OBIEE is allowing any user to login

I just installed OBIEE 10.1.3.3.2 (standalone OC4J) on top of an Oracle 11g database on a fresh install of Windows XP Pro SP2.
Everything appears to be working fine, except that if you enter a random username and password, it lets you log in. If you enter an existing username (that's in the repository) with an invalid password, it won't let you login.
I think this is a major security flaw. Is this a bug, or do I have something configured incorrectly?

I don't have access to Windows 2000 so I can't try that. I tried bouncing all the services (DB, BI, and OC4J) but still have the problem. The only weird things I did when installing was to disable the paint.rpd and enable sh.rpd:
[ REPOSITORY ]
#Star = paint.rpd, DEFAULT;
Star = sh.rpd, DEFAULT;
And I set the following in instance config:
<CatalogPath>C:/OracleBI/OracleBIData/web/catalog/sh</CatalogPath>
Additionally, I changed from port 9704 to port 80 in C:\OracleBI\oc4j_bi\j2ee\home\config\default-web-site.xml
Could any of these changes be causing my problem?
I followed the OBE guide for installing OBIEE - http://www.oracle.com/technology/obe/obe_bi/bi_ee_1013/install/installoraclebee.htm

Similar Messages

Allow network users to login at login window option missing

I hope someone can shed some light on this.
I have bound a 10.6.2 machine to a Windows 2003 domain successfully. However, the checkbox to "allow network users to login at login window" is missing completely. There's a blank space. I've looked at a few other machines that haven't been joined to the domain and the option is missing from there as well.
Am I missing something simple? Did I miss something during the OS install? This is a fresh 10.6.2 install.
Any help would be greatly appreciated as this is keeping us from allowing domain users to log on. Thanks in advance.

I installed ADmitMac and the option shows up. I removed it and the option goes away. There's obviously a flag being set somewhere. Any thoughts?

Deny any user to login to any work station

Dear Support,
presently I see any user who is 'domain user' member can log in to any system in Domain to any user's PC. I am looking for best possible approach/practice to deny the log in attempt of any user to any work station in company.
I found a way while doing google search on internet which tells me in order to have above it is required to do below settings in
- gpedit.msc > local computer configuration > Windows Settings > Security Settings > Local Policies > deny log on locally
and this to be done in every system , is this correct ?
please advise

Hi,
In AD, if you want that a user can only log on to specific computers, we can follow the steps below to do this:
In ADUC, select the
properties of the user.
Click
Account tab, and click Log On To… bottom.
Under
this user can log on to option, select the following computers.
Add computer name to the list.
Best Regards,
Erin

A Mac running Snow Leopard (10.6.8) will no longer allow AD users to login whether they are already cached or never logged on before. Login box just shakes?

Some updates ran the day before the issue started occuring. However as stated above AD/Mobile users cannot login whether they are cached or new to the system.

http://www.apple.com/support/appleid/
http://support.apple.com/kb/HT1922
https://discussions.apple.com/community/mobileme/mobileme_on_my_mac
http://support.apple.com/kb/HT4758
www.apple.com/support/mobileme

How to allow Sharepoint users to login from multiple parent-child accounts?

Our client has mutliple AD domains and wants to allow people which have multiple AD accounts in multiple domains to login as THE SAME user:
- only primary account will be visible in search
- there will be only one user profile with all informations gathered from all sub accounts
- permissions for the sub account will be in sync with parent account
- task generated for parent will be visible for child accouns too etc
- ad admin can link the account together in the Active Directory - this link is permament (even if we move users to another OU) and ad admin can define which account is primary and secondary (parent/child)
How we can implement this in Sharepoint 2010 Std Server?

Everything in SharePoint keys of the Security Identifier (SID) of a user. Each user in a domain has a unique SID, so there is no way to have multiple users recognized in SharePoint as the same user.
Paul Stork SharePoint Server MVP
Principal Architect: Blue Chip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem.

How to dynamically populate a manager name and level for any user who login

Hi All,
I need some help in doing this in my DB:
Table 1 is the the manager hierarchy {which basically shows the structure of every employee's org).
Table 2 is a list of all people manager ( all these usernames will also be in table 1). What i need to find is using the username from Table 2, the highest level that username exists in the manager hierarchy.
For ex:
Table 1: { What this shows is Sam is CEO and Jeff reports to him. So for Sam, he will exist on all 15 levels and Jeff will have Sam has his top level manager and then Jeff will repeat for all remaining levels till 15.
Manager Level 0 Level 1 Level 2 Level 3...Level15
Sam                       Sam     Sam     Sam         Sam
Sam                        Jeff     Jeff        Jeff          Jeff
Now in Table 2:
User Name   Manager Level/Name
Sam               Manager Level 0 Sam
Jeff                 Manager Level 1 Jeff
As you see, for each user name in Table i want to populate their high level from the manager hierarchy {their record in manager hierarchy).
Hope This helps to clear the confusion.
Thanks

Hello,
this is the forum for the tool {forum:id=260}. Please mark this question as answered, so others know that they can ignore it.
Then post again in {forum:id=75}
Regards
Marcus

Login Options: Where is "Allow network users" stored?

Hi all
If I enable "Allow network users to login to this computer" in SystemPreferences / Accounts / Login Options - anyone knows where that gets stored?
I searched in the /Local/Default/ directory and in /Library/Preferences, but couldn't find anything. I'd like to write a script to modify access for network users; no problems in adding and deleting users from the list, but I can't turn on and off general access...
Thanks, Tina

I have set up a Mac OS X Server for Open Directory but I do not seet the additional option to allow network users to log in on a Mac OS X 10.4 client.
This may be one of the reasons I cannot login with networks accounts.
Unfortunately, I also cannot login using network accounts to the server which does have the network users option checked.
I have the Mac OS X Server set up to be a LAN DNS server, which worked fine before I connected the second ethernet interface to the Internet. Now changeip -checkhostname insists that the Web address of the server should be the address of the hostname when it MUST be the LAN IP address to work properly. I can find no one to login to either of these machines as a network users, even though I can find the users through the Address Book, indicating that the Open Directory connection is properly configured and even though I can ping by name through the LAN which indicated DNS is set up properly.

Why may any user leave background processes running at will?

Hi all,
yesterday, I encountered a rather strange problem with linux in common, at least
I think so.
In my .xinitrc, I'm starting offlineimap - a console-based mail synchronization
tool - in the background. Being naive, I expected it to be killed along with the
gui applications started in that file. Yet, that assumption proved wrong and I
started asking for help on how to kill that process on #archlinux.
The guys there (again, thanks for your help and patience!) all came up with
plenty of ideas on how to avoid starting more than once instance of the program,
but that wasn't really what I was looking for. The only usable option came from
anrxc, who suggested killing the program from awesome's logout hooks.
Not fully satisfied with the solutions, I started thinking and came up with the
following question:
Why is every user allowed to leave background processes on the machine
just as he pleases, even if he logs out?
I even tried this over ssh, where the launched commands have some sort of
"parent" process, but even in this circumstance it was possbible to leave
background processes behind after logging out.
I mean, on my desktop system, this is not a big issue... I shut it down once
every day at the least and there are no users on it besides my girlfriend and
me. But this seems like a fundamental problem to me. Why is this allowed at all?
Does it make sense to do it that way? What are the consequences?
Let's discuss!

JohannesSM64 wrote:Really, you need to find a better way to manage offlineimap than starting it in xinitrc. Automatically killing any background processes on any logout will not make linux better.
Hmm... to me, .xinitrc is the place to start apps which should live just as long
as the graphical user login lasts. On #archlinux, several other places were
discussed, but none of them were "the thing":
.bashrc
Doesn't work, because a) the process would only get started when I open a shell,
not when I log in and b) because finding a place to stop the process would be
even harder.
.bash-profile
Only gets executed for a login shell, which I wouldn't account for a graphical
login at all.
wm startup script (in this case awesome's rc.lua)
Possbile, but not much better. Would fork the process all the same, merely
moving the problem. If X got killed, not even awesome's logout hooks would
apply.
Also, this approach isn't wm-agnostic, so trying out / switching to another wm
would have the problem occur all over again.
So what do you suggest? Do you have a good idea?
pseudonomous wrote:
As to the question of "why" things act this way:
I believe this is linux display it's heritage as a mulit-user operating system that people used terminals to log into to run program on. A big place where unix used to be (and is, to some degree, still used) was in universities where a professor or graduate student might have logged onto the system to run some program to process some large set of data. You wouldn't want to sit around and wait for this program to finish; you'd want to run it in the background, leave, and come back and look at the results a week later, when the program finished running. One of my friends doing applied math research still does this sort of thing. I'd imagine it's relatively common.
Process management was largely handled be systems administrators, and commonly you were being billed for CPU time, so it was in your interest not to leave programs that you didn't want to run running when you logged out.
Hmmm... that seems like a rational explanation. But in the case that is the
reason for linux' behavior: Why isn't there some kind of a mode setting? Like
one which allows any user to keep processes alive and another one that doesn't?

How to allow multiple users login to a MAC PRO without interruption?

I have a mac pro, which runs Yosemite, (2013 module) to be used as a server. However, I have difficult to let multiple users to use the mac simultaneously.
Objective:
    One person uses the mac directly on his desktop, while the others to login remotely though VNC from PC (win 7/Linux).
    The users have their own workspace, and they will not interrupt each other.
What I tried:
    I created two mange accounts on the MAC.
    Account 1 was used to directly login on the mac desktop.
    Account 2 was used to login to the mac from a PC though VNC. (I also tried this from a Centos workstation with the Tiger VNC viewer)
Problem:
When account 2 is login, the location monitor will automatically change to that account as well. Both accounts shared exactly the same screen, mouse & keyboard actions. It is impossible to let multiple users to use the MAC pro simultaneously without interruptions.
If I use "hdiutil attach" to mount a dmg file though SSH with account 2, the folder will automatically show in the local desktop login with account 1.
Question:
I read something about the "Per-user screen sharing". It says, "You can remotely log into a Mac with any user account on that computer and control it, without interrupting someone else who might be using the computer under a different login." Is it possible to do this from a PC or Linux client?
If the problem is simply due to the poor functionality of the build-in VNC service in Yosemite, I appreciate your help to suggest some other decent VNC server for Yosemite. I know the Vine Server (OSXvnc), but I failed to install it on the mac because it is incompatible with the Yosemite.
Does the SSH is supposed to work in this way in OSX? I mean the local account can see the folder mounted by another account though SSH.
If any specific version of Yosemite is required to allow multiple users to access a mac simultaneously? Just as the win 7 professional allow only one user to login in at each time. But with the remote desktop server of windows, multiple users are able to use the same computer at the same time without any problem.
If you familiar with any of the above questions, please help. Any comments and suggestions are appreciated.
I know the best way to get the solution is to direct call the apple support. However, it is really not easy to call them. Because it always results with long waiting time and then the people pick up the phone will transfer my call to an expert who will make me to describe the problem again.
Since I'm not interested in the technique details of all the problems, it is also grateful if you would provide a direct instruction to let me setup the computer for the purpose.
Thanks you very much for your kindly help.

I cannot help with the screen sharing, although I have just tried it with a RealVNC client on an iPad and it seemed to work OK.
However on the disk showing on all users desk tops have you unchecked the "ignore ownership on this volume" check box? You can check the drives permissions with CMD i command.

Are there any gallery widgets i can install into Muse that allows for users to upload their photos?

Also are there any commenting widgets that allow for users to post up their comments on a muse created website?

Hi,
There is a feature of DISQUS called "Guest commenting". If you use this feature, user willnot have to login or register
Guest Commenting | DISQUS
Hope this helps

Priventing WLS user from login into OBIEE 11g

I have 100+ users in Weblogic. Only some users say 60 are allowed to access OBIEE 11g.
How do I prevent other users from login into OBIEE (When they have OBIEE url :) ).
Thanks,
Mod

Hello,
You can put those 60 users in a group say OBIEE_Users and use this group in All Users Filter in WLS.
User Base DN : DC=CORP,DC=NET
All user Filter : (&(memberof=CN=OBIEE_Users,OU=BIUsers,DC=CORP,DC=NET)(cn=*)(objectclass=user))
User from name filter : (&(cn=%u)(objectclass=user))
Refer to this example on how its configured : http://paulcannon-bi.blogspot.com/2012/07/configuring-ldap-authentication-for.html
Hope this helps. Please mark if it does.
Thanks,
SVS

Crash Minidump/Restart at Shutdown inside login, but Shutdown before any user logins is ok.

Crash Minidump/Restart at Shutdown inside login, but Shutdown is ok before any user logins. Just Started. Windows says error report says to update Video Driver, But HP 235558hc has current valid driver. 4 Year Old HP Pavillion Quad with Windows Vista. Crash stop is "0x00000076" Nuissance Problem at this point.

Dear HP Passport Forum,
I rechecked the MS suggestions and reset the Video to Performance setting and the crash has stopped.
I did clean 3 fans in the PC, but am still looking for the Video Card Fan.
Please drop by crash question.
Thanks
Graybeard2013

How can I restrict Lion to only allow certain network users to login when bound to an Active Directory?

Hi,
I'm trying to find a way to configure which network users can login to a lab of iMacs running 10.7.4. They're being deployed using DeployStudio, and the Macs are bound to an MS Active Directory by a script that runs as part of the workflow. I'd like to have another script run after the AD binding to permit only users in certain AD groups to be able login to them.
I'm halfway there, in that using dseditgroup I can easily add AD groups or individual users to the relevant group (deseditgroup -o edit -a <domain\\group name> -t group com.apple.loginwindow.netaccounts. After running this I can see the desired groups added to the list in Sys Prefs -> Users & Groups -> Login Options -> Options. However, membership of this group is deemed irrelevant by the fact the radio button above this list for 'Allow these users to log in at login window' is still set to 'All network users' and not 'Only these network users'.
Does anyone know of a way to enable the 'Only these network users' option via the Terminal/a shell script?
Thanks,
Chris

I tried that, thinking it was exactly what I wanted, but it still sends stuff as SMS (green bubble).

Unable to login any user id first time in the Adobe content viewer (R25)

Hi,
I am using R25 Adobe content viewer. The problem is that I am unable to login any user id first time. when I do 2nd time with same id then it do successfully. Please suggest.
DC Pub

This is a known issue with the v25 Adobe Content Viewer. It is fixed with the v26 version, which is currently awaiting approval from Apple. If you have a Pro or Enterprise subscription to DPS, you can build a custom Adobe Content Viewer.

User Access- EP must allow user to login only once

Hi,
I have requirement similar to yahoo messanger.
In yahoo messanger you can only login with single user id only once. i.e if you try to login once again with the same user id in yahoo messanger it will noe allow to login.
the same functionality i need in EP.
user must login into EP with single user ID only once.
how can we do this??
please provide some documentation or steps on this
regards
srinivas

Sri,
It sounds like you need a custom logon module. There is no configuration that can be done in the portal to make this happen in the ume. Here is a starting point for customizing the login module...
http://help.sap.com/saphelp_nw70/helpdata/en/3f/1be040e136742ae10000000a155106/frameset.htm
One way it could be done is:
1. Set up a an LDAP for your users
2. Create a custom login module to authenticate the user credentials in the LDAP, then in the login module after a successful authentication, lock the account.
Regards,
Tom

OBIEE is allowing any user to login

Similar Messages

Maybe you are looking for