NAC appliance local authentication not working
Hi,
i am trying a test scenario for NAC. it is oob virtual gateway
I get the login page when i try to access the web but when i try to authenticate to the local db i don;t receive an error message and i remain on the authentication screen.
I listened with tcpdump on both interfaces. on the untrusted side i see traffic but on the trusted side no diffrence in traffic appears(but maybe this is normal)
can someone please help with the detailed steps the authentication follows
not just host->nas->nam(localdb)
or some ideas
Thank you!
I doubt this will help, but here goes. I seem to remember a similar issue here, and I went into my browser's proxy settings and turned them off. Then I could authenticate, but not browse the web. So after authenticating I turned them back on and it was fine. There is a tab on the NAC Device Management > Clean Access Servers > >Advanced> Proxy where you can tell clean access about a proxy server, but I don't know if that's relevant.
I assume you have verified that your local user ID works by testing the auth server with it and that it has a profile that allows you to go someplace.
Similar Messages
-
Revision: 1720
Author: [email protected]
Date: 2008-05-14 14:50:06 -0700 (Wed, 14 May 2008)
Log Message:
Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints.
QA: Yes
Doc: No
Details:
Update to the TomcatLoginCommand to work correctly with NIO endpoints.
Ticket Links:
http://bugs.adobe.com/jira/browse/LCDS-304
Modified Paths:
blazeds/branches/3.0.x/modules/opt/src/tomcat/flex/messaging/security/TomcatLoginCommand. javaRevision: 1720
Author: [email protected]
Date: 2008-05-14 14:50:06 -0700 (Wed, 14 May 2008)
Log Message:
Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints.
QA: Yes
Doc: No
Details:
Update to the TomcatLoginCommand to work correctly with NIO endpoints.
Ticket Links:
http://bugs.adobe.com/jira/browse/LCDS-304
Modified Paths:
blazeds/branches/3.0.x/modules/opt/src/tomcat/flex/messaging/security/TomcatLoginCommand. java -
Oracle 10gr2 locally is not working after installing Oracle 11g
hi ,
Does anyone has any idea after installing oracle 11g in system, Oracle 10g locally is not working. I am getting below error.
Forms session <2> failed during startup: no response from runtime processGenerally this is because the software you install last updates the system environment variables with its information, thereby break products that use files with similar names. Specifically, look at PATH and ORACLE_HOME. Likely you will see that entries for your 11g installation will be displayed first. In order to use v10, you would need to change this or use script files to start executibles. For Forms runtime, be sure to properly set default.env to point to the desired PATH
-
Ldap authentication not working for Solaris 8 host - Help!
Greetings folks,
I just recently migrated a host to use LDAP authentication. The only difference between this host and the rest of the hosts in the environment that I've converted to use LDAP is that this one is running Solaris 8.
Here's the steps I took to migrate it (though, I used the same steps for another Sol8 host in another environment and it works fine):
ldapclient -P stg -d mydomain.com -D cn=proxyagent,ou=profile,dc=mydomain,dc=com -w secret 192.168.1.69
My /etc/nsswitch.conf looks like this:
passwd: files ldap
group: files ldap
My /etc/pam.conf looks like this:
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth sufficient pam_unix_auth.so.1
login auth required pam_ldap.so.1
sshd auth requisite pam_authtok_get.so.1
sshd auth sufficient pam_unix_auth.so.1
sshd auth required pam_ldap.so.1
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth sufficient pam_unix_auth.so.1
other auth required pam_ldap.so.1
passwd auth sufficient pam_passwd_auth.so.1
passwd auth required pam_ldap.so.1
I've also cleared out the local user accounts for my human users, so there aren't any more passwd or shadow entries (yes, I ran pwconv). I also cleaned out the /etc/group entries for the same users. The machine appears to be configured properly, because I can run various DS commands that indicate this:
hostname# getent passwd user1
user1::1001:1001:User 1:/opt/home/user1:/bin/bash
hostname# ldaplist -l passwd user1
dn: uid=user1,ou=people,dc=mydomain,dc=com
shadowFlag: 0
userPassword: {crypt}(removed)
uid: user1
objectClass: posixAccount
objectClass: shadowAccount
objectClass: account
objectClass: top
cn: user1
uidNumber: 1001
gidNumber: 1001
gecos: User 1
homeDirectory: /opt/home/user1
loginShell: /bin/bash
However, in the end, actual logins to this host fail via ssh. Snooping the traffic reveals that all the right info is being handed back to the client, including the crypt'ed password hash, uid, etc. just like I see with other hosts that work.
Any ideas?
Thanks!
PatrickI assume you have applied lastest kernel patch and 108993 to this Solaris8 machine, and its nss_ldap.so.1 and pam_ldap.so.1 are the same as the other Solaris8 LDAP clients that are working for ssh via LDAP auth.
1) Please replace "objectClass: account" with "objectClass: person", I know SUN ONE DS5.2 likes "person".
2) Did you test and verify telnet/ftp/su working? but SSH not working?
3) If telnet/ftp/su all worked, and SSH (SUN-SSH or OpenSSH), make sure you have "UsePAM yes" in sshd_config and restart sshd.
4) It is not a must I think but normally I will add "shadow: files ldap" to /etc/nsswitch.conf, restart nscd after that.
5) Whenever ldapclient command is run and ldap_cachemgr is restarted, I usually also restart nscd and sshd after that, if not testing result may not be accurate as nscd is still remembering OLD stuffs cached which could be very misleading.
6) You may use "ssh -v userid@localhost" to watch the SSH communications, on top of your usual "snoop"ing of network packets.
7) Use the sample pam.conf that is meant for pam_ldap from Solaris 10 system admin guide with all the pam_unix_cred.so.1 lines commented out. This works for me, there is no sshd defintions as it will follow "other".
http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=view
Gary -
Sg300 - 802.1x NPS - mac authentication not working
I configured 802.1x on a sg300 switch. It is working very well with some Windows 7 machines and a Windows Server 2008 NPS server.
Now I tried to get the MAC authentication running, on a 3850X it is working without problems, but every access request sent from the SG300 is declined.
My current port configuration on the SG300:
interface fastethernet1
dot1x guest-vlan enable
dot1x max-req 1
dot1x reauthentication
dot1x timeout quiet-period 10
dot1x authentication 802.1x mac
dot1x radius-attributes vlan static
dot1x port-control auto
switchport mode access
On the Windows NPS server there is following error to see:
Authentication Details:
Connection Request Policy Name: Secure Wire
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: myradius.local
Authentication Type: -
EAP Type: -
Account Session Identifier: 30353030399999
Reason Code: 1
Reason: An internal error occurred. Check the system event log for additional information.
There is compared to the message from the 3850 the authentication type missing (PAP) and a not very helpful error message displayed...Still not working.
I tried different settings and (also older) software versions on the SF302-08P.
Also started to change the settings on the NPS (though it is working with the 3850X!), without success.
The NPS reports following error:
Schannel:
The following fatal alert was received: 40.
EventID 36887
If I search for this error, every source is pointing to certificate errors, but there should not be any certificate involved?!
... is this a bug on the SF302-08P? -
NAC OOB logoff feature not working
Hi all,
I've deployed NAC in L2 OOB VG mode with ADSSO and I'm trying to use the OOB logoff feature but it's not working. The VLAN change detect feature doesn't work either (I think the two problems might be related).
It will work if each user role is assigned a different auth/access VLAN pair but in my setup, everyone has a common auth vlan and separate role-based access vlans. Because of this, I have to use the IP refresh feature as well (this works fine).
I'm running Windows Vista and version 4.8.0 of the NAC software with version 4.8.1.5 of the agent
I checked the release notes and found that caveat CSCth60233 identifies this bug with the VLAN change detect with the workaround being to refresh the IP address automatically after being logged out. Does anyone know of a workaround for this problem to do this automatically? Is a solution for this problem in the works?
Also would anyone be able to help me with my OOB logoff feature not working? I've configured everything according to the documentation.
I appreciate your responses
~XavierHere are my configs if necessary. Tell me if anything else is needed.
User Management > User Roles
List of Roles
Edit Role
Traffic Control
Bandwidth
Schedule
Disable this role
Role Name
Role Description
Role Type
Normal Login Role Quarantine Role
*Max Sessions per User Account ( Case-Insensitive Session Identifiers )
(1 – 255; 0 for unlimited)
Retag Trusted-side Egress Traffic with VLAN (In-Band)
(0 – 4095, or leave it blank)(*This option has been deprecated, and it will be removed in upcoming releases)
*Out-of-Band User Role VLAN
VLAN ID VLAN Name (if left blank, it will default to the default access vlan settings in the Port Profile)
*Bounce Switch Port After Login (OOB)
Enable Disable (This option is effective only when port profile is set to use it)
*Refresh IP After Login (OOB)
Enable Disable (This option only applies to L2 OOB Virtual Gateway with Role VLAN as Access VLAN and switch port is NOT bounced after VLAN change)
*After Successful Login Redirect to
previously requested URL
this URL:
(e.g. http://www.cisco.com/)
Redirect Blocked Requests to
default access blocked page
this URL or HTML message:
*Show Logged-on Users
User info
Logout button
Enable Passive Re-assessment (To enable Passive Re-assessment for OOB Agent connections, you must also enable the OOB Logoff option at Device Management > Clean Access > General Setup > Agent Login.)
Re-assessment Interval
(Minimum of 60 minutes and maximum of 1440 minutes [24 hours])
Grace Timer
(Minimum of 5 minutes and maximum of 30 minutes)
Default action on failure
Continue Allow user to remediate Logoff user immediately
(*only applies to normal login role)
Device Management > Clean Access
Certified Devices
General Setup
Network Scanner
Clean Access Agent
Updates
Web Login · Agent Login
User Role
Unauthenticated Role(not common) role_engineer role_developer role_admin role_sales role_guest
Operating System
ALL WINDOWS_ALL WINDOWS_XP WINDOWS_VISTA_ALL WINDOWS_7_ALL MAC_ALL MAC_OSX LINUX FREEBSD SOLARIS_ALL SOLARIS_86 SOLARIS_SPARC UNIX VMS OS2 PALM
(By default, 'ALL' settings apply to all client operating systems if no OS-specific settings are specified.)
Enable OOB logoff for Windows NAC Agent and Mac OS X Agent (This global option applies to all OOB CASs and user roles and enables Agent logout and heartbeat timers for OOB Agent connections. You must also enable this option for Passive Re-assessment to function with OOB Agent connections.)
Require use of Agent
(for Windows & Macintosh OSX only)
Agent Download Page Message (or URL):
Network Security Notice: This network is protected by a Cisco NAC Appliance Agent, a component of the Cisco NAC Appliance Suite. The Agent ensures that your computer meets the requirements for accessing this network, and helps you keep your computer secure and up-to-date.
Please use the Agent to log in to the network.
If you don't have the Agent software yet, download it by clicking the button below. After downloading the installation file, run it to complete the installation.
If you have already downloaded and installed the Agent, please close this window and right-click the Agent icon in the system tray and choose Login from the menu. Enter your usual network user name and password in the login window.
Require use of Cisco NAC Web Agent (for Windows only)
Cisco NAC Web Agent Launch Page Message (or URL):
Network Security Notice: This network is protected by the Cisco NAC Web Agent, a component of the Cisco NAC Appliance Suite. The Cisco NAC Web Agent ensures that your computer meets the requirements for accessing this network, and helps you keep your computer secure and up-to-date.
Please launch Cisco NAC Web Agent by clicking the button below.
Allow restricted network access in case user cannot use NAC Agent or Cisco NAC Web Agent
Restricted Access User Role:
role_engineer role_developer role_admin role_sales role_guest
Restricted Access Button Text:
Restricted Network Access Message:
Restricted Network Access: If you cannot use a Cisco NAC Appliance Agent, you can obtain restricted network access temporarily by clicking the button below.
Show Network Policy to NAC Agent and Cisco NAC Web Agent users (for Windows only)
Network Policy Link:
Logoff NAC Agent users from network on their machine logoff or shutdown after
secs (for Windows & In-Band setup, for OOB setup when OOB Logoff is enabled)
(Setting the time to zero secs will logout user immediately. Valid range: 0 - 300 secs.)
Refresh Windows domain group policy after login
(for Windows only)
Automatically close login success screen after
secs
(Setting the time to zero secs will not display the login success screen. Valid range: 0 - 300 secs.)
Automatically close logout success screen after
secs
(for Windows only)
(Setting the time to zero secs will not display the logout success screen. Valid range: 0 - 300 secs.) -
Local printers not working with 2504 WLC
I have a 2504 WLC with 3 1262 WAPs in lightweight mode.
Clients connect using WPA2 PSK AES with no problem. Clients are Windows XP Home SP3. Test pages end up in print queue and eventually get a error printing status. Clients are not part of a domain and in a standalone workgroup - techstream.
Printer can be pinged from wireless client.
Another 1262N WAP in standalone mode connected to same lan from windows 7 sp1 clients have no problem printing to a local printer.
What does work on the Windows XP Home client is connecting to a network shared printer authenticating with domain admin id and password and it works. Reboot and the network shared printer can not connect multiple reasons are "access is denied" and message box says "only security tab will be displayed....." Another Windows XP Home SP3 client on reboot can't open the network shared printer with message "Can't find printer"
The local printers do work on these pc's with an old colubris router that has an outside interface on our lan and internal network with clients getting dhcp address from colubris router of 192.168.3.XXX .
What is wrong with the wireless 2504 WLC?
Thanks
Broadcast forwarding was enabled.Although a cisco tech support was helpful in making sure multicasting was enabled and a multicast server defined, the problem was at the CP2025DN printer. It had old network ip mask and gateway configured on the printer.
The new devices were part of the new network configuration (Mask and gateway had changed). I didn’t change that printer when I changed all the other printers at the facility because it was still active thru the old wireless network. I forgot to change the printer ip config when I brought the new wap on the new wireless network with the wlc 2504.
End result was the clients were part of a different subnet and gateway configuration then the printer and this disrupted the communication between clients and the printer. Once I corrected the mask and gateway on the printer to be the same as the dhcp scope of the wireless network, communication and printing worked.
Problem solved. User error -
Wireless with PEAP Authentication not working using new NPS server
All,
We are planning to migrate from our old IAS server to new NPS server. We are testing the new NPS server with our wireless infrastructure using WISM. We are using PEAP with server Cert for authentication. For testing purpose we are doing user authentication but our goal is to do machine authentication. On client side we are using Windows XP, Windows 7 & iPAD’s
I believe I have configured the NPS & CA server as per the documents I found on Cisco support forum & Microsoft’s site.
But it is not working for me. I am getting the following error message on the NPS server.
Error # 1
=======
Cryptographic operation.
Subject:
Security ID: SYSTEM
Account Name: MADXXX
Account Domain: AD
Logon ID: 0x3e7
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: XXX-Wireless-NPS
Key Type: Machine key.
Cryptographic Operation:
Operation: Decrypt.
Return Code: 0x80090010
Error # 2
======
An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
I was wondering if anyone has any insight on what is going on.
Thanks, DsScott,
I have disabled MS-CHAP v1 & only MS-CHAP v2 is enabled on Network Policies > Constraints.
I disabled validate Certificate on Windows 7 and tried to authenticate, it is still failing. Here is the output from the event viewer:
Cryptographic operation.
Subject:
Security ID: SYSTEM
Account Name: MADHFSVNPSPI01$
Account Domain: AD
Logon ID: 0x3e7
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: DOT-Wireless-NPS
Key Type: Machine key.
Cryptographic Operation:
Operation: Decrypt.
Return Code: 0x80090010
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: AD\mscdzs
Account Name: AD\mscdzs
Account Domain: AD
Fully Qualified Account Name: AD\mscdzs
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 64-ae-0c-00-de-f0:DOT
Calling Station Identifier: a0-88-b4-e2-79-cc
NAS:
NAS IPv4 Address: 130.47.128.7
NAS IPv6 Address: -
NAS Identifier: WISM2B
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 29
RADIUS Client:
Client Friendly Name: WISM2B
Client IP Address: 130.47.128.7
Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: Secure Wireless Connections
Authentication Provider: Windows
Authentication Server: MADHFSVNPSPI01.AD.DOT.STATE.WI.US
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 23
Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
Attached are EAP logs & debug logs from the controller.
Thanks for all the help. I really appreciate. -
Local Printer not working via Remote Link
I have a problem with my remote desktop printing to my local printer. I connect via RD on Windows 7 Home to Windows 7 Pro. I have installed an HP Laserjet Pro CM1415fn printer. All prints fine locally. Also everything printed fine
but have had to have a recent update to my Remote PC that I log into. So the printer had to be reinstalled.
All worked ok for about 6 print jobs then stopped working. Nothing has changed. I have changed the settings on the printer as it seemed to be when the printer went into 'Sleep' mode. I have tried restarting the Printer Spooler in Services
and rebooting the remote PC but no joy.
Any ideas please.Hi,
You mean after the reinstallation, the local printer worked for a while and then stopped working with nothing changed?
Take a try with the printer troubleshooter:
Open the Printer troubleshooter
Also see if the below thread could help:
Local Printing with
Remote Desktop not working: Windows 7 Pro 32-bit & MS Server 2003
Best regards
Michael Shao
TechNet Community Support -
Absolute links on hml page in local directory not working
All the absolute links on my html pages (which are on my hardrive) are being treated as local links and are therefore not working - i.e. Firefox is adding the local file path before the url. For example, the original link is: http://www.insidehousing.co.uk/legal/criminal-conviction-for-illegally-subletting-tenant/6518844.article
But Firefox is adding the directory path so the url string becomes: /www.insidehousing.co.uk/legal/criminal-conviction-for-illegally-subletting-tenant/6518844.article%E2%80%9D
It is also being appended with: %E2%80%9D (which, when tested from a Word page, leads to site but generates page not found error).
For testing purposes, is there any way I can reconfigure Firefox to parse my links as absolute?
Many thanksThanks, both. I have carried out cor-el's suggestion of replacing the smart quotes with dumb quotes, then tried viewing link on file again using different encoading, including UTF-16 - same result as before.
Below I've set the HTML of the whole page, as per yalam96's request (it includes cor-el's suggested fix to the "prosecute" link):
<pre><nowiki><h3>Who do you need to inform (in the UK)?</h3>
<p>If you have a mortgage, you will need to inform your provider (with most lenders this shouldn't be an issue – you do not need “consent to let” as you would if you were letting out the whole property) but you do still need to inform them; why? This is partly for the protection of your lodger, if you should default on the mortgage or die, but mostly for your own protection – if the property was destroyed or badly damaged because of the negligence of your lodger.</p>
<p>If own your property and it's leasehold, check the lease – you may need permission from the freeholder.</p>
<p>If you rent your property, you will need to firstly check with your landlord (this applies whether you rent privately or from a public landlord – Local Authority or Housing Association), and get their permission in writing, just as you would with a mortgage provider. Incidently, in the UK, a public landlord is only likely to object to the let if moving a lodger in would mean your home becomes over crowded (e.g. you have a two bed flat and your children would have to share your bedroom). They will also object – they might even <a href=”http://www.insidehousing.co.uk/legal/criminal-conviction-for-illegally-subletting-tenant/6518844.article">prosecute</a> - if you move out and let the whole property to the “lodger” (who wouldn't be a lodger in that case, but a full tenant, with full tenant's rights).</p>
<p>You may also need to cancel any existing residential home insurance and take out <a href=”http://www.landlordinsurance.biz/landlord-insurance-guides/landlord-insurance-faq/”>landlord insurance</a>. A few residential policies will, however, allow lodgers. Landlord insurance will not cover the lodger's possessions, they will need to get their own insurance, known as Tenant Insurance – policies can be compared on sites such as <a href=”http://www.confused.com/campaign/home-insurance/tenants-content-insurance?MediaCode=1054&kw=lodger+contents+insurance+broad&gclid=CPbbn9-Nj7MCFanItAod3GAAog”>confused.com</a></p>
<p>If you get a single occupier's discount on your council tax, you will need to inform your local authority, unless your lodger is <a href=”https://www.gov.uk/council-tax/council-tax-exemptions”>exempt</a> from paying council tax (e.g. they're a university student).</p>
<p>NB People claiming Jobseeker's Allowance and most other benefit claimants are <b>not</b> exempt – they are, however, usually entitled to Council Tax Benefit to help with some or all the cost of their council tax.</p>
<p>If you're letting on a Monday – Friday basis (to someone who only needs a week night let), this person would not normally pay council tax at your property, as they already pay against their main (family) home. However, if for whatever reason you and your Monday – Friday lodger decided that they would use your address as their main home, they would then become liable to pay council tax at your address and you would lose any single occupier's discount.</p>
<p>If you claim any kind of means tested benefit (such as job seeker's allowance, housing benefit or council tax benefit) as benefit rules currently stand (January 2013) your rental income will affect this. <b>Contribution</b> based Job Seeker's allowance (JSA(C)) will be affected if your weekly rental income exceeds £50. If you're on income based jobseeker's allowance (JSA(I)), it's very likely to be affected; however, to what extent will depend on your rental earnings and circumstances and a DWP adjudicator will decide this.</p>
<p>However, from October 2013, when Universal Credit takes effect in the UK, <a href=”http://www.insidehousing.co.uk/tenancies/lodger-rules-to-ease-impact-of-bedroom-tax/6522846.article?MsgId=57059”>a <b>public housing</b> tenant's income from renting a room will no longer affect their benefit entitlement.</a></p></nowiki></pre> -
Maverick Local Host Not Working Correctly
Hello,
I recently upgraded to Maverick 10.9.2. Now my local host is working incorrectly? Now when I try to access one of my sites on my local machine, it just shows the php code and not loading the pages? I also restored httpd.conf~previous to httpd.conf, and still the same issue?
Also
* Web sharing is on
*PHP is enabled
*Mysql is running
Did I mis something?
Thanks JRHello,
I recently upgraded to Maverick 10.9.2. Now my local host is working incorrectly? Now when I try to access one of my sites on my local machine, it just shows the php code and not loading the pages? I also restored httpd.conf~previous to httpd.conf, and still the same issue?
Also
* Web sharing is on
*PHP is enabled
*Mysql is running
Did I mis something?
Thanks JR -
Cisco Ise Central Web authentication not working
Hello Guys,
CWA is not working. It says that authentication suceeded but posture status is pending. No error in my Monitor--authentication. Checking it in my Windows 7, it does not shows the CWA portal.
What might be the possible problem of this.?
thanksKindly review the below links:
http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml
http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml -
"Allow insecure authentication" not working on mac mail after upgrade to Yosimite
I recently upgraded to the new Yosemite OS. Since then, I have not been able to access my ISP's IMAP server. After spending time troubleshooting with the service provider, it seems that the "allow insecure authentication" feature is not working. The password appears to be sent as a series of "*" which the server can not recognize and I fail the login. It is of note that I am still able to access this email account through my iPhone 4S with all the same settings and had no issues before the Yosimite upgrade. Is there anyway around this issue?
I had the same problem. Rebooting the computer fixed the issue for me.
-
J2EE and user authentication not working
Hi,
has anyone gotten the basic/form based authentication to
work in the latest version of the 9iAS?
Oracle9iAS (9.0.2.0.0)
I've read all the posts and articles from orionsupport.com
BUT it still does not work.
Support Folks from ORacle: Where is the latest documentation
for the Server ???? Everything seems outdated??
cheers,
VijayHi,
You can change User and password through SU01 through UME. and also read SNote: Note 891614 - Login problems / Expired password
Regards
Thomas -
Kerberos Authentication Not Working on OS X 10.6
Using FF version 20.0, on OS X 10.6.8, I can not get it to use Kerberos authentication to allow SSO to a SharePoint web site.
On OS X 10.8, with the same configuration in the about:config, everything works fine - the user is not prompted for credentials.
I have put the necessary entires in network.negotiate-auth.delegation-uris and network.automatic-ntlm-auth.trusted-uris, network.negotiate-auth.gsslib is set to true.
When I have setup to log the errors from the authentication module, I find in the log file "Fail to load gssapi library".
Interestingly on 10.8, when I start Firefox from the command line the Kerberos authentication does not work. When I start it via the icon, it does. What is the difference? Are the preferences not being loaded when launching via the command line?
Thanks for any help,
RichardFound the solution:
Was a combination of kinit being run on login (apparently a known 10.6 bug). Our Mac team were able to alter the appropriate plist file so that this does happen on login.
We also had to add an extra SPN for the actual server, as well as the DNS name of the SharePoint site we were trying to access with Kerberos authentication - although this may have something to do with using host-named site collections at the SharePoint end.
Main problem was the kinit thing though.
Maybe you are looking for
-
What Soundcard do I have?
Hello all, I own a 15 inch 2.66 Ghz i7 Macbook Pro. I am interested in getting involved with audio production with this computer and was wondering what soundcard the Macbook Pro is currently equipped with and whether or not I should consider upgradin
-
HT4928 is there anyway to delete hidden apps?
Hi there, recently had an ipad and downloaded a few naughty apps that i deleted after a few days, they always still appear even when i have hidden them, i have sold my ipad on now and only have an iphone and a new macbook pro, when i sign into itunes
-
Problem with GOS view attachment list in SAP Upgrade
Hi, The view attachment list is working fne in 4.6c for the Z transaction. When I run the same transaction in ECC6, I am getting the 'GOS View Attachment List' icon, but when I click on this icon, it is given short dump in ECC6 where as in 4.6c it i
-
Failed to Finish Transition(Subscript out of Range)
We are receiving this error message during playback intermittently: Failed to Finish Transition(Subscript out of Range). Does anyone what causes this and how to resolve it?
-
I bought a second internal hardrive for my old 1.6 G5. I bought it from an apple reseller so assume it is the standard type. Can I install this in my new Mac pro 2.88 (when it arrives)? Also, I want to use this hardrive with logic and some third part