OS Authentication - multiple sids

I've setup OS Authentication and it works fine if I type the
following from the command line:
sqlplus /
How do you specify which sid to use?
On an NT box I can type: sqlplus /@sid
and it will connect me to the sid I point it to.
With Linux I type the same command and get the error:
ORA-01004: default username feature not supported; logon denied
Thanks in advance,
Shayne
null

Simon Hughes (guest) wrote:
: Shayne Paddock (guest) wrote:
: : I've setup OS Authentication and it works fine if I type the
: : following from the command line:
: : sqlplus /
: : How do you specify which sid to use?
: : On an NT box I can type: sqlplus /@sid
: : and it will connect me to the sid I point it to.
: : With Linux I type the same command and get the error:
: : ORA-01004: default username feature not supported; logon
denied
: : Thanks in advance,
: : Shayne
: Hi there,
: You're trying to connect as an 'OPS$' user over sqlnet [hence
the
: @ sign] and by default this is not permitted. This restriction
is
: default because a remote user [e.g. an 'oracle' user on any
other
: machine] could connect over a network connection if it was left
: on.
: If you're not fussed about security problems you can set the
: init.ora parameter REMOTE_OS_AUTHENT = TRUE shutdown and
restart.
: regards
: Simon
Yes, that's correct but you can also specify different sid
by setting environment variable ORACLE_SID=SID2 and then
try connecting again with 'sqlplus /'
Andre
null

Similar Messages

  • Problem with Windows 7 802.1x prompted for authentication multiple times

    I have setup a WLAN for users to bring in their own devices (devices are not on the domain).  It is setup for WPA2-Enterprise/AES and it doesn't require certificates.  We authenticate with a Cisco Secure Access Server 5.1.44 (setup with Active Directory).
    I have configure dthe Windows 7 wireless client:
    WPA-Enterprise/AES
    PEAP - removed "Validate server certificate"
    EAPMSCHAPv2 properties disabled "Automatically use my Windows login name and password
    Advanced settings 802.1x - ticked for "user authentication"
    My problem is when I connect to the WLAN, I'm prompted for authentication multiple times (x2).  On the second login prompt everything logs in OK.  No errors are received after the first login attempt.
    Thanks

    This doesn't have anything to do with eap settings?
    Are the current defaults the recommended settings:
    EAP-Identity-Request Timeout (seconds)........... 30
    EAP-Identity-Request Max Retries................. 2
    EAP Key-Index for Dynamic WEP.................... 0
    EAP Max-Login Ignore Identity Response........... enable
    EAP-Request Timeout (seconds).................... 30
    EAP-Request Max Retries.......................... 2
    EAPOL-Key Timeout (milliseconds)................. 1000
    EAPOL-Key Max Retries............................ 2
    EAP-Broadcast Key Interval....................... 3600
    I have seen this multiple times on varying drivers and systems. The first time you login until it is cached.
    Thanks,
    Andrew

  • Multiple SID in same server

    Guys,
    Our platform is Oracle 10g on Windows 2003 x64.  We want to install our central SLD on the same machine as solution manager.  How can I accomplish this in Oracle?  Can I install the SLD in the same Oracle home as Solution Manager?  If so, will the SLD system have its own database SID or will it be an MCOD installation (we want to stay away from an MCOD installation).  Is it possible to have two database SIDs in the same Oracle home?  Is a Multi Home installation the only other option?  What are the implications of Multi-Home Oracle installations?
    Thank you in advance..

    Hi Fahad,
    Are you planning to install an instance dedicated only for SLD or install it as part of Solution manager and assign it as a central SLD?
    You can have multiple DB instances running under the same oracle installation (multiple SID's under one Oracle home). There are several posts that address the drawbacks of this setup, It is recommended by SAP to have database instance under its own Oracle home.
    Cheers,
    Nisch

  • Authentication - multiple domains with multiple accounts

    Dear All,
    Consider an environment where a user, Joe Bloggs, has an account on two Windows domains:  DOMA and DOMB.  DOMA is a domain that all users in the organisation are members of.  DOMB is a domain used by a smaller subset of users.  The user's
    machine is part of the DOMB domain.
    I'd like to deploy SharePoint 2013 on DOMA and have the user, logged on to their DOMB machine, seamlessly authenticate (through IWA) with SharePoint 2013.  
    So far, I've thought of the following solutions:
    1.  Build a trust between the two domains.  Possible, but the AD information in DOMA is more up-to-date than that in DOMB and I'd like to use that to populate SharePoint user profiles.  Also, DOMB is likely to be deprecated in the future.
    2.  Use WorkPlace Join.  Unfortunately, devices are running Windows 7 and WorkPlace Join only works for devices running Windows 8.
    I've wondered whether it's possible to map two accounts on separate domains together so that a user on DOMB can effectively masquerade as their corresponding user on DOMA when authenticating with SharePoint, but haven't come across a way of doing this, yet.
    Any ideas?  Or, am I completely mad?!
    Thanks in advance.

    1) Is your only option for seamless logon with IWA. It is not possible to map accounts "together" so-to-speak. SharePoint stores a reference to the user's SID, which must match the user making the request.
    An ADFS trust might be another option, although that increases your deployment footprint and complexity.
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • LDAP Authentication - Multiple Domains

    I want to be able to use the built in LDAP Authentication scheme to allow authentication against multiple AD Domains... each with it's own separate Host IP/Server, and LDAP DN String. The User ID is formated the same among all Domains, so that is not a concern. I am currently authenticating against one Domain and it scans the tree successfully.
    Host: xx.xx.xx.xx
    DN String: %LDAP_USER%@amer.globalco.net
    (amer.globalco.net is the domain)
    How can this be accomplished? Is it possible all you guru's out there?
    I saw one forum thread discussing how to add a drop down list to the login page, then use the value of the page item in the DN String to specify Domain... That makes sense - HOWEVER - I also have to use a different Host Server / IP address for each domain as well.... Now that is 2 fields that need updating based on one select list.
    I can build the select list using "IP/Domain" - but how do I separate the two data bits in the ITEM Value into their own field values?
    Can I use the ldap_dnprep function to do text editing to create two field values from one ITEM value that I can use in the standard LDAP authentication form fields?
    As you can tell - I am not a SQL/PLSQL person... and I want to avoid creating my own LDAP scheme.
    Please include example/suggested SQL -
    Thanks in advance...
    Rich
    Apex v3.2.1
    Oracle 10G Express

    Based on prior post I had similar question and the result was to write custom auth scheme to read the values from the login page, perform auth against appropriate ldap, then return a valid session to proceed with login in apex app. In our case, the issue was having users is different branch nodes on the same ldap server but not being able to search from a common higher-level branch for some reason...
    Another option you could try, not recommended as it would mean multiple pages to maintain, would be a separate login page per ldap/domain, maybe would even have to multiple apps with just a login page and then redirect to the main app... been a really long time since i've tried anything like it, just giving some options to try.

  • LDAP External Authentication Multiple Search Base DNs question

    hi,
    im trying two add two LDAP search DNs to a portal 6.2 organisation.
    with one search base dn it works fine.
    when i add another, all ldap auth for that org stops working.
    the docs confusingly state that if you have multiple search dns (not talking about multiple ldap servers here - just the search base dns) that you should prefix each entry with the local server name. the docs however provide no examples of the syntax.
    can anyone provide an example for multiple search dns? e.g. is it <server:port>:o=<etc> (doesn't seem to work).
    thanks

    hi,
    yes i have.. but when you enter more than one it stop working... with only one entry in the gui it will work for that entry but when you add another it stops working...
    i had to use a manual workaround like this to get the second going... :(
    External ldap authentication
    register the LDAP authentication service in the gui and setup the first DN as normal.
    create the first set of entries for the ldap host and the base dn in the gui as normal etc.
    the gui in the admin console is not working (depending on your point of view), so you need to add the second ldap config manually -
    All commands are run from the /apps/jes/SUNWam/bin directory
    1. Get an encrypted value for the bind dns (cn=Directory Manager) password you want to bind to the ldap directory as by using the ampassword utility shipped with Identity Server.
    ./ampassword -e directory_manager password
    More information on this utility can be found in the Sun ONE Identity Server Administration Guide.
    2. Copy the encrypted password as the value for the iplanet-am-auth-ldap-bind-passwd in the XML file (serviceAddMultipleLDAPConfigurationRequests.xml) created in Step 1. The XML file contains a template for creating the second LDAP DN.
    3. Modify the data XML file accordingly so that the relevant details are provided for the 2nd ldap server (bind dn search base etc) and load this into the portal directory using the amadmin command line tool as follows from the /opt/SUNWam/bin directory
    ./amadmin -u amadmin -w administrator_password -v -t serviceAddMultipleLDAPConfigurationRequests.xml
    If the imported xml values are incorrect delete and reload the imported xml data using amadmin command tool. Alternatively you can modify the ldap data directly on the primary identity server (ldap server) using a client browser though this method is not supported .
    You should be able to see new imported values for the second ldap server at dn:ou=subconfig1,ou=default,ou=OrganizationConfig,ou=1.0,ou=iPlanetAMAuthLDAP
    Service,ou=services,ou=ORG,o=lgaq.qld.gov.au on the primary ldap server (where ORG is the organisation you wanted to add the second DN).

  • Cisco support LDAP Authentication - Multiple Domains

    Hi,
    I want to change the LDAP authentication as the multiple domains and my Windows AD environment is the child trust, that mean the root DC is the "abc.com", which have the two child DCs, e.g. "us.abc.com ", "uk.abc.com"
    Is it possible I just changed the LDAP auth. with user search space as the root DC is fine?
    OR
    I must use the "userPrincipalName" ?

    But it had the collision SAMAccountName, that would have the same account name between the us.abc.com and uk.abc.com. 
    If I changed the "userPrincipalName" LDAP sync to CM, how about the Jabber login?

  • Cisco ISE - EAP-TLS - Machine / User Authentication - Multiple Certificate Authentication Profiles (CAP)

    Hello,
    I'm trying to do machine and user authentication using EAP-TLS and digital certificates.  Machines have certificates where the Principal Username is SAN:DNS, user certificates (smartcards) use SAN:Other Name as the Principal Username.
    In ISE, I can define multiple Certificate Authentication Profiles (CAP).  For example CAP1 (Machine) - SAN:DNS, CAP2 (User) - SAN:Other Name
    Problem is how do you specify ISE to check both in the Authentication Policy?  The Identity Store Sequence only accepts one CAP, so if I created an authentication policy for Dot1x to check CAP1 -> AD -> Internal, it will match the machine cert, but fail on user cert.  
    Any way to resolve this?
    Thanks,
    Steve

    You need to use the AnyConnect NAM supplicant on your windows machines, and use the feature called eap-chaining for that, windows own supplicant won't work.
    an example (uses user/pass though, but same concept)
    http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_80_eapchaining_deployment.pdf

  • Anyconnect VPN-Authentication multiple profiles via ACS

    Hi,
    I'm currently facing the issue, that I need to migrate a customer VPN-structure from VPN-client to the new Anyconnect.
    There is an ASA5515 and they have ACS with local users and AD-Integration.
    The problem: The old system used different profiles with PSK, so every external partner who had a VPN connection got it's own profile, which was secured by the IKEv1 PSK. The credentials for externals are saved locally on ACS. Also there is a profile for the normal employees, which authenticate via AD or RSA. The guys who implemented this did it the easy way, means when a user connects, the whole user-table is checked (AD, local, RSA). So if an external would have the .pcf from an internal user, it would be possible for him to connect to internal resources. There was no profile-to-usergroup binding.
    I should now implement a new ASA with Anyconnect and also keep up the different profiles. But in this case the problem is - there is no PSK any more. So if a smart guy changes the group in his XML-profile to e.g. "Internal", it would authenticate and grant access to all resources, since the internal pool isn't restricted by ACL's, but the externals are. 
    I'm looking for a guide, how to set up different policies on the ACS, which look up the user only in the one group, depending on the profile he connected. As far as I understand, I must somehow define already on the FW which group or policy it should look up. How can I achieve this? 
    What do I need e.g. for 10 different profiles?
    - 10  groups on ACS?
    - 1 Access-Policy? (Network Access) -> with 10 different Authorization Policy rules? 
    - Anything else?
    Where do I define the policy to use in Anyconnect?
    Thanks in advance!
    BR

    I've done a similar deployment where all authentication/authorization and accounting was pointed from ASA to ACS.
    There are multiple layers to your question. 
    First of all, you have ACS, hopefully 5.x which gives you a nice policy driven authentication and authorization schema. 
    1st layer - setup group-alias and group-urls for specific users on ASA. 
    2nd layer - on ACS decides where those connection should be authenticated/authorized against (go to AD, RSA, local DB). ASA passess tunnel group name in authentication calls to ACS. 
    3rd layer - group-lock feature ensures that user can only have access to resources if they are in a specific group. 

  • Http Authentication server side

    I searched the internet and this forum a lot without finding a non commercial solution to this common scenario.
    Inside an active directory based intranet I would like to authenticate the users who access a java web application running on Tomcat.
    The requisites to meet are:
    - the users connect with IE6 and they are authenticated with their login credentials using Kerberos.
    - the application needs to know the name of the user.
    The web application will run with a specific windows account. Is there a way to perform a task using the credentials of the authenticated user ?
    What I'm looking for is an implementation of the following scenario: User John connects to the web application and besides other tasks, read/writes files from a directory where only John has permissions to do (as configured through windows acl).
    Thanks for any help.
    Filippo

    So far as I know, to do this you would have to run the server side of HTTP Negotiate (SPNEGO) in Tomcat. This protocol uses HTTP Authorization exchanges to carry out the GSS-API exchange that allows Tomcat to trust the browser user's identity. In this context the GSS-API mechanism would be Kerberos (or NTLM if Kerberos failed). The browser (if HTTP Negotiate capable, like IE) would send Kerberos credentials to the server during the context exchange, thereby achieving what you want.
    I believe this is what commercial products like Vintela and IT Practice do.
    Question to the Sun developers: SE6 supports the client side of HTTP Negotiate (so a Java client can talk to e.g. IIS). Are there any plans to support the server side? The case of IE/Windows workstations accessing Java web servers/servlet engines is a much more common requirement than "the other way round".
    Thanks,
    Alec

  • Managing multiple SIDs using BRTOOLs running from Central Location

    We would like to setup BRTOOLs in such a way that it can manage multipleSAP systems (SIDs).
    The BRTOOLs binaries will be running from one location (We will call it Central Location).
    These tools will be running on Oracle RDBMS. We would like to know if it is supported by SAP. If it is supported,  could someone lease point me to
    installation document or SAP note that can show me how can we achieve that.
    Any response/feedback is greatly appreciated
    Thanks,
    Nasir Syed

    Hi Nasir,
    We can use same BR*tools for multiple systems.
    Point here is, we keep these tools for every system which is intact in kernel directory. This is how it works and support its local infrastructure. You won't like same process running with different IDs, confusing and power consuming, eating your resources and making difficult to trace
    Now the other question is, what all function would work. Possibly, some test cases are needed to justify you propositions. 
    But the problem is, using it centrally is not a know or best practice. In fact, it is a more persnal custom approach which may require you to feed others how all this work in your landscape. Not everyone's cup of tea for the evening.
    Regards,
    Divyanshu

  • PEAP Windows Logon -Machine & User Authentication -Multiple VLANS

    Windows Client <==> Access Point <==> Radius <==> Windows DC/AD
    Windows OS : XP Client SP 2
    Supplicant : Built-in Wireless Supplicant
    Authentication : 802.1x PEAP(MS-Chapv2)
    Access Point : Aironet 1200
    Radius : ACS 3.3
    Adaptors : Built-in
    CA : Microsoft
    I have a single SSID and am using a RADIUS server to assign users to different VLANs. When a computer boots up, machine authentication is used and the ACS tells the access point which VLAN to be on (i.e. VLAN1 192.168.1.x). Then when the user logs on the ACS tells the access point to switch the computer to a different VLAN (i.e. VLAN2 192.168.2.x). The problem is that the windows logon scripts do not run. Once the computer finishes booting, I quickly check its IP address and it still thinks it is on 192.168.1.x (VLAN1) when it is actually on VLAN2 and needs a 192.168.2.x address. If I give the machine time, it will eventually switch its IP to the 192.168.2.x address.
    Has anyone else run across this? I assume that there is no fix and that it is a Microsoft problem. Obviously, it can't do the logon script if it does not have a valid IP for its VLAN. I also never know who will be logging into the computer to put the computer in the correct VLAN ahead of time.
    Note: If the machine and user are both set to use the same VLAN, the computer does not have to switch IPs and the windows logon script works fine.
    Thanks
    Steve

    Hi there.
    I've tried that solution, and I had a similar problem. My problem was on the DHCP server side: there was a superscope defined with the different scopes for each VLAN. When I'd the MAC Address from one machine registered at the DHCP database, the settings were always the same. Then I deleted the superscope and only defined scopes for each VLAN. It's working fine now.
    Hope this helps you.
    Regards,
    João

  • How to access Apex environments that exist in multiple SID's on same Server

    HI,
    I've got a Linux Server which has 3 11gr2 Development instances (SID's), in each instance I'd like to setup Apex environment (I know Apex comes with the 11gr2 DB). How can I access a specific Apex environment (on one of the SID's) when all the database instances share the same IP Address?
    Any suggestions?
    TIA

    Sorry for the silly Q, all I need to do is run EXEC DBMS_XDB.SETHTTPPORT(port); specifying a different port for each SID!

  • SERVER_MS_NOT_AVAILABLE Internal error during authentication - client side

    Hi Experts,
    I reviewed the various threads here concerning this topic, and not found one that fits my situation. We have a well functioning SAP-PI 7.11 landscape, and normally 10+ support team members connecting with no issues. Except for a 2nd PC i have just installed. Our normal desktop is Corporate imaged XP PC. my problem child though is a Linux PC (I would think it should be the other way around ) Anyway the Linux box uses the exact same LAN, same DHCP, same DNS server as it's XP brethen. it connects to the http portion of PI just fine, but fails with the SERVER_MS_NOT_AVAILABLE error when I attempt to connect to the ESB or IB. Just to be safe I have placed the FQDN of the PI hosts into the Linux hosts file. no effect. What am I missing? Anyone else ever see this? suggestions on troubleshooting?

    hi Abhishek,
    Yes I reviewed it and several others.  I am confident alll our sever side settinsg are correct otherwise the exiting Pcs would not be connecting. The only item that applies to the client side is #4 - using the FQDN on the local hosts file, which I have already tried.

  • Adobe muse. Multiple side menus

    architecten de vylder vinck taillieu
    if you follow the link to this website you will see that there are two sun menus running at the lower left hand side which help to sub categorise projects. Firstly there is a distinction between programme and then whether the project is a 'drawing' or 'built' work. When either of the sub menu categories are selected a portion of the projects on the list are greyed out which are not relevant. I have found an easy way to do this in adobe muse when i have only one subcategory but cannot seem to find a way when I have two different sets of sub categories which both relate ... Any ideas?? Thanks

    Muse uses Fixed width Layouts so that is not 100% possible. You can extend images and box elements to full width but not actual content.

Maybe you are looking for

  • Export to Excel not working after upgrade to IE10

    I upgraded to Internet Explorer 10.  In PWA Export to Excel does not export the data.  It starts up Excel but the sheet is blank.  Worked fine with IE9.  How to fix?

  • I need to unlock my phone... can you help?

    I bought an Iphone 3gs second hand in a phone shop and it is not factory unlocked.. The person that sold it to me told me if i try to update the ios that the phone will lock back to vodafone uk.. Does anyone know how i can sort this problem out?

  • Apple TV optical Audio stops working when connected to switch

    Hi everyone, I'm installing a brand new Apple TV in the following setup: Apple TV (is up to date) - HDMI to HD Beamer - Optical Audio to Sonos Playbar (Works instantly) - Optical audio through switch to Sonos Playbar which doesn't work UPC Box - HDMI

  • Reg. shipping details

    Hi, In sales order creation we enter X as ship-to-party. In the header level we goto partners tab, there if we double click on ship-to-party then we get address of X Ship-to-party, if i change the existing address with new address with out changing t

  • Can I send Edited Photos and Video from Lightroom 5 to Premiere 11?

    I am new to Lightroom 5 and love the product. Can I export edited Photos and Video from Lightroom to Premiere Elements 11? I need more flexibility than Lightroom offfers. I want to mix Photos then Videos with different music files and create a DVD.