Prerequisites for Using Windows NTLM Authentication

Similar Messages

• How to do HTTP getRequest() with windows NTLM authentication from OBPM..??

  Hello All,
  Please share your expert ideas how me can do HTTP getRequest() with windows NTLM authentication from OBPM..??
  I am not sure even whether its possible or not, if not what could be the alternative way to do integration with MS SharePoint ??
  Version : Oracle BPM v 10.3.1
  Cheers
  Parveen Jaswal

  You are only as secure as web browsing to the LogMeIn website is (which appears to use HTTPS). If your login on that site is compromised, they will have a list of your computers that they can attempt to connect to. As long as you don't save the login credentials, they would then also need to know what username and password to use to connect to the computer. Granted, a little social engineering, and they could probably get some good ideas what to try for those, but if you chose to make your computers secure with complex and hard to guess passwords then it should be fine.
  I've been using LogMeIn from my Mac to my mom's Windows XP system from July 2009, and to my wife's Thinkpad running Win 7 since Oct 2009. None of the computers involved have had any security issues at all, let alone any caused by LogMeIn. For my wife's PC, it sits behind our NAT Firewall in our LinkSys Router (although I did have it behind a CheckPoint VPN Edge router for a while). My Mom's PC sits behind a Netgear Router providing its NAT Firewall. When my Mac isn't at home, it's generally behind that CheckPoint VPN router at my office now. It all works nicely from behind one router to behind another. The Piece that you install on the PC will log it into the LogMeIN website and that is how it gets through the router to the PC. You login to the website, select the PC to control, then login to that PC.

• Any prerequisites for using javascripts (JS) in SAP BPC 7.5NW (SP5)

  Hi,
  I keep getting evalution and parsing errors, every time I use a JS in my conversion files. It simple standard JS, like:
  js:parseInt(%external%)
  js:%external%.substring(2,5)
  etc
  Are there any prerequisites for using javascripts ??
  Is there anywhere I can debug these JS withing SAP BW ?
  Thank you,
  Joergen

  Gersh,
  It works now. I have implemented the below code (ENTITY needed to contain the variable as well). The relationship profitcenter and entity is very important as it derives the relevant profitcenters from the profit center hierarchy (e.g. all profitcenters under the legalentity node).
  //ALLOCATION PROCEDURE CONVERSION RATE
  //=====================================
  *FOR %ENT% = %ENTITY_SET%
  *RUNALLOCATION
  *FACTOR=1
  *DIM SEBACCOUNT WHAT=CONV_RATE; WHERE=<<<; USING=<<< ; TOTAL=<<<
  *DIM PROFCENT WHAT=DUMPC; WHERE=BAS(BPC_%ENT%);USING=<<<; TOTAL=<<<
  *DIM CATEGORY WHAT=FCSTCUR; WHERE=<<<; USING=<<< ; TOTAL=<<<
  *DIM ENTITY WHAT=%ENT%; WHERE=<<<; USING=<<<; TOTAL=<<<
  *ENDALLOCATION
  *NEXT
  Thanks
  Nico

• Windows NTLM Authentication on SAP 4.6c (Platform AIX)

  I am trying to use NCo 2.0 for C# .Net application with Web Service and C# Web UI.
  My Users are in AD domain and need to authenticate on IIS via AD (Integrated NTLM)
  I need to implement single sign on for SAP integrated application.
  As per NCo documentation: I need to set-up trust relationship between IIS and SAP, use this trusted user (DOMAIN\IUSR_SAPPOOL) and send active directory  id as external id in connection string. All transaction should run with external user id context.
  Can someone help me with following question.
  1. Does NTLM trust relationship / authentication on SAP running on AIX? or Do I have to setup kerberos authetication?
  2. What SNC library needed for SAP (AIX instance)?
  3. How can I configure NTLM authentication on SAP (AIX instance) The NCo 2.0 documents only explains SAP (MS instance) configuration.
  What option do I have to get Single Sign On working?
  Any help is highly appreciated.
  Regards and Thank you in advance.

  > Hi Reiner,
  > Thank you very much for response, this is helpful
  > information.
  If you consider an answer as helpfull, please mark it with the button on the left side :-).
  > My options are pretty much limited,
  > I can't use NTLM since, AIX will not accept trust
  > -- NTLM Auth will not work with AIX
  > -- Kerberos auth have to have third party tool like
  > CyberSafe for SNC trust relationship.
  As I wrote, you can use any SNC provider. Especially Secude would be interesting, as it is available on all platforms.
  > I planning to try using SSO as mentioned in "Enabling
  > Single Sign-On for ASP.NET Applications in Enterprise
  > Portal 6"
  > Is this approach works with EP 5.0?
  This is a completely different approach: In the stuff I was writing to you before I was assuming that IIS would do the authentication. The other approach is that SAP Portal does it. This also works - EP 5.0 should be fine - but it works completely different. E.g. you doesn't need a trusted connection for SSO with MYSAPSSO2 ticket.
  > If any one has "sapsecu.dll" please send me at
  > [email protected] with same size as stated in
  > this document.
  This DLL is not allowed to be exported into some countries because it contains strong cryptography. You usually get it via your local SAP subsiduary.
  > My SSO ticket did not get created after following
  > steps in document, I am suspecting either sapsecu.dll
  > or veryfy.pse is wrong?
  Did you find a MYSAPSSO2 cookie in the request?

• Prerequisites for using ALV reports

  Hi,
  We have some of our standard transaction for instance LT23, which seems to have been programmed to be used and viewed with ALV layout. However, this is not the case, it just print using the old list layout.
  Are the prerequisites for running ALV report; if so I would like to know them. SAP GUI is 7.20 and the theme is SAP Signature.
  Any input is appreciated.
  Thanks.

  Hi
  If you want to use the GRID instead of LIST, yes I don't know if it's a good idea but you can do only that
  That means you need to change the function module  L_TO_LIST_DISPLAY, but the ALV is called in form CALL_ALV, so you can create an enhancement in order to call the GRID instead of LIST.
  The call should be the same, because the 2 functions (GRID and LIST) have the same interface, so instead of
  CALL FUNCTION 'REUSE_ALV_LIST_DISPLAY'
       EXPORTING
            I_CALLBACK_PROGRAM       = SAV_SY_REPID
            I_CALLBACK_PF_STATUS_SET = 'SET_PF_STATUS'
  *         I_CALLBACK_USER_COMMAND  = ' '
  *         I_STRUCTURE_NAME         =
            IS_LAYOUT                = LAYOUT
            IT_FIELDCAT              = XFIELD
  *         IT_EXCLUDING             =
            IT_SPECIAL_GROUPS        = XSP_GROUP[]
  *         IT_SORT                  =
  *         IT_FILTER                =
  *         IS_SEL_HIDE              =
            I_DEFAULT                = 'X'
            I_SAVE                   = 'A'
            IS_VARIANT               = VARIANT
            IT_EVENTS                = XEVENT
  * >>>>>>>>>> begin of insertion HP_318150 >>>>>>>>>>
            i_buffer_active          = 'X'
  * <<<<<<<<<< end   of insertion HP_318150 <<<<<<<<<<
  *         IT_EVENT_EXIT            =
  *         IS_PRINT                 =
            I_SCREEN_START_COLUMN    = I_SCREEN_START_COLUMN
            I_SCREEN_START_LINE      = I_SCREEN_START_LINE
            I_SCREEN_END_COLUMN      = I_SCREEN_END_COLUMN
            I_SCREEN_END_LINE        = I_SCREEN_END_LINE
  *    IMPORTING
  *         E_EXIT_CAUSED_BY_CALLER  =
         TABLES
              T_OUTTAB                 = T_TO_LIST_PLUS
         EXCEPTIONS
              PROGRAM_ERROR            = 1
              OTHERS                   = 2.
    IF SY-SUBRC NE 0.
      MESSAGE E706(L1) WITH 'REUSE_ALV_HIERSEQ_LIST_DISPLAY'.
  *   Interner Fehler ist aufgetreten (FB &)
    ENDIF.
  ....you can insert:
  CALL FUNCTION 'REUSE_ALV_GRID_DISPLAY'
       EXPORTING
            I_CALLBACK_PROGRAM       = SAV_SY_REPID
            I_CALLBACK_PF_STATUS_SET = 'SET_PF_STATUS'
  *         I_CALLBACK_USER_COMMAND  = ' '
  *         I_STRUCTURE_NAME         =
            IS_LAYOUT                = LAYOUT
            IT_FIELDCAT              = XFIELD
  *         IT_EXCLUDING             =
            IT_SPECIAL_GROUPS        = XSP_GROUP[]
  *         IT_SORT                  =
  *         IT_FILTER                =
  *         IS_SEL_HIDE              =
            I_DEFAULT                = 'X'
            I_SAVE                   = 'A'
            IS_VARIANT               = VARIANT
            IT_EVENTS                = XEVENT
  * >>>>>>>>>> begin of insertion HP_318150 >>>>>>>>>>
            i_buffer_active          = 'X'
  * <<<<<<<<<< end   of insertion HP_318150 <<<<<<<<<<
  *         IT_EVENT_EXIT            =
  *         IS_PRINT                 =
            I_SCREEN_START_COLUMN    = I_SCREEN_START_COLUMN
            I_SCREEN_START_LINE      = I_SCREEN_START_LINE
            I_SCREEN_END_COLUMN      = I_SCREEN_END_COLUMN
            I_SCREEN_END_LINE        = I_SCREEN_END_LINE
  *    IMPORTING
  *         E_EXIT_CAUSED_BY_CALLER  =
         TABLES
              T_OUTTAB                 = T_TO_LIST_PLUS
         EXCEPTIONS
              PROGRAM_ERROR            = 1
              OTHERS                   = 2.
    IF SY-SUBRC NE 0.
      MESSAGE E706(L1) WITH 'REUSE_ALV_HIERSEQ_LIST_DISPLAY'.
  *   Interner Fehler ist aufgetreten (FB &)
    ENDIF.
  Max

• Which is the better option for using windows on mac ...parallel or vm ware fusion

  i want to use c# ,.net, c++ , on my macbook pro ....which software i should purchase parallel or vmware fusion

  They both work well. I like Fusion. Others like Parallels. Still others like VirtualBox.
  They all have free trials, VirtualBox is a free product, so try them for yourself and stick with the one that works best for you.
  I opted to install Windows using Boot Camp Assistant.

• Helpful tip for using Windows computers w/Airport Extreme

  Not sure if this has been posted before but I would suggest that windows users or mixed use users (windows/mac) that want to use the airport extreme basestation should uninstall any security software (antivirus/firewall) that is on their windows computers before setting up the Airport Extreme Basestation.
  I was having a lot of trouble getting my windows computers to see each other (or any other computers for that matter) despite them being able to connect to the internet and the fact that they were both on the same workgroup.
  I figured out that by uninstalling the norton software and then replugging them into the basestation that miraculously I could then see the other computers on the network ("view computers in my workgroup"). Then reinstall the security software and you should be good to go.
  Hope that helps someone and prevents hours of frustration.
  Now that I have the Airport Extreme basestation running it is phenomenal. All computers (mac and windows) can see each other and share files.

  There is another way to use the AE.. that might help your problem.
  The first thing though is to use static IP .. even in bridge that might fix it.
  You would need to use DHCP Reservation in the main router to set the IP of the Airport. This can be called different names in different devices but it is usually there.
  Then in the computer using finder, Go, Connect to server. Type in the actual IP address of the Airport.
  So
  AFP://10.0.1.100 (for example, replace with the actual IP).
  You will have a request for the disk password.. once the computer finds the network resource. Type in the password and store it in the keychain so it is not forgotten.
  I do find it interesting that apple can acknowledge that networking is that poor.. and do nothing about it.

• Prerequisites for using capture media

  I am a true believer in using Build and Capture and have never used capture media to generate a WIM from a reference computer.  I do believe there are some scenarios where the capture media is required.  I have a few questions about using capture
  media.  Should the ConfigMgr client be deployed on the reference computer before capturing?  I believe the answer is no.  I think it could be buty it would be cleaner to leave it off. 
  Should SCEP be deployed on the reference computer before capturing?  I believe the answer is no.  Are there any guidelines outlining these particular type questions?
  I believe there is a reason why SCEP should not be deployed before the capture, but I can't find a reference to the reason.
  Thanks

  Hi,
  Install the ConfigMgr client, the SCEP client could be installed, I would leave it of and use Chris script solution to install it during OSD,
  http://www.chrisnackers.com/2012/10/18/configuration-manager-2012-installing-endpoint-protection-during-a-task-sequence/ so you deploy it together with the latest Definition updates as well. the biggest reason to leave scep out of the image is that it will
  be outdated anyway.
  But in some scenarios with speific requirements I have left it in there, in that case read this on how to prepare the SCEP client :
  http://technet.microsoft.com/en-us/library/dn236350.aspx
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• IOS 8 Safari not working with sites using Windows Authentication (again)

  A testbed of iPhones and iPads were updated to iOS 8 today. When trying to access intranet sites in our company that use Windows (IIS) Authentication, it challenges for the login and password 2 or 3 times, then nothing - just hangs.  These sites work fine on iOS 7 devices - and worked on the same devices that were upgraded.
  Windows Authentication was broken in iOS 7.0 also and not fixed until a later update. Why does this keep getting broken?

  This was a thread that discussed this when it was broken in iOS 7.0...
  https://discussions.apple.com/thread/5327078?start=0&tstart=0    
  I just tested with Chrome on the iPhone upgraded to iOS 8 and it works fine. It is Safari that is broken again.
  Of course, Apple won't give us a way to make Chrome the default browser when links are clicked in emails, so it's not exactly a solution.

• FM for checking Windows Authentication

  Hi All,
  Is there any function module / class / method  etc available for checking windows based authentication?
  My purpose is to call such FM (If available) from a web based interface as RFC,
  Kindly advise.
  Thanks in advance.
  Regards
  Vipin

  hi,
  there is no function module is there specifically for checking the windows.u have to create u r wone FM for that.
  with regards,
  M.SRikanth

• Authenticator not being invoked - NTLM authentication against IIS 6.0 !!

  Hi Folks,
  I am trying to access Microsoft Reporting Service running on IIS 6.0 through a Web Proxy (a simple application running in an App Server) using the NTLM authentication. This is what i am doing
  Authenticator.setDefault(new ReportAuthenticator());
  HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();.
  As i understand, the authentication is to magically work with the IIS Server requesting my web proxy for the credentials on connect whcih should involke the Authenticaor class.
  Howver this is not happening at the moment. The authenticator object never gets invoked and even then my web proxy is being able to chat to IIS. The Sun app server hosting my web proxy is somehow passing my windows credentials to IIS and since my account has sufficient previliges on IIS, i am able to get through the initial connection.
  When i debug the urlConnection object, i can see that the connection recognises that this is an NTLM authentication but is obviously not using the Authenticator credentials.
  Is the Authenticator object meant to be invoked automatically or do i need to set some header information in the urlConnection??
  Any help is greatly appreciated.
  P.S: I am using JDK 1.5, IIS 6.0, Sun App Server 9.0 (platform edition)
  best regards
  Dushy

  Hi,
  we had the same problem, but we got support
  from readme.txt
  Bug#: 6789020
  Agent type: All Agents
  Description: In CDSSO mode non enforced POST requests cannot be accessed
  Bug#: 6736820
  Agent type: IIS 6 Agent
  Description: IIS 6 agent doesn't work properly with ASP pages in CDSSO mode
  Both bugs should be fixed in this version:
  Sun Java System Web Agents 2.2-02 hotpatch2

• Web Dispatcher with Windows Intgrated Authentication

  Hello,
  We are setting up the relay of Browser ==> IISProxy ==> Web Dispatcher ==> Cluster.  We plan to use Windows Integrated Authentication and terminate the SSL connection at the IIS.  We are wondering how smoothly this will go as we have read differences in the order between IISProxy and WebDispatcher (in these forums) and have found nothing on the combination with SSL.  I assume that the IISProxy will encrypt, authenticate, provide the cookie and then forward the request to the Web Dispatcher for further routing to the cluster.
  Needless to say, has anyone done this successfully?  Can anyone provide information, warnings, caveats, etc... so that we can decide to use the Web Dispatcher or another software-based NLB solution.  We understand the technical benefits - especially in an SAP shop, but if there are richer features for authentication in latter releases we may consider putting it on hold and going with a known solution.
  We have seen some appliances that can perform the SSL termination, 3rd party authentication, etc, etc,... are there any plans for the Web Dispatcher to be able to perform the authentication with windows (NTLM or Kerberos)?
  All of the other features are grat and a breeze to work with however authentication on the MS domain is a must here and it may be the missing functionality.
  Thanks and kind regards,
  Judson

  Hi Judson,
  currently there is no plan to enhance web dispatcher into that direction. Instead we started to work together with network technology providers to offer the funtcionality of web dispatcher together with additional security and authentication stuff.
  network is not our business, so there are no plans to boldly go into that direction. Because of that such combinations like authentication with wd are sometimes hard to do.
  If you want a tip for the future I'd say, what you will see is boxes that have everything in there and two plugs for the internet and the sap network -everything else (firewalls, authentication, load balancing with automatic recognition of the sap cluster) would be in the box.
  Regards,
  Benny

• NTLM Authentication in the Outlook Anywhere

  I use Exchange Server 2007 sp1 RollUp 6 installed on Windows Server 2008. I need to use Outlook Anywhere from non-domain computers. I test Outlook Anywhere with Basic and NTLM Authentication and all works fine. But when I use NTLM authentucation, Outlook promt user credential every time when it start, even "remember password" was checked. The login and password are remembered in the network password of user, but Outlook prompt password again and again, when it starts. Exchange published by 443 port directly (without any listeners)!
  When I connect by VPN, and use TCP/IP connection to the server, Outlook remeber password withoun any problems, and did not ask password again.
  get-OutlookAnywhere:
  ServerName                 : SRVEXCH2
  SSLOffloading              : False
  ExternalHostname           : mail.my_domain.ru
  ClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods   : {Ntlm}
  MetabasePath               : IIS://srvexch2.net.local/W3SVC/1/ROOT/Rpc
  Path                       : C:\Windows\System32\RpcProxy
  Server                     : SRVEXCH2
  AdminDisplayName           :
  ExchangeVersion            : 0.1 (8.0.535.0)
  Name                       : srvexch2
  DistinguishedName          : CN=srvexch2,CN=HTTP,CN=Protocols,CN=SRVEXCH2,CN=Servers,CN=Exchange Administrative Group (
                               FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=S
                               ervices,CN=Configuration,DC=net,DC=local
  Identity                   : SRVEXCH2\srvexch2
  Guid                       : 2c24f11b-852c-4948-b236-3f37d071d500
  ObjectCategory             : net.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
  ObjectClass                : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                : 18.02.2009 14:17:55
  WhenCreated                : 17.02.2009 14:53:36
  OriginatingServer          : dc1.net.local
  IsValid                    : True
  I have tried this cases, but they have not helped for this issue:
  1) Disable kernel mode authentication with this command: %systemroot%\system32\inetsrv\AppCmd.exe set config /section:system.webServer/security/authentication/windowsAuthentication /useKernelMode:false, I  also have unchecked Kernel mode authentication in the properties of Windows Authentication for Default Web site, \Rpc and \Autodiscovery virtual directories.
  2) Modify this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa lmcompatibilitylevel=3 and 2.
  3) Set NTLM instead of Kerberos on the security tab in the properties of Outlook.
  4) Install domain controller and global catalog roles on the Exchange Server.
  Somebody have any solution for this issue? May be Outlook Anywhere and NTLM do not work at all?

  Have you also seen this:
  You must provide Windows account credentials when you connect to Exchange Server 2003 by using the Outlook 2003 RPC over HTTP feature
  http://support.microsoft.com/kb/820281
  1.
  Click
  Start,
  click Run,
  type regedit in the Open
  box, and then press ENTER.
  2.
  Locate
  and then click the following registry subkey:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
  3.
  In
  the right pane, double-click lmcompatibilitylevel.
  4.
  In
  the Value data
  box, type a value of 2 or 3 that is appropriate for your environment, and
  then click OK.
  5.
  Quit
  Registry Editor.
  6.
  Restart
  your computer.
  LmCompatibilityLevel
  settings
  The
  LmCompatibilityLevel registry entry can be configured with the following
  values:
  LmCompatibilityLevel
  value of 0:
  Send LAN Manager (LM) response and NTLM response; never use NTLM version 2
  (NTLMv2) session security. Clients use LM and NTLM authentication, and
  never use NTLMv2 session security; domain controllers accept LM, NTLM, and
  NTLMv2 authentication.
  LmCompatibilityLevel
  value of 1:
  Use NTLMv2 session security, if negotiated. Clients use LM and NTLM
  authentication, and use NTLMv2 session security if the server supports it;
  domain controllers accept LM, NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 2:
  Send NTLM response only. Clients use only NTLM authentication, and use NTLMv2
  session security if the server supports it; domain controllers accept LM,
  NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 3:
  Send NTLMv2 response only. Clients use NTLMv2 authentication, and use NTLMv2
  session security if the server supports it; domain controllers accept LM,
  NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 4:
  (Server Only) - Domain controllers refuse LM responses. Clients use NTLM
  authentication, and use NTLMv2 session security if the server supports it;
  domain controllers refuse LM authentication, and accept NTLM and NTLMv2
  authentication.
  LmCompatibilityLevel
  value of 5:
  (Server Only) - Domain controllers refuse LM and NTLM responses, and accept
  only NTLMv2 responses. Clients use NTLMv2 authentication, use NTLMv2
  session security if the server supports it; domain controllers refuse NTLM
  and LM authentication, and accept only NTLMv2 authentication.
  Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator

• Login error with windows AD authentication in IDT (Infomation Desugn Tool)

  HI,
  In IDT (Information Design Tool) I was not able to publish objetcs ( OLAP connections, Business View layer etc) to corresponding repository using windows AD authentication, but with enterprise I was able to do so.
  With the same AD authentications I was able to open universe design tool, BI launch pad .
  Please advise how to correct
  Error----
  Error:
  Failed to log on host com.crystaldecisions.sdk.exception.SDKException$SecurityError: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)
  cause:java.lang.SecurityException: Unable to locate a login configuration
  detail:Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006) Unable to locate a login configuration
  Cause of Error:
  Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)
  Error----
  Thanks in advance
  Regards
  Krishna

  Had the same problem and found note '1588487 - Active Directory authentication failed with InfoDesignTool'
  Problem solved for me.

• JavaMail Exchange Server Windows Integrated Authentication

  I need to send an email using Java Mail by Exchange Server that uses Windows Integrated Authentication.
  Is it possible? If so how?
  (I read some old posts and I get some info but I have to sure is it possible or not just sending mail)

  Hi, jeff81.
  I had same problem with Win2003 server. Try this:
  Start -> Settings -> Control Panel -> Administrative Tools -> Services
  then select "PROPERTIES/LOGON" for necessary service.
  Change "Local System account" to your user account.
  Make sure that user account have necessary grants.
  ps. sorry my poor english :(