Problem with a lot of logins per user

Similar Messages

• Problem with L2TP IPSEC VPN login...

  Hello,
  I have a problem with my trying to login on my laptop to my work vpn.  I was given from my work, the vpn's ip address, the psk, my username, and password for the vpn.  I feel like I am hitting a brick wall and makes me just want to forget it all together...  I can get in with my info on this same laptop on the same connection at my apartment from my windows 8.1 partition just fine.  I have also verified and triple checked all my vpn information required.  I also don't know but I think have it setup to use PAP, MS CHAP, or MS CHAP v2..  Any help I would be greatly appreciated.  Pretty much the way my VPN for my work works is you have to VPN on L2TP over IPSEC with a username and password and a psk to allow you to remote desktop to my desktop at work.  Really wish this could work as I am tired of supporting windows at home when I pretty much only use it to VPN into work when I have to get work done...
  pacman -Q openswan
  openswan 2.6.41-1
  pacman -Q xl2tpd
  xl2tpd 1.3.6-1
  uname -a
  Linux tux 3.17.1-1-ARCH #1 SMP PREEMPT Wed Oct 15 15:04:35 CEST 2014 x86_64 GNU/Linux
  Now I have all the configs setup below following the L2TP/IPsec VPN client setup arch wiki page and I keep getting this:
  ipsec auto --up <vpn connection name>
  022 "<vpn connection name>": We cannot identify ourselves with either end of this connection.
  my process to run the vpn connection:
  sudo systemctl start openswan
  sudo systemctl start xl2tpd
  ipsec auto --up <vpn connection name>
  echo "c <vpn connection name>" > /var/run/xl2tpd/l2tp-control
  how I added my vpn connection:
  sudo ipsec auto --add <vpn connection name>
  /etc/xl2tpd/xl2tpd.conf
  [global]
  ; listen-addr = <my ip address>
  debug avp = no
  debug network = no
  debug packet = no
  debug state = no
  debug tunnel = no
  [lac <vpn connection name>]
  lns = <vpn ip address>
  pppoptfile = /etc/ppp/<vpn connection name>.options.xl2tpd
  length bit = no
  redial = no
  /etc/ppp/<vpn connection name>.options.xl2tpd
  plugin passprompt.so
  ipcp-accept-local
  ipcp-accept-remote
  idle 72000
  ktune
  noproxyarp
  asyncmap 0
  noauth
  crtscts
  lock
  hide-password
  modem
  noipx
  ipparam L2tpIPsecVpn-<vpn connection name>
  promptprog "/usr/bin/L2tpIPsecVpn"
  refuse-eap
  remotename ""
  name "<vpn username>"
  password <vpn password>
  usepeerdns
  /etc/ipsec.secrets
  %any @<vpn ip address>: PSK <psk key here>
  Last edited by adramalech (2014-10-25 04:53:46)

  Hello,
  I have a problem with my trying to login on my laptop to my work vpn.  I was given from my work, the vpn's ip address, the psk, my username, and password for the vpn.  I feel like I am hitting a brick wall and makes me just want to forget it all together...  I can get in with my info on this same laptop on the same connection at my apartment from my windows 8.1 partition just fine.  I have also verified and triple checked all my vpn information required.  I also don't know but I think have it setup to use PAP, MS CHAP, or MS CHAP v2..  Any help I would be greatly appreciated.  Pretty much the way my VPN for my work works is you have to VPN on L2TP over IPSEC with a username and password and a psk to allow you to remote desktop to my desktop at work.  Really wish this could work as I am tired of supporting windows at home when I pretty much only use it to VPN into work when I have to get work done...
  pacman -Q openswan
  openswan 2.6.41-1
  pacman -Q xl2tpd
  xl2tpd 1.3.6-1
  uname -a
  Linux tux 3.17.1-1-ARCH #1 SMP PREEMPT Wed Oct 15 15:04:35 CEST 2014 x86_64 GNU/Linux
  Now I have all the configs setup below following the L2TP/IPsec VPN client setup arch wiki page and I keep getting this:
  ipsec auto --up <vpn connection name>
  022 "<vpn connection name>": We cannot identify ourselves with either end of this connection.
  my process to run the vpn connection:
  sudo systemctl start openswan
  sudo systemctl start xl2tpd
  ipsec auto --up <vpn connection name>
  echo "c <vpn connection name>" > /var/run/xl2tpd/l2tp-control
  how I added my vpn connection:
  sudo ipsec auto --add <vpn connection name>
  /etc/xl2tpd/xl2tpd.conf
  [global]
  ; listen-addr = <my ip address>
  debug avp = no
  debug network = no
  debug packet = no
  debug state = no
  debug tunnel = no
  [lac <vpn connection name>]
  lns = <vpn ip address>
  pppoptfile = /etc/ppp/<vpn connection name>.options.xl2tpd
  length bit = no
  redial = no
  /etc/ppp/<vpn connection name>.options.xl2tpd
  plugin passprompt.so
  ipcp-accept-local
  ipcp-accept-remote
  idle 72000
  ktune
  noproxyarp
  asyncmap 0
  noauth
  crtscts
  lock
  hide-password
  modem
  noipx
  ipparam L2tpIPsecVpn-<vpn connection name>
  promptprog "/usr/bin/L2tpIPsecVpn"
  refuse-eap
  remotename ""
  name "<vpn username>"
  password <vpn password>
  usepeerdns
  /etc/ipsec.secrets
  %any @<vpn ip address>: PSK <psk key here>
  Last edited by adramalech (2014-10-25 04:53:46)

• Heap Problem with weblogic.security.auth.login.PasswordCredential

  Hello,
  I am calling EJB's from a Tomcat 6.0.20. The EJB's are contained on a Weblogic 10 mp2. For getting EJBHome, I'm using the following InitialContext-Call:
  EJBHome home = null;
  try
  Properties initialContextProperties = new Properties();
  initialContextProps.put(InitialContext.INITIAL_CONTEXT_FACTORY, initialContextFactory);
  initialContextProps.put(InitialContext.SECURITY_PRINCIPAL, username);
  initialContextProps.put(InitialContext.SECURITY_CREDENTIALS, password);
  initialContextProps.put(InitialContext.PROVIDER_URL, url);
  initialContext = new InitialContext(initialContextProps);
  Object objref = this.initialContext.lookup(jndiHomeName);
  home = (EJBHome) PortableRemoteObject.narrow(objref, narrowClass);
  finally
  if ( initialContext != null )
  try
  initialContext.close();
  catch(Throwable t)
  return home;
  The Problem is, that after a bulk test on the tomcat (Xmx=256MB), 200MB are filled with 1.500.000 instances of the following class:
  weblogic.security.auth.login.PasswordCredential
  Has somebody an idea how to remove these classes from tomcat heap, because now the result is an OutOfMemory?
  Best regards,
  sebbay

  Hi,
  The authenticate method would take the user and the password details from the environment
  (env) that is passed and after successful authentication would populate the subject with
  the principals (i.e user, group the user belongs to ..)
  It should work with any user that is defined in the WLS not just weblogic/weblogic.
  Do you have any other users defined and which group do they belong to?
  Vimala
  Khalid Rizvi wrote:
  I am playing (learning) with weblogic.security.auth.login.UsernamePasswordLoginModule
  as a LoginModule using JAAS based authentication. Surprisingly, the only userid
  and password combination acceptable is uid=weblogic, pw=weblogic combination.
  I went through and looked at the example code under
  http://e-docs.bea.com/wls/docs70/security/cli_apps.html#1042212. I found that
  the UsernamePasswordLoginModule.login calls into
  if (url != null) {
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(username);
  env.setSecurityCredentials(password);
  try {
  Authenticate.authenticate(env, subject);
  Seems like UsernamePasswordLoginModule only is a router, as it instantiates an
  instance of Environemt using the userid and password and passes this Environemtn
  instance (env) to Authenticate.authenticate along with the empty Subject instance.
  I read about that the Subject instance will be filled in with Principals by the
  WL Server.
  My question is that firstly,
  1. As Authenticate.authenticate is not passed in the uid and pw, will it pick
  those from the env?
  2. Secondly, why does it only accept uid=weblogic & pw=weblogic.
  I will appreciate if some one can put me in the right direction.
  Khalid R. Rizvi
  508-641-1192
  [email protected]

• Problem with iChat AIM - Multiple login, log out

  I am having a recurring problem with my iChat. Every time I try to log into AIM when I'm home, it rapidly logs in and logs out, and then tells me that I have loged in too many times and need to wait a few minutes to try again. I have tried the delete .plist file solution, but this did not work. This is a very very annoying problem, because I love using iChat when it actually works.
  I have also tried using other IM applications, and they all work flawlessly... whats up iChat? Any Ideas?
  R.V.

  Hi,
  The problem is not limited to Netgears.
  In fact I never had the issue with the Netgear I had.
  It is an extremely well documented issue with Zyxel devices since iChat 2
  134 response to Searching for Zyxel across iChat 2 and 3 forums.
  It sort of goes like this.
  At one time routing modems or routers could only do Port Forwarding
  This involved pointing one port at One IP (Computer)
  You could not forward a Port to two computers (IPs)
  Since then manufacturers have added in stating Protocols as well as Ports to open.
  So as UDP and TCP protocols tend to be the ones on ports above 1024 you have some apps that have both Protocols in use and in some cases on the same port.
  It does seem that this business of not being able to Forward a Port twice also effects those were you ow have to state Protocols as well.
  iChat uses two ports twice.
  Port 5190 is used to do the AIM Log in and basic Text chats on TCP
  It used UDP to Send Files, Pics-in-Chats (Direct IMs) and certain Buddy List feedback and Group chats (Chatrooms).
  Less effected is the Bonjour Port 5298
  The regular posters have long since held the view that the AIM servers sometimes can not handle all the login and text traffic on just port 5190 (ICQ is also owned by AOL and on this same port).
  We Suggest port 443 for several reasons.
  However it is mainly as this is below the threshold of 1024
  There are in fact 65535 ports that could be in use.
  Most domestic devices have the port up to 1024 open to all computers connected.
  This means Web Browsing (Port 80) and Mail (ports 110, 443, 567, 955 and others) are below this threshold and will work "out-of-the-box"
  As any firewall included in the device or on a Mac with Tiger or Earlier the port 443 is likely to be opened for a Mail App (It is also used in Web Browsing to Secure sites like Banks and the Apple Discussions Log in page) so that several apps can use the port.
  It is worth noting that the Leopard Firewall works differently in allowing the ports associated with an App on an Certificated (by app) basis so there is no Piggy-backing.
  On the SPI (Or if you have DOS) Front.
  These features tend to be Threshold based.
  DOS comes from the time when so called Hackers got together to all try the same web site/page and repeatedly refresh the page so that the server got lots of incoming requests.
  This overloaded the server and brought down the whole web server and the computer it was on lost connection to the internet as a whole.
  DOS protection looks to see if this "Too Much Data, Too Quickly" scenario is happening and will cut that one port (In the case of iChat 4) that it is happening on.
  (iChat Can send LOTS of data)
  SPI tends to try and filter things in a different manner by checking if the data looks valid.
  IT seems in some cases it can not keep up with the amount of data iChat can stream and consequently cuts the connection the same as DOS does.
  Both are dependent on how fast your Buddies Processor is, how fast their Internet Connection.
  (Some Buddies can send only 15fps of a 640 X 480 pixel pic other can manage 30fps or twice as much data)
  This is somewhat augmented (or not) by how fast you can accept data both over your Download speeds and your processor dealing with it.
  Therefore it can seem to be an intermittent problem depending on the circumstances of the connection of that chat.
  My Netgear had DOS and It had it Off (Along with the Ping Blocking)
  My Current Sagem Fast 2504 has only the Block to Internet Pings settings which is Off
  So on the whole Experience and Practice.
  9:44 PM Friday; March 27, 2009

• Problems with a certain program for existing users

  Hello,
  We have problems with a third party software application. We have installed this software program on a terminal server (server 2003 32bit) and when we open this software with a existing user account the application crashes with the following entry in the
  eventviewer:
  Application Error 100
  Faulting application ProTime.exe, version 4.1.0.9, faulting module msvbvm60.dll, version 6.0.97.82, fault address 0x000fd0d9.
  For more information, see Help and Support Center at
  http://go.microsoft.com/fwlink/events.asp.
  We have checked the eventlog on the server but the only error that we see is the application error 100 when we open the program. Also we checked the rights on the program's database and folders but that doesn't help either.
  The last thing we did was;
  - Installing the software on a brand new virtual server with server 2003 x86 (no other software installed)
  - Installing the software on a new virtual machine with server 2008 r2 x64 (no other software installed)
  The strange thing is when we change something in the compatibility mode setting for example run as windows xp then we can run the program just fine but when the user logs off and log on again it doesn't work until you change something at the compatibility
  mode setting (doesn't mather which setting)
  When we create a new domain user then the software works properly without any settings changed.
  Any idea what could cause this problem?
  Thanks
  With kind regards,
  Lars

  Hi Jesper,
  Sorry for the late response. We think so, atleast the software company says it is.
  We should not use the compat. mode because the application is not working on server 2003 x86, server 2003 x64, server 2008 r2.
  It is just really strange. Software company has no clue how to fix this problem and they say it is caused by the active directory because when we add a new user then the application starts properly. User accounts created a long time ago are not able to start
  the application.

• Problem with Skip lot

  Automatic TO creation is active for Goods Receipt (101) for external procurement and works fine for all materials. 
  But, for materials setup with "Skip lot as Dynamic Modification rule" for QM in material master, TO's are not generated automatically. When executed LT06, it gets created without any error.
  Can someone suggest why this functionality is not triggered automatically for scenario mentioned above ?

  As per SAP, "If you set SKIP indicator in material master, then skips are allowed for inspection characteristics/ lot during sample calculation.
  If you do not set this indicator, the system chooses the next inspection stage in the dynamic modification rule that is not a skip, instead of the skip defined in the quality level during sample calculation."
  If every time you want to create normal lot for inspection then simply remove SKIP indicator from material master. Let me know if you have more confusion on this.
  Thanks!!!

• Limit login per user

  HI All
  i want to limit the number of login pre user
  if userA will connect to the web site from location 1
  and he try to connect again (with the same user name) from location 2 he will get message that he already connected
  to the web site and the old connection will kill
  (the same as the console screen as web sphere )
  any idea
  thanks

  Using the HttpSession is nonsensicial. The HttpSession is different for every session. So if the user starts a new session, either at the same PC or at a different PC, then he can still login once more.
  Just maintain a Set of all logged in users in the ServletContext. On login check the Set and add the user. On logout or on destroy of the session (you can use HttpSessionListener for that), remove the user from the Set.

• Problem with a signed applet and a user machine.

  Hello. I´m having some problems with a signed applet with some dependences.
  In one particular computer the applet doesn´t load.
  The java version installed in that computer is 1.6.0_25.
  The invocation tag:
  <applet name=applet id="applet" code=Applet/RequestApplet.class width=155 height=21 archive="RequestApplet.jar " MAYSCRIPT>
     <param id="parametro1" name="usuario" value="<Computed Value>">
  </applet>The RequestApplet.jar and dependences:
     bcmail-jdk13-145.jar(signed by bouncy castle), jce-ext-jdk13-145.jar(signed by bouncy castle), AbsoluteLayout.jar, plugin.jar, RequestApplet.jar(signed by me)*this files are all in the same folder.
  The requestApplet.jar manifest:
  Manifest-Version: 1.0
  Ant-Version: Apache Ant 1.7.1
  X-COMMENT: Main-Class will be added automatically by build
  Class-Path: bcmail-jdk13-145.jar jce-ext-jdk13-145.jar plugin.jar Abso
  luteLayout.jar
  Created-By: 10.0-b23 (Sun Microsystems Inc.)
  Main-Class: Applet.RequestApplet
  Name: Applet/ResponseApplet$1.class
  SHA1-Digest: fO5IPiwEH3OhvlprhBecmMIAVJI=
  Name: Applet/NewJApplet.class
  SHA1-Digest: 6XSpm7lQEQRi39TegoUYv2aFJrk=
  Name: Applet/ResponseApplet.class
  SHA1-Digest: v1EbKUFB+QdvO05xx8UzAMNIyRs=
  Name: Applet/ResponseApplet$4.class
  SHA1-Digest: XH4I67psXZTelpz0AMAYc/Ej8QY=
  Name: Applet/RequestApplet$1.class
  SHA1-Digest: KAP5sAC4Thv/6GClkFAdGUVzgYA=
  Name: Applet/ResponseApplet$5.class
  SHA1-Digest: CVPnKrW2SgNEkRzYnVnQe3KGrIU=
  Name: Applet/ResponseApplet$3.class
  SHA1-Digest: SjfW1k1K7BA9m3AxmHi+jvRE+9o=
  Name: Applet/ResponseApplet$2.class
  SHA1-Digest: 3Pu18CZMLuEh7/n3y7XxFSkuNQY=
  Name: Applet/RequestApplet.class
  SHA1-Digest: Tky85es5+o371adetH9XVEI2Z+o=The error:
  java.lang.RuntimeException: java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider
       at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Caused by: java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider
       at java.lang.Class.getDeclaredConstructors0(Native Method)
       at java.lang.Class.privateGetDeclaredConstructors(Unknown Source)
       at java.lang.Class.getConstructor0(Unknown Source)
       at java.lang.Class.newInstance0(Unknown Source)
       at java.lang.Class.newInstance(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager$12.run(Unknown Source)
       at java.awt.event.InvocationEvent.dispatch(Unknown Source)
       at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
       at java.awt.EventQueue.access$000(Unknown Source)
       at java.awt.EventQueue$1.run(Unknown Source)
       at java.awt.EventQueue$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)
       at java.awt.EventQueue.dispatchEvent(Unknown Source)
       at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.run(Unknown Source)
  Caused by: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider
       at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       ... 20 more

  Thanks. I´ll try with your tips. But if i put all the dependences in archive I get this error.
  The tag:
  <applet name=applet id="applet" CODEBASE="." code="Applet/RequestApplet.class" width=155 height=21 archive="bcmail-jdk13-145.jar, jce-ext-jdk13-145.jar, AbsoluteLayout.jar, plugin.jar, RequestApplet.jar " MAYSCRIPT>
     <param id="parametro1" name="usuario" value="<Computed Value>">
  </applet>The error:
  Java Plug-in 1.6.0_25
  Usar versión JRE 1.6.0_25-b06 Java HotSpot(TM) Client VM
  Directorio local del usuario = C:\Documents and Settings\Administrator
  c:   borrar ventana de consola
  f:   finalizar objetos en la cola de finalización
  g:   liberación de recursos
  h:   presentar este mensaje de ayuda
  l:   volcar lista del cargador de clases
  m:   imprimir sintaxis de memoria
  o:   activar registro
  q:   ocultar consola
  r:   recargar configuración de norma
  s:   volcar propiedades del sistema y de despliegue
  t:   volcar lista de subprocesos
  v:   volcar pila de subprocesos
  x:   borrar antememoria del cargador de clases
  0-5: establecer nivel de rastreo en <n>
  basic: Receptor de progreso agregado: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@f39b3a
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/bcmail-jdk13-145.jar
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/jce-ext-jdk13-145.jar
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/AbsoluteLayout.jar
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/plugin.jar
  basic: Plugin2ClassLoader.addURL parent called for http://desarrollo.isaltda.com.uy/CertReq.nsf/RequestApplet.jar

• Another connection problem (with a lot of solution advices tried o

  hi everybody,
  since yesterday i'm a proud owner (more or less) of a zen x-fi. the only thing that dri'ves me crazy is that i can't get it working with windows.
  first of all the system config:
  Desktop PC (P4 on 95P Express chipset)
  Windows XP Pro SP3
  Media Player
  i searched the web and am trying to solve this problem: "there was a problem installing ..." for quite a long time now.
  here's what i did up until now:
  - deinstalling Media Player and installing v0 - couldn't deinstall v
  - installing newest version of the WMP (v - 5th Oct. 2008) from Microsoft to get the newest MTP support
  - deinstalling the "Creative Centrale" and reinstalling it (at the moments it's uninstalled)
  - installing Microsoft User Driver Framework v.0 (wouldn't allow me - of course, because it's implemented with WMP or rather it's drivers are older)
  - setting USB ENUM to "read" and "full control"
  - deinstalling and reinstalling the USB drivers (motherboard support as well as chipset vendor newest drivers)
  - checking every single USB port (front and back)
  - settings for USB HUBs to "full power supply" (no Power Management)
  - reinstalled SP3
  - got all new Updates from Windows (critical updates) including all up to date .Net Framework versions
  - tried the Media Transfer Protocol Porting Kit (quite sure that this doesn't do anything since it seems to be the sdk version and i know to little of programming to try something out)?
  - downloaded the fixup (found it in different posts to have been a workaround) and there was a little success: i got a working driver (no "there was a problem installing ...") until i realized that it doesn't show anything inside the folder (mtp/portable device) neither does it say "zen x-fi" in the device manager (it's only called "mtp device"). checked the .inf in the fixup package and realized that it couldn't work as long as i don't know the x-fi's Product ID, which i searched for on the internet (linux forums etc.) but the x-fi seems to be too new
  now: i of course tried it on another PC to be sure (Laptop with Windows XP Pro SP3 and WMP 0!) - and it works ...
  downside is: my library is fairly big and would fit on the Laptop's harddri've. i found a little workaround and imported the folder into the laptop's winamp library (via Network) and got some songs onto the Zen but it takes a lot of time getting them through the network connection (WLAN).
  as i see it there's only two chances: either the USB is not suitable (which i can't believe, since everything else that i attach is working fine and without any issues) or the problem has something to do with the Media Player's MTP.
  so does anyone have another idea or would i have to wait for either Windows or Creative to come up with a solution(maybe another hotfix)?
  thanks in advance
  regards
  al

  Ive been having hell with this aswell, although i think my computer is to blame. It "should" work if i could install wmp, but i cannot because my computer needs me to install some update rollup 2 which doesnt install and i cant install sp3 either... i've been contacting microsoft but they cant sort it.. maybe my pc is just reaching its old age and cannot cope with so many new things going on.
  but from what you have said i cant see why it shouldnt work with your current system.

• Problem with public key ssh login

  Weird problem just appeared. Home computer has two accounts (A and B). I allow ssh login to both accounts via public key login (ssh-keygen). Two remote computers with accounts A' and B' on one, and A" and B" on the other.
  I can ssh into the home computer account B from account B' on one computer. I can log into the home computer account B from account B" on the other computer. I cannot ssh into the home computer account A from either A' or A", but I could last week.
  Here is what the .ssh directories look like:
  Home computer, account A:
  total 8
  drwx------ 4 userA groupA 136 Jan 30 11:51:38 2006 .
  drwxrwxr-x 25 userA groupA 850 Nov 8 20:05:58 2006 ..
  -rw-r--r-- 1 userA groupA 1216 Jan 10 13:20:20 2006 authorized_keys2
  -rw-r--r-- 1 userA groupA 447 Sep 25 15:28:42 2006 known_hosts
  Home computer, account B:
  total 16
  drwx------ 5 userB groupB 170 Oct 2 09:52:02 2006 .
  drwxr-xr-x 23 userB groupB 782 Nov 9 08:26:03 2006 ..
  -rw------- 1 userB groupB 6148 May 19 17:54:58 2006 .DS_Store
  -rw-r--r-- 1 userB groupB 1228 Jan 10 13:24:15 2006 authorized_keys2
  -rw-r--r-- 1 userB groupB 242 Oct 2 09:52:02 2006 known_hosts
  Remote computer 1, account A':
  total 16
  drwx------ 6 userA' groupA' 204 Nov 9 09:55:12 2006 .
  drwxr-xr-x 29 userA' groupA' 986 Nov 9 09:41:21 2006 ..
  -rw-r--r-- 1 userA' groupA' 41 Mar 13 12:13:17 2006 config
  -rw------- 1 userA' groupA' 736 Nov 20 13:38:54 2005 id_dsa
  -rw-r--r-- 1 userA' groupA' 607 Nov 20 13:38:54 2005 id_dsa.pub
  -rw-r--r-- 1 userA' groupA' 246 Jan 10 09:41:27 2006 known_hosts
  Remote computer 1, account B':
  total 16
  drwx------ 5 userB' groupB' 170 Nov 9 08:23:04 2006 .
  drwxr-xr-x 18 userB' groupB' 612 Nov 9 09:52:11 2006 ..
  -rw------- 1 userB' groupB' 6148 Nov 9 08:23:04 2006 .DS_Store
  -rw------- 1 userB' groupB' 668 May 25 08:51:51 2006 id_dsa
  -rw-r--r-- 1 userB' groupB' 2481 Oct 30 09:00:57 2006 known_hosts
  Remote computer 2, account A":
  total 12
  drwx------ 5 userA" groupA" 170 Jan 25 10:59:54 2006 .
  drwxr-xr-x 20 userA" groupA" 680 Nov 9 08:19:30 2006 ..
  -rw------- 1 userA" groupA" 736 Jan 10 13:14:16 2006 id_dsa
  -rw-r--r-- 1 userA" groupA" 609 Jan 10 13:14:16 2006 id_dsa.pub
  -rw-r--r-- 1 userA" groupA" 3376 Oct 31 19:48:25 2006 known_hosts
  Remote computer 2, account B":
  total 12
  drwx------ 5 userB" groupB" 170 Jan 25 11:41:48 2006 .
  drwx------ 22 userB" groupB" 748 Nov 9 10:33:00 2006 ..
  -rw------- 1 userB" groupB" 736 Jan 10 13:11:50 2006 id_dsa
  -rw-r--r-- 1 userB" groupB" 615 Jan 10 13:11:50 2006 id_dsa.pub
  -rw-r--r-- 1 userB" groupB" 2947 Nov 7 10:18:27 2006 known_hosts
  I had copied the A' id_dsa.pub from remote computer 1 to the home computer account A authorized_keys2, then I copied the A" id_dsa.pub from remote computer 2 and had appended it to the home computer account A authorized_keys2. I had done a similar thing with accounts B', B", and B on their respective computers.
  All worked great for many months, until today, when ssh connections from A' or A" into A give me the dreaded
  Permission denied,gssapi-keyex,gssapi-with-mic) error message. Pretty certain that it was as recent as earlier this week I made the A'-->A ssh connection and all was well. Meanwhile, ssh connections from B' or B" into B still work fine.
  As near as I can tell, file ownerships and permissions look okay. While ssh'ed into B from B' I even did a
  cat /Users/userA/.ssh/authorized_keys2
  and then in another Terminal window, local to the remote computer, I did a
  cat /Users/userA/.ssh/id_dsa.pub
  In the terminal windows, each key wraps over about five-and-a-half lines, and I spotchecked like the last half-dozen characters, on each Terminal window line, of remote computer 1, account A' id_dsa.pub and the first pub key entry in authorized_keys2 in home computer account A. They all match.
  I even keep a clone backup of my hard drive, and the date/timestamp of /etc/sshd_config hasn't changed (although, I'm a bit mystified why it is dated as recently as it is -- Sep 29 2006 -- don't remember doing anything to it)
  So, I'm really confused, and not sure what to try or where to look next.
  2001 Quicksilver G4 (M8360LL/A)   Mac OS X (10.4.8)  

  Hi j.v.,
  Home computer, account A:
  total 8
  drwx------ 4 userA groupA 136 Jan 30 11:51:38 2006 .
  drwxrwxr-x 25 userA groupA 850 Nov 8 20:05:58 2006 ..
  The parent directory ".." of the directory ".ssh", i.e. home directory of account A, is group-writeble. SSH considers this as "insecure". You should make it writable only by the owner.
  A@Home$ cd (cd to the home directory)
  A@Home$ chmod g-w .
  HTH
  PowerMac G4   Mac OS X (10.4.7)  

• G5 freezing - no problems with ASD - crashing also in single-user-mode

  Hello,
  I have a PowerMac7,1 with MacOS X Server 10.5.8, which today started freezing and restarting.
  After the system froze, sometimes it restarts automatically, or I have to manually reboot it with the power button. In both cases the restart also froze!
  The only way to start the system is the clean the PRAM, but after a while it is crashing again!
  I managed to run the full ASD 2.5.7 test without error for a few hours (then I stopped), and with the install DVD I also managed to run the system repair (there was nothing to repair).
  Both from the system and from the install DVD I cannot run the repair permissions (it freezes!). So I tried to execute "fsck -fy" from the single-user-mode, but the computer froze again!
  Is there something else I can try?
  Thanks a lot!

  Two things: DiskWarrior. New HD.
  It seems that the crashes are coming into play when the HD is in the game in a meaningful sense, which isn't the case with the install disk or ASD, unless you are trying to do something like disk repair or permissions repair from the install disk. What's interesting is that you can boot into single-user mode, but when you invoke fsck, you crash, whereas disk repair from the install disk, which in essence fsck, runs and reports no errors.
  You can also try a safe boot and see how things run there. If you can do that, I would suggest running AppleJack on the system, if you can.
  Finally, it's possible that NVRAM has gotten corrupted (a possibility but not a high possibility) so an NVRAM reset might help things out.
  After trying the safe-boot and NVRAM routes, if no help, my next tool would be DiskWarrior. In the past, I have had situations where DW found problems that Disk Utility didn't find, though that was in DW 3, probably. Fortunately (knock on wood) DW 4 has not had to confront a disaster situation yet for me.

• Mail problem with some IMAP accounts - login fails, Thunderbird OK

  After upgrading to Mountain Lion Mac Mail fails to connect to some of my IMAP accounts. I tried everything I can think of. The problem is, the accounts work fine with Thunderbird. However, one of my IMAP accounts works with my main user account's settings (it was imported from my Lion set up), but it fails to set up with a second user. It seems to me that using IMAP with my provider and the Mountain Lion Mail is not working.
  Rebooting my saved Lion installation confirmed that it still works...
  Installing said accounts with Thunderbird and IMAP also works.
  Login with Mac Mail and POP using the accounts also works, webmail works, iOS works, a freshly set up Gmail account with IMAP works ....
  ONLY the damned Mountain Lion Mail program doesn't work with my mail provider's IMAP.  WHY? WHAT CAN I DO?
  Any insights or ideas?
  Output in connection doctor:
  WROTE Feb 07 17:32:52.543 [kCFStreamSocketSecurityLevelTLSv1SSLv3]  -- host:imap.hispeed.ch -- port:143 -- socket:0x7fe2358443c0 -- thread:0x7fe23538d420
  4.105 AUTHENTICATE PLAIN
  READ Feb 07 17:32:52.591 [kCFStreamSocketSecurityLevelTLSv1SSLv3]  -- host:imap.hispeed.ch -- port:143 -- socket:0x7fe2358443c0 -- thread:0x7fe23538d420
  +
  here it hangs and no further communication seems to take place.
  TIA
  Peter.

  CarlosMT wrote:
  In the server I did a telnet to port 25, and I can send a message to the "problem account". When I try in my machine (the same with the client POP), telnet is ok, helo is ok, mail from: is ok, but rcpt to: I put the address and the server takes like 5 minutes to say +250 2.1.5 aa@domain OK+ and I can send the message. => Do you have any DNS blacklist checks or dns lookups or some other fancy access control callouts in your mappings table?
  => Check your directory server access logs and see what the etime is for searches for "aa@domain". Are there any "notes=U" entries?
  => Consider when this problem first started happening -- did anything change in your environment, or break (networking/DNS/SAN ....), is anything else running slow (user logins etc.)?
  => What is different about the users that 'work' vs the users that don't work? Are they in different domains, do they have forwarding enabled, vacation message... so on?
  I tested in another machines with POP clients and the situation is the same.
  I stopped the server, delete the /store/mboxlist/*.log, started again, reconstruct the account with the problem, reconstruct -r for all, and nothing.If you are having problems sending email, then the problem is unlikely to have anything to do with store database. This will be MTA related.
  We have a firewall in the middle, but I can send to some boxes normally, I don�t believe this is the problem. => I have an innate distrust of firewalls as they have caused so many problems in the past for other customers. Are you able to configure an email client to send directly to messaging server and bypass the firewall -- just to remove this as a potential cause?
  Regards,
  Shane.

• Problem with ASA 5505 SSL login

  I have an ASA 5505 that is hosting a SSL VPN. The user can not login. They receive login error. To the best of their knowledge, this problem started after the office Domain Controller was rebuilt. I have looked on ASA and in AD and cannot seem to trace the issue. Any ideas?                  

  David,
  In order to understand why LDAP is not working run a "debug ldap 255" and then try to login or run a AAA test.
  Attach the output to find out the issue.
  Please check this out as well, to make sure that you have the correct settings:
  ASA 8.0: Configure LDAP Authentication for WebVPN Users
  HTH.
  Portu.

• Problems with After Report trigger Updating using User-defined functions

  Hi,
  I have a report which uses SQL to select data that uses a user-defined stored function in the WHERE clause.
  I use the same SQL in the After Report trigger with and UPDATE statement to flag all records selected as being run.
  Data is being selected by the report no problem, but the records are not being updated. In a test, If I remove the conditions using the user functions, the records update as expected. In Live conditions I must have these conditions in the script.
  I originally tried putting the UPDATE in a formual column, but that would not fire on records where that page was not paged through (or paged to end) in the Runtime Previewer.
  Can anyone advise?

  In case anyone is interested.
  The issue was that the stored functions have roles assigned for security.
  PL/SQL for After Report doesn't seem to recognise the roles having been assigned for the report, so the implicit cursor update/select I had wouldn't work.
  I changed the SELECT into an explicit CURSOR and introduced a FOR LOOP, keeping the UPDATE as an implicit statement.
  I know see this was more of a PL/SQL issues than a report one, but such is life. So if anyone feels the urge to move it to the PL/SQL forum, then feel free!!
  Have a problem free afternoon. :-)

• Permissioning problems with TimeCapsule AFP share and multiple users

  Hi,
  I am currently sharing my TimeCapsule filesystem (guest perms) as AFP, I have it automounting via automounter. Problem is that whoever hit's the automounter dir first is marked as the owner of all the shared files, other users then cannot delete/modify them (i want the share completely world read/writeable). The mount_afp command does not seem to support the relevant fmask/dmask params that mount_nfs does (which would cause the mount to be mounted with consistent ownership.)
  So..
  1. I presume NFS is not supported (boo!)
  2. Does anyone else have this working? I would imagine that I should also be able to get this working through group permissions, but for the same reason i cannot force automounter to mount the filesystem with the user/group ownership I want.
  thoughts?suggestions?
  Thanks
  Liam
  P.S. I could also try SMB but playing movies on Frontrow off a networked SMB filesystem is usually poor (compared to NFS anyway)

  Yes, you can turn off photos in icloud. (settings - icloud- photos)
  You can also allow users to use their own apple id's for imessages and facetime. Unlike icloud those can be changed any time, so that does not present security problem. Settings -messages and settings- facetime.
  If you dead set on using same apple id, you can make sure that every user only has their phone number checked in messages, so everyone has to go to settings- messages- send and receive and uncheck apple id.