Presenting users with authentication menu

Similar Messages

• Crystal Report Print Preview presenting users with Database Login

  Issue
  A user amended a crystal report form, on doing so has now made that Form unavailable to the majority of users to Print or Preview this is in 8.8 PL10. All other users on Previewing are presented with a window  Database Login, but this only presents the server name, Database name is blank and greyed out and then there is only Login ID and Password available. If you enter in the database password a message appears stating failed login.
  We have access to the SAP server and logged in and get the same message! but on the users machine who amended the Form they can print? any suggestions greatly appreciated

  Hi Roger,
  The problem sounds similar to what I've had recently, it was resolved by changing the database connection type to SAP Business One in Crystal Reports 2008, I can confirm that using OLE DB or other will still cause the login issue on other machines off the SQL server, the SAP Business one connection solves the issue.
  I was fighting with this for hours, hope this helps you all.

• Need MBAM 2.5 Helpdesk and selfservice sites to open for authenticated users with no password prompt

  I Need MBAM 2.5 Helpdesk and self service sites to open for authenticated users with no password prompt. I just cant seem to get this to work. The account used in the application pool has its SPN registered and delegation set. I can use that account to login
  to the sites but am prompted for a password. That said anyone I add into the helpdesk users group cannot negotiate the sites. Only the account I have set in the application pool can. I want domain authenticated users that have been added to the MBAM Help Desk
  Users group to negotiate the site with NO password challenge at all.
  tconners

  This generally means that your SPN is not set up correctly.  Let's say the web server you installed the SSP on is lance.contoso.com and your app pool creds are corp\lance.  You should set an SPN similar to setspn -s http/lance.contoso.com
  corp\lance.  In your browser, you should now be able to access the SSP without prompts.  However, if you still get prompted, generally that means that your local intranet zone in IE does not have an entry for *.contoso.com.  Since you are entering
  an FQDN in your browser, IE interprets the "." to mean "on the internet" which breaks Kerberos authentication.  By adding *.contoso.com to your local intranet zone, you are telling it that lance.contoso.com is on the intranet, so use
  Kerberos.
  I can confirm, that I have exact configuration and I always get the password promt for the very first time. We have 2 server (1xIIS and 1xSQL) infrastructure in production with SPN set like it should and I get the password prompt.

• Authentication of portal users with uid on oid/ldap

  All works fine with authenticating users created on DAS that have
  dn: cn=%LDAP_USER%,cn=users,dc=edmunds,dc=com
  When I migrated user to portal schema, the auth fails. The portal schema has user dn string
  uid=%LDAP_USER%, ou=people, dc=edmunds, dc=com
  I got this dn string from export to ldif file. The portal user can log in to DAS.
  We are using HTMLdb 1.6 and I used
  LDAP Host[LDAP Test Tool] at /htmldb/f?p=4000:802 to test the parameters.
  How to make this uid dn work with AppEx?
  Thanks.

  Kenny,
  I would forget about using the is_member function for authentication until you achieve what you need directly with dbms_ldap. You can experiment with an anonymous block in SQL*Plus starting with this sample code until you can get the simple_bind_s to work with your parameters:set serveroutput on
  declare
      l_retval      pls_integer;
      l_retval2      pls_integer;
      l_session     dbms_ldap.session;
      l_ldap_host   varchar2(256);
      l_ldap_port   varchar2(256);
      l_ldap_user   varchar2(256) := 'FIRSTNAME_LASTNAME'; -- enter username in this format
      l_ldap_passwd varchar2(256) := 'PASSWORD';           -- enter password
      l_ldap_base   varchar2(256);
  begin
      l_retval                := -1;
      dbms_ldap.use_exception := TRUE;
      l_ldap_host               := 'ldap-host.some-domain.com';
      l_ldap_port               := '389';
      l_ldap_user               := 'cn='||l_ldap_user||',l=amer,dc=oracle,dc=com';
      l_session := dbms_ldap.init( l_ldap_host, l_ldap_port );
      l_retval  := dbms_ldap.simple_bind_s( l_session, l_ldap_user, l_ldap_passwd );
      dbms_output.put_line( 'Return value: ' || l_retval );
      l_retval2  := dbms_ldap.unbind_s( l_session );
      exception when others                                                                                                  
       then 
            dbms_output.put_line (rpad('ldap session ',25,' ')  || ': ' ||
                 rawtohex(substr(l_session,1,8)) ||     '(returned from init)');
            dbms_output.put_line( 'error: ' || sqlerrm||' '||sqlcode );
            dbms_output.put_line( 'user: ' || l_ldap_user );                                                        
            dbms_output.put_line( 'host: ' || l_ldap_host );
            dbms_output.put_line( 'port: ' || l_ldap_port ); 
            l_retval  := dbms_ldap.unbind_s( l_session );
  end;
  /Scott

• Authenticating Unix users with LEAP

  Scenario : WLAN (AP350 V11.21) with LEAP authentication against an ACS V3.0 server (on W2K). Pre-existing Unix users with traditional Unix-crypted passwords. Usernames with their associated encrypted passwords are successfully imported on ACS database with the csutil utility.
  Authorization fails because LEAP uses a derivative of CHAP/MS-CHAP and it needs the plain password on the ACS side.
  WLANs are increasingly used on places like educational campuses where Unix is widely deployed. Has anyone found a solution to authenticate Unix users with LEAP?
  Thanks in advance

  I know it's It's not supported yet. When PEAP is added to Aironet and ACS, this problem will go away. I believe that is happening in ACS 3.1 and some future version of the Aironet software.
  An ugly workaround would be to setup User Changeable Passwords. You'd inform people with UNIX accounts that they have an ACS account created, but that wireless will not work for them until they use a LAN-based system to log in and change their ACS password. You could give them the option of using the same password, of course.

• Kerberos Authentication - more than one user with same sAMAccountName

  I am configuring Kerberos Authentication on SAP AS Java. The single-domain SSO is done and working. Now I need to configure multiple domains in a domain forest. How to resolve issue regarding multiple users with same account ID (same sAMAccountName) under different domains?

  We thought about using the userprincipalname, but decided against it once we had the realization that if SPNego failed for any reason, and the user had to logon manually, they would not know their userprincipalname.  This was a wise decision, as SPNego does fail for a variety of reasons.  The most common is that there appears to be a 1-2 day timeout of the Kerberos ticket, and if a user leaves their computer on for that long, it will challenge them to logon manually.
  Andrew Castillo

• SMTP Host logs - How many users are authenticating - How many emails with distinct titles

  hello,
  can anyone help me out with gathering the following SMTP host logs to see:
  How many users are authenticating.
  How many emails with distinct titles
  Can this be done in powershell or do i need to be looking somewhere else.
  This is for O365

  Hi ,
  Since the emails are hosted with office 365 i would suggest you to raise a ticket with Microsoft and request assistance from them which will make this task much easier 
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• Issue with authentication of users of one domain while logging on to EPM/HFM(we have 3 domains in total)

  EPM Version - 11.1.2.3.500.7
  We have 3 domains and users are authenticated via the Active Directory, the users of all the domains are able to log on to EPM except one Domain.
  What may be the reason?
  The setup was running fine for the last x months and suddenly we see this issue.
  Did anyone encounter this kind of Issue? Any help ?
  1) The Error what the users get :
  EPMCSS: 00301: Failed to authenticate user. Invalid Credentials. Enter Valid Credentials
  2) Error Admin gets when he is trying to search the users in shared services Error what Admin gets :
  EPMCSS:00706: Failed to get users from user directory xx. Error getting connection from connection pool, Verify user Directory Configuration.
  Thanks
  RK.

  We encountered this issue when the User DN's password was changed or when the id was moved to a different folder within Active Directory.

• Unable to Schedule the Report with a user with Author Role.

  Hi,
  I tried to Schedule the Report using weblogic user(which has admin role) it worked perfectly. But when i try to login using User(which has author role) and when i try to schedule a report i am getting the following error. It is clustered Environment.
  [nQSError: 77006] Oracle BI Presentation Server Error: A fatal error occurred while processing the request. The server responded with: Authentication Failure.
  Error Codes: IHVF6OM7:OPR4ONWY:U9IM8TAC
  Location: saw.connectionPool.getConnection, saw.securitysubsystem.checkauthentication.runimpl, saw.securitysubsystem.checkauthentication, saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)
  Error Codes:
  Location: saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Error Codes: AGEGTYVF
  AgentID: /users/richard/Test Mail Report
  ...Trying Agent Get Response Content loop again.... Sleeping for 8 seconds.[nQSError: 77006] Oracle BI Presentation Server Error: A fatal error occurred while processing the request. The server responded with: Authentication Failure.
  Error Codes: IHVF6OM7:OPR4ONWY:U9IM8TAC
  Location: saw.connectionPool.getConnection, saw.securitysubsystem.checkauthentication.runimpl, saw.securitysubsystem.checkauthentication, saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)
  Error Codes:
  Location: saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Error Codes: AGEGTYVF
  AgentID:/users/richard/Test Mail Report
  ...Trying Agent Get Response Content loop again.... Sleeping for 6 seconds.[nQSError: 77006] Oracle BI Presentation Server Error: A fatal error occurred while processing the request. The server responded with: Authentication Failure.
  Error Codes: IHVF6OM7:OPR4ONWY:U9IM8TAC
  Location: saw.connectionPool.getConnection, saw.securitysubsystem.checkauthentication.runimpl, saw.securitysubsystem.checkauthentication, saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)
  Error Codes:
  Location: saw.delivers.rpc.getDeviceContent, saw.rpc.server.responder, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
  Error Codes: AGEGTYVF
  AgentID: /users/richard/Test Mail Report
  Exceeded number of request retries for method GetResponseContent.
  Can any one help me with this.
  Thanks
  Rondo.
  Edited by: RONDO on Dec 12, 2012 4:07 PM

  Check the Doc ID 1446877.1
  As per this doc Fix to apply patch 13553428:
  The fix to this issue is to apply patch for the following unpublished bug.
  Bug 13553428 - QA:BLK:DELIVER TO CORP. OID LDAP USERS FAILED WITH IMPERSONATOR DOES'NT EXIST.
  Patch 13553428: QA:BLK:DELIVER TO CORP. OID LDAP USERS FAILED WITH IMPERSONATOR DOES'NT EXIST.
  The patch is available on MOS and can be applied to all platforms.
  Or access via this link:
  https://updates.oracle.com/Orion/Services/download/p13553428_111160_Generic.zip?aru=14732325&patch_file=p13553428_111160_Generic.zip
  Please refer to the Readme. It is important to Stop the System before applying the patch. Then restart.
  During restart Weblogic should automatically detect that bimiddleware.ear has changed in the OH and automatically redeploy the application
  If helps pls mark as correct
  Edited by: Srini VEERAVALLI on Dec 12, 2012 7:39 PM

• Acrobat 8.0.0 for Mac loads all PDFs with no menu bar visible

  Hello,
  First time poster. I've searched for a similar post on these forums but did not find anything. Hopefully this is not a repost.
  I have a user on a MacBook Pro running Acrobat 8.0.0 with an odd issue. Anytime she double-clicks on a PDF file she has not previously opened, Acrobat launches with no menu bar present. Going to View and then Menu Bar or hitting ⇧⌘M brings it back. I then quit Acrobat and double-click on another PDF the user has never opened. The menu bar is gone again.
  Opening previously opened PDFs works fine, the menu bar is present. This is what I've tried so far:
  1. Went to View > Toolbars > More Tools... and customized the toolbar. Once done, I quit Acrobat and then launched again with another previously unopened PDF.
  2. Went to View > Toolbars > Reset Toolbars. Then closed Acrobat and opened again with a previously unopened PDF.
  3. Went to View > Toolbars > Lock Toolbars. Then closed Acrobat and opened again with a previously unopened PDF.
  None of these steps fixed the issue. Is there a coniguration file somewhere in the Library that controls this that I may delete? I'm wondering if I'll just have to uninstall and reinstall Acrobat.
  Any help would be greatly appreciated.
  Thanks!

  Checked those options, and the user had already unchecked it in the hopes of resolving the problem...
  I misspoke, it's not the menu bar, it's the toolbar. I'll update the post.
  I haven't done an update on it, that was going to be my next step. If that doesn't work, I may just completely uninstall and re-install it.
  Thanks for the help.

• How user is authenticated ?

  Hi All
  I just need to understand how this authentication is working.
  1. Login to Unix with user U having membership in DBA group.
  2. sudo su - oracle
  password ******
  3. set instance and then sqlplus /nolog
  4. SQL> connect / as sysdba
  ......successfully connected .....
  I understand that OS authentication is in action, but I also read that the user having SYSDBA or SYSOPER privilege is present in v$PWFILE_USESR. But querying it gave only SYS user and oracle user (to which sudo was done above in step 2) didn't appear in query result.
  Just want to understand how it's working and what am I missing to understand.
  Thanks a lot.

  AnkitV wrote:
  Hi Aman
  Thanks for response. When I sudo to oracle, I then use / as sysdba to connect as SYSDBA.
  1) So what what actully happens here, that I need to understand. Oracle is an OS account, but U is logging into DB using oracle user. So does it mean that oracle is being athenticated by the database ? No, U is not logging into the db by sudoing as oracle account but its logging into the o/s only. That means, U has now the o/s username as Oracle. Now, if this o/s account Oracle is a part of the DBA group on the o/s and than it says "sqlplus / as sysdba" , this authentication would be based on this assumption that since Oracle, the o/s account, is authenticated by o/s so let this incoming user Sys also log in-without asking for the password.
  2) Also, both user U and oracle are in DBA group, so why do U need to first sudo to oracle before attempting DB connection ?U is what, an oracle db user or o/s user? If its an Oracle db user , with the o/s authentication, it would be logged in as Sys user as only that user would be eligible for the o/s authentication.
  Just trying to understand relation between U, oracle and SYS given that I couldn't find U or oracle in dba_users.
  ThanksHTH
  Aman....

• Provisioning a user with a resource automatically doesn't work!!

  Hi Experts – IHAC trying to configure OIM to provisioning a user with a resource automatically (via OID connector).
  As reviewed, the membership rules (rules designer) and access policies already configured with correct param. So I would say everything should work fine.
  But when they create a new user with proper attribute. The resource didn’t perform an automate process as expected.
  In the log file show only 2 lines of error message.
  <Apr 25, 2013 2:49:46 PM ICT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
  <Apr 25, 2013 2:49:47 PM ICT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
  However, manual add resource works well.
  Environment Info:
  - OIM 11gR1 (BP6)
  - OID Connector 9.1
  - AIX 7.1
  Is this consider as bug on AIX platform ? Or any inputs would appreciated.

  Just check if the rule satisfy, user is getting the role.
  --Hari                                                                                                                                                                                               

• An issue with authentication and authorization on ISE 1.2

  Hi, I'm new to ISE.
  I have an issue with authentication and authorization.
  I have ISE 1.2 plus patch 6 installed on VMware.
  I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
  On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
  I created  authentication and authorization rules with Active Directory  as External Identity Source. Also I applied  authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for  authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
  I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
  I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
  What  should I do to resolve this issue?
  Switch configuration:
   testISE#sh runn
  Building configuration...
  Current configuration : 7103 bytes
  ! Last configuration change at 12:20:15Tue Apr 15 2014
  ! NVRAM config last updated at 10:35:02  Tue Apr 15 2014
  version 15.0
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname testISE
  boot-start-marker
  boot-end-marker
  no logging console
  logging monitor informational
  enable secret 5 ************
  enable password ********
  username radius-test password 0 ********
  username admin privilege 15 secret 5 ******************
  aaa new-model
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa authorization auth-proxy default group radius
  aaa accounting update periodic 5
  aaa accounting dot1x default start-stop group radius
  aaa server radius dynamic-author
   client 172.16.0.90 server-key ********
  aaa session-id common
  clock timezone 4 0
  system mtu routing 1500
  authentication mac-move permit
  ip dhcp snooping vlan 1,22
  ip dhcp snooping
  ip domain-name elauloks
  ip device tracking probe use-svi
  ip device tracking
  epm logging
  crypto pki trustpoint TP-self-signed-1888913408
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1888913408
   revocation-check none
   rsakeypair TP-self-signed-1888913408
  crypto pki certificate chain TP-self-signed-1888913408
  dot1x system-auth-control
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  ip ssh version 2
  interface FastEthernet0/5
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/6
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/7
  interface Vlan1
   ip address 172.16.0.204 255.255.240.0
   no ip route-cache
  ip default-gateway 172.16.0.1
  ip http server
  ip http secure-server
  ip access-list extended ACL-ALLOW
   deny   icmp any host 172.16.0.1
   permit ip any any
  ip radius source-interface Vlan1
  logging origin-id ip
  logging source-interface Vlan1
  logging host 172.16.0.90 transport udp port 20514
  snmp-server community public RO
  snmp-server community ciscoro RO
  snmp-server trap-source Vlan1
  snmp-server source-interface informs Vlan1
  snmp-server enable traps snmp linkdown linkup
  snmp-server enable traps mac-notification change move
  snmp-server host 172.16.0.90 ciscoro
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 6 support-multiple
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 5 tries 3
  radius-server vsa send accounting
  radius-server vsa send authentication
  radius server ISE-Alex
   address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
   automate-tester username radius-test idle-time 15
   key ******
  ntp server 172.16.0.1
  ntp server 172.16.0.5
  end

  Yes. Tried that (several times) didn't work.  5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts.  Kept getting error message that username and password invalid.  Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick.  Think there is an issue with imap.gmail.com and IOS 6.0.1.  I'm sure the 5 of us suddently experiencing this issue aren't the only ones.  Apple will figure it out.  Thanks.

• Site Login Behavior For SharePoint Foundation 2013 Users With Expired Passwords?

  What are the most user-friendly ways of getting external users with expired AD passwords back into the SharePoint site with a new working password?
  We already send automated email notifications to users reminding them to change their soon-to-expire passwords.  However, sometimes they miss seeing the email notifications before the password expires (such as after returning from vacation or just carelessness
  and lack of attention to email messages) or they see the warning messages and forget to act on it.
  When this happens and they try to log into the SharePoint site from the Internet, their login fails without telling the user the reason they can't log in is because their password expired.  So, they end up confused and call the help desk to get their
  password reset.
  Is there a way to set up SharePoint Foundation 2013 login in a similar way to the OWA login so that, when a user with a correct but expired password tries to log in, it gives them a prompt to set a new password right there rather than just an error indicating
  their login failed for unknown reasons or password is "incorrect?"

  It could be done. You get a different event log entry for an expired login attempt than for a wrong password, 4625 events denote a login failure and an error ID of 23 denotes a logon failure.
  A naff, but simple, approach would be to create a tool that checks your server logon event log for 4625 entries and then emails that user, or the help desk, or security, that they're trying to get onto your system with expired credentials.
  For a more polished experience you've got a lot more work and bluntly it's going to be impractical for you. You'd have to re-write sections of the SharePoint authentication process or intercept the process, both are risky and not a good idea to try.
  There's a really interesting paper here that might be of interest, it won't help you in your current situation but it might shed more light on the overall authentication/authorisation process.
  http://www.sans.org/reading-room/whitepapers/forensics/windows-logon-forensics-34132

• Problem with authentication in OBIEE

  Hello, I have a problem with authentication in OBIEE.
  A user who does not exist, enter the application and can enter but can not access almost anything, it is very rare because in addition webcatalog are created within the folder with your name and no one created it.
  any ideas?

  I created SR and i solved the problem.
  The problem wasn´t in weblogic. We migrated rpd 10g to 11g, I had define one initialization block session in RPD, when we disabled it, it´s running fine.
  Oracle recomended work in weblogic in obiee 11g
  best regards
  Edited by: Benito Camelas on Sep 29, 2011 7:12 AM