Problem with LDAP authentication for users in a group

Similar Messages

• Problem with import statement for user created classe

  I recently downloaded J2sdk1.4.0_03 before that I had jdk1.3 and never had this problem.All the files other than named package I import for my
  application does not compile.But when I commented that out it work just fine.
  any help is appreciated

  thanks
  It makes sense not to import non-packaged class.
  My other problem is with JDBC ODBC.I have a Dell system with Windows XP.
  I registered my User Data Source to ODBC with MS Text driver(.txt , csv).When the code reaches at the .executeUpdate(CREAT TABLE CUSTOMERS)
  it throws an exception
  sQLException 3:java.sql.SQLException: [Microsoft][ODBC Text Driver] Cannot modify the design of table 'CUSTOMERS'. It is in a read-only database.
  Do I really need to change the attribues or some thing else.
  How can I chane the attributes of the database.Never had problem with windows 98.

• Problem with tab access after user deleted from group

  9ias version 9.2.0.1
  There seems to be a problem (potential bug???) when deleting a user from a portal group. I have a portal page set up with multiple tabs. These tabs can only be accessed by users belonging to certain portal groups. When i add a user to a group, the user sees the necessary tabs when authenticated. However, if i delete this user from the group there is a problem. When the user re-logs into portal, they will see all the tabs belonging to the group they were deleted from. However, when they select this tab nothing happens and the portal goes into a state of flux (doesn't navigate). One way to resolve this is to go in as a portal admin, edit any tab and select apply. The portal then seems to refresh.
  This solution isn't practical. Is this a bug? Is there a patch or another solutions??? Thanks

  Hi Turloch! Thanks for your help!
  Those SQL Statements were extracted from the MS Access application that we will continue to use to access the data , now on an Oracle Database.
  I don't know what I can do to make this kind of statements works as it is on Access database. The first query, that I called Query1 works fine on Oracle, I just mentioned it because the 2nd Query , named Query2, use it.
  I'm not able to understand why when I change the 1st. query to a "make-table" query the Query2 works as desired, but if I keep the Query1 and Query2 as it is on the MS Access Application I got the ODBC error message and the ORA-00904 error message , related (I think!) to the FieldTmp field used on the LEFT JOIN statement (AND).
  As I told before, if I change the AND clause to compare to another field, as instance, field1 :
  FROM Query1 LEFT JOIN Table3
  ON (Table3.field1=Query1.Field2) AND
  (Table3.field5 = Query1.Field1)
  it works.
  Please, is there anything that I can do to keep the MS Access Application unchanged?
  Oracle = 8.1.6
  Oracle ODBC Driver = 8.1.6.4
  Oracle Migration Workbench = 1.3.1
  Thanks in advance,
  Elaine Viel Denadai

• Check_ntlm_password:  Authentication for user ['name'] - ['name'] FAILED with error NT_STATUS_LOGON_FAILURE

  Hi,
  We are running a Mountain Lion Server with Open Directory / LDAPv3, as far as I can tell.  My responsibility is to get my CentOS 6.3 box running Samba v. 3.5.10-125.el6 to authenticate users against the ML / OD box.  I can ssh to the CentOS box OK and I can get Guest access to the Samba share to go OK too.  Also, the OD passwords on the LDAP server are set to 'Open Directory' so I guess that means that they are encrypted and the Samba server is set to send encrypted passwords.  But when a user tries to properly authenticate using either say via a Mac client Finder [Command-K], or smbclient, the Samba server will generate this message:
  check_ntlm_password:  Authentication for user ['name'] -> ['name'] FAILED with error NT_STATUS_LOGON_FAILURE
  (I am blanking out the user name on purpose).
  Of course there is more to the story, but those are the basics.
  Here are the relevant parts of my smb.conf.  FWIW, the CentOS / Samba box is called Jupiter.
  Thank you,
  NickZ
  [smb.conf]
  [global]
            display charset = UTF-8
            realm = SATURN.MCLEAN.HARVARD.EDU
            netbios aliases = ANL
            server string = Welcome To The Jupiter Samba Server Version 3.5.10-125.el6
            interfaces = lo, em1
            security = SERVER
            update encrypted = Yes
            password server = saturn.mclean.harvard.edu
            smb passwd file = /var/lib/samba/private/secrets.tdb
            passdb backend = ldapsam:ldap://saturn.mclean.harvard.edu
            passwd program = /usr/bin/passwd %u
            unix password sync = Yes
            lanman auth = Yes
            client NTLMv2 auth = Yes
            client use spnego principal = Yes
            kerberos method = system keytab
            log level = 2
            syslog = 3
            log file = /var/log/samba/log.%m
            max log size = 50
            name resolve order = host lmhosts wins bcast
            server signing = auto
            preferred master = Auto
            ldap admin dn = uid=DirAdmin,cn=users,dc=saturn,dc=mclean,dc=harvard,dc=edu
            ldap group suffix = cn=groups
            ldap passwd sync = yes
            ldap suffix = dc=saturn,dc=mclean,dc=harvard,dc=edu
            ldap ssl = no
            ldap user suffix = cn=users
            usershare allow guests = Yes
            idmap backend = ldap:ldap://saturn.mclean.harvard.edu
            idmap uid = 10000-20000
            idmap gid = 30000-40000
            cups options = raw
  [homes]
            comment = Home Directories
            read only = No
  [printers]
            comment = All Printers
            path = /var/spool/samba
            printable = Yes
            browseable = No
  [anl]
            comment = Main ANL Share
            path = /anl
            read only = No
            guest ok = Yes
            hide dot files = No

  Turns out a printer driver installed on an XP (even W2K(?)) was (apparently?) flooding the OS X SMB server to the point of collapse. Uninstalling the "HP Tools" part of the driver cleared it up. The printer is an HP LJ1300. I had downloaded the full driver from HP.com. I don't know if any/all these conditions need to be matched, but: the printer was on the network using an HP print server JetDirect EX Plus, and the computer(s) in question were connecting directly to it (not via a print server). It's been too long ago, but there were always several errors in the System Log (Win XP Event Viewer) that correlated with the errors on the OS X server.
  Proud to say that since that day (10+ months ago) I've not seen it happen again. whew.

• What does this statement mean: "There is a problem with your authentication, possibly due to inactivity. For your safety, you have been logged out and must sign in again to continue?"

  I am able to make it to the site for about 2 seconds and then I am quickly logged off and the statement, "There is a problem with your authentication, possibly due to inactivity. For your safety, you have been logged out and must sign in again to continue."
  I don't have a clue as to the problem but since this is impacting my participation in these classes and ultimately could have a negative impact on my grade, I am more than a little concerned!

  Have you allowed this site to set cookies?

• Authentication for user weblogic denied problem when starting managed serve

  Hi All,
  I have a strange situation here. I installed WLS and SOA and BAM servers. Initially I could start both WLS and SOA.
  Later I changed some files (possibly startManagedWebLogic.sh or deleted soa_server1/data/ldap/ or AdminServer/security/boot.properties), but later I remember I changed them back. I am now seeing that my WLS is starting up fine, but SOA is not. I am always getting the error:
  <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
  weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  Truncated. see log file for complete stacktrace
  >
  I tried to go to admin console to change/verify the password for weblogic user, and then put plaintext password in AdminServer/security/boot.properties, then restart Adminserver. But I still cannot start SOA server.
  Could you please let me know how to resolve this issue? I do want to save my environment at this point. Many thanks.

  Hi,
  My understanding is admin user server is coming up fine but when you try to bring the soa_server1(managed instance) is not coming up due the below mentioned exception.
  If not please correct me.
  I have a few query, please give me comment on this.
  1) Admin and managed instances are running on the same box or different
  2) Did you try to reset the password from console or using weblogic.security command
  3) Did you cleared the soa_server1 temp directory(server/soa_server1/*)
  Solution-1 (If Domain running on different box)
  =============================
  1) Copy the DefaultAuthenticatorInit.ldift file from Domain_dir/Security/ to Remote machine - Domain_dir/Security/
  Note- Remote machine - take a backup of DefaultAuthenticatorInit file.
  2) Remote machine- rename or take a backup of ldap directory and boot.properties file
  /servers/soa_server1/ldap
  /servers/soa_server1/security/boot.properties.
  3) Now try to brought up the soa_server1.It will prompt you the username and password.
  Please let me know.
  Thanks,
  Rajkumar

• Authentication for "user" denied

  When I startup the Weblogic server 7.0 with correct username and password, it throws Authentication for "user" denied error message. Does anyone know what could be the problem?

  Go to your WL_HOME/WL_DOMAIN/SERVERNAME and rename the ldap directory to e.g. ldap_backup.
  WLS will then create a new LDAP direcory at boot time. If you are using adminserver
  please remember to rename its ldap server, hence the managed servers ldaps retrieve
  data from the admin servers ldap.
  It worked for me.
  Cheers
  Heini

• BO XI R2 problems with LDAP plugin talking to OID

  Hi all,
  We have a customer with OID 10g (Oracle Internet Directory, exact version 10.1.0.4), and BO 6.5, and we are in the process of upgrading to BO XI R2 (sp3).
  In our BO XI R2 (sp3) server, we are facing problems configuring the LDAP plugin. When we map a LDAP group (a dynamic group created in OID), BO retrieves the users that belog to the group but when we go to the Users list and try to see which groups this users belongs to, the CCM does not list our LDAP group.
  Moreover, when we try to login with LDAP authentication in infoview, the following error:
  "Account Information Not Recognized: An error occurred at the server : LDAP Authorization failed. Please make sure your entry belongs to a mapped LDAP group."
  Has anybody faced similar issues? Any idea how can we solve this?
  This issue is very important for our customer and could block the migration progress....
  Thank you very much in advance.
  Regards

  In that case a support engineer will likely need to scan the CMS and possibly packet scan the LDAP queries. When going to a group and viewing users a live query is sent to LDAP, is this info correct (do groups contain the right users)?
  But when viewing users (groups) this information is based on a cached graph that should be updated approximately every 15 minutes by default. Your issue seems to indicate this process is either slow or failing all together. Tracing with an engineer is the best rout to take. Let me know if I can offer anymore help from this end.
  Regards,
  Tim

• Problem with LDAP in BEA Portal

  Problem with LDAP in BEA Portal
  I have a list of 50 user which should be cerated in portal staging(devlopment) machine and should be transfered to
  production machine using LDAP
  Steps which i followed to create Users
  1.Create User Profile with 2 parameters branch and Role
  2.I have list user in the Xls file with Username,password ,branch and Role
  3.Write a java File which will read the Xls File
  4.The users are created in the staging machine for the portal
  Steps which i followed in LDAP to tranfer the created User form Devlopment to Production
  1.Export the created user from Devlopment (which was moved as .DAT in my local directory)
  2.import the user from local direcory to production machine
  The Users are imported in the production machine with username and password but the role and branch values are empty
  We need a solution for importing the user with role and branch corresponding to each user.
  Thanks in Adv
  Suresh

  In Portal 8.1, user name and password in stored in LDAP where as user profile values are stored in database. That is the reason you are not able to see the user profile values.
  Check once again whether you can see these values through admin tool. In case,it is not(after confirmation again),you might have to use APIs to do this for you incase you dont want to manage through Admin Tool.
  Thanks,
  Prashanth Bhat.

• Authentication for user weblogic denied

  I am unable to start node managerd server from command prompt.
  I installed WebLogic Server Version: 12.1.2.0.0 on Windows 2008 R2 EN Sp1
  I started Administration Server succesfully.
  C:\Weblogic\Oracle\config\domains\wl_server\bin\startWebLogic.cmd
  I created ihale Managed server but  I couldn't start Managed Server.
  C:\Weblogic\Oracle\config\domains\wl_server\bin
  startManagedWebLogic.cmd ihale http://192.168.1.29:7431 
  I'm getting following error.
  ####<Dec 25, 2013 12:51:13 AM PST> <Critical> <WebLogicServer> <umman> <ihale> <main> <<WLS Kernel>> <> <> <1387961473813> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
  weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
    at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:257)
  I am able to login administration console same username and password. Username: weblogic Password:xxxxx
  I changed the weblogic user password and I tried again. It was unseccesfull.
  I created boot.properties file in C:\Weblogic\Oracle\config\domains\wl_server\servers\ihale\security folder.
  I put username and password.
  After I tried to start ihale managed server, boot.properties file didn't encrypted and managed server also didn't started.
  I deleted cache, data, tmp folders except logs folder in \\192.168.1.29\c$\Weblogic\Oracle\config\domains\wl_server\servers\ihale and I tried again. It was unseccesfull.
  I found something on https://community.oracle.com/message/10653470
  Ganesh says:
  Did you restart AdminServer after deleting the LDAP Authentication provider?
  I think your managed server is still trying to authenticate user through ldap authentication provider.
  Torrado answers:
  I found that there was a definition in Security Policy of osb_server1 for an user that belonged to deleted LDAP authenticator.
  I deleted it and server started.
  Thanks.
  How can I delete definition in Security Policy of ihale for an user that belonged to deleted LDAP authenticator?
  Could you please help to solve this problem?
  Best Regards.

  Hi,
  You can rename the ldap folder in following directory structure.
  %Domain_Name% / servers / <servername> / data/
  You will find ldap folder try to rename that folder and then please restart the server again.
  If you are try to start through nodemanager then rename the nodemanager under following directory.
  %Domain_Name% / servers / <servername> / data/.
  Try to rename these two folder and restart the nodemanager and start the server again.
  It will work for you.
  Regards,
  Kal

• Java.lang.SecurityException: Authentication for user null denied in realm

  Hello,
  We have the following exceptionj on WLS 6.1 SP3 on Win2K:
  javax.naming.AuthenticationException. Root exception is
  java.lang.SecurityException: Authentication for user null denied in realm
  weblogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:212)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at
  weblogic.security.acl.internal.Security.authenticate(Security.java:135)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:518)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:362)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:334)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:211)
  at
  weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:149)
  at
  javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:660)
  at
  javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:241)
  at javax.naming.InitialContext.init(InitialContext.java:217)
  at javax.naming.InitialContext.<init>(InitialContext.java:173)
  at
  And it seems that this exception happens after the introduction of a JAAS module
  for an external call.
  What strikes me is that the WLS samples use System.setProperty... and I was wondering
  if this could be the cause of our problem, because the rest of the application
  does not use JAAS, and that may be it screws up the realm with WLS....
  Any idea?
  Cheers,
  Thierry

  Hello,
  We have the following exceptionj on WLS 6.1 SP3 on Win2K:
  javax.naming.AuthenticationException. Root exception is
  java.lang.SecurityException: Authentication for user null denied in realm
  weblogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:212)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at
  weblogic.security.acl.internal.Security.authenticate(Security.java:135)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.pushUser(WLInitialContextFactoryDelegate.java:518)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:362)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:334)
  at
  weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:211)
  at
  weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:149)
  at
  javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:660)
  at
  javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:241)
  at javax.naming.InitialContext.init(InitialContext.java:217)
  at javax.naming.InitialContext.<init>(InitialContext.java:173)
  at
  And it seems that this exception happens after the introduction of a JAAS module
  for an external call.
  What strikes me is that the WLS samples use System.setProperty... and I was wondering
  if this could be the cause of our problem, because the rest of the application
  does not use JAAS, and that may be it screws up the realm with WLS....
  Any idea?
  Cheers,
  Thierry

• Weblogic.security.SecurityInitializationException: Authentication for user system denied

  Reason: weblogic.security.SecurityInitializationException: Authentication for user system denied
  I tried my user name.But server didn't start.PLz help me and tell me what i have to do.
  Thanks

  Hi,
  The admin server is also able to start the managed server. The easiest way is
  to use a script. The command of starting a managed server is not much different
  from the one for the admin server. Just make sure that you reference the admin
  server URL (eg. http://localhost:7001). The more production environment way of
  managing managed server is to use the notemanger. See the admin guide for more
  infos.
  Which version are you using?
  Kai
  "hari" <[email protected]> wrote:
  >
  Hi!Kai..
  I tried with system/weblogic....but same error.Actually i created domain
  and managed
  server in existing domain throgh config.sh
  But the admin server is running properly.But the manager is not starting,user
  authentication problem is coming.When i was created domain..i created
  a user.I
  started admin server with that user...but manged server is not starting.Plz
  help
  me.

• Java.lang.SecurityException: Authentication for user test1 denied in realm wl_realm

  Environment: WLS61 SP2
  Two WLS61 servers on different machines. User test1 is authenticated against LDAP
  on server_1, then tries
  to execute a class (from JSP) that calls EJB on server_2. The environment properties
  for the call to EJB on server_2 to are setup as follows (Note that user test2 is
  used to call EJB on server_2. User test2 exists in the wl_realm on server2):
  env.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
  env.put(Context.PROVIDER_URL, "t3://server2:7001");
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.SECURITY_PRINCIPAL, "test2");
  env.put(Context.SECURITY_CREDENTIALS, "somepass");
  The call results in the following exception raised on server_2. Why is test1 id used
  if test2 is explicitly specified for the call? User test1 does not exist on server_2.
  <Jul 13, 2002 11:37:31 AM EDT> <Warning> <Dispatcher> <RuntimeException thrown by
  rmi server: 'weblo
  gic.rmi.cluster.ClusterableServerRef@111 - jvmid: '4783591120128354231S:xxx.xxx.xxx.xxx:[7001,7001,7002,7
  002,7001,7002,-1]:mydomain:myserver', oid: '271', implementation: '[BaseEJBObject]
  home: c
  om.test.TestEJB_jvjalv_HomeImpl@7583b9''
  java.lang.SecurityException: Authentication for user test1 denied in realm wl_realm
  at weblogic.security.acl.Realm.authenticate(Realm.java:212)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
  at weblogic.security.acl.internal.Security.verify(Security.java:87)
  at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:237)
  at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:22)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)

  If you are using JNDI authentication, make sure you close the context before
  you get another context.
  In WLS, stack of authenticated users will be maintained per thread. Now when
  user is authenticated, it will be pushed into the stack. When you close the
  context it will be popped out. In your case it seems like somehow test1 user's
  idenitity is set on the thread which is calling the EJB on server2.
  use weblogic.security.acl.Security.getCurrentUser() to get the current
  user associated with the thread.
  I hope this helps.
  -utpal

• Java.lang.SecurityException: Authentication for user system denied in realm weblogic

  I am looking for some help to deploy the application in weblogic6.0.
  This is what i did during the application deployment.
  Create a new directory under config as a new application.
  D:\bea\wlserver6.0\config\test
  under test created two other directories applications and logs.
  Under the applications directory copied .ear and .war files.
  Under the test i copied config.xml, all the *.pem starttest.cmd, fileRealam.properties
  files. Modified the config.xml with my application, domain and the server. Modified
  the settest.cmd with the new domain and server name.
  when i do startup, it is prompting for the password and i entered what ever i mentioned
  during the installation.
  And getting the following error.
  Thanks alot for any suggestions.
  D:\bea\wlserver6.0\config\test>startTest.cmd
  D:\bea\wlserver6.0>set PATH=.\bin;D:\bea\jdk130\bin;C:\RATIONAL\RATION~1\NUTCROO
  T\bin;C:\RATIONAL\RATION~1\NUTCROOT\bin\x11;C:\RATIONAL\RATION~1\NUTCROOT\mksnt;
  C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\Dell\Resoluti
  on Assistant\Common\bin;C:\PROGRA~1\MICROS~4\Office;C:\PROGRA~1\ULTRAE~1;C:\Rati
  onal\common;C:\Rational\Rational Test;C:\jdk1.3\bin;C:\Ant\bin;
  D:\bea\wlserver6.0>set CLASSPATH=.;.\lib\weblogic_sp.jar;.\lib\weblogic.jar
  D:\bea\wlserver6.0>D:\bea\jdk130\bin\java -hotspot -ms64m -mx64m -classpath .;.\
  lib\weblogic_sp.jar;.\lib\weblogic.jar -Dweblogic.Domain=test -Dweblogic.Name=te
  stServer -Dbea.home=D:\bea -Dcloudscape.system.home=./samples/eval/cloudscape/da
  ta -Djava.security.policy==D:\bea\wlserver6.0/lib/weblogic.policy weblogic.Serve
  r
  Enter password to boot weblogic server:password
  Starting WebLogic Server ....
  <Feb 14, 2001 12:13:04 PM EST> <Notice> <Management> <Loading configuration file
  .\config\test\config.xml ...>
  <Feb 14, 2001 12:13:06 PM EST> <Info> <Logging> <Only log messages of severity "
  Error" or worse will be displayed in this window. This can be changed at Admin C
  onsole> test> Servers> testServer> Logging> Debugging> Stdout severity threshold
  >
  <Feb 14, 2001 12:13:08 PM EST> <Emergency> <Server> <Unable to initialize the se
  rver: 'Fatal initialization exception
  Throwable: java.lang.SecurityException: Authentication for user system denied in
  realm weblogic
  java.lang.SecurityException: Authentication for user system denied in realm webl
  ogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:209)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:229)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:11
  3)
  at weblogic.security.SecurityService.initializeSuid(SecurityService.java
  :293)
  at weblogic.security.SecurityService.initialize(SecurityService.java:123
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  '>
  The WebLogic Server did not start up properly.
  Exception raised: java.lang.SecurityException: Authentication for user system de
  nied in realm weblogic
  java.lang.SecurityException: Authentication for user system denied in realm webl
  ogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:209)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:229)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:11
  3)
  at weblogic.security.SecurityService.initializeSuid(SecurityService.java
  :293)
  at weblogic.security.SecurityService.initialize(SecurityService.java:123
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  Reason: Fatal initialization exception
  D:\bea\wlserver6.0>goto finish
  D:\bea\wlserver6.0>cd config\test
  D:\bea\wlserver6.0\config\test>ENDLOCAL
  D:\bea\wlserver6.0\config\test>

  Seen this, may give a clue?
  Server Known Problems Change Request Number Description
  042556
  The weblogic.Admin command now requires the user and password options. For example:
  java weblogic.Admin -username system -password gumby1234
  The username "system" is required for most functions (for example: VERSION). If
  you do not specify -username system, you will get the following error:
  Exception in thread "main" java.lang.SecurityException: Authentication for user
  system denied in realm weblogic
  <<no stack trace available>>
  "lazar" <[email protected]> wrote:
  >
  I would also like to know, if there is a fix for it.
  Thanks
  Lazar
  Greg Layton <[email protected]> wrote:
  Did you ever get an answer to this. If so could you share it with me.ThanksGreg

• Java.lang.SecurityException: Authentication for user system denied in realm wl_realm

  I am experiencing this error when a servlet or JSP is preloaded on the web
  server and the init method of the preloaded item results in a call to the
  app server. If I don't preload and then manually invoke the JSP or servlet
  after the web server completely loads the call to the app server does not
  produce the exception. The only security differences between the web and
  app servers are the console and system passwords. I can fix the problem by
  making the passwords (system and console) the same across the board, but
  find it hard to believe that this is the true solution. I would prefer
  sticking with the default security settings.
  I've poured through hundreds of messages. I can find similar problems but
  not this exact problem.
  Any ideas would truly be appreciated!
  More information:...
  App and Web server are both wls 6.1.1.0 running on the same SUN Solaris box.
  Both are using the basic, out of the box, security.
  The App server has SSL disabled.
  The exception reported in the app server's log is:
  java.lang.SecurityException: Authentication for user system denied in realm
  wl_realm
  at weblogic.security.acl.Realm.authenticate(Realm.java:212)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at
  weblogic.security.acl.internal.Security.authenticate(Security.java:125)
  at weblogic.security.acl.internal.Security.verify(Security.java:87)
  at
  weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:235)
  at
  weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:2
  2)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
  The exception reported in the web server's log is:
  java.lang.SecurityException: Authentication for user system denied in realm
  wl_realm
  at
  weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.
  java:85)
  at
  weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
  :255)
  at
  weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
  :222)
  at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
  at $Proxy54.lookup(Unknown Source)
  at
  weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
  at javax.naming.InitialContext.lookup(InitialContext.java:350)
  at
  com.qwest.tmmt.manager.client.MDMAdapter.getEJBHome(MDMAdapter.java:197)
  at
  com.qwest.tmmt.manager.client.MDMAdapter.<init>(MDMAdapter.java:64)
  at
  com.qwest.tmmt.manager.client.ManagerFactory.createMetaDataManager(ManagerFa
  ctory.java:305)
  at
  com.qwest.insite.util.ClientMetaDataCache.<init>(ClientMetaDataCache.java:53
  at
  com.qwest.insite.util.ClientMetaDataCache.getInstance(ClientMetaDataCache.ja
  va:106)
  at
  com.qwest.insite.metadata.startup.MetaDataServlet.init(MetaDataServlet.java:
  30)
  at
  weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java
  :700)
  at
  weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.ja
  va:643)
  at
  weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.jav
  a:588)
  at
  weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletC
  ontext.java:2203)
  at
  weblogic.servlet.internal.WebAppServletContext.preloadServlets(WebAppServlet
  Context.java:2147)
  at
  weblogic.servlet.internal.WebAppServletContext.init(WebAppServletContext.jav
  a:884)
  at
  weblogic.servlet.internal.WebAppServletContext.<init>(WebAppServletContext.j
  ava:807)
  at
  weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:421)
  at weblogic.j2ee.WebAppComponent.deploy(WebAppComponent.java:74)
  at weblogic.j2ee.Application.addComponent(Application.java:160)
  at weblogic.j2ee.J2EEService.addDeployment(J2EEService.java:117)
  at
  weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
  arget.java:329)
  at
  weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
  arget.java:144)
  at
  weblogic.management.mbeans.custom.WebServer.addWebDeployment(WebServer.java:
  76)
  at java.lang.reflect.Method.invoke(Native Method)
  at
  weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
  .java:608)
  at
  weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
  92)
  at
  weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
  nImpl.java:352)
  at
  com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
  at
  com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
  at $Proxy33.addWebDeployment(Unknown Source)
  at
  weblogic.management.configuration.WebServerMBean_CachingStub.addWebDeploymen
  t(WebServerMBean_CachingStub.java:1094)
  at
  weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
  arget.java:315)
  at
  weblogic.management.mbeans.custom.DeploymentTarget.addDeployments(Deployment
  Target.java:279)
  at
  weblogic.management.mbeans.custom.DeploymentTarget.updateServerDeployments(D
  eploymentTarget.java:233)
  at
  weblogic.management.mbeans.custom.DeploymentTarget.updateDeployments(Deploym
  entTarget.java:193)
  at java.lang.reflect.Method.invoke(Native Method)
  at
  weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
  .java:608)
  at
  weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
  92)
  at
  weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
  nImpl.java:352)
  at
  com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
  at
  com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
  at $Proxy32.updateDeployments(Unknown Source)
  at
  weblogic.management.configuration.ServerMBean_CachingStub.updateDeployments(
  ServerMBean_CachingStub.java:2734)
  at
  weblogic.management.mbeans.custom.ApplicationManager.startConfigManager(Appl
  icationManager.java:362)
  at
  weblogic.management.mbeans.custom.ApplicationManager.start(ApplicationManage
  r.java:154)
  at java.lang.reflect.Method.invoke(Native Method)
  at
  weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
  .java:608)
  at
  weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
  92)
  at
  weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
  nImpl.java:352)
  at
  com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
  at
  com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
  at $Proxy45.start(Unknown Source)
  at
  weblogic.management.configuration.ApplicationManagerMBean_CachingStub.start(
  ApplicationManagerMBean_CachingStub.java:480)
  at
  weblogic.management.Admin.startApplicationManager(Admin.java:1151)
  at weblogic.management.Admin.finish(Admin.java:570)
  at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:506)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:203)
  at weblogic.Server.main(Server.java:35)
  Thanks,
  Jed Zimmer

  You're correct. I meant the DOMAIN_SYSTEM_PASSWORD password in my
  <domain-name>domain.ksh file. The DOMAIN_SYSTEM_PASSWORD value (if
  specified) has to match the system user's password or else the server will
  not start/stop.
  I have determined more since my post. A startup class also produces the
  same error. I have minimized my environments as follows and still receive
  the exception, and a soon as I synchronize the system users' passwords on
  the app/web server the problem goes away. Or, I can keep the passwords
  different and just not access the app server EJBs until after the web server
  finished loading, which also causes the error to go away. I'm just confused
  about what I might be doing wrong.
  Steps to produce the error:
  App server:
  - Installed from 6.1.1.0 from scratch and started it up.
  - Changed the system user's password from the admin console, persisting the
  changes.
  - Modified logging settings to see more info in the log files.
  - Disabled instrument stack traces.
  - Stopped/Started the app server
  Web server:
  - Installed from 6.1.1.0 from scratch and started it up.
  - Modified logging settings to see more info in the log files.
  - Disabled instrument stack traces.
  - Added a servlet to the DefaultWebApp_insiteserver application
  - specified name and class
  - the load on startup setting defaulted to zero, which will cause the
  preloading
  - Added 3 jar files to the classpath to support the EJB call
  - Stopped/Started the web server
  When the web server loads the servlet loads and tries to locate the EJB on
  the app server. The app server throws the security exception. The app/web
  servers are both running on the same SUN box, have the same IP address
  (different ports) and I'm using non-SSL. Each server is it's own WLS
  environment. The only installed file that is shared it the
  weblogic_domain_registry.dat file in the root directory. As for security,
  I'm doing nothing except changing one password (system user on the app
  server).
  I then tried to manually upgrade the app/web servers to 6.1.2.0 by updating
  the WEBLOGIC_ROOT in the respective xxxxdomain.ksh files. Same problem.
  I then cleanly reinstalled the app/web servers using version 6.1.2.0 and
  configured as above. Same problem.
  Let me know if I need to provide additional details.
  Thanks,
  Jed Zimmer
  "Joseph Nguyen" <[email protected]> wrote in message
  news:[email protected]...
  >
  "Jed Zimmer" <[email protected]> wrote in message
  news:[email protected]...
  I am experiencing this error when a servlet or JSP is preloaded on the
  web
  server and the init method of the preloaded item results in a call tothe
  app server. If I don't preload and then manually invoke the JSP orservlet
  after the web server completely loads the call to the app server does
  not
  produce the exception. The only security differences between the weband
  app servers are the console and system passwords. I can fix the problemby
  making the passwords (system and console) the same across the board, but
  find it hard to believe that this is the true solutionI don't quite understand what you mean by "console" password? Are you
  talking about the admin console? If so then it's confusing because youhave
  to log into the console using the system user. If you can clarify morehere
  it would great.
  Joseph Nguyen
  BEA Support
  . I would prefer
  sticking with the default security settings.
  I've poured through hundreds of messages. I can find similar problems
  but
  not this exact problem.
  Any ideas would truly be appreciated!
  More information:...
  App and Web server are both wls 6.1.1.0 running on the same SUN Solarisbox.
  Both are using the basic, out of the box, security.
  The App server has SSL disabled.
  The exception reported in the app server's log is:
  java.lang.SecurityException: Authentication for user system denied inrealm
  wl_realm
  at weblogic.security.acl.Realm.authenticate(Realm.java:212)
  atweblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at
  weblogic.security.acl.internal.Security.authenticate(Security.java:125)
  atweblogic.security.acl.internal.Security.verify(Security.java:87)
  at
  weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:235)
  at
  weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:2
  2)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
  The exception reported in the web server's log is:
  java.lang.SecurityException: Authentication for user system denied inrealm
  wl_realm
  at
  weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.
  java:85)
  at
  weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
  :255)
  at
  weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
  :222)
  at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
  at $Proxy54.lookup(Unknown Source)
  at
  weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
  at javax.naming.InitialContext.lookup(InitialContext.java:350)
  at
  com.qwest.tmmt.manager.client.MDMAdapter.getEJBHome(MDMAdapter.java:197)
  at
  com.qwest.tmmt.manager.client.MDMAdapter.<init>(MDMAdapter.java:64)
  at
  com.qwest.tmmt.manager.client.ManagerFactory.createMetaDataManager(ManagerFa
  ctory.java:305)
  at
  com.qwest.insite.util.ClientMetaDataCache.<init>(ClientMetaDataCache.java:53
  at
  com.qwest.insite.util.ClientMetaDataCache.getInstance(ClientMetaDataCache.ja
  va:106)
  at
  com.qwest.insite.metadata.startup.MetaDataServlet.init(MetaDataServlet.java:
  30)
  at
  weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java
  :700)
  at
  weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.ja
  va:643)
  at
  weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.jav
  a:588)
  at
  weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletC
  ontext.java:2203)
  at
  weblogic.servlet.internal.WebAppServletContext.preloadServlets(WebAppServlet
  Context.java:2147)
  at
  weblogic.servlet.internal.WebAppServletContext.init(WebAppServletContext.jav
  a:884)
  at
  weblogic.servlet.internal.WebAppServletContext.<init>(WebAppServletContext.j
  ava:807)
  at
  weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:421)
  at weblogic.j2ee.WebAppComponent.deploy(WebAppComponent.java:74)
  at weblogic.j2ee.Application.addComponent(Application.java:160)
  at weblogic.j2ee.J2EEService.addDeployment(J2EEService.java:117)
  at
  weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
  arget.java:329)
  at
  weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
  arget.java:144)
  at
  weblogic.management.mbeans.custom.WebServer.addWebDeployment(WebServer.java:
  76)
  at java.lang.reflect.Method.invoke(Native Method)
  at
  weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
  .java:608)
  at
  weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
  92)
  at
  weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
  nImpl.java:352)
  at
  com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
  at
  com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
  at $Proxy33.addWebDeployment(Unknown Source)
  at
  weblogic.management.configuration.WebServerMBean_CachingStub.addWebDeploymen
  t(WebServerMBean_CachingStub.java:1094)
  at
  weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
  arget.java:315)
  at
  weblogic.management.mbeans.custom.DeploymentTarget.addDeployments(Deployment
  Target.java:279)
  at
  weblogic.management.mbeans.custom.DeploymentTarget.updateServerDeployments(D
  eploymentTarget.java:233)
  at
  weblogic.management.mbeans.custom.DeploymentTarget.updateDeployments(Deploym
  entTarget.java:193)
  at java.lang.reflect.Method.invoke(Native Method)
  at
  weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
  .java:608)
  at
  weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
  92)
  at
  weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
  nImpl.java:352)
  at
  com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
  at
  com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
  at $Proxy32.updateDeployments(Unknown Source)
  at
  weblogic.management.configuration.ServerMBean_CachingStub.updateDeployments(
  ServerMBean_CachingStub.java:2734)
  at
  weblogic.management.mbeans.custom.ApplicationManager.startConfigManager(Appl
  icationManager.java:362)
  at
  weblogic.management.mbeans.custom.ApplicationManager.start(ApplicationManage
  r.java:154)
  at java.lang.reflect.Method.invoke(Native Method)
  at
  weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
  .java:608)
  at
  weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
  92)
  at
  weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
  nImpl.java:352)
  at
  com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
  at
  com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
  at
  weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
  at $Proxy45.start(Unknown Source)
  at
  weblogic.management.configuration.ApplicationManagerMBean_CachingStub.start(
  ApplicationManagerMBean_CachingStub.java:480)
  at
  weblogic.management.Admin.startApplicationManager(Admin.java:1151)
  at weblogic.management.Admin.finish(Admin.java:570)
  at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:506)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:203)
  at weblogic.Server.main(Server.java:35)
  Thanks,
  Jed Zimmer