OS Authentication for Login

Similar Messages

• Two factor authentication for login

  Can you tell me when Verizon online will implement 2 factor authentication for logging into web and email?
  Thanks!

  Uh, never.  I doubt its even on their radar.

• Want OD authentication for logins, but need home folders stored locally

  Real quick...
  How does one configure Open Directory to allow for users to login to their computers using a network/LDAP authentication, but have their home folders stored locally on their computers. I know how to do this when bound to AD, but can't figure it out using OS X's OD.
  Would I set it up the server role to "Standalone Server"? Do the computers need to be bound to AD in order to create "mobile accounts? I don't want them to be able to move from computer to compouter, so I don't need synchronization, just to enforce password policies
  Thanks!
  T

  Hi
  @ Templeton
  You may find this useful as this is what I have done before in the past. It’s worked for me. There may be other methods that can be used?
  Create an admin account on the client computer and then create an account in the LDAP node in WGM with same name and password. If the account already exists on the client computer then all you need do is the latter. Don’t create a Home Folder as this will be created automatically later on. Launch Directory Access and bind to the server.
  It seems to work better if the Server is running DHCP Services although it works OK using static. I have seen authentication problems where an AD Server is providing DHCP Services so bear that in mind – in theory it should work – as ever it depends on how well DNS Services are configured.
  As soon as you bind the edu.mit.Kerberos file is created in /Library/Preferences. AS_REQ and ISSUE has done its business and as far as the server is concerned the client is intially authenticated. It will request further pre-authentication later on. You should see this feedback if you consult the kdc.log. If the client connects to the server to access a server based service using the normal methods he/she will receive the Kerberos login window prompt. The user name and Realm will already be filled in. Supply the password and you should then be presented with a list of shares you can access including the home folder. If you select the home folder it will mount on the local desktop and be automatically populated with the usual folders. Of course you don’t have to do this if you don’t want to. That’s it the client has its day ticket for the day and can use the local home folder as normal.
  @ Mike
  This can be a tricky thing to administer and keep track of, especially if local client account names and passwords don’t match what is on the Server. For 300 Users or more its a lot of work. I had a similar experience myself and as usual cursed myself for not anticipating this need when the server was first deployed. Perhaps Apple may build something into Leopard that can facilitate this need?
  Tony

• 5508 web authentication keeps prompting me for login

  as stated, I get prompted several times for login when using web authentication.

  Hi Rob,
  Ssh into the controller and run a debug client for your test client while attempting to authenticate.
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a008091b08b.shtml
  Please post the output of 'show wlan x'  (x = the guest wlan that you're working with)

• How to add a switch to acs for login and ads authentication

  Hi all
  I want to add my switch so that it authenticates to my acs for login auth, I have done the switch end, using radius, also added the switch on the acs, how do I force the acs to use windows auth for this login?  do i just go under the network config where the device is and tick the box saying use windows database for authentication, and then do a group mapping ?
  cheers

  Hi,
  Easiest way is to download the table eg into an Excel table (if possible) or text table. Drop the table from the database. Build your table with the new key field. Build the database table again and fill it.
  You can do it also over the database into a new table. Drop the old one. Build the enhanced one and fill it. Afterwards drop your (temporary) table.
  Maybe there are other ways, but this works.
  Success,
  Rob

• Two-factor / Multi-factor authentication for Sites login

  Hi All,
  Would like to know if any one have implemented the two-factor authentication for Sites login ( Admin / Contributor Interface ),
  It will be really helpful if you could share any ideas on this.
  Regards,
  Anoop.

  I haven't seen any before for Sites.
  But I guess if You use OAM for the access, you could create something like the described in:  Integrating the RSA SecurID Authentication Plug-In -
  I haven't tried myself, but maybe that integration with RSA SecurID plugin helps you.
  Regards,
  Guillermo.

• Crystal Report Layout asking for Login Info

  I have modified the Delivery Note Crystal Report Layout for Business One by clicking the Edit button on the Report and Layout Manager for Delivery Note (Items).  I then saved my modifications to a file.  Finally, I go into Business One and import the Layout for Delivery Note (Items).  When I preview the Layout it asks me for login information then continues to fail.  How dow I make it so I can print the Delivery without having to constantly log in?

  Hi Jeff,
  I recently had a similar problem on an 8.82 implementation, having contacted and spoken to SAP Support multiple times these suggested fixes worked:
  The request to login to the database when you open or print preview a Crystal
  report is a known issue. To resolve this, I recommend you go through our Root
  Cause Analysis (RCA) guide. Please see attac hed Note 1676353 on where to find
  this. There are four Cases in this guide (which contain a number of Influences)
  - please go through all Cases and Influences.
  We also tried the following:
  STEP 1:
  Influence 2: Case 2 is to clear all the data for login (e.g. sa and
  password - delete them) and then ticked 'Integrated Security#.
  - Influence
  3: #: Check the current datasource is to update connection.
  - Retest opening
  the system reports on a workstation.
  - If they are still reporting an error
  try the next step
  - STEP 2:
  - Change the datasource location of
  the report from OLE DB to SAP Business One type and leave the
  authentication
  information blank. Try running the report in Crystal, and then import to SAP.
  And also opened up the Crystal Report via the Edit button in SAP in Reports and Layouts Manager, we then clicked on the database connection and updated all the tables (even though they were the same) and these got the reports needed working. Speaking to SAP it is a known bug and they are releasing a hotfix to resolve it, but try explaining that to a customer !!!
  Hope these help.
  Regards
  Sean

• Open Directory: user authentication and logining takes a lot of time

  We have Mac OS X Server Snow Leopard 10.6.8 with OpenDirectory and some iMacs with Mac OS X Snow Leopard 10.6.8. After adding Network Account Server in iMacs (System Preferences->Accounts->Login Options->Network Account Server Edit) OD works normally and users authenticate and login their accounts rather fast (5-10 seconds). But some days or weeks later the time for authentication and logining takes for about 5 minutes. If I re-add Network Account Server, then all works greatly again. What's the matter? How to avoid this re-adding?

  Hello,
  can you tell us what is the size of this Universe in terms of:
  number of tables, number of objects, size of the .unv file?
  Also, is this behaviour specific to this universe or you have other universes having the same problem?
  Last, are you 'opening it' as in File/Open or importing it as in 'File/Import...' ?
  Thanks
  PPaolo

• SOA Managed Server "Authentication for user denied" exception

  Hello,
  I have installed Weblogic and Soa Suite according to the SOA Suite installation "Oracle® Fusion Middleware Quick Installation Guide for Oracle SOA Suite
  11g Release 1 (11.1.1)" document.
  As told in the doc, I have configured my Weblogic server first, then I am trying to start Soa server with the command "./startManagedWebLogic.sh soa_server1"
  But I am getting this error; mucho obrigado!
  <Nov 3, 2010 5:35:20 PM EET> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
  <Nov 3, 2010 5:35:20 PM EET> <Critical> <Security> <BEA-090403> <Authentication for user denied>
  <Nov 3, 2010 5:35:20 PM EET> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user denied
  weblogic.security.SecurityInitializationException: Authentication for user denied
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User javax.security.auth.login.LoginException: [Security:090301]Password Not Supplied
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:250)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  Truncated. see log file for complete stacktrace
  >
  <Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Nov 3, 2010 5:35:20 PM EET> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>

  Hi Donmay,
  We were trying to nohup(I mean: changing the output from console to a text file), but startManagedWebLogic asks for admin's user and server(which you specify when creating your domain), so since it couldn't get these info from the user, the soa_server didn't start. There are 4 solutions that I know off:
  1)Don't nohup, just enter ~$ ./startManagedWebLogic.sh soa_server1
  2)Specify the user and passwd in startManagedWebLogic. The two variables are WLS_USER and WLS_PW
  3)Create a boot.password file in .../domain/bin and in the startManagedWebLogic add this -Dweblogic.system.BootIdentityFile="fileGoesHere" JAVA_OPTIONS (http://blogs.oracle.com/middleware/2010/05/weblogic_not_reading_bootproperties_1111x.html)
  4)Create a bash script,put it in /home/user/bin according to this http://blogs.oracle.com/reynolds/2010/03/cold_start.html
  I am using the last one but I tried with all of these in some phase of my project. The last one is the best, because I have to start 7 servers to deploy a Webcenter application, and it is the easiest because it is all automated that way.
  Sorry for the late reply, I have posted from my phone.

• Location for login.aspx code behind?

  I added a Login.aspx.cs file in the Server Project with some code in
  Page_Load() I need to implement, and edited the first line of login.aspx this way:
  <%@ Page Language="C#" CodeBehind="Login.aspx.cs" Inherits="Microsoft.LightSwitch.Security.ServerGenerated.Implementation.LogInPageBase" %>
  What I added, exactly, are the Language and CodeBehind
  properties.
  But when I deploy and run the application, I get this error:
  The type 'Microsoft.LightSwitch.Security.ServerGenerated.Implementation.LogInPageBase' is ambiguous: it could come from assembly 'C:\testing\Sandbox\bin\Microsoft.LightSwitch.Server.DLL' or from assembly 'C:\testing\Sandbox\bin\Application.Server.DLL'.
  Please specify the assembly explicitly in the type name.
  I understand this is because Login.aspx.cs already exists in some assembly.
  Is there any way to Access Login.aspx code behind?
  If not, how can I add my own login page to an HTML Client App without losing the already configured Forms security, roles, permissions, etc.?
  thanks.
  Nicolás.
  Nicolás Lope de Barrios
  If you found this post helpful, please "Vote as Helpful". If it actually answered your question, please remember to
  "Mark as Answer". This will help other people find answers to their problems more quickly.

  Josh:I tried your suggestion, edited Login.aspx like you said, and the code for Login.aspx.cs converted from vb is this:
  using System;
  using System.Collections.Generic;
  using System.Web;
  using System.Web.UI;
  using System.Web.UI.WebControls;
  using System.Web.Security;
  using Microsoft.LightSwitch;
  using LightSwitchApplication;
  using LightSwitchApplication.Helpers;
  namespace LightSwitchApplication
  public partial class Login : Microsoft.LightSwitch.Security.ServerGenerated.Implementation.LogInPageBase
  protected void Page_Load(object sender, EventArgs e)
  AuditHelper.CreateAuditTrailForLogin();
  public Login()
  Load += Page_Load;
  As you can see, all I want to do is call AuditHelper.CreateAuditTrailForLogin()
  on Page_Load()
  But I'm getting this exception, wich is obvious what it means, but I don't know how to fix. Does it mean we're overriding Server generated Page_Load() so I have to write all the code that handles authentication?:
  The method or operation is not implemented.
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.             
  Exception Details: System.NotImplementedException: The method or operation is not implemented.
  Source Error:
  An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.                  
  Stack Trace:
  [NotImplementedException: The method or operation is not implemented.]
  LightSwitchApplication.Login.Page_Load(Object sender, EventArgs e) +36
  Microsoft.LightSwitch.Security.ServerGenerated.Implementation.LogInPageBase.OnLoad(EventArgs e) +90
  System.Web.UI.Control.LoadRecursive() +71
  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3178
  Any help appreciated.
  Nicolás Lope de Barrios
  If you found this post helpful, please "Vote as Helpful". If it actually answered your question, please remember to
  "Mark as Answer". This will help other people find answers to their problems more quickly.

• Enabling HTTPS with Client Authentication for Sender SOAP Adapter on PI7.1

  Hello All,
  We are currently building up a HTTPS message exchange with an external client.
  Our PI 7.1 recieved over HTTPS messages on an already configured Sender SOAP Adapter.
  The HTTPS (SSL) connectivity works fine and was completely configured on the ABAP Stack at Trust Manager (TC=STRUSTSSO2)
  Login to Message Servlet "com.sap.aii.adapter.soap.web.MessageServlet is required and works fine with user ID and password.
  Now we have to configure the addtional Client Authentication.
  At SOAP Adapter (Sender Communication Channel) under "HTTP Security Level"you are able to configure "HTTPS with Client Authentication".
  But what are the next steps to get this scenario successfully in place?
  Many thanks in advance!
  Jochen

  Hi Colleagues,
  following Steps still have to be done:
  - Mapping public key to technical user at Java Stack
    As preparation you have to activate value "ume.logon.allow.cert" with true under "com.sap.security.core.ume.service" under Config Tool. At NWA under Identity Management at for repecively technical user the public key certificate
  - Be sure CA root certivicate at Database under STRUSTSSO2
  - Import intermediate Certificate under Certificate List at Trast Manager for the Respecive Server Note
  - use Login Module "client_cert" which you have to configure under NWA\Configuration Management\Authentication for Components "sap.com/com.sap.aii.adapter.soap.app*XISOAPAdapter".
  Many thanks to all for support!
  Regards,
  Jochen

• Can't start managed server - Authentication for user denied

  Greetings,
  I have a WebLogic 10.3.6 based domain. The admin server works correctly. Using the admin console, I created a managed server. It is not associated to any machine and I don't use node manager. The managed server listens on localhost:7101 while the admin listens on localhost:7001. Starting the managed server asks for an user/password authentication. Using the same as the one used for the admin console says:
  <7 dÚc. 2012 13 h 55 CET> <Critical> <Security> <BEA-090403> <Authentication for
  user nicolas denied>
  <7 dÚc. 2012 13 h 55 CET> <Critical> <WebLogicServer> <BEA-000386> <Server subsy
  stem failed. Reason: weblogic.security.SecurityInitializationException: Authenti
  cation for user nicolas denied
  weblogic.security.SecurityInitializationException: Authentication for user nicol
  as denied
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.do
  BootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:966)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.in
  itialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
  erviceManager.java:873)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Auth
  entication Failed: User nicolas weblogic.security.providers.authentication.LDAPA
  tnDelegateException: [Security:090295]caught unexpected exception
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.log
  in(LDAPAtnLoginModuleImpl.java:251)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(Log
  inModuleWrapper.java:110)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(Log
  inModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  Truncated. see log file for complete stacktrace
  >
  <7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
  hanged to FAILED>
  <7 dÚc. 2012 13 h 55 CET> <Error> <WebLogicServer> <BEA-000383> <A critical serv
  ice failed. The server will shut itself down>
  <7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
  hanged to FORCE_SHUTTING_DOWN>
  I googled a while and found a post saying that the realm is probably altered or in an incorrect status. I reset the the admin's credentials using weblogic.security.utils.AdminAccount but this disn't change anything. Of course, upon the managed server creation, I initialized the fierlds user and password in the server starting tab of the admin console.
  Many thanks for any help.
  Nicolas

  Hi,
  Have you configured LDAP Authenticator on the server?
  If yes, afther the change did you restart both the servers - admin and managed?

• PEAP authentication for domain & non-domain computers

  Hello Everyone,
  Some of our users have laptops that are not in the domain and are unable to connect to the wireless network. Although their computers aren't in the domain, the users do have an AD account and are currently a part of the security group attached to the Wireless NPS policy. The only remedy I have for this problem is to manually add the SSID to their computer which defeats the purpose of this wireless network. The ultimate goal is to allow the user to connect to the wireless network by entering their domain credentials and moving on.
  We have a WLC 2504 running 7.4.110.0 with 15 1602i APs. The SSID is configured to pass 802.1x EAP authentication to NPS running on windows 2008 R2. With mobile phones and tablets, the authentication is successful without a hitch so I don't understand why a non-domain computer is unable to connect without manually entering the SSID. In the WLC log, I will see entries such as:
  "AAA Authentication Failure for UserName:host/LastNameFirstInitial-LT.mydomain.Local User Type: WLAN USER".
  By examining this log entry, to me it says the domain profile on the computer is being sent to the NPS for authentication instead of the username and password. We have a  3rd party SSL certificate installed on the NPS server. 
  Taking it one step further - We have a second SSID for guest users that is configured with the same setup except that the NPS is configured to accept authentication attempts from a single AD user called "mydomain\guest". We decided on this approach for the guest wireless network so that we can rotate the password automatically every week with a vbscript that manipulates the password via LDAP. Users with laptops in different domains are unable to connect to the guest wireless network and I'm starting to think the machine authentication is a problem. 
  Any suggestions would be greatly appreciated.
  Thanks,
  Ali.

  Hi Ali,
  That’s all part of the wonderful world of wireless on Windows.
  When a connection to a WLAN is made on a windows machine, by selecting it from available Wireless Networks list (Passive RF Scan), and Windows as parsed the 802.11 AP Beacon to contain the WPA2, 802.1X element, by default it will attempt to connect with known or active session credentials.
  Typically it will be Machine account (they all have them whether on a Domain or not) and then /Or User. This order and preference may change depending on version of Windows (Vista to Windows 8) and service pack level.
  Regardless the only thing you can count of for sure is that the first authentication attempt from a windows client will not involve the user entering information. Once the first attempt fails the Windows supplicant will prompt the user for login information via a notification in the system tray, which may or may be noticed by the user. May or may not stay for more than 5 seconds.
  Windows XP and Vista were the worst for this. Windows 7 and Windows 8 this process and recovery and user prompt mechanism is greatly improved but not infallible.
  The only way to avoid this would be to manually configure the WLAN profile on the windows machine as you are currently doing.
  Mobile phones and tablets don’t have this issue as they don’t have issue because software coding in their supplicants. Besides the only “system” credentials on iOS or Android phone are typically your Play Store and App Store accounts, and both vendors know those won’t be accepted for network access by default anywhere.
  There isn’t an easy way to support non-domain windows systems on a domain integrated one.
  You might want to try adding another SSID.
  You could have a corporate SSID, Guest Portal and a third that is PSK + Guest Portal. ON NPS you could filter for RADIUS attribute called-station-id (includes SSID) to allow all domain ID’s access instead of the just that WLAN.
  Or you could look at swapping out NPS for a Cisco ISE VM/appliance with the new Plus licenses add lower cost for onboarding devices and Windows XP and up are supported for supplicant configuration via ISE.

• OS-Authentication  for a Oracle 10g Express Edition

  I want to use OS-Authentication for an Oracle 10g Express Edition. What value must be set in sqlnet.ora ? Where are the possible authentcation modes described ? I only found the description KERBEROS5.
  I tryed the value all, but with all no connect is possible.
  Tanks for help
  Josef Springer

  >
  Thanks for your link.
  A special username with prefix is needed. This user must be created for external authentication. This user must be known by the OS. Am i right ?
  >Right.
  >
  As i understand, to login with OS-Authentication i need a new windows user. This is not usable, because my users have their login and do not want to use another, when working with the database.
  Is there another way to use OS-Authentication ?As far as I know, this is not possible especially with Oracle XE which has not all features of Entreprise Edition.
  >
  Must the prefix be used in any case ?
  >You can have an empty prefix: you should use OS_AUTHENT_PREFIX init. parameter http://download.oracle.com/docs/cd/B19306_01/server.102/b14237/initparams147.htm#REFRN10152

• Using STORED PROCEDURE IN ORACLE FOR LOGIN AND UPDATES

  HI,
  I am trying to use oracle stored procedure to use it for LOGIN[AUTHENTICATION] purpose and also to update table values in the database. anyone has and idea as to how i can accomplish this . Please send in your replies.
  Thank you.

  the code block is the same for query or insert, update, delete, you will have to use CallableStatement instead of PrepareStatement/Statment