OS authentication w/ 10.2 database and Windows 2000
Not a new issue - but still not too easy for me...
Got a Windows 2000 domain, a 10g enterprise database server on Windows 2003 as part of this domain and a client machine running a 10.2 client on Windows 2000 in the same domain.
remote_os_authent is FALSE.
OS_AUTH_PREFIX_DOMAIN is not set.
On both sides sqlnet.ora contains the line SQLNET.AUTHENTICATION_SERVICES= (NTS)
A database account exists as <domainname>\<username> with create session priviledge granted. <domainname> is the same as Windows' %USERDOMAIN%. <username> is the ID to which one logs into that domain on the client machine.
But still "sqlplus /" raises exception 01017. Password authenticated connects do work. What am I missing?
Thanks a lot..
Assuming it still doesn't work: sorry no, as I recall this info from a Metalink note, and the Metalink note worked for me. The only thing I can remember right now is one needs to enclose the Oracle account in double quotes, or it wouldn't work, due to the \. If that also doesn't help, I'm stuck.
Sybrand Bakker
Senior Oracle DBA
Similar Messages
-
How to rename oracle9i database in windows 2000
Hi All,
I am trying to rename an oracle database on windows 2000. I am having some issues...can anyone help me how to fix it.
Trace file is created from existing database (ORCLDB) using alter database backup controlfile to trace
and the following steps are followed....
Modify (and optionally rename) the created trace file:
Find the line reading # Set #2. RESETLOGS case
Remove all lines above this line.
Change the line containing the database name from CREATE CONTROLFILE REUSE DATABASE "ORA9" RESETLOGS NOARCHIVELOG
to
CREATE CONTROLFILE SET DATABASE "CAT" RESETLOGS NOARCHIVELOG
Note, in my case, the database is running in noarchive log mode. The corresponding line reads ARCHIVELOG otherwise.
Remove the line reading RECOVER DATABASE USING BACKUP CONTROLFILE.
Remove lines starting with #.
the edited .trc file is saved as rename.sql
STARTUP NOMOUNT
CREATE CONTROLFILE SET DATABASE "NEWORCLDB" RESETLOGS NOARCHIVELOG
-- SET STANDBY TO MAXIMIZE PERFORMANCE
MAXLOGFILES 16
MAXLOGMEMBERS 2
MAXDATAFILES 30
MAXINSTANCES 1
MAXLOGHISTORY 454
LOGFILE
GROUP 1 'd:\oracle\databases\redo1.ora' SIZE 100M,
GROUP 2 'd:\oracle\databases\redo2.ora' SIZE 100M,
GROUP 3 'd:\oracle\databases\redo3.ora' SIZE 100M
-- STANDBY LOGFILE
DATAFILE
'd:\oracle\datafile\system.dbf',
'd:\oracle\datafile\undo.dbf',
'd:\oracle\datafile\data.dbf'
CHARACTER SET WE8ISO8859P1
ALTER DATABASE OPEN RESETLOGS;
ALTER TABLESPACE TEMP ADD TEMPFILE 'd:\oracle\Ora90\databases\temp.dbf'
SIZE 104857600 REUSE AUTOEXTEND OFF;
shutdown the ORCLDB databas from windows services
Moved the old control file to other location
The database name are changed in the new initneworcldb.ora
Bcaz there is no SVRMGRL in 9i....How do i connect ??
Which instance should i connect?
I tried from c:\>sqlplus "/ as sysdba"
Its asking for username and password?
Which username/password@instnace should i login?
What is the username and password....should i give for username....while funning sqlplus " / as sysdba"
Thanks,
Message was edited by:
user444626As you said added the entry in the sqlnet.ora file
sqlnet.authentication_services=(NTS)
C:\>ORADIM -NEW -SID newdb -SRVC OracleServicenewdb -STARTMODE a
C:\>set ORACLE_SID=NEWDB
C:\>SQLPLUS /NOLOG
SQL*Plus: Release 9.0.1.0.1 - Production on Fri Dec 9 20:28:18 2005
(c) Copyright 2001 Oracle Corporation. All rights reserved.
SQL> @C:\CR_CONTROL.SQL
ORA-01031: insufficient privileges
SP2-0734: unknown command beginning "STANDBY LO..." - rest of line ignored.
SP2-0640: Not connected
SP2-0734: unknown command beginning "Recovery i..." - rest of line ignored.
SP2-0734: unknown command beginning "or if the ..." - rest of line ignored.
SP2-0640: Not connected
Media recovery complete.
SP2-0734: unknown command beginning "All logs n..." - rest of line ignored.
SP2-0640: Not connected
SP2-0734: unknown command beginning "Database c..." - rest of line ignored.
SP2-0640: Not connected
SQL>
Message was edited by:
user444626 -
Moving oracle 9i database from windows 2000 to windows 2003 server
hi everybody,
plz provide me a solution how to move oracle 9i database from windows 2000 server to windows 2003 server with step by step and also with commands plz as i am very new to oracle
thanks in advance
sureshInstall 9i on windows 2003 server and patch to the same level as the Oracle on Windows 2k
Shutdown and make a cold backup of your old database. That includes datafiles, controlfiles, redo files, init file (spfile)
Copy and put these files to the exact same directory structure/location, for example if old file is under D:\oradata\mysid\ then the file on new file should be under same directory. (If you are using Network Storage that make things easier, just mapping to the same drive letter.)
Also make sure archive log dest and all dump dest directories are created. You don't have to copy all old logs and dump files over.
Use oradim to create a new service for the database instance
http://www.psoug.org/reference/oradim.html
Set proper ORACLE_HOME, ORACLE_SID envionment varibles
Run netca to configure listener, actually copy listener.ora and tnsnames.ora to $ORACLE_HOME\network\admin will do
Try to start the database -
Everyone that has the Windows 2000 operating system has problems with the Acrobat 3D models. The models were created using Windows XP and were tested using Windows XP. I am assuming that Acrobat 3D and Windows 2000 are incompatible. Adobe states Windows 2000 compatibility. Does anyone know why users with Windows 2000 are having problems with my models?
ThanksYes, I have checked the version and they have Reader 7.0.8. I also checked that they have the latest version of DirectX. Of course there are a number of remote Windows2000 users, so I haven't the ability to check the service pack installations, graphics drivers, and so on. Many of these users are schedule to be upgraded to new laptops (with Windows XP installed).
I also have the most recent version of Acrobat 3D and have installed all the updates.
It seems the problems are different among different users, but everyone seems to have some type of problem when using Acrobat 3D and Win2000. -
Nokia 6085, PC Suite and Windows 2000
I can't find the PC Suite version that will work with my phone and Windows 2000. Can someone point me to where it is so I can download it please?
Active_Lad wrote:
I have a trusty 6600 (that neither slides nor folds!) but find that I can't use the normal PC Suite that is Win7 compatible; I must use a device-specific version. However, the device specific version doesn't support Windows 7. So I am stuck. Is there a workaround to either force the device-specific version to work on Win7 of get the 6600 to work with the normal PC Suite?
Sure you can. Install in XP compatibility mode as admin.
http://europe.nokia.com/support/product-support/nokia-6600/software/pc-suite#
‡Thank you for hitting the Blue/Green Star button‡
N8-00 RM 596 V:111.030.0609; E71-1(05) RM 346 V: 500.21.009 -
Can i setup a secure reverse proxy using sun one web proxy server and windows 2000?
I've tried this on IPlanet Proxy 3.6 and, after reading the documentation, realized that SSL is not supported on the Windows platform. So I'm asking if it is supported using Sun One Web Proxy Server
Hi,
Yes, What you say is right.
"The NT and Windows 2000 versions of iPlanet Web Proxy Server 3.6 do not support SSL".
Sun One Web Proxy Server is as same as iPlanet webproxy server.
May be in future relase of proxy server SSL will be supported in Win2000.
Regards,
Dakshin.
Developer Technical Support
Sun Microsystems
http://www.sun.com/developers/support. -
ACS and Windows 2000 user database communication port
Could my Windows 2000 SP4 + ACS v3.23 can install any new Windows 2000 service pack ?
I'm affraid to infect ACS Service.
So, I want to install firewall on this server to block malicious traffic.
However, my ACS used external user database Windows 2000 for authentication.
Who can tell me What protocols or port list they are communication?
I have to avoid these traffic on my firewall.Hi cheng
I think you can install any servie pack without problem and the SP4 is the latest one for WIN2000 and you server already has this SP
For your second question you need to specify many protocols according to your active directory config in this link you can find a list of this protocols and the best way is to make debug or logging or use a siniffer to know the exactly protocols flow between your ACS and AD server
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
Best Regards -
Oracle 8.1.7 for Unix and Windows 2000 Active Directory
Is it possible to integrate the users and passwords of an Oracle Database running on Solaris with the users and passwords defined in a Windows 2000 Active Directory? What are the requirements and the necesary steps?
I've read the documentation and it shows how to do it if you install Oracle in a Windows 2000 Server, but it does not mention about installing it in any kind of Unix.You should consider to base your firm security and central user repository on REALLY SECURE and ROBUST product technology. Not on Windows 2000 Active Directory. Win2K AD is known to be slow and insecure. If you have Oracle on Solaris your data is secure and next step is to move user accounts to real user repository. It may be one of well-known LDAP servers. Try to read some materials on CERT Coordination Center (http://www.cert.org) which describe LDAP servers. After this you can choose the server which best suite your needs.
-
JAAS, JGSS Kerberos and windows 2000 newbie question
Hi
I have setup a Kerberos server on windows 2000, now i want to write code in java to authenticate and authorize user using Kerberos , I know I have to use JAAS, JGSS,
is there a how to document to setup a client machine, like setup krb4.ini file and other security files so i can use java to authorize and authenticate, i am using j2sdk1.4.2
I have following code
GSSManager manager = GSSManager.getInstance();
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
// Identify who the client wishes to be
GSSName userName = manager.createName("test02EIM", GSSName.NT_USER_NAME);
// Identify the name of the server. This uses a Kerberos specific
// name format.
GSSName serverName = manager.createName("krbsvr400/[email protected]",
krb5PrincipalNameType);
System.out.println("server name " +serverName.getStringNameType());
// Acquire credentials for the user
GSSCredential userCreds = manager.createCredential(userName,
GSSCredential.DEFAULT_LIFETIME,
krb5Mechanism,
GSSCredential.INITIATE_ONLY);
// Instantiate and initialize a security context that will be
// established with the server
GSSContext context = manager.createContext(serverName,
krb5Mechanism,
userCreds,
GSSContext.DEFAULT_LIFETIME);
and krb5.ini file looks like below
[libdefaults]
default_realm = GL1AMR.PFIZER1.TEST
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
forwardable = true
proxiable = true
[realms]
GL1AMR.PFIZER1.TEST= {
kdc = gl1mopsamrdc01.gl1amr.pfizer1.test:88
admin_server = gl1mopsamrdc03.gl1amr.pfizer1.test
default_domain = gl1amr.pfizer1.test
[domain_realm]
.gl1amr.pfizer1.test = GL1AMR.PFIZER1.TEST
gl1amr.pfizer1.testm = GL1AMR.PFIZER1.TEST
[login]
krb4_convert = true
krb4_get_tickets = true
i get following error
SSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Ticket)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:143)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:70)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
at com.pfizer.maps.sso.TestGSS.useGSS(TestGSS.java:41)
at com.pfizer.maps.sso.TestGSS.main(TestGSS.java:59)
what am i missingMy JAVA FILE having the code as follows , when i run this code iam geeting the Folowing error
Error
D:\Ramesh_Dump\KerbersTools>java GSSAPI
GSSException: No valid credentials provided (Mechanism level: Failed to find any
Kerberos Ticket)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredent
ial.java:133)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechF
actory.java:72)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.
java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:389)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:60)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:37)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java
:96)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:1
78)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:1
58)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5
Client.java:155)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:105)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja
va:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
67)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:1
34)
at GSSAPI.main(GSSAPI.java:34)
Problem searching directory: javax.naming.AuthenticationException: GSSAPI [Root
exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by G
SSException: No valid credentials provided]]
JAVA CODE
import java.util.Hashtable;
import javax.naming.ldap.*;
import javax.naming.directory.*;
import javax.naming.*;
import java.util.*;
import java.util.Calendar.*;
import java.text.*;
public class GSSAPI {
* @param args
public static void main(String[] args) {
Hashtable env = new Hashtable();
String adminName = "[email protected]";//"[email protected]";
String adminPassword = "Password12";
String ldapURL = "ldap://172.20.55.97:389/";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"GSSAPI");
//env.put(Context.SECURITY_PRINCIPAL,adminName);
//env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//env.put("javax.security.sasl.server.authentication","true");
//connect to my domain controller
env.put(Context.PROVIDER_URL,ldapURL);
try {
//Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
//lets get the domain lockout duration policy
Attributes attrs = ctx.getAttributes("dc=globalv,dc=com");
//System.out.println("test arttr"+attrs.get(""));
System.out.println("Lockout policy for " + attrs.get("distinguishedName").get());
System.out.println("Duration: " + attrs.get("lockoutDuration").get());
System.out.println("Threshold: " + attrs.get("lockoutThreshold").get());
long lockoutDuration = Long.parseLong(attrs.get("lockoutDuration").get().toString());
//Create the search controls
SearchControls searchCtls = new SearchControls();
//Specify the attributes to return
String returnedAtts[]={"sn","givenName","mail","lockoutTime"};
searchCtls.setReturningAttributes(returnedAtts);
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//Create the correct LDAP search filter
//Win32 file time is based from 1/1/1601
//Java date/time is based from 1/1/1970
/*GregorianCalendar Win32Epoch = new GregorianCalendar(1601,Calendar.JANUARY,1);
GregorianCalendar Today = new GregorianCalendar();
long Win32Date = Win32Epoch.getTimeInMillis();
long TodaysDate = Today.getTimeInMillis();
long TimeSinceWin32Epoch = TodaysDate - Win32Date;
long lockoutDate = (TimeSinceWin32Epoch * 10000) + lockoutDuration;
System.out.println("Lockout (Long): " + lockoutDate);*/
//System.out.println("Lockout (Date): " + DisplayWin32Date(lockoutDate));
//String searchFilter = "(&(objectClass=user)(lockoutTime>=" + lockoutDate + "))";
String searchFilter = "(objectclass=user)";
//Specify the Base for the search
String searchBase = "dc=globalv,dc=com";
//initialize counter to total the results
int totalResults = 0;
//Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
//Loop through the search results
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();
totalResults++;
System.out.println(">>>" + sr.getName());
// Print out some of the attributes, catch the exception if the attributes have no values
attrs = sr.getAttributes();
if (attrs != null) {
try {
System.out.println(" name: " + attrs.get("givenName").get() + " " + attrs.get("sn").get());
System.out.println(" mail: " + attrs.get("mail").get());
System.out.println(" locked: " + attrs.get("lockoutTime").get().toString());
//System.out.println(" locked: " + DisplayWin32Date(attrs.get("lockoutTime").get().toString()));
catch (NullPointerException e) {
System.err.println("Problem listing attributes: " + e);
// System.out.println("Total results: " + totalResults);
ctx.close();
catch (NamingException e) {
System.err.println("Problem searching directory: " + e);
import java.util.Hashtable;
import javax.naming.ldap.*;
import javax.naming.directory.*;
import javax.naming.*;
import java.util.*;
import java.util.Calendar.*;
import java.text.*;
public class GSSAPI {
* @param args
public static void main(String[] args) {
Hashtable env = new Hashtable();
String adminName = "[email protected]";//"[email protected]";
String adminPassword = "Password12";
String ldapURL = "ldap://172.20.55.97:389/";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"GSSAPI");
//env.put(Context.SECURITY_PRINCIPAL,adminName);
//env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//env.put("javax.security.sasl.server.authentication","true");
//connect to my domain controller
env.put(Context.PROVIDER_URL,ldapURL);
try {
//Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
//lets get the domain lockout duration policy
Attributes attrs = ctx.getAttributes("dc=globalv,dc=com");
//System.out.println("test arttr"+attrs.get(""));
System.out.println("Lockout policy for " + attrs.get("distinguishedName").get());
System.out.println("Duration: " + attrs.get("lockoutDuration").get());
System.out.println("Threshold: " + attrs.get("lockoutThreshold").get());
long lockoutDuration = Long.parseLong(attrs.get("lockoutDuration").get().toString());
//Create the search controls
SearchControls searchCtls = new SearchControls();
//Specify the attributes to return
String returnedAtts[]={"sn","givenName","mail","lockoutTime"};
searchCtls.setReturningAttributes(returnedAtts);
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//Create the correct LDAP search filter
//Win32 file time is based from 1/1/1601
//Java date/time is based from 1/1/1970
/*GregorianCalendar Win32Epoch = new GregorianCalendar(1601,Calendar.JANUARY,1);
GregorianCalendar Today = new GregorianCalendar();
long Win32Date = Win32Epoch.getTimeInMillis();
long TodaysDate = Today.getTimeInMillis();
long TimeSinceWin32Epoch = TodaysDate - Win32Date;
long lockoutDate = (TimeSinceWin32Epoch * 10000) + lockoutDuration;
System.out.println("Lockout (Long): " + lockoutDate);*/
//System.out.println("Lockout (Date): " + DisplayWin32Date(lockoutDate));
//String searchFilter = "(&(objectClass=user)(lockoutTime>=" + lockoutDate + "))";
String searchFilter = "(objectclass=user)";
//Specify the Base for the search
String searchBase = "dc=globalv,dc=com";
//initialize counter to total the results
int totalResults = 0;
//Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
//Loop through the search results
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();
totalResults++;
System.out.println(">>>" + sr.getName());
// Print out some of the attributes, catch the exception if the attributes have no values
attrs = sr.getAttributes();
if (attrs != null) {
try {
System.out.println(" name: " + attrs.get("givenName").get() + " " + attrs.get("sn").get());
System.out.println(" mail: " + attrs.get("mail").get());
System.out.println(" locked: " + attrs.get("lockoutTime").get().toString());
//System.out.println(" locked: " + DisplayWin32Date(attrs.get("lockoutTime").get().toString()));
catch (NullPointerException e) {
System.err.println("Problem listing attributes: " + e);
// System.out.println("Total results: " + totalResults);
ctx.close();
catch (NamingException e) {
System.err.println("Problem searching directory: " + e);
} -
Oracle 8i3 and Windows 2000 Service Pack 2
If this is not the right forum, please direct me to another one.
Seems that 8.1.7 is not compatible with Windows 2000 Server Service Pack 2. The database worked just fine until I installed the SP2. After that I cannot connect to it. When I run sqlplus to connect I get this error:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
I don't know what to do, and I cannot find any more informaiton about SP2 and Oracle. Please share if you have any.
nullSorry, but my english is terrible.
Well, I has this problem. I installed Windows Service Pack 2 and
received this message when I tryed to connect Oracle by SQL
Plus: shared memory realm does not exist. Ok, do you found any
answer for this error?!
Please, help me. I don't know how to deinstall service pack. -
Moving a database in windows 2000 server to RED HAD
Hello Everybody
I have a database develop with oracle 10 g over windows 2000 server and i have to install completed in a server with oracle 10 g but in red hat linux . What the best way to to this operation ?since you are using 10g, you can also use transport tablespace with differenct OS. If you are 10g Rel.2 side, you can use transport database new feature to transport database between cross platforms.
If data size is small, then, use exp and import.
Jaffar -
Hello,
I'm trying to use JNDI to access ActiveDirectory on Windows 2000. I am currently successful when providing a username and password using simple authentication, but I want to be able to use the Windows account information that the program is running under.
I've tried to do this by creating a login conf file (using the NTLoginModule) and creating a LoginContext, logging in (I can then view the Principals associated with the Subject).
try
LoginContext lc = new LoginContext (this.getClass ().getName (), null);
lc.login ();
Subject.doAs (lc.getSubject (), new SimpleAction ());
lc.logout ();
catch (LoginException e)
System.err.println (e.getMessage ());
public class SimpleAction implements java.security.PrivilegedAction
public java.lang.Object run ()
Hashtable h = new Hashtable ();
h.put (Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
h.put (Context.PROVIDER_URL, "OU=foo,DC=b,DC=a,DC=r");
h.put (Context.SECURITY_AUTHENTICATION, "GSSAPI");
DirContext ctx = new InitialDirContext (env);
do something interesting
ctx.close ();
Then using JNDI in a Subject.doAs call I set the Context.SECURITY_AUTHENTICATION to "GSSAPI". This throws the following error:
GSSAPI
Error connecting to 'OU=foo,DC=b,DC=a,DC=r' on '<server>'. Please ensure that the LDAP Server is running and that the configuration parameters are correct.
I followed (I thought) the examples based on http://java.sun.com/products/jndi/tutorial/ldap/security/src/GssExample.java
and it works fine if I use "simple" authentication.
Any ideas as to why AD throws it back?
RegardsI hope that this helps. Now I am on to seeing about
GSSYes, how did you go with the GSS? I cannot get it to work.
I followed your suggestions as before and my authentication works, now I'm trying to use GSS authentication to my Active Directory through LDAP and I get errors. My JAAS Authentication works fine.
I'm using the following example URL http://java.sun.com/products/jndi/tutorial/ldap/security/gssapi.html
My errors start as follows:
... [authentication info before this]
Credentials acquireServiceCreds: same realm
CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
EType: sun.security.krb5.internal.crypto.DesCbcMd5ETypejavax.naming.AuthenticationException: GSSAPI. Root exception is com.sun.securit
y.sasl.preview.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: _kerberos._udp.OBJADS.OBJECTIVE: _kerberos._udp.OBJADS.OBJECTIVE)]
at com.sun.security.sasl.gsskerb.GssKerberosV5.evaluateChallenge(GssKerberosV5.java:180)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:113)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.jndi.ldap.LdapClient.saslBind(LdapClient.java:399)
at com.sun.jndi.ldap.LdapClient.authenticateLdapClient.java:215)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2597)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:275)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLLdapCtxFactory.java:173)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:191
... and so on
Thanks, Philip -
How can i run AirPort Express for both a Mac and Windows 2000 SP2?
I have my AirPort Express set up for my iMac and it runs fine. We have a house guest who has a laptop running Windows 2000 SP2. Can I set up Airport so that both computers can access internet wirelessly?
Just did a quick check of the Unofficial Averatec Support Forum. Several posters there upgraded the driver for the wireless card to support WPA on the 5110.
They used drivers from other computer manufacturers and indicated that Averatec has not provided updated drivers.
They were running XP SP2.
Many Averatec models have weak wifi cards. Mine included. Sorry I am unable to be of more help.
Good luck
susan
iBook G4 Mac OS X (10.3.4) -
Remote Control and Windows 2000 Server
Does anyone know if it is possible to use Zenworks for Desktops to remote
Contol on a Windows 2000/2003 server ?
Regards
Johann FolkestadOK, thanks.
Johann F
"Marcus Breiden" <[email protected]> skrev i melding
news:19gl0uyoxzfhl$.[email protected]. .
> On Mon, 27 Sep 2004 08:43:58 GMT, Johann Folkestad wrote:
>
>> Does anyone know if it is possible to use Zenworks for Desktops to remote
>> Contol on a Windows 2000/2003 server ?
>
> ZFD will not support RM of a server... you need ZFS for that...
> --
>
> Marcus Breiden
>
> Please change -- to - to mail me.
> The content of this mail is my private and personal opinion.
> http://www.edu-magic.net -
Problems with JFileChooser and Windows 2000 (can't see mydocuments contents
Hi! I've an applet which has a JFileChooser component. In other Windows, I can select the MyDocuments folder and it goes there and list all the contents OK. But, in Windows 2000, when I go to MyDocuments, none of the contents is listed in the file chooser. I need to navigate through all the directories to get there (C:\documents and settings\user\my documents) and then, it shows its contents, but obviously, I don't want it to be this way because is difficult for the common user.
Any idea of why is going on this?
Thanks in advance!Hello, You need to use something like o=isp as the
root DN, then o=yourorg.com goes beneath it.
i.e.
For the other questions on setup, just choose o=isp
as base DN when you set up the directory server. When
you run ims_dssetup.pl, choose o=internet as the DC
tree base, then choose o=isp as the user/groups base
suffix.
When you are installing messaging server it will ask
where to put the default organization, this is where
you would choose o=abc.com, o=isp
For more info on how this structure works please take
a look at this link and it will all fit into place:
http://docs.sun.com/source/816-6017-10/changes.htm#170
8Alright, I got ims_dssetup to run successfully. But now when the ims 5.2 installation is about 50% done, I get the message:
A serious problem occurred while installing the iPlanet Messaging Server Messaging SIE entry in LDAP (msg.cfgldap.sie.inf). It reported the following problem:
The server configuration for the Messaging SIE entry in LDAP (msg.cfgldap.sie.inf) cannot be created.
Maybe you are looking for
-
How can i get the downloaded book from another user to my ipad
im having trouble getting my all my file from my old computer to my new one eventhough i have icloud on both computers. also when i download books from my moms computer it doesnt show on my ipad when i connect to the new computer.
-
Firefox will not open. Process runs, but browser window will not open.
I am unable to get the Firefox browser window to launch. The application will attempt to open, but the browser window will not appear. Task manager indicates that the process is running, it just will not launch the window. No amount of restarts or re
-
Hi All - We are planning to go for CUCM direct upgrade from 7.1.3 - 9.1.2 Also for UCCX from 7.0.1 SR5 ---> 8.5.1 --> 8.5.1 SU3 --> 9.0.2 During upgarde of UCCX 8.5.1 on UCS Machine it will ask to eneter CUCM AXL user Credentails which is in 9.1.2, S
-
I'm getting an error. Do you know what this means?
Hi Everyone. I'm getting the following error when i run my code. it still runs and seems to function properly but i'd like to know what it means. If anyone could help i'd be very greatful. Thanks a lot Sharon Note: MazeScene.java uses or overrides a
-
i have checked all ways but its not working under sounds - vibration settings , restore , restart everything but still not working. please give me some solutions. do i have a chance to change with new one ? thank you