a second one that will.  The whole thing is wear but once you get the hang of it you make it work everytime.
  SENDING FROM THE ADDRESS BOOK APPLICATION:
  If you try to send the email to a group from the application ADRESS BOOK by pressing «ctrl» & right clicking the name of the group and select «Send an email to GROUP-NAME», it will work also. But the group name must not have a space before its name in the Address Book (one could decide to do this to have a group to appear at the top of a list of groups). The latter was my problem and sending from the address book application did not work.
  EMAIL TO A GROUP WITH «UNDISCLOSED RECIPIENTS» SHOWING IN THE «TO» HEADER  - My problem solved
  First one has to uncheck the «Show members of a group» in Mail/Preferences/Composing
  Second strat a new email and proceed as described above in «1.»  in the second and third paragraph.
  As suggested in one discussion, if you still can not get it to work try closing your Mail and Address Book applications and re-open them.
  As suggeted in another discussion by Ernie Stamper on May 15 2009 in the «Can't send an email to a group»:
  «In Mail Preferences/Composing, select to Show members of a group, and then compose a message (no need to send for this test) using the group address -- do the 9 addresses show in the message header? If so, then report the name of the provider of the SMTP you are using. It might be that they do not allow the Group in the To -- when working correctly, the recipient sees only Undesignated Recipients in the header.»
  I'm using Mac OS X 10.7.5 and Mail 5.3 (1283) on an iMac 2009
  Can't send an email to a group.

  Hi Priyanka,
  I can't get it working. I get this error:
  2007/03/25 17:23:00] Error in evaluate <from> expression at line "98". The result is empty for the XPath expression : "ids:getUserProperty('esbMailTo', 'mail', 'jazn.com')".
  [2007/03/25 17:23:00] "{http://schemas.xmlsoap.org/ws/2003/03/business-process/}selectionFailure" has been thrown.less
  - <selectionFailure xmlns="http://schemas.xmlsoap.org/ws/2003/03/business-process/">
  - <part name="summary">
  <summary>
  empty variable/expression result.
  xpath variable/expression expression "ids:getUserProperty('esbMailTo', 'mail', 'jazn.com')" is empty at line 98, when attempting reading/copying it.
  Please make sure the variable/expression result "ids:getUserProperty('esbMailTo', 'mail', 'jazn.com')" is not empty.
  </summary>
  </part
  In users-properties.xml I have this:
  <userObject>
       <name>esbMailTo</name>
          <description>MailTo</description>
       <mail>[email protected]</mail>           
       <title>Loan Agent 1</title>
       <firstName>James</firstName>
       <lastName>Cooper</lastName>
       <manager>jstein</manager>
          <timeZone>America/Los_Angeles</timeZone>
       <languagePreference>en-US</languagePreference>
       <notificationPreferences>Mail</notificationPreferences>
       </userObject> Any ideas?
  Regards Pete

• Cannot get or send in MAIL. Problem solved.

  Previous problem solved by Apple expert in Express Lane. Thanks.

  It's helpful if you post what the solution was.

• Cannot use SASL Authentication Through GSSAPI on DS 6.3

  I try to kerberized DS 6.3. I do step by step instruction from "Sun Java System Directory Server Enterprise Edition 6.3" and it doesn't work.
  When I try to configure the Directory Server to Enable GSSAPI I get an error:
  modifying entry cn=SASL,cn=security,cn=config
  ldap_modify: DSA is unwilling to perform
  ldap_modify: additional info: Modification not allowed on attribute dsSaslPluginsPath
  After all when I try to authenticate to the Directory Server i get response:
  ldap_sasl_interactive_bind_s: Authentication method not supported
  ldap_sasl_interactive_bind_s: additional info: sasl mechanism not supported
  Logs file:
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=-1 msgId=-1 - fd=22 slot=22 LDAP connection from 10.3.233.4:33054 to 10.3.233.4+
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=0 msgId=1 - BIND dn="" method=sasl version=3 mech=GSSAPI+
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=0 msgId=1 - RESULT err=7 tag=97 nentries=0 etime=0, sasl mechanism not supported+
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=1 msgId=2 - UNBIND+
  +[22/Sep/2008:10:28:11 +0200] conn=2 op=1 msgId=-1 - closing from 10.3.233.4:33054 - U1 - Connection closed by unbind client -+
  +[22/Sep/2008:10:28:12 +0200] conn=2 op=-1 msgId=-1 - closed.+
  system specyfication:
  Solaris 10 x86 64-bit
  DS 6.3 B2008.0311.0212 NAT

  See http://forums.sun.com/thread.jspa?forumID=761&threadID=5202246 for a description of the problem and a workaround.
  If you have a Sun support contract, you can request an escalation of CR 6637404.
  Also, note that it looks like part of the documentation went missing. In DS5.2 the docs included an additional step
  Chapter 11 Implementing Security
  Configuring Client Authentication
  SASL Authentication Through GSSAPI (Solaris Only)
  http://docs.sun.com/source/816-6698-10/ssl.html#18500
  ldapmodify -D 'cn=directory manager'
  dn: cn=SASL,cn=security,cn=config
  changetype: modify
  add: dsSaslPluginsEnable
  dsSaslPluginsEnable: GSSAPI
  replace: dsSaslPluginsPath
  dsSaslPluginsPath: /usr/lib/mps/sasl2/libsasl.so
  modifying entry cn=SASL,cn=security,cn=config
  ldap_modify: DSA is unwilling to perform
  ldap_modify: additional info: Adding attributes is not allowed
  -------------------------------------------------------------

• Webservice authentication problem

  Web Service Authentication problem
  Posted: Jun 17, 2005 3:32 PM        Reply      E-mail this post 
  Hi
  I have created a portal service and exposed this service as a webservice. I am consuming this webservice in webdynpro. Portal service contains 2 simple methods putdata() and getdatat().
  When i access the webservice i am getting the following error.
  "javax.xml.rpc.soap.SOAPFaultException: The User Authentification is not correct to access to the Portal Service com.sap.portal.prt.soap.GlobalData or the service was not found"
  My Enterprise portal server is configured for SSO to back end R/3 system. I have checked for portal service availability and it is fine.
  My Webdynpro and Portal are running on different machines. EP is running on AIX with SP11.
  Any help please.
  Regards
  NagaKishore V

  Hi Shahab,
  Can you reproduce the issue if you create 2 applications. One that exposes a secured web service and the other one the one, consumes the web service? This would help to isolate the issue and move forward in case is a bug.
  Thanks,
  Juan Camilo

• SSO Certificate-based authentication problem

  Hello,
  I have successfully configured certificate-based authentication, and I am able to authenticate with a user certificate that I created with OCA which is stored in the user's profile in OID. Here lies my problem, it seems as if the authentication module (ssomappernickname) only validates against the first certificate stored in the user's profile(userCertificate attribute). This is after I add another certificate to the user's profile. Below is the problem I am describing during my tests:
  Order of certificates stored in user's profile.
  1. valid cert, invalid cert -> successful authentication
  2. invalid cert, valid cert -> unsuccessful authentication (it should STILL be successful here)
  Shouldn't the SSO authentication module search each binary certificate in the multi-value attribute for the correct certificate? Or is there some LDAP control that I need to set in order to get this problem solved? Basically, I need to be able let user's perform certificate authentication against multiple certificates in their profiles.

  For the benefit of anyone finding this, in my case this problem was resolved by reimporting my internal CA's Cert into the ASA.
  I suspect I had inadvertently imported an expired CA Cert into the ASA and this rather un-informative error 1838 is trying to tell you this. 

• WLC 5508 WPA Authentication Problems

  Hello,
  We have a WLC 5508 with 7.4.100.0 Firmware.
  We are using 1141 and 1142 APs and we are having authentication problems with clients that are connecting to our WLAN with WPA+AES autentication. The clients receive in her laptop a password error, and we receive the following log in wlc:
  Client Excluded: MACAddress:f8:f1:eb:dd:ff:cd Base Radio MAC :08:ad:dd:76:4d:30 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4
  The strange thing is that the problem is solved restarting the Access-points.
  Anyone had this problem previusly?
  Thanks in advance.

  I made the configuration using the Cisco Recommended settings, the strange thing its that the users connect normally, until they starts with authentication problems. I restart the access points and the problem its solved.
  Cisco Recommended  and not recommended Authentication Settings
  Security encryption settings need to be identical for WPA and WPA2 for TKIP and AES as shown in this image:
  These images provide examples of incompatible settings for TKIP and AES:
  Note: Be aware that security settings permit unsupported features.
  These images provide examples of compatible settings:

• WiFi Authentication problem

  I have an iMac, and iPad, a Blackberry (forgive me) and Airport for my WiFi all of my pieces are working fine with my WiFi.  I had guests over the other day and we could not allow my guests iPads or iPhone to sign onto my network.  I bought my dad a generic tablet to use for solving cross words, etc., and I cannot sign into my own network.  No opportunity exists to put in a password because it just reads "Authentication Problem".
  No opportunity exists, therefore, to enter the password.  Signal strength is excellent, Securty is WPA2 PSK, I touch connect and it says Saved Secured with WPA2 and then goes back to "Authentication Problem."
  I've unplugged (and plugged back in) both the Airport / router and Internet Service provider's modem. I've rebooted my iMac and the new generic pad 3 times each. 
  I had 2 networks one for me and one for guests, can't get into either, identical problem. I can see all of the neighbour's networks and they're all locked and say secured with (various WPA/WPA2, etc., just mine says Authentication Problem.  I plugged the tablet into my iMac and it's functioning well.
  I now deleted the guest network and can't open a new network. 
  I've triple checked my passwords, hand written and in the Key Chain.
  I've checked my Apple ID (I'm able to get into this forum).
  Both my iPad (purchased May 2013) and BlackBerry (received free July 2013) signed in without any problems.
  I cannot see why I can't get into my network ~ any ideas?

  Hello,
  Hmmm..."problem"...pretty hard to understand. Can you provide more details? What exactly do you try? What exactly happens at each step of what you try? What is the exact and complete content of any error messages presented?
  Please remember that we can't see you nor your device. We have only your words to help us understand your situation, and such understanding is the natural prerequisite to providing you with any useful guidance.
  Thanks and let us know.
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Firefox 7.0.1 causes windows live mail to report problem when link is clicked

  When Firefox 7.0.1 is not open and a link in an email is selected (Windows Live Mail), mail reports an error "there was a problem sending the command to the program". The requested website does load after this with no problems. This same error has been previously reported with Firefox 4, however I have only recently had the problem.

  Solved (for me). The problem was Roboform 7.5.5. When they updated Roboform to 7.5.6, the issue with Firefox 7 was resolved. Note that the problem did not occur with any other browsers before, and now it is fixed in Firefox 7.

• SASL Authentication...again...

  Last time i posted this question:
  While using iDS 5.1 and a test user "uid=jdoe,ou=xxx,o=xxx" we've been getting same results over and over again: Authentication failed. Passwords are being set to CLEARTEXT, user being created using default user template so it contains the userpassword-attribute, and in the Java-code we've been using MD5 Digest authentication 'cause that's the method it supports. This is what is being done in the code:
  1. Client connects server using ldapHost and ldapPort.
  2. Hashtable "env" is being constructed.
  3. Environment properties INITIAL_CONTEXT_FACTORY, PROVIDER_URL, SECURITY_PRINCIPAL and SECURITY_CREDENTIALS of context are being specified.
  4. if ldapconnection.isauthenticated() is TRUE, print "success", else print "failed".
  All environment properties are of course used via env.put(context.property_name, "value");
  Is this it? What else should it do? All values match the ones being set in DS. Still authentication fails. "
  We still have this problem but the thing that has come up is the supportedSASLMechanisms gives "no attributes" if asked with database name, but gives correct values when asked just with IP-address of server. To make long story short, this works:
  Attributes attrs = ctx.getAttributes("ldap://<ip-address>"new String[]{"supportedSASLMechanisms"});
  System.out.println(attrs);
  This doesn't work:
  Attributes attrs = ctx.getAttributes("ldap://<ip-address>/o=<organization>"new String[]{"supportedSASLMechanisms"});
  System.out.println(attrs);
  Is there a access control in NetscapeRoot that differs from our database controls that makes this happen?

  I think I have get little bit closer to get SASL authentication work, but now my program throws this kind of exception:
  javax.naming.AuthenticationException: SASL authentication failed. Root exception is java.lang.NoSuchMethodError
  at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:116)
  at java.lang.reflect.Method.invoke(Native Method)
  at com.sun.jndi.ldap.LdapClient.saslBind(LdapClient.java:369)
  at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:185)
  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2386)
  at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:239)
  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:74)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:660)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:241)
  at javax.naming.InitialContext.init(InitialContext.java:217)
  at javax.naming.InitialContext.<init>(InitialContext.java:193)
  at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:78)
  My code (I'm using jdk1.3.1):
  import javax.naming.*;
  import javax.naming.directory.*;
  import java.util.Hashtable;
  class DigestTesti {
  public static void main(String[] args) {
       Hashtable env = new Hashtable();
       env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
       env.put(Context.PROVIDER_URL, "ldap://000.000.000.000:000");
       env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
       env.put(Context.SECURITY_PRINCIPAL, "dn:uid=JDoe,ou=...,o=...,dc=..., dc=...");
       env.put(Context.SECURITY_CREDENTIALS, "...");
       env.put("java.naming.security.sasl.realm", "...");
       try {
       DirContext ctx = new InitialDirContext(env);
       System.out.println(ctx);
       } catch (NamingException e) {
       e.printStackTrace();
  What could been wrong with my code?
  Regards,
  Janne

• Jdk1.3 vs jdk1.4 and SASL authentication

  I'm trying to get SASL authentication work with jdk1.3 and iPlanet Directory Server. Everytime I get same exception:
  SASL authentication failed. Root exception is java.lang.NoSuchMethodError
  When I try with jdk1.4 everything works fine. Now I'm just wondering that is there other things that I should take care when I try get authentication work with jdk1.3. I know that all the extension packages are integrated to the jdk1.4 and I have set same packages to the CLASSPATH when I'm trying to do same with jdk1.3, but same exception occurs than above.
  Does anyone know what's the problem?
  Thanks,
  Janne

  Hi ,
  Jsse 1.0.3 (strictly this version only) is needed along with jdk1.3 for the SASL or SSL authentication to be done fine.
  Hope this helps,
  Regards,
  Sathya