Reg: DB User account lock and expire

Similar Messages

• Using dbca to create a db and all the users are locked and expired

  I create a template using dbca on 10gR2 with schema and data and when I use that to build a clone on another machine the users passwords are all locked and expired. I am doing this in silent mode from the command line and I am looking for a flag that produces the unlock users passwords feature which seems to be there if you manually run dbca from the GUI.

  This is a unix script I use to unlock accouts. I should notice this script is used for educational pourposes, in a production database it is not a good practice to leave demo accounts unlocked and overall with login=password.
  sqlplus -S /nolog <<ENDSQL
       connect / as sysdba
       SET LINESIZE 132
       SET PAGESIZE 0
       SET TERMOUT OFF
       SET NEWPAGE 0
       SET SPACE 0
       SET ECHO OFF
       SET FEEDBACK OFF
       SET HEADING OFF
       SPOOL x.sql
       SELECT 'ALTER USER '||username||' IDENTIFIED BY '||username||' ACCOUNT UNLOCK;'
       FROM   dba_users
       WHERE  account_status LIKE '%LOCK%';
       SPOOL OFF
       @x.sql
       !rm x.sql
       exit
  <<ENDSQL~ Madrid.

• Mac user account locked out in Microsoft Active Directory

  Hi,
  I have some users who get their user account locked out several times a day.
  It seems to be an issue with the keychain.
  Our users need to change their password every 90 days domain GPO applied on every users.
  Do you know how to fix this issue?
  I have notice that most of the time this happens when the Mac wakes up from sleep mode while still connected to the network and when the users try to re login.
  Thank you.

  Hi Nicky
  I had a very similar problem a while back. It turned out that I had another device trying to retrieve mail from the corporate account. in my case it was an iPod that was just sitting on charge for weeks at a time but was accessing the Exchange server with the wrong password, after having changed it due to the same password policy you use. Of course after a set number of tries, the AD locked the account.
  I always remember to change my iPhone password now
  Jerry

• My mail can send out message but can't receive new e-mail? and some software(adobe illustrator cs) and applications(terminal) can't run ? but in another user account, terminal and illustrator can run.

  Hi,
  My Mac info:
  Machine Name:          Power Mac G5
  Machine Model:          PowerMac7,3
  CPU Type:          PowerPC G5  (3.0)
  Mail Version 2.1.3 (753.1)
  My mail application can send out message but can't receive new e-mail now ? please see attached before my capture screen
  and some software(adobe illustrator cs) and applications(terminal) can't run ? please see attached
  but in another user account, terminal and illustrator can run.
  Please kindly help to check with these problems. Thanks.

  Verify and Repair disk “Data”
  Checking HFS Plus volume.
  Checking Extents Overflow file.
  Checking Catalog file.
  Checking multi-linked files.
  Checking Catalog hierarchy.
  Checking Extended Attributes file.
  Checking volume bitmap.
  Checking volume information.
  Volume Header needs minor repair
  Repairing volume.
  Rechecking volume.
  Checking HFS Plus volume.
  Checking Extents Overflow file.
  Checking Catalog file.
  Checking multi-linked files.
  Checking Catalog hierarchy.
  Checking Extended Attributes file.
  Checking volume bitmap.
  Checking volume information.
  The volume Data was repaired successfully.
  Mounting Disk
  1 HFS volume checked
  Repair attempted on 1 volume
    1 HFS volume repaired

• UME User account password never expires

  Is there a user type in the UME on java where the user account will not expire? Much like the service user type on ABAP.
  Thanks Mikie

  Mike,
  This is actually what you are looking for:
  http://help.sap.com/saphelp_nw04s/helpdata/en/4e/225b42eeb66255e10000000a155106/frameset.htm
  You want the technical user type.
  -Michael
  Ooops I answered to quickly. Someone else already answered.
  -Michael
  Edited by: Michael Shea on Mar 12, 2008 10:35 AM
  My mistake.
  Well actually no I am correct. Mike, you are looking for user types.
  Edited by: Michael Shea on Mar 12, 2008 10:43 AM

• Orcladmin user account has been expired

  Hi All,
  My orcladmin user account has been expired. According to the docs i use oidpasswd connect=SID reset_su_password=true to reset the account. I run that command successfully but i am not able to login through orcladmin user.
  Apps Server - 10.1.X
  Any suggestions?
  thanks
  Edited by: user8904901 on Aug 23, 2011 4:57 PM

  oidpasswd connect=SID unlock_su_acct=true
  See Oracle document :
  OID PASSWORD POLICY EXPIRES, PASSWORD RESETTING PASSWORD STILL FAILS [ID 272248.1]
  If you find this helpful please mark it so.
  Best Regards
  mseberg

• J_security_check, JAAS, password expiration, account locking and portals

  J2EE form-based authentication will redirect an unauthenticated user trying to connect to a secured resource to a login page and will 1) send the user to the originally requested page upon successful authentication OR 2) send the user to the error page in the event of authentication failure. There are a couple of problems that I have with this implementation - not with j_security_check specifically, but with the pattern generally.
  There are several events that a Portal must manage beyond simple authentication validation. Specifically
  - Notify a user after successful authentication that their account has been locked and they must contact someone to get it unlocked.
  - Notify a user after successful authentication that their password is about to expire and offer them a choice between changing their password immediately or proceeding to the requested resource.
  - Notify a user after successful authentication that their password has expired and require that they change it before proceeding to the requested resource.
  - Notify a user after successful authentication that they don't have rights to access to the requested resource even though they've been successfully authenticated and offer to redirect them to a page that they are authorized to access.
  I am currently investigating a scheme to solve these problems by using servlets for the login and error 'pages', having these servlets forward to different .JSP's based on roles, and writing some sort of JAAS module to add an access (authorization) role based on the password and account lock status.
  Has anyone else worked on this kind of problem? Are there any efforts to extend the J2EE specifications to handle these alternate flows in the j_security_check activity.
  I'm frustrated with each of the different container providers handling the JAAS Authorization differently. Further, since the j_security_check doesn't discuss how the server tracks the original request, each container provider has used a custom mechanism for keeping the original URI as j_security_check activity proceeds.
  One final gripe, since the J2EE specification does not specify how to deal with JAAS, and further define a mechanism to getting the Subject associated with the current ServletRequest, all providers have done this differently too. Perhaps this was avoided as a 'non-goal', but wouldn't it have been nice to state that 'should a provider decide to offer JAAS based security, the implementation must...'?

  I understand this problem... I dont know whether I have term this as a "Feature" or a "Drawback".
  I have handled this problem differently in my project.
  Scenario: When user does normal login
  1. User is displayed a home page. During this process, I create a session variable "Initialized".
  2. I check for this session variable in all the pages. If this session variable is missing then I redirect to the home page which in turn creates the "Initialize" variable in the session.
  Scenarion: Session time out happens in Page 3
  1. User will be taken to login page.
  2. Typically scenarion, when user is authenticated successfully, Page 3 is displayed.
  3. I check for the session variable "Initialize" in Page 3. This "Initialize" variable will not be available due to session expiry.
  4. I redirect my page to "Home Page" which inturn creates session variable "Initialize".
  5. This solution solved the problem of showing home page when user does the login

• User account lock & expired

  Hi All
  I am confused what is the difference of account lock & expired does it bring to the user/owner?
  If I locked an account he/she can not login.
  If I expire an account he/she can not also login.
  So what is the difference?
  Thanks,
  petra k

  I am confused what is the difference of account lock & expired does it bring to the user/owner?
  If I locked an account he/she can not login.
  If I expire an account he/she can not also login.
  So what is the difference?
  When you have a basic question the first thing to do is search the Oracle documentation to see if it has the info you need.
  http://docs.oracle.com/cd/B28359_01/server.111/b28337/tdpsg_user_accounts.htm
  Expiring and Locking Database Accounts
  Oracle Database 2 Day DBA explains how you can use Database Control to unlock database accounts. You also can use Database Control to expire or lock database accounts.
  When you expire the password of a user, that password no longer exists. If you want to unexpire the password, you change the password of that account. Locking an account preserves the user password, as well as other account information, but makes the account unavailable to anyone who tries to log in to the database using that account. Unlocking it makes the account available again.

• User accounts locking out.

  I have recently upgraded to APEX 3.1.0.00.32 and have discovered that my users are now able to lock themselves out of my app.
  I found settings both at the apex level as well as the workspace level to disable this feature, however the accounts are still locking out. Is there a setting somewhere else that I need to change?
  Thanks,
  Joel

  Kathryn,
  The feature has no Disable/Enable control. It can be required of workspaces (toggled at the site level) with respect to the epiration/locking policy for end-user accounts, or not. If not required, individual workspaces can enable or disable the feature, again, with respect to end user account expiration and locking.
  For developer/admin accounts, the feature is always "on". If you prefer a longer expiration period, say 24 years, set the Account Password Lifetime (days) value to 8766. If you want to allow a large number, say 1000, of invalid consecutive password attempts, set the Maximum Login Failures Allowed value to 1000.
  Scott

• Domain User Account Locked - ActiveSync

  For our ActiveSync users, when their domain account expires and requires a new password, if they forget to change their password on their iDevices, their account locks out.  Is there a way, outside of changing our parameters around user failed attempts, to not lock the accounts out if they are coming from ActiveSync/iDevices?  Or any other creative way?

  it seems to me the user is logged on to some computer with an expired password. The computer attempts to connect to wifi and thus authenticate using the users expired credentials.
  Ask the user to reboot all of the computers he uses. If the problem persists, check if the user has open sessions on other machines and check the configuration of the wireless network on the client.
  MCP/MCSA/MCTS/MCITP

• User account locked out in IAS Server.

  Hi,
  Windows Server 2003 stand-alone with IAS Server working as a RADIUS Server for WIFI connections.
  There is a domain user account that keeps locking out randomly a few times a day.
  This user account doesn't show up within the IAS server log file.
  The Audit Policy is enabled in the w2k3 server for Succes, Failure and the events below comes up for every locking,
  The Caller User Name is the IAS Server machine account.
  I had to enable in the DCs the Netlogon debug mode to get the lock outs source, that turns out to be the IAS Server.
  This is quite strange as I can't find the user account within the IAS Server log.
  Could anybody clues me in on this issue?
  Thak you.

  it seems to me the user is logged on to some computer with an expired password. The computer attempts to connect to wifi and thus authenticate using the users expired credentials.
  Ask the user to reboot all of the computers he uses. If the problem persists, check if the user has open sessions on other machines and check the configuration of the wireless network on the client.
  MCP/MCSA/MCTS/MCITP

• Administrator User Account Locked

  Hi.
  I locked into my local portal with Admin user/pwd.
  It asks me to reset the pwd.
  I did it and I forgottenly given wrong password.
  When I tried to log in the portal with the Admin user/pwd, it is showing message as "Account Locked"
  Can anyone help on this issue.
  Regards
  Bala

  Hi Balachandar P,
  If you forgot or lock "Administrator or J2EE_ADMIN" password just follow below steps:
  <u><b>STEP-1: Enable "SAP*"</b></u>
  1.Start the Config Tool C:\usr\sap\<SID>\<engine-instance>\j2ee\configtool\configtool.bat
  Ex: D:\usr\sap\F02\JC00\j2ee\configtool --> configtool.bat
  2.Goto cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service
  3.Double-click on the property "ume.superadmin.activated = TRUE"
  4.Double-click on the property "ume.superadmin.password=<Enter any password ex: abc123>"
  5.Save.
  6.Restart the engine.
  <u><b>STEP-2: Login with "SAP*" into portal</b></u>
  1. http://<host>:<Port>/useradmin/index.jsp
  2. Enter userid / password as" SAP* / <password ex: abc123>"
  3. Search for "Administrator" user
  4. Reset or change password for "Administrtor"
  <u><b>STEP-3: Disable "SAP*"</b></u>
  1.Start the Config Tool C:\usr\sap\<SID>\<engine-instance>\j2ee\configtool\configtool.bat
  Ex: D:\usr\sap\F02\JC00\j2ee\configtool --> configtool.bat
  2.Goto cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service
  3.Double-click on the property "ume.superadmin.activated = FALSE"
  4.Save.
  5. Restart the engine.
  <u><b>STEP-4: Login with "Administrator"</b></u>
  1. http://<host>:<Port>/useradmin/index.jsp
  2. Enter userid / Password as "Administrator / <password>
  3. it will ask change password just change it.
  <b>Thanks,
  Nagaraju Parlapalli</b>

• User Account Locking

  I know it is possible to set up Plumtree to lock a users account if they try to login with an invalid password and number of times. My question is is it possible to find out through the API how many times a user has left before the account is locked?
  Keith Drew

  Can't explain, but there are several threads about similiar problems. Mostly there are problems with mail, but the main problem is that logged out users doesn't get disconnected from AFP.  Hope the fix comes soon.

• WLC 4400: User Account must not expire

  Hi all.
  Currently we have wireless guest user accounts added onto the wlc and they expire in 30days. No problem with this.
  However, the wireless infrastructure is to be used by internal employees with local account db held on wlc. Can this be setup such that their account will never expire?
  thanks a lot
  Ajaz

  Hi Ajaz,
  Most possible my friend
  Local Net Users
  You can change a guest user account with a non-zero lifetime to another lifetime value at any
  time while the account is active. However, to make a guest user account permanent using the
  controller GUI, you must delete the account and create it again. If desired, you can use the config
  netuser lifetime user_name 0 CLI command to make a guest user account permanent without
  deleting and recreating it.
  From the Lifetime drop-down boxes, choose the amount of time (in days, hours, minutes, and seconds)
  that this guest user account is to remain active. A value of zero (0) for all four fields creates a permanent
  account.
  http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52users.pdf
  Cheers!
  Rob
  Please support CSC Helps Haiti
  https://supportforums.cisco.com/docs/DOC-8895
  https://supportforums.cisco.com/docs/DOC-8727

• Catch RFC Exception - User Account locked

  Hello,
  I am hoping someone knows how in the portal to catch an exception thrown by JCo indicating a users account is locked in R/3. 
  I would like to trap the error and display a friendly error message to contact the correct people.  I do not want to see a Portal Runtime Error get presented to end users.
  Here is what it looks like in the default trace:
  Caused by: com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: User is locked. Please notify the person responsible
  at com.sap.mw.jco.MiddlewareJRfc.generateJCoException(MiddlewareJRfc.java:418)
  Any docs on catching R/3 Fault exceptions is great as well.
  Thank you,
  Sean

  Usually when working with BAPIs, it is designed not to raise any exceptions.  They are designed to pass any errors back to the caller thru the BAPIRET2 parameter in the BAPI signature, using a TABLES parameter.  This is how you will let the user know gracefully.  If you are working with custom function modules which are to be called from the portal, they need to be developed in such a way that they do not RAISE and exceptions, but pass the errors back using a table like in the BAPIs.
  REgards,
  Rich Heilman