PAM_CONV not working for SSH logins
I have a problem implementing PAM_CONV for SSH logins on Solaris 9 with the latest OS patches. I am using my own PAM module.
I am trying to utilize PAM_CONV from pam_sm_acct_mgmt.
I am using the following definition in /etc/pam.conf :
other account optional pam_gabi.so
Here is how I use PAM_CONV from pam_sm_acct_mgmt :
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <syslog.h>
void gabi_pam_free_msg (int num_msg,
struct pam_message **msg);
void gabi_pam_free_resp (int num_msg, struct pam_response *resp);
int gabi_pam_conv (int (*conv_funp)(), int num_msg,
char **messages,
struct pam_response **resp);
#define PAM_MSG(pamh, number, string)\
(char *) __pam_get_i18n_msg(pamh, "pam_unix", 3, number,
string)
void gabi_pam_free_msg (int num_msg, struct pam_message *msg)
if (msg && num_msg > 0) {
while (num_msg--) {
if (msg[num_msg].msg)
free((void*)msg[num_msg].msg);
free(msg);
void gabi_pam_free_resp (int num_msg, struct pam_response *resp)
int i;
struct pam_response *r;
for (i = 0, r = resp; i < num_msg && r; i++, r++) {
if (r->resp) {
free(r->resp);
if (resp)
free(resp);
extern
int pam_sm_acct_mgmt (pam_handle_t *pamh,
int flags,
int argc ,
const char **argv)
char message[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE];
char *pmessage = &message[0];
struct pam_response *ret_resp;
struct pam_conv *pam_convp;
int rv=0;
syslog(LOG_WARNING, "pam_sm_acct_mgmt");
memset(&message[0],0x00,PAM_MAX_MSG_SIZE);
if (pam_get_item(pamh, PAM_CONV, (void*)&pam_convp) == PAM_SUCCESS) {
syslog(LOG_WARNING, "pam_sm_acct_mgmt: PAM_CONV
== PAM_SUCCESS");
(void) snprintf(message[0],sizeof (message[0]),
(const char *) PAM_MSG(pamh,
1,"pam_sm_acct_mgmt : "));
rv=gabi_pam_conv(pam_convp->conv, 1, &pmessage,
&ret_resp);
syslog(LOG_WARNING, "pam_sm_acct_mgmt:seos_pam_conv
returned rv=%d",rv);
else
syslog(LOG_WARNING, "pam_sm_acct_mgmt: PAM_CONV !
= PAM_SUCCESS");
return PAM_IGNORE;
int gabi_pam_conv (int (*conv_funp)(), int num_msg, char **messages,
struct pam_response **resp)
struct pam_message *msg;
int retcode, i;
struct pam_response *ret_resp = NULL;
msg = (struct pam_message *)calloc(num_msg, sizeof(struct
pam_message));
if (msg == NULL)
return PAM_BUF_ERR;
for (i = 0; i < num_msg; i++) {
char nl = 0;
msg.msg = (char *)malloc(PAM_MAX_MSG_SIZE);
if (resp && (i == num_msg - 1)) {
msg[i].msg_style = PAM_PROMPT_ECHO_OFF;
ret_resp = *resp;
nl = '\0';
else
msg[i].msg_style = PAM_TEXT_INFO;
snprintf(msg[i].msg, PAM_MAX_MSG_SIZE, "%s%c",
messages[i], nl);
retcode = conv_funp(num_msg, &msg, &ret_resp, NULL);
syslog(LOG_WARNING, "seos_pam_conv: conv_funp returned
retcode=PAM_SUCCESS=%c",
((retcode == PAM_SUCCESS) ? 'Y' : 'N'));
gabi_pam_free_msg(num_msg, msg);
if (resp)
*resp = ret_resp;
else
gabi_pam_free_resp(num_msg, ret_resp);
return retcode;
I compile the source file like :
cc -K pic -I. -c -o <obj_file> <src_file>
cc -o pam_gabi.so -G -h pam_sample.so.1 -z text -z defs
-Bsymbolic <obj_file> -lc -lpam -lnsl
I copied pam_gabi.so to /usr/lib/security.
From a remote machine I run :
ssh -l <user_id> my_machine (<user_id> is a regular user)
I expect to get prompted with "pam_sm_acct_mgmt :" after I put in the
user password but I never see it and I am logged in successfully.
If I try :
rlogin -l <user_id> my_machine
I do get the "pam_sm_acct_mgmt :" prompt after providing the user's
password and login successfully.
The syslog messages show that 'conv_funp' in gabi_pam_conv
returned PAM_CONV_ERROR when called for the SSH login and
returned PAM_SUCCESS when called for the rlogin.
Kerberos is NOT installed on my Solaris 9 system.
Can anyone please explain this behavior ?
Thanks,
Gabi
After reading a little about this it looks like you have users enter user exec mode by default and after typing "enable" then entering the TACACS+ password you probably get denied. If this is the case you are kind of left to your own devices. I'll provide you some information and let you determine the best course.
R1(config-line#) privilege level [0-15]
This line sets the privilege level of users that are logging in via SSH or other teleterminal services.
Here is an excerpt from the documentation for tac_plus provided at http://www.shrubbery.net/tac_plus/
CONFIGURING ENABLE PASSWORDS
The default privilege level for an ordinary user on the NAS is usually
1. When a user enables, she can reset this level to a value between 0
and 15 by using the NAS "enable" command. If she doesn't specify a
level, the default level she enables to is 15.
You can enable via tacacs+ e.g. by configuring on the NAS:
aaa authentication enable default tacacs+
then whenever you attempt to enable, an authentication request is sent
with the special username $enab<n>$ where <n> is the privilege level
you are attempting to enable to.
(Note: in order to be compatible with earlier versions of tacacs, when
the requested enable level is 15, the daemon will also try the
username $enable$ before trying username $enab15$).
For example, with the above declaration, in order to enable on the
NAS, you need a user declaration like this one, on the daemon:
user = $enab15$ {
login = cleartext "the enable password for level 15"
Note: Be aware that this does have the side effect that you now have a
user named $enab15$ who can then login to your NAS if she knows the
enable password.
Here is a similar declaration allowing users to enable to level 4:
user = $enab4$ {
login = des bsoF4OivQCY8Q
Similar Messages
-
Sql server 2012 Logon trigger not working for certain logins
Hello. I created a login trigger to insert data for each login in a table, and it works for all logins except one that is format domain\login
and the login ends with the dollar sign(actual name is domain\CTXDEVDCSI1$).
I had been using varchar, but after reading other forum posts, I changed the varchar's to nvarchar's, but it still fails for that id.
The errors written to the sql server error log were the usual "login failed due to trigger execution".
I had granted insert on the rvvlogindata table in dsa to public, and only one id wasn't able to login after that.
Any suggestions would be much appreciated!
Here's the modified table ddl:
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE TABLE [dbo].[rvvlogindata](
[sessionId] [int] NULL,
[LoginTime] [datetime] NULL,
[HostName] [nvarchar](50) NULL,
[ProgramName] [nvarchar](300) NULL,
[LoginName] [nvarchar](50) NULL,
[ClientHost] [nvarchar](50) NULL
) ON [PRIMARY]
GO
Here's the logon trigger code:
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
create trigger [LOGIN_IP_RESTRICTION] on all server for logon
as
Begin
Declare @LogonTriggerData xml,
@EventTime datetime,
@LoginName nvarchar(50),
@ClientHost nvarchar(50),
@HostName nvarchar(50),
@AppName nvarchar(300)
Set @LogonTriggerData = eventdata()
set @EventTime = @LogonTriggerData.value('(/EVENT_INSTANCE/PostTime)[1]', 'datetime')
set @LoginName = @LogonTriggerData.value('(/EVENT_INSTANCE/LoginName)[1]', 'varchar(50)')
set @ClientHost = @LogonTriggerData.value('(/EVENT_INSTANCE/ClientHost)[1]', 'varchar(50)')
set @HostName = HOST_NAME()
set @AppName = APP_NAME()
insert into dsa.dbo.rvvlogindata
sessionId,
LoginTime,
HostName,
ProgramName,
LoginName,
ClientHost
select @@spid,
@EventTime,
convert(nvarchar(50),@HostName),
convert(nvarchar(300),@AppName),
convert(nvarchar(50),@LoginName),
convert(nvarchar(50),@ClientHost)
END
GO
SET ANSI_NULLS OFF
GO
SET QUOTED_IDENTIFIER OFF
GO
ENABLE TRIGGER [LOGIN_IP_RESTRICTION] ON ALL SERVER
GOErland, I wanted to add more info to my reply earlier today.
sp_who2 showed no blocking, activity monitor from my local PC SSMS showed no major waits or high i/o or cpu activity.
I was wondering if you have any suggestions on how to find out what was the cause of the 5+ minute wait for SSMS on the remote desktop to respond and fully come up.
I definitely can't put this in production with this hanging delay possibly occurring there.
I was connecting as read_user when it hung.
sp_who2 output at the time was:
1 BACKGROUND sa . . NULL LOG WRITER 54631 0 04/10
06:59:43
1 0
2 BACKGROUND sa . . NULL RECOVERY WRITER 8673 0 04/10 06:59:43
2 0
3 BACKGROUND sa . . NULL LAZY WRITER 300691 0 04/10
06:59:43
3 0
4 BACKGROUND sa . . NULL RESOURCE MONITOR 1207010 0 04/10 06:59:43
4 0
5 BACKGROUND sa . . NULL XE TIMER 38828 0 04/10
06:59:43
5 0
6 BACKGROUND sa . . NULL XE DISPATCHER 1404 0 04/10
06:59:43
6 0
7 BACKGROUND sa . . master SIGNAL HANDLER 0 0 04/10 06:59:43
7 0
8 BACKGROUND sa . . NULL LOCK MONITOR 179978 0 04/10
06:59:43
8 0
9 sleeping sa . . master TASK MANAGER 0 11 04/21
08:37:04
9 0
10 sleeping sa . . master TASK MANAGER 0 0 04/10
06:59:44
10 0
11 BACKGROUND sa . . master TRACE QUEUE TASK 546 0 04/10 06:59:44
11 0
12 BACKGROUND sa . . NULL SYSTEM_HEALTH_MO 4930 0 04/10 06:59:44
12 0
13 BACKGROUND sa . . NULL RECEIVE 422 0 04/10
06:59:45
13 0
14 BACKGROUND sa . . master CHECKPOINT 79137 31811 04/10
06:59:46
14 0
15 BACKGROUND sa . . master TASK MANAGER 1606 0 04/10
06:59:46
15 0
16 BACKGROUND sa . . NULL UNKNOWN TOKEN 0 0 04/10 06:59:46
16 0
17 sleeping sa . . master TASK MANAGER 0 74 04/21
08:37:04
17 0
18 sleeping sa . . master TASK MANAGER 0 0 04/21
08:18:49
18 0
19 sleeping sa . . master TASK MANAGER 0 0 04/21
08:30:29
19 0
20 sleeping sa . . master TASK MANAGER 0 1 04/21
08:37:14
20 0
21 sleeping sa . . master TASK MANAGER 0 7 04/21
08:30:59
21 0
22 sleeping sa . . master TASK MANAGER 16 4 04/21
08:37:44
22 0
23 sleeping sa . . master TASK MANAGER 0 15 04/21
08:39:24
23 0
25 BACKGROUND sa . . master BRKR EVENT HNDLR 0 95 04/10 06:59:48
25 0
30 BACKGROUND sa . . master BRKR TASK 0 0 04/10
06:59:48
30 0
31 BACKGROUND sa . . master BRKR TASK 16926 0 04/10
06:59:48
31 0
32 BACKGROUND sa . . master BRKR TASK 0 0 04/10
06:59:48
32 0
34 BACKGROUND sa . . master BRKR TASK 10701 0 04/10
06:59:48
34 0
51 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
03:16:56
51 0
52 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
52 0
53 sleeping NT AUTHORITY\SYSTEM SQLDEV2012 . msdb AWAITING COMMAND 0 0 04/10
06:59:58 SQLAgent - Email Logger 53 0
54 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:51 Citrix:Broker#1 54 0
55 sleeping edit_user ASDEV1 . dsa AWAITING
COMMAND 0 0 04/21 08:55:27 jTDS
55 0
56 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
56 0
57 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
57 0
58 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
58 0
59 sleeping NT AUTHORITY\SYSTEM SQLDEV2012 . msdb AWAITING COMMAND 124 242 04/10
06:59:59 SQLAgent - Generic Refresher 59 0
60 sleeping NT AUTHORITY\SYSTEM SQLDEV2012 . msdb AWAITING COMMAND 2790 1160 04/21
08:55:00 SQLAgent - Job invocation engine 60 0
61 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
61 0
62 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
62 0
63 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
63 0
64 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
64 0
65 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
65 0
66 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
03:16:56
66 0
67 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
67 0
68 sleeping edit_user DCMA10685 . dsa AWAITING COMMAND 0 0 04/21
08:56:47 jTDS
68 0
69 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:49 Citrix:Configuration 69 0
70 sleeping rvanveen DCMA8460 . master AWAITING COMMAND 1794 7120 04/21
08:51:37 Microsoft SQL Server Management Studio 70 0
71 sleeping xsp_user XSPDEVSI2 . xspv5 AWAITING COMMAND 0 0 04/21
08:58:52 .Net SqlClient Data Provider 71 0
72 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:56:01 Citrix:Monitor 72 0
73 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:30 Citrix:Monitor 73 0
74 sleeping rvanveen DCMA8460 . master AWAITING COMMAND 16 2 04/21
08:53:37 Microsoft SQL Server Management Studio - Query 74 0
75 sleeping rvanveen DCMA8460 . loginaudit AWAITING COMMAND 0 22 04/21
08:50:29 Microsoft SQL Server Management Studio - Query 75 0
76 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:05:07
76 0
77 sleeping adm_jbossportal ASDEV1 . jbossportal AWAITING
COMMAND 0 0 04/21 08:40:27 jTDS
77 0
78 sleeping rvanveen DCMA8460 . master AWAITING COMMAND 110 542 04/21
08:46:17 Microsoft SQL Server Management Studio - Query 78 0
79 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:05:56
79 0
80 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:54 Citrix:MachineCreation 80 0
81 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
08:08:29
81 0
82 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:02:13
82 0
83 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:02:15
83 0
84 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:44 Citrix:Monitor 84 0
85 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:11:05
85 0
86 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:53 Citrix:AdIdentity 86 0
87 sleeping DAIWA_USA\admsql SQLDEV2012 . master AWAITING COMMAND 15 2 04/21
08:56:20 Microsoft SQL Server Management Studio - Query 87 0
88 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:36 Citrix:SiteServices 88 0
89 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:42 Citrix:Host 89 0
90 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:47 Citrix:ConfigurationLogging 90 0
91 RUNNABLE rvanveen DCMA8460 . master SELECT INTO
15 51 04/21 08:58:46 Microsoft SQL Server Management Studio - Query 91 0
92 sleeping rvanveen DCMA8460 . master AWAITING COMMAND 63 30 04/21
08:52:34 Microsoft SQL Server Management Studio - Query 92 0
94 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:53 Citrix:DelegatedAdmin 94 0
95 sleeping DAIWA_USA\admsql SQLDEV2012 . loginaudit AWAITING COMMAND 173 27 04/21
08:56:10 Microsoft SQL Server Management Studio 95 0
96 sleeping xsp_user XSPDEVSI2 . xspv5 AWAITING COMMAND 0 0 04/21
08:58:33 .Net SqlClient Data Provider 96 0
97 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
08:10:07
97 0
98 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 31 38 04/21
08:00:31
98 0
99 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
08:10:12
99 0
100 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 282 04/21
08:10:14
100 0
101 sleeping DAIWA_USA\admsql SQLDEV2012 . master AWAITING COMMAND 0 8 04/21
08:56:50 Microsoft SQL Server Management Studio 101 0
102 sleeping DAIWA_USA\admsql SQLDEV2012 . master AWAITING COMMAND 31 0 04/21
08:54:57 Microsoft SQL Server Management Studio 102 0
103 sleeping read_user SQLDEV2012 . master AWAITING COMMAND 0 8 04/21
08:57:09 Microsoft SQL Server Management Studio 103 0
104 sleeping read_user SQLDEV2012 . dsa AWAITING COMMAND 0 0 04/21
08:57:09 Microsoft SQL Server Management Studio 104 0
105 sleeping rvanveen DCMA8460 . tempdb AWAITING COMMAND 8875 336 04/21
08:58:54 Microsoft SQL Server Management Studio 105 0
106 sleeping read_user SQLDEV2012 . master AWAITING COMMAND 16 0 04/21
08:57:39 Microsoft SQL Server Management Studio 106 0
107 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:47 Citrix:EnvTest 107 0
108 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 2200 8514 04/21
08:00:31
108 0
109 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:05:56
109 0
110 sleeping rvanveen DCMA8460 . master AWAITING COMMAND 0 0 04/21
08:58:48 Microsoft SQL Server Management Studio 110 0
113 sleeping Citrix_adm CTXDEVSI1 . XenApp6 AWAITING COMMAND 284 777 04/21
08:51:33 Citrix IMA 113 0
119 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:42 Citrix:ConfigurationLoggingData 119 0
120 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:26 Citrix:Storefront 120 0
125 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/16
13:55:16
125 0
126 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 16 0 04/16
11:25:30
126 0
131 sleeping echouliak DCMA10685 . master AWAITING COMMAND 139 8 04/14
15:26:55 Microsoft SQL Server Management Studio 131 0
135 sleeping echouliak DCMA10685 . dsa AWAITING COMMAND 0 0 04/14
15:24:52 Microsoft SQL Server Management Studio - Query 135 0
136 sleeping echouliak DCMA10685 . dsa AWAITING COMMAND 0 0 04/14
15:00:17 Microsoft SQL Server Management Studio - Query 136 0
140 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:05:56
140 0
145 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:05:56
145 0 -
HT5017 does not work for first login screen after boot
I did not move the home folder to /var because I am not sure it will be backed up by time machine, but in any case, the first log-in screen keeps showing all accounts. 10.8
I updated to 3.6.4 and when I went to NetFlix to watch the next show of a series, it said
something like
Installation complete, restart your browser.
I restarted browser, same problem. Restarted comp. Same problem.
I updated Adobe Flash 10.1, still same problem.
But able to watch some vids on other sites, but full screen gave me the big blank white screen with audio only, had to click around in the dark ( so to speak) to find the minimize button.
I did a System Restore to before the Firefox and Adobe updates.
I then did not update Firefox as recommended and went to NetFlix and wellah, i can view the movies again.
And Full Screen is fine.
I then experimented and updated Firefox only, went to NetFlix and got same msg with no viewable shows.
So did a System Restore once more.
Staying at 3.6.3 for a while longer until I know I can watch my movies.
I don't own a TV, so this is my only form of an occasional escape.
I do hope this is figured out soon.
With what I have done, it seems to be Firefox, Not Flash.
Good Luck to us all. -
Wake on Demand: Not working for some services, others OK
I haven't been able to figure this problem out... Wake on Demand for a previous generation Mac mini running Snow Leopard 10.6.8 works for things like a CrashPlan automated backup but does not work for things like remote SSH login or Screen Sharing. In all cases, the services are being originated on a latest generation iMac running Mac OS X Lion (10.7.2).
While it's not an earth-shattering event to get off my backside and walk over to the Mac mini across the house to press its Shift key to waken the thing, it gets rather old to have to keep doing so, especially since CrashPlan automated backups are taking place while the Mac mini is otherwise asleep (the sleep indicator is slowly pulsing).
I've been through the Apple tech notes regarding Wake on Demand for Snow Leopard 10.6 and have ensured that AirPort and its network are at the top-most position in their respective lists. Other than that, I'm not sure what else I can do. Wake on Network is enabled in the Snow Leopard Mac mini's network System Preferences and there doesn't seem to be any on/off option in the AirPort Extreme base station (just recently updated to 7.6 firmware).
Any thoughts... hints... suggestions?
One final note: this Mac mini is new as of July 2011; just days before the latest generation of Mac mini came out. It came pre-installed with Snow Leopard and, as soon as the users of this mini find software replacements for the old PPC style applicaitons they're used to using, will be upgraded to Lion. However, I feel a bit unsettled in making the move to Lion if I can't get a Snow Leopard feature to work properly. There's no telling if the Lion upgrade will actually fix this behavior or make it worse.
Thanks in advance.I don't think you can wake on network with a closed lid. Try keeping the lid open and putting the machine to sleep. Does it work?
-
Ldap authentication not working for Solaris 8 host - Help!
Greetings folks,
I just recently migrated a host to use LDAP authentication. The only difference between this host and the rest of the hosts in the environment that I've converted to use LDAP is that this one is running Solaris 8.
Here's the steps I took to migrate it (though, I used the same steps for another Sol8 host in another environment and it works fine):
ldapclient -P stg -d mydomain.com -D cn=proxyagent,ou=profile,dc=mydomain,dc=com -w secret 192.168.1.69
My /etc/nsswitch.conf looks like this:
passwd: files ldap
group: files ldap
My /etc/pam.conf looks like this:
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth sufficient pam_unix_auth.so.1
login auth required pam_ldap.so.1
sshd auth requisite pam_authtok_get.so.1
sshd auth sufficient pam_unix_auth.so.1
sshd auth required pam_ldap.so.1
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth sufficient pam_unix_auth.so.1
other auth required pam_ldap.so.1
passwd auth sufficient pam_passwd_auth.so.1
passwd auth required pam_ldap.so.1
I've also cleared out the local user accounts for my human users, so there aren't any more passwd or shadow entries (yes, I ran pwconv). I also cleaned out the /etc/group entries for the same users. The machine appears to be configured properly, because I can run various DS commands that indicate this:
hostname# getent passwd user1
user1::1001:1001:User 1:/opt/home/user1:/bin/bash
hostname# ldaplist -l passwd user1
dn: uid=user1,ou=people,dc=mydomain,dc=com
shadowFlag: 0
userPassword: {crypt}(removed)
uid: user1
objectClass: posixAccount
objectClass: shadowAccount
objectClass: account
objectClass: top
cn: user1
uidNumber: 1001
gidNumber: 1001
gecos: User 1
homeDirectory: /opt/home/user1
loginShell: /bin/bash
However, in the end, actual logins to this host fail via ssh. Snooping the traffic reveals that all the right info is being handed back to the client, including the crypt'ed password hash, uid, etc. just like I see with other hosts that work.
Any ideas?
Thanks!
PatrickI assume you have applied lastest kernel patch and 108993 to this Solaris8 machine, and its nss_ldap.so.1 and pam_ldap.so.1 are the same as the other Solaris8 LDAP clients that are working for ssh via LDAP auth.
1) Please replace "objectClass: account" with "objectClass: person", I know SUN ONE DS5.2 likes "person".
2) Did you test and verify telnet/ftp/su working? but SSH not working?
3) If telnet/ftp/su all worked, and SSH (SUN-SSH or OpenSSH), make sure you have "UsePAM yes" in sshd_config and restart sshd.
4) It is not a must I think but normally I will add "shadow: files ldap" to /etc/nsswitch.conf, restart nscd after that.
5) Whenever ldapclient command is run and ldap_cachemgr is restarted, I usually also restart nscd and sshd after that, if not testing result may not be accurate as nscd is still remembering OLD stuffs cached which could be very misleading.
6) You may use "ssh -v userid@localhost" to watch the SSH communications, on top of your usual "snoop"ing of network packets.
7) Use the sample pam.conf that is meant for pam_ldap from Solaris 10 system admin guide with all the pam_unix_cred.so.1 lines commented out. This works for me, there is no sshd defintions as it will follow "other".
http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=view
Gary -
Fingerprint utility is not working for normal users - Tecra M11
Hi All,
I installed windows 7 pro in Tecra M11 laptop and the Toshiba finger print utility is not working for normal users.
It is working only for domain administrators. The TFPU is not working for, normal domain users, local users, local administrators. If we run the utility it will ask to enter the windows password and once we applied the password then the message saying "entered password is not valid" will prompt even if we are trying to use the utility first time.
If we try with a domain admin account it will work without any problem. Can somebody help me to trouble shoot this issue?
Thanks.People nowadays experienced that no matter How many times we glide our finger it have no response.In this instance, you might be very afraid of Windows password lost by reason that there is a plenty of important data on your PC.
Then what should you do? One choose is fix the Fingerprint scanners, but this method will cost a lot of money. The other is use the Windows password function to solve the problem. Certainly, this is a very safer, faster and easier to use method for you.
According my personal experience, you can try these three ways to re-access to your PC:
Method 1: Login with the default administrator account
* Step 1: Start Windows PC
* Step 2: When you can see the Windows login screen, press ctrl+alt+del keys Twice and it'll show Classic Login box
* Step 3: Type Administrator as Username and leave the password field blank
* Step 4: Press the Enter Key and then you can be able to login the default windows administrator account which is it created by default when install windows.
*Note:* This trick is only work for Windows XP. And when you input the key combination Please don't put the cursor on any account. And if you change the name or password before, you cannot login by this way.
Method 2: Use the previous password reset disk
This method describes how to create and use a password reset disk for a computer that is a member of a domain. You can use a Windows password reset disk to gain access to your Microsoft Windows Professional-based computer if you forget your Windows password. Please click here to learn more.
Method 3: Using Windows Password Unlocker
Using Windows password remove software is could be the fastest and easiest way for you to reset your Windows password while you didn't create a password reset disk before.
There are 2 options for you: recover Windows password with a bootable CD/DVD or recover Windows password with a USB flash drive.
Before starting, a bootable CD/DVD or USB flash drive and a computer with CD drive are required. (Internal CD drive and external CD drive are both OK.
Option 1: Recover Windows password by burning a bootable CD/DVD
Option 2: Recover Windows password by burning a USB flash drive
The whole Windows password recovery process can be divided to 3 big steps:
* >> Step 1: Burn a USB flash drive to remove lost Windows password
* >> Step 2: Set your target computer to boot from USB
* >> Step 3: Recover forgotten Windows password with the burned USB flash drive
In fact, all you need is a *Windows Password Unlocker www.passwordunlocker.com/windows-password-recovery.html which can help you directly reset your windows xp password, and then you can login your XP without a password required. Of course, there are also some other ways to do it, but this way may be most convenient one. -
CancelUrl is not working for me
Hi Gurus,
I am using Oracle E-Business suit 11i application (11.5.10.2).
When i trying to access the below url its redirect oracle home page.
https://iprodappsx.a2.abb.com/OA_HTML/fndvald.jsp?username=iatp&password=Oracle123&langCode=US&cancelUrl=https://iprodappsx.a2.abb.com/ilogin&requestUrl=APPSHOMEPAGE
This url will redirect to below URL,
https://iprodappsx.a2.abb.com/OA_HTML/OA.jsp?OAFunc=OAHOMEPAGE
But when logout from oracle home page its redirect to Oracle login page with below URL,
https://iprodappsx.a2.abb.com/OA_HTML/AppsLocalLogin.jsp?langCode=US&username=IATP
Instead of that I need to redirect to cancelUrl (https://iprodappsx.a2.abb.com/ilogin) what i sent with cancelUrl parameter. But now its not working for me. Please help me if i missing anything or anything i did wrong.
As oracle standard the logout is working according cancelUrl but for me its not working.
Its very urgent for me, So please any one help me on this. With in two days its go for live. I spent more time on this but not yet cleared.
Regards,
GopiHi Gopi,
I have not personally used this, but please see if the following note helps you:
How To Change the Logout So That The URL Does Not Display the User Name? (Doc ID 1515991.1).
Thanks &
Best Regards,
Asif -
Default Dashboard not working after user login
Hi All,
We have one issue in 11.1.1.7.1 where PORTALPATH is not working for users. As a result, user lands on home page/recent page instead of the default dashboard after login.
I followed Doc ID 1576576.1 and Bug 17071629 - PORTALPATH SESSION VARIABLE IS INEFFECTIVE is reported. I applied patch 17071629 on top of 7.1. I have tried and verified that
· The URL we are using to login is “http://machinename:9704/analytics/saw.dll?bieehome&startPage=1”
· There is no Start Page set in user’s My Account other than Default.
· In Answers, the PORTALPATH session variable fetches correct dashboard path.
· I removed space in the dashboard name and tried with following path “/shared/Dashboard/_portal/PortalPathTest”. Also, assigned same default value to the session variable. I also tried “/Shared Folders/Dashboard/Dashboards/PortalPathTest” and “%2fshared%2fDashboard%2f_portal%2fPortalPathTest” but nothing works.
· lsinventory shows the patch got applied successfully.
One thing to notice -
1. Login url is: "http://machinename:9704/analytics/saw.dll?bieehome&startPage=1"
2. After login, browser URL gets changed to "http://http://scoreboard-sit.wellsfargo.com:9704/analytics/saw.dll?bieehomemachinename:9704/analytics/saw.dll?bieehome" and shows Home Page instead of default dashboard.
3. Now at this stage, if I append "&startPage=1" to the above step 2 URL in browser, it automatically navigates to correct default dashboard.
Also, This patch has fixed default dashboard in Act As. That means, If I act as a User, I land on correct default dashboard. But if same user actually logs in, s/he lands on home page.
I suspect if URL redirection after login is the actual issue. Please suggest if anyone has an idea.
Thanks,
AkshatI think this was the issue -
There was a java script error related to an undefined object, "accessMode" in logon.js. This is related to Accessibility or Section 508 (checked by Developer Tools of IE). We may have removed this code from the logon page which was causing the error. We had customized the page quite a bit previously. When I ignore the error and step through, I go to the correct portal path page. So we are going to replace the logon.js file with backup and hopefully it will fix the issue.
Cheers!
Akshat -
Transaction launcher not working for custom business role
Hi Experts,
I am facing a very weird problem where the transaction laucher define for BOR transaction is working for one business role(Z business role Customized one) but its not working for other business role (Z business role).
to emphasize further we have the code:-
case ls_attributes-object_type.
when lc_z23 or lc_z25.
lv_logical_link = lc_ZITISU.
when lc_BUS2000115.
lv_logical_link = lc_ZITERP1.
when others.
lv_logical_link = lc_ZITERP2.
endcase.
l_if_navigation = cl_crm_ui_navigation_service=>get_instance( me ).
IF l_if_navigation IS BOUND .
Navigate to transaction launcher using link id
l_if_navigation->navigate( iv_link_id = lv_logical_link ).
ENDIF.
in this the logical link is is lc_ZITISU whenever this BSP application is called from both the business roles but in one the window opens up for BOR transaction whereas when we login again using different business role the code is the same as given above. I mean the sam logical link id is used and navigated to but window is not opening for transaction launcher as it happens for the previous business role.
Request your help to resolve this issue.
Thanks,
RajwinHi,
I tried by applying the PFCG role id of business role which was working to the business role id of the one for which it wasn't working and then try testing whether the transaction launcher is triggering. But the transaction launcher screen is still not opening even after doing this.
Probably there's something else too which is causing the problem. Request your inputs on this,
Thanks,
Rajwin -
Hi,
We have installed the SOA suite, and I can login to the various components using oc4jadmin/password (bpel, esb, rules author), but for some reason that oc4jadmin password is not working for Application Server Control, which is the only piece of this I really need to log in to.
Any thoughts on what is going wrong?
Cheers,
Pat RockMaybe you change this password internally for another application (such BPEL, WSM,etc) and didn't make change for your main OC4J container.
You can try to change this password by...
1. Open the file [OASHome]\j2ee\home\config\system-jazn-data.xml
2. Find the section that looks like this
[user]
[name]oc4jadmin[name]
[display-name]OC4J Administrator[display-name]
[guid]88836370D11611DC9F30F9C1CD6F1A73[guid]
[description]OC4J Administrator[description]
[credentials]{903}F+iG1A46edXG9RdfY0pD2O4Ge/qyEjsg[credentials]
[user]
3. Replace the value separated by the "Credentials" starting and ending tags with your new desired password, prefixed with an exclamation point
Example:
[user]
[name]oc4jadmin[name]
[display-name]OC4J Administrator[display-name]
[guid]88836370D11611DC9F30F9C1CD6F1A73[guid]
[description]OC4J Administrator[description]
[credentials]!newpassword[credentials]
[user]
4. Save the file and restart OAS
This should not affect other applications.
Greetings. -
Keychain not updated for Remote Login
Since installing Lion on both machines: When I connect to my G5 Powermac from my MBAir, I use the Keychain to remember my password. This feature worked in previous OS Versions by selecting the 'Remember' Option in the dialogue (meaning you would only see the following dialogue when your password changed on the destionation machine).
With Lion, the Password onthe Keychain is not updated when the flag is set. As a result, when I select the destination machine from the Finder, I always have to wait for 'Not Connected' message (while the process tries to log in with my old password). Then, I have to 'Connect As. ..." and enter my current password (every rassafrassin' time).
Can someone please patch this thing.
Thanks,
gI'm having some trouble with an RD server Win 2008 on a domain. I have a group called domain\authorizedpeople that I would like to enable remote access for. I added this group to the gpo: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on through Terminal Services. I also added this group to server manager > configure remote desktop on the server itself, and I added this group to the remote desktop users' group on the server for good measure.
When I try to log on using an account in that group, I get "The connection was denied because the user account is not authorized for remote login". However when I go to server manager > configure remote desktop and add that specific user, it works fine.
Is there a reasonable explanation for this? I really don't want to have to add...
This topic first appeared in the Spiceworks Community -
Zsh completion can not work after re-login
I follow http://www.linux-mag.com/id/1106/
my .zshrc
autoload -U compinit
compinit
zstyle ':completion:*' verbose yes
zstyle ':completion:*:descriptions' format '%B%d%b'
zstyle ':completion:*:messages' format '%d'
zstyle ':completion:*:warnings' format 'No matches for: %d'
zstyle ':completion:*' group-name
if [ -d ~/zshfunc ] ; then
r() {
local f
f=(~/zshfunc/*(.))
unfunction $f:t 2> /dev/null
autoload -U $f:t
fpath=(~/zshfunc $fpath)
autoload -U ~/zshfunc/*(:t)
fi
There is a ~/zshfunc/_fossil script, but it can not work after re-login.
The temp workaround is re-type 'compinit' manually.
fossil <tab> # will use file name as completion
compinit
fossil <tab> # will show commands for fossil
Last edited by dlin (2014-11-10 00:47:14)Hi
Thanks for the tip. However, I elected not to save the XP SP2 uninstall files when I installed SP2. so I appear to be stuffed.
There must be some creative drivers that work with an audigy with XP SP2 installed!
If not then its either re-format the Hard Dri've and re-install everything again (Doh!!) or get another (not Creative Labs) soundcard.
this is really bugging me.
Zonker -
I have an event in my calendar that was sent by someone that does not work for the company anymore and I am reminded 2 times a week. How do I delete it?
Tap on the event to open the event. Click the 'Edit' button in the event bubble, then press the 'Delete Event' button at the bottom of the Edit pop-up. It's a little different for events that come through Microsoft Exchange, you tap the event to bring up bubble and click the 'Details' button, and then press 'Decline' to remove the event.
-
IPhone 6 External Mic not working for Siri/Dictation
I am finding that the external mic on my iPhone 6 works for phone calls and voice memos, but does not work for Siri/Dictation. When I plug in the earbuds, they work for everything (including Siri/Dictation).
Was chatting to Apple support who had me reset all settings. I thought that worked, but realized that after a reset, Siri is off and I was talking to "Voice control" (which works). When I turned Siri back on, it does not work.
I have two questions for the community to see if you can help:
1- I have been assuming this must be a software problem since the mic does work for non-Siri access. But is that true? Is there a hardware component that Siri depends on which could be faulty here?
2- If it is software, what action should I try to address it? I have done a reset all settings already and that did not help.
DougHi, everyone. I talked to Apple Genius at Apple Store last week, she said it should be a software issue and I needed to reset my iphone 6 plus as a new device and I can not use the backup restore from my iCloud, it was because the microphone bug or glitch can be in the backup also. Ok, followed her advice, erased all contents and set my iphone as a new device , the microphone worked for an hour, but went bad again. I used "voice memo" app from Apple to test the microphone. It is the best tool since it doesn't involve any provider's network and it doesn't need another person's phone to listen and test. If you can hear your voice recording clearly, then the mic works. I tested it 3-4 times a day for a few days now, half of the time the mic doesn't work. So, set as a new device isn't working. The issue is intermittent and it comes and goes as it likes, so very annoying. I carry my Apple EarPods with me in these past few days ust in case I need to make important phone calls. Will need to go back to Apple Genius this weekend for sure. Will give update after the weekend.
-
CALLER ID not working for International incoming calls
Hi,
I've a strange issue where CALLER ID not working for International incoming calls, it shows INTERNATIONAL UNKNOWN NUMBER in the phone display, but the number shows correclty in Verizon Call assistant !!!
Any clue?yashshankar wrote:
Hi
I recently purschased an Online number but the caller id does not work for incoming calls.How do we resolve this problem?.
Regards
Yash
You didn't mention what country your Online Number is in. Not all of Skype's Online Numbers are eligible for use as Caller ID when calling telephones or sending SMS messages. If your number is from one of these countries (Chile, Denmark, Estonia, Hong Kong, Poland, Sweden, the UK and the US), then it can be used this way. Otherwise, you can use a mobile number from countries other than Japan or Mexico as Caller ID with Skype, after the number goes through a verification process where Skype sends SMS messages with codes to that number.
To get to these settings, log into your Skype account here on the Skype web site using the "Account" link at the top of this page. You'll see a screen that would include your current Caller ID settings, and a link to change that. If your Online Number is from one of those countries I referenced above, just select it and you're done.
Hope that helps!
Patrick
Location/Ubicacion: Arizona USA
Time Zone/Hora Local: UTC/GMT -7
If this message has adequately addressed your issue, please click on the “Accept as Solution” button. If you found a post useful then please "Give Kudos" at the bottom of my post, so that this information can benefit others.
Si esto mensaje le ha ayudado, por favor haga clic en "Aceptar como solución". Si encuentra un mensaje útil, por favor "Da Kudos" al final del mensaje, por lo que esta información puede beneficiar a otros.
I am not a Skype employee. No soy un empleado de Skype.
Maybe you are looking for
-
Some share buttons don't work on my tablet
I have a Samsung tablet, model GT-P3113 and its Operating System is Android. In some websites when I click share buttons like addthis and sharethis, they don't work and are inactive. I refresh the page and it doesn't help. For example, none of share
-
Can anyone tell me my problems here?
It's another situation of a macbook pro (maybe old?) being crippled after yosemites. It was fine in mavericks and I was happy as a clam. But now the dark days have time and I'm twisting in woe. I can't buy spare parts for a new HD or additional RAM (
-
Error in logs when starting server
Hi, when i am trying to start my app server on sunone. I am getting the following errors in the logs. CORE1116: Sun ONE Application Server 7.0.0_01 SEVERE: CORE1227: NSS initialization failed: SEC_ERROR_BAD_DATABASE: Problem using certificate or key
-
I get an error message when trying to open the download disk.
I need to reinstall photoshop cs5. I have downloaded it, but cannot open the downloaded disk. I get an error message saying it can't be opened due to it being "not recognized". The disk name is: "Photoshop_12_1_LS1.dmg" Can anyone help me? Thanks.
-
Settings for ClientAuthentication in PI 7.1 EHP 1
Hello, we have SAP PI 7.1 EHP 1 and a SOAP -> PI -> IDOC scenario. The SOAP sender adapter is used for HTTPS with ClientAuthentication I need to know, how the client certificate can be bound to UME user in the Netweaver Administrator. In XI 3.0 we di