Server 4.0: Client and Computer Authentication
Hello. In Active Directory we have Domain Controllers. Is there any way I can make the Mac OS Server the authentication and authorization server for all Macs on a remote LAN. -Rather than installing another DC. At this time they're authenticating via WAN VLAN tunnel to one of our DCs.
Thanks in advance!
If you're using only OD you can set up a master OD and have other MOSX servers bound to that master OD (or it's replicas). The same thing should be possible to do by binding your MOSX server(s) to AD and then having clients authenticating towards the server(s) with AD accounts. It is really pesky to have to sets of users. We are at a transfer state from OD to AD and, well, it's a little messy so I definitely prefer having one user directory.
If you have the possibility to set up a test server (virtualised is wonderful with snapshots and everything, could be possible to do on your own desktop/laptop even, VMWare/ESXi only) I would definitely try to bind the server(s) to AD if that's already existing and see if it works as expected before setting up another user directory.
Similar Messages
-
Xgrid server admin controller tab won't create password entries for client and agent authentication.
I am trying to set up password-based access for my OSX Server 10.7.3 running on a mac mini. When I try to enter passwords into the Client Authentication and Agent Authentication fields from the Controller tab and click Save, the fields empty out. When I then try to start the Xgrid service, it fails with an error in the log file controller missing password file "/etc/xgrid/controller/agent-password". Can someone help?
Thanks,
ChrisThanks for the pointer to createhomedir - that did indeed do the trick. (How on earth do people find these little nuggets).
I hesitate to mark this as solved however - it's a functioning workaround, but does nothing to explain why on earth the GUI suddenly stopped functioning.
But in the (likely) event that that question never gets answered, thanks again for letting me get on with working! -
Weblogic Server 10.3.0 and LDAP authentication Issue
Hi - I have configured my WebLogic Server 10.3.0 for LDAP authentication (OID = 10.1.4.3.0) and so far the authentication works fine but I am having issue in terms of authorization.
I am not able to access the default web logic administrator console app using any of the LDAP user, getting Forbiden message.
It appears to me that the Weblogic Server is not pulling out the proper groups from the LDAP where user belongs too.
Can anyone please point me towards the right direction to get this resolved.
Thanks,
STEPS
Here are my steps I have followed:
- Created a group called Administrators in OID.
- Created a test user call uid=myadmin in the OID and assigned the above group to this user.
- Added a new Authentication Provider to the Weblogic and configured it what is required to communicate with OID (the config.xml file snipet is below)
<sec:authentication-provider xsi:type="wls:ldap-authenticatorType">
<sec:name>OIDAuthentication</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
<wls:host>pmpdeva-idm.ncr.pwgsc.gc.ca</wls:host>
<wls:port>1389</wls:port>
<wls:principal>cn=orcladmin</wls:principal>
<wls:user-base-dn>ou=AppAdmins, o=gc, c=ca</wls:user-base-dn>
<wls:credential-encrypted>removed from here</wls:credential-encrypted>
<wls:group-base-dn>ou=IDM, ou=ServiceAccounts, o=gc, c=ca</wls:group-base-dn>
</sec:authentication-provider>
- Marked the default authentication provider as sufficient as well.
- Re-ordered the authentication provide such that the OIDauthentication is first in the list and default one is the last.
- Looking at the log file I see there are no groups returned for this user and that is the problem in my opinion.
<LDAP Atn Login username: myadmin>
<getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<authenticate user:myadmin>
<getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<authenticate user:myadmin with DN:uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<authentication succeeded>
<returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<LDAP Atn Authenticated User myadmin>
<List groups that member: myadmin belongs to>
<getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
*<search("ou=IDM, ou=ServiceAccounts, o=gc, c=ca", "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))", base DN & below)>*
*<Result has more elements: false>*
<returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<login succeeded for username myadmin>
- I see the XACML RoleMapper getRoles() only returning the Anonymous role as oppose to Admin (because the OID user is a part of Administrators group in OID then it should be returning Admin as fars I can tell. Here is the log entry that shows that:
<XACML RoleMapper getRoles(): returning roles Anonymous>
- I did a ldap search and I found no issues in getting the results back:
C:\>ldapsearch -h localhost -p 1389 -b"ou=IDM, ou=ServiceAccounts, o=gc, c=ca" -D cn=orcladmin -w "removed from here" (uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupOfUniqueNames)
cn=Administrators,ou=IDM,ou=ServiceAccounts,o=gc,c=ca
objectclass=groupOfUniqueNames
objectclass=orclGroup
objectclass=top
END
Here are the log entries:
<1291668685624> <BEA-000000> <LDAP ATN LoginModule initialized>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login>
<1291668685624> <BEA-000000> <LDAP Atn Login>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will be delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will use NameCallback to retrieve name>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[1] will be delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle will delegate all callbacks>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle delegated callbacks>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle got username from callbacks[0], UserName=myadmin>
<1291668685624> <BEA-000000> <LDAP Atn Login username: myadmin>
<1291668685624> <BEA-000000> <getConnection return conn:LDAPConnection { ldapVersion:2 bindDN:""}>
<1291668685624> <BEA-000000> <authenticate user:myadmin>
<1291668685624> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=MBR_Domain", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<1291668685624> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=MBR_Domain", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<1291668685624> <BEA-000000> <returnConnection conn:LDAPConnection { ldapVersion:2 bindDN:""}>
<1291668685624> <BEA-000000> <[Security:090302]Authentication Failed: User myadmin denied>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize LoginModuleClassName=weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize ClassLoader=java.net.URLClassLoader@facf0b>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize created delegate login module>
<1291668685624> <BEA-000000> <LDAP ATN LoginModule initialized>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login>
<1291668685624> <BEA-000000> <LDAP Atn Login>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will be delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[1] will be delegated>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle will delegate all callbacks>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle delegated callbacks>
<1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle did not get username from a callback>
<1291668685624> <BEA-000000> <LDAP Atn Login username: myadmin>
<1291668685624> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<1291668685624> <BEA-000000> <authenticate user:myadmin>
<1291668685624> <BEA-000000> <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<1291668685671> <BEA-000000> <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<1291668685671> <BEA-000000> <authenticate user:myadmin with DN:uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<1291668685671> <BEA-000000> <authentication succeeded>
<1291668685686> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<1291668685686> <BEA-000000> <LDAP Atn Authenticated User myadmin>
<1291668685686> <BEA-000000> <List groups that member: myadmin belongs to>
<1291668685686> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<1291668685686> <BEA-000000> <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
<1291668685686> <BEA-000000> <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
<1291668685686> <BEA-000000> <search("ou=IDM, ou=ServiceAccounts, o=gc, c=ca", "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))", base DN & below)>
<1291668685686> <BEA-000000> <Result has more elements: false>
<1291668685686> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
<1291668685686> <BEA-000000> <login succeeded for username myadmin>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login delegated, returning true>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit>
<1291668685686> <BEA-000000> <LDAP Atn Commit>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit delegated, returning false>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit>
<1291668685686> <BEA-000000> <LDAP Atn Commit>
<1291668685686> <BEA-000000> <LDAP Atn Principals Added>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit delegated, returning true>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login logged in>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login subject=Subject:
Principal: myadmin
>
<1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSIdentityServiceImpl.getIdentityFromSubject Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principals)>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) Principal=myadmin>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalClassName=weblogic.security.principal.WLSUserImpl>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) trying PrincipalValidator for interface weblogic.security.principal.WLSPrincipal>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalValidator handles this PrincipalClass>
<1291668685686> <BEA-000000> <Signed WLS principal myadmin>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalValidator signed the principal>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) All required PrincipalValidators signed this PrincipalClass, returning true>
<1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login identity=Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate authenticate succeeded for user myadmin, Identity=Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685686> <BEA-000000> <weblogic.security.service.internal.UserLockoutServiceImpl$ServiceImpl.isLocked(myadmin)>
<1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate login succeeded and myadmin was not previously locked out>
<1291668685702> <BEA-000000> <Using Common RoleMappingService>
<1291668685702> <BEA-000000> <PrincipalAuthenticator.validateIdentity>
<1291668685702> <BEA-000000> <PrincipalAuthenticator.validateIdentity will use common security service>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principals)>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) Principal=myadmin>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalClassName=weblogic.security.principal.WLSUserImpl>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) trying PrincipalValidator for interface weblogic.security.principal.WLSPrincipal>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalValidator handles this PrincipalClass>
<1291668685702> <BEA-000000> <Validate WLS principal myadmin returns true>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalValidator said the principal is valid>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) One or more PrincipalValidators handled this PrincipalClass, returning true>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principals) validated all principals>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles Identity=Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> <XACML RoleMapper getRoles(): input arguments:>
<1291668685702> <BEA-000000> < Subject: 1
Principal = weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685702> <BEA-000000> < Resource: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp/*, httpMethod=GET>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp/*>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/*, httpMethod=GET>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/*>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=*.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=*.jsp>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/, httpMethod=GET>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp, contextPath=/console>
<1291668685702> <BEA-000000> < Parent: type=<url>, application=consoleapp>
<1291668685702> <BEA-000000> < Parent: type=<app>, application=consoleapp>
<1291668685702> <BEA-000000> < Parent: type=<url>>
<1291668685702> <BEA-000000> < Parent: null>
<1291668685702> <BEA-000000> < Context Handler: >
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(AdminChannelUsers,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:AdminChannelUser:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role AdminChannelUser: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(AppTesters,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:AppTester:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role AppTester: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(everyone,[everyone,users]) -> true>
<1291668685702> <BEA-000000> <primary-rule evaluates to Permit>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Anonymous:, 1.0 evaluates to Permit>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Anonymous: GRANTED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Monitors,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Monitor:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Monitor: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Operators,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Operator:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Operator: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(CrossDomainConnectors,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:CrossDomainConnector:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role CrossDomainConnector: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Deployers,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Deployer:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Deployer: DENIED>
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, SC=null, Value=[everyone,users]>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Administrators,[everyone,users]) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Admin:, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Admin: DENIED>
<1291668685702> <BEA-000000> <XACML RoleMapper getRoles(): returning roles Anonymous>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles returning [ "Anonymous" ]>
<1291668685702> <BEA-000000> <AuthorizationManager will use common security for ATZ>
<1291668685702> <BEA-000000> <weblogic.security.service.WLSAuthorizationServiceWrapper.isAccessAllowed>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Identity=Subject: 1
Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Roles=[ "Anonymous" ]>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Direction=ONCE>
<1291668685702> <BEA-000000> <XACML Authorization isAccessAllowed(): input arguments:>
<1291668685702> <BEA-000000> < Subject: 1
Principal = weblogic.security.principal.WLSUserImpl("myadmin")
>
<1291668685702> <BEA-000000> < Roles:Anonymous>
<1291668685702> <BEA-000000> < Resource: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> < Direction: ONCE>
<1291668685702> <BEA-000000> < Context Handler: >
<1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:role, SC=null, Value=Anonymous>
<1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of([Admin,Operator,Deployer,Monitor],Anonymous) -> false>
<1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
<1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@U, 1.0 evaluates to Deny>
<1291668685702> <BEA-000000> <XACML Authorization isAccessAllowed(): returning DENY>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed AccessDecision returned DENY>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Results=[ DENY ]>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
<1291668685702> <BEA-000000> <DefaultAdjudicatorImpl.adjudicate results: DENY >
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Adjudictor returned false, returning that value>
<1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AuthorizationServiceImpl.isAccessAllowed returning adjudicated: false>Okay Finally the issue is resolved. Here is the findings to help others in case they ran into the same issue.
The OID version that we are using is not returning the groups the way Weblogic is building the ldapsearch command. We captured the ldap traffic to go deeper and noticed the filters and attributes list that wls was asking. For example, the filter was like:
"(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))" cn
its was the "cn" attribute that was causing the result set to be empty.
from a command line we tried
"(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))" uniquemember
and got the results back.
Then we start looking into OID configuration and one of my coworker pointed me towards the orclinmemfiltprocess attributes in cn=dsaconfig entry and told me that they had lot of issues in the past in relation to this attribute.
So as a test we removed the groupofuniquenames objectclass from the orclinmemfiltprocess attribute list and bingo it worked!
Since we needed the groupofuniquenames in this list for performance/other reasons and decided to use a different objectclass for our groups instead i.e. orclGroup.
Thanks everyone for showing interest on the problem and providing suggestions. -
I need code example for server act as client and vice versa
Hi all,
I want code example for performing both server and clients using RMI. I mean Server will act as client and client will act as server. So a single program will act as both client and server .
Please give example, it will helpful to complete my project. I am struggling in this stage. Its like peer to peer action.
Thanks & Regards
R.Ragupathi1. The tutorial shows you how to do cleint/server.
2. Search on the topic "callback" to see how cleint and server roles can be reversed. -
Exchange Server 2013: Outook Clients and OWA keeps on disconnecting/connecting every 5-10 mins
We have a new exchange server 2013 installed but also has exchange 2007 up.
MX records are now pointing to the new exchange server, all were working ok after DNS records were changed but after the weekend it Outlook clients and OWA keeps on disconnecting and reconnecting from exchange.
Exchange 2013 CU6
Anybody else experienced the same?hi Jheycie,
can you please check if you have .local and .com (different internal and external domain)
almost similar thread.. it worked for me
http://social.technet.microsoft.com/Forums/office/en-US/cc7d2300-0e1f-499f-a8f1-97f84687b6cc/emails-stuck-in-outlook-have-to-restart-transport-service?forum=exchangesvrgeneral
http://social.technet.microsoft.com/Forums/office/en-US/9b9bf607-f882-4f73-a7b2-611ace3f3115/users-unable-to-connect-to-exchange-unless-they-close-and-reopen-outlook?forum=exchangesvrgeneral
MARK AS USEFUL/ANSWER IF IT DID
Thanks
Happiness Always
Jatin -
Tiger server, Snow Leopard Client and Illustrator CS4
We have a strange problem happening with the one Snow Leopard client we have accessing our Tiger server. In certain directories (not in all) if the user opens an Illustrator CS4 file, makes changes and goes to save the file they get the message that the file is either locked or in use by another user (it is not). This does not happen with any other kind of file in that same directory. The server is connect to AD so the user accounts come from the AD but on this machine we have the same problem regardless of the user account used to mount the server volume. It also doesn't matter if I use a local account on the server to mount instead of AD. I have the same problem if I connect via SMB instead of AFP. Other machines (Leopard) can work on these files with no problems.
A couple of other bits of information which might be useful. If the user opens the file, does a save as to the same name and same folder and replaces the original they can work on the file and save it with no problems. As soon as they close the file and reopen it they have the problem again. Also, if they run into the problem, close all programs on the computer and try to unmount the server volume they get the message that the volume is in use and cannot be ejected. I have checked and there are no invisible files being created in the directory where this file resides.
What is strange is that the problem does not happen in all directories although when it happens it is repeatable in that directory. Happens every time. I have tried changing the name of the folder to something simple and it still happens.
Any suggestions on where to go with this problem??No progress yet. Have tried a lot of things with preferences on the server. I have confirmed with another snow leopard machine that this is not related to the machine in any way. I have not yet had a chance to test it on another Tiger server but given the fact that you are seeing it as well I would say there is a problem with the two operating systems cooperating.
As I said, I do have a temporary workaround. If you do a save as with the document, choose to overrite the original it works and then lets you continue to work on that file and save for that session. After you close the file and reopen the problem returns but at least for that session you are fine. -
Directory server 6.3 client and using useradd
Is it possible to add a user locally via the useradd command when the client is bound to a directory server in which the userid already exists?
Here is my pam.conf:
#ident "@(#)pam.conf 1.28 04/04/21 SMI"
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# PAM configuration
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
# Authentication management
# login service (explicit because of pam_dial_auth)
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
# rlogin service (explicit because of pam_rhost_auth)
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth required pam_unix_auth.so.1
# Kerberized rlogin service
krlogin auth required pam_unix_cred.so.1
krlogin auth binding pam_krb5.so.1
krlogin auth required pam_unix_auth.so.1
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
# Kerberized rsh service
krsh auth required pam_unix_cred.so.1
krsh auth binding pam_krb5.so.1
krsh auth required pam_unix_auth.so.1
# Kerberized telnet service
ktelnet auth required pam_unix_cred.so.1
ktelnet auth binding pam_krb5.so.1
ktelnet auth required pam_unix_auth.so.1
# PPP service (explicit because of pam_dial_auth)
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_cred.so.1
ppp auth required pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth required pam_unix_auth.so.1
# passwd command (explicit because of a different authentication module)
passwd auth required pam_passwd_auth.so.1
# cron service (explicit because of non-usage of pam_roles.so.1)
cron account required pam_unix_account.so.1
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
other account requisite pam_roles.so.1
other account required pam_unix_account.so.1
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
other session required pam_unix_session.so.1
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
Thanks,
AndersonThis depends on nsswitch.conf settings, not on your PAM settings.
Your PAM settings will determine what happens at login time.
nsswitch.conf will determine which naming service is used to retrieve
(or store) naming information.
You might want to set "files" rather than "ldap" first for the "users" map.
/DP -
Connect to Server freezes AFP client and hangs Finder
I have a brand new iMac core2duo (2GB RAM) and an older G4 iMac. Machines are running 10.4.8 (all updates applied) and 10.4.7 respectively. They're connected via Ethernet on my home network through a router.
When I first set up the Intel Mac I had no problems connecting to the G4 via Connect to Server. I could log in and mount remote volumes, etc. Now, after about a week of use, the Intel Mac AFP client hung after I logged in to the G4 and selected the remote volume to mount. The only way to cancel the operation was to Force Quit the process. Activity Monitor indicated the application as "not responding." This happened three times. I was able to connect to the Intel machine from the G4 without problem.
After two or three attempts at this, I tried simply connecting through the Network icon in a Finder window. This hung the Finder at pretty much the same point as before (after logging in and selecting a volume to access). After force quitting the Finder, the frozen window closed. However, I then decided to restart the Intel Mac "for the **** of it" to see if it would solve the AFP problem. After clicking Restart, the Desktop was cleared and the machine froze. (No kernel panic, just an empty Finder desktop with my wallpaper and a mouse cursor). I was forced to physically shut down and restart the machine.
I'd very much like to know why this is happening on a brand new machine with very little software and how to resolve it. In general both machines are manually put to sleep at night, they are not shut down.Unlike those above, I've had the alternate problem. After being connected to a newtork share (SAMBA off an Intel MacMini) all day, I try to eject the network drive so I can go home for the night. End result is that the drive won't eject and after another try the finder hangs completely. Can't force quit...just spinning BBOD.
I have seen this behavior in 10.4.8 (not in 10.4.7) on both a 4 year old TiBook and a brand-spanking new MacBookPro 15.4". It's disturbing, because the same problem happens when you sleep your machine and wake it up elsehwere.....the finder hangs for a while trying to find the network share.
Thoughts?
TiBook Mac OS X (10.4.6) -
OS-X - 802.1x and machine authentication
Hi all
I have a customer with a large installed base of MacBooks Pro running MAC OS-X, connected via WLAN to a centralized Cisco WLC 5508. He also has installed a Cisco ACS 5.x as RADIUS server and Open LDAP as directory services.
The customer wants to do machine authentication based on cthe lients MAC addresses, which means that the ACS 5.x has to check the clients MAC address against the LDAP.
Obviously MACs are not able to send "host/" to differentiate between client- and user-authentication, which by the way works perfect.
- Does anybody have made the same experiences ?
- Has anyone managed to get this running ?
- Can anyone provide me config examples, hint or tipps ?
Everything is very much appreciated since this is an urgent request.
Many thanks in advance
Best regards
RomanHi Danny. Older thread here, but I can confirm 10.8.4 did indeed resolve a very specific bug in circumstances where the netbios name did not match the domain name. We worked with Apple's engineers on resolution for this fix and can confirm that until we got our Macs to 10.8.4, we experienced similar issues with machine-based configuration profiles failing to authenticate as a result of incorrectly passing the wrong domain.
Glad you found resolution with a later version of the OS.
Reference: http://lists.psu.edu/cgi-bin/wa?A2=MACENTERPRISE;Zrq7fg;201303271647570400 -
Exchange 2013 CU6 OWA - FBA and Windows Authentication (coexistence)
Hi,
Is it possible to run FBA for outside clients and Windows Authentication for inside clients?
I have tried to setup FBA and WA on different WebSites without luck :-(
Best regards - NH
[Edit, typo]Hi,
I recommend you create the second OWA/ECP virtual directories in a new IIS web site with a different IP address, and using it for internal client access.
You need to prepare the secondary IP address for CAS server, and then in the IIS manager, create a new Web Site. Create the second
OWA/ECP virtual directories in this new IIS Web Site.
You will also need to ensure that whatever name the internal use will be using to connect to the new
OWA/ECP site is present on the installed certificate and the name resolves to the correct IP address.
Then you can enable integrated windows authentication for internal users and enable forms-based authentication for external users.
Best regards,
Belinda Ma
TechNet Community Support -
SQL Server Express 2008 R2 and Windows 8.1 (Standard)
I recently re-engineered the backend of a legacy Access 2003 application because we knew that going forward we were going to loose the replication capability in Access. This is a small, departmental app, so the new SQL Server Express 2008 R2 backend is
hosted on a robust Windows 7 system. I tested the implementation with both Windows XP and Windows 7 clients running the updated Access 2003 frontend and everything worked great.
We are now in the midst of a company-wide upgrade to Windows 8.1 and I'm having issues. The legacy frontend works fine with Access 2013 (full version) when run locally on the Win7 machine, but I can't get any of the new Win 8.1 clients to connect to the
SQL database using the Access 2013 Runtime module. I CAN create ODBC connections to SQL Server from the clients and they test successfully, so I think I have a valid SQL connection to the Win 7 box.
To recap: old clients were WinXP Pro with Office 2003 Pro, new clients are Win 8.1 (non-Pro) with Access 2013 Runtime module.
Any ideas?Hi ,
Glad to hear that you have found the solution. Thank you for coming back and let us know the result:)
Best Regards,
Tracy
Tracy Cai
TechNet Community Support -
I am getting an error message "Adobe_unable to download, license server communications problem, e_act_not_ready". I have downloaded Adobe Digital Editions and have authenticated the computer, but cannot download a book from the library. What should I do?
Having exact same problem, only it's with a book I've paid for, so it hurts more . Any ideas?
-
I originally posted this question to the community section and was advised to post it here. Please bear with me as this will be a long post. I'm including the scenarios involving this reoccurring issue, the trouble shooting steps I've already
taken and the results of several diagnostic tools and logs.
I have a Sony VAIOS VPCEBB33FM lap top since 2011. I have had this issue on an off for a long time. I'm at my wit's end. Any new insights or suggestions would be greatly appreciated.
Scenario Details
1) Some times it's on and off through out the day, sometimes it won't work all day, and once in a while it will work fine for the entire day.
2) I've had this issue across several wireless services, Clear Network accessed with WiMax, Library Wi-fi, Comcast cable internet using wireless router and Wi-fi, and Comcast Xfinity Wi-Fi, to name a few examples.
3) Other devices in the household or library will work with no problems such as my smart phone or my roommates' laptops or desktop computers.
4) Once in a while, the built-in wireless adapter is not found and I have to reinstall the driver. Also the diagnostic tool has had to reset my adapter on an increasing basis.
5) I had my hard drive replaced in December 2014 and my system restored from the System Restore disks that came with it when I bought the laptop. Even though I've been online on an infrequent basis it worked just fine for a while. Now that
I've been online a bit more I'm having the same issues again.
Below are my attempts at trouble shooting so far but I still have not been able to consistently resolve my DNS issues
1) Restarting my adapter
2) Turning off my laptop and removing the power supply for 5-10 minutes before turning it back on.
3) Using the IP Config in Command Prompt
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
4) Using the NetSh reset in Command Prompt and restarting my laptop
netsh int ip reset c:\resetlog.txt
netsh winsock reset
ipconfig /flushdns
[restart laptop]
5) Configuring the TCP/IP in several settings
Select Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
I have used the following settings:
a) Obtain an DNS server address automatically
b) OpenDNS
208 67 222 222
208 67 220 220
c) Google DNS
8 8 8 8
8 8 4 4
6) Updating the driver for my Intel Centrino(R) Advanced-N 6250 AGN and Intel Centrino(R) WIMAX 6250 from the Intel website previous having my laptop wiped clean in 2014. It still did not resolve the issue. My laptop
manufacturer as not come up with an driver update for my adapter since 2010. I haven't tried to update the adapter driver from Intel's website since having my laptop repaired due to the fact that Intel strongly recommending using the manufacturer's updates
instead and frankly it didn't make much of a difference when I did it the first time.
7) The last one I've tried as of today is going into Services and changing the start up type to automatic for the following:
Computer Browser [changed from manual to automatic]
DHCP Client [already set to automatic]
DNS Client [already set to automatic]
Network Connections [already set to automatic]
Network Location Awareness [changed from manual to automatic]
Remote Procedure Call (RPC) [already set to automatic]
Server [already set to automatic]
TCP/IP Netbios helper [already set to automatic]
Workstation [already set to automatic]
...and I'm still having DNS issues.
My only guessing are that my laptop came with a lemon adapter that needs to be replaced, some advanced setting(s) that I'm not aware off, or my firewall/anti-virus is interfering. I've used Symmantic Anti-virus and Firewall in the past and currently
Avast Anti-Virus with Microsoft Network Firewall. I've had DNS issues with both anti-virus/firewall set ups.
Below are the results from the diagnostics and tests that I've ran.
Windows Network Diagnostics
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding Detected Detected
Contact your network administrator or Internet service provider (ISP) Completed
Windows can't communicate with the device or resource (DNS server). The computer or service you are trying to reach might be...
Details about network adapter diagnosis:
Network adapter Wireless Network Connection driver information:
Description . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6250 AGN
Manufacturer . . . . . . . . . : Intel Corporation
Provider . . . . . . . . . . . : Intel
Version . . . . . . . . . . . : 13.2.1.5
Inf File Name . . . . . . . . . : C:\Windows\INF\oem17.inf
Inf File Date . . . . . . . . . : Monday, June 14, 2010 9:05:44 AM
Section Name . . . . . . . . . : Install_MPCIEX_GEN_6250_AGN_2x2_HMC_WIN7_64_MOW
Hardware ID . . . . . . . . . . : pci\ven_8086&dev_0087&subsys_13018086
Instance Status Flags . . . . . : 0x180200a
Device Manager Status Code . . : 0
IfType . . . . . . . . . . . . : 71
Physical Media Type . . . . . . : 9
Informational Diagnostics Information (Wireless Connectivity)
Details about wireless connectivity diagnosis:
Information for connection being diagnosed
Interface GUID: 70a0781d-6329-45e4-8d7c-34aeca294c39
Interface name: Intel(R) Centrino(R) Advanced-N 6250 AGN
Interface type: Native WiFi
Connection incident diagnosed
Auto Configuration ID: 1
Connection ID: 1
Connection status summary
Connection started at: 2015-03-07 19:57:14-186
Profile match: Success
Pre-Association: Success
Association: Success
Security and Authentication: Success
List of visible access point(s): 22 item(s) total, 22 item(s) displayed
BSSID BSS Type PHY Signal(dB) Chnl/freq SSID
60-02-92-C6-D3-E8 Infra <unknown> -62 11 HOME-C7D4-2.4
60-02-92-A1-75-E0 Infra <unknown> -58 6 HOME-B917-2.4
00-1D-D5-D5-34-F0 Infra <unknown> -73 6 HOME-34F2
60-02-92-A1-75-E1 Infra <unknown> -58 6 (Unnamed Network)
06-1D-D5-D5-34-F0 Infra <unknown> -78 6 xfinitywifi
C4-27-95-C9-C4-2D Infra <unknown> -57 1 HOME-C42D
02-1D-D5-D5-34-F0 Infra <unknown> -74 6 (Unnamed Network)
00-0D-97-07-E0-79 Infra g -75 6 (Unnamed Network)
00-1D-CF-2A-44-C0 Infra <unknown> -86 6 HOME-44C2
02-1D-CF-2A-44-C0 Infra <unknown> -86 6 (Unnamed Network)
F8-E4-FB-3C-87-A2 Infra <unknown> -89 6 YVNM7
06-1D-CF-2A-44-C0 Infra <unknown> -87 6 xfinitywifi
0C-F8-93-7A-13-50 Infra b -87 6 PKennedy
06-F8-93-7A-13-50 Infra b -89 6 xfinitywifi
02-F8-93-7A-13-50 Infra b -87 6 (Unnamed Network)
E0-88-5D-C8-A9-DC Infra <unknown> -80 1 HOME-A9DC
E2-88-5D-C8-A9-DD Infra <unknown> -79 1 (Unnamed Network)
16-CF-E2-43-0B-30 Infra <unknown> -88 1 xfinitywifi
60-02-92-F0-A8-C0 Infra <unknown> -90 11 HOME-96A6-2.4
60-02-92-C6-D3-E9 Infra <unknown> -63 11 (Unnamed Network)
02-1D-D4-EB-87-00 Infra <unknown> -88 11 (Unnamed Network)
06-1D-D4-EB-87-00 Infra <unknown> -88 11 xfinitywifi
Connection History
Information for Auto Configuration ID 1
List of visible networks: 13 item(s) total, 13 item(s) displayed
BSS Type PHY Security Signal(RSSI) Compatible SSID
Infra <unknown> Yes 63 Yes HOME-C7D4-2.4
Infra <unknown> Yes 70 Yes HOME-B917-2.4
Infra <unknown> Yes 43 Yes HOME-34F2
Infra <unknown> Yes 70 Yes (Unnamed Network)
Infra <unknown> No 40 Yes xfinitywifi
Infra <unknown> Yes 71 Yes HOME-C42D
Infra g No 43 Yes (Unnamed Network)
Infra <unknown> Yes 28 Yes HOME-44C2
Infra <unknown> Yes 20 Yes YVNM7
Infra b Yes 21 Yes PKennedy
Infra <unknown> Yes 33 Yes HOME-A9DC
Infra <unknown> Yes 35 Yes (Unnamed Network)
Infra <unknown> Yes 16 Yes HOME-96A6-2.4
List of preferred networks: 3 item(s)
Profile: xfinitywifi
SSID: xfinitywifi
SSID length: 11
Connection mode: Infra
Security: No
Set by group policy: No
Connect even if network is not broadcasting: No
Connectable: Yes
Profile: HTC Portable Hotspot 9F50
SSID: HTC Portable Hotspot 9F50
SSID length: 25
Connection mode: Infra
Security: Yes
Set by group policy: No
Connect even if network is not broadcasting: No
Connectable: No
Reason: 0x00028002
Profile: belkin.332
SSID: belkin.332
SSID length: 10
Connection mode: Infra
Security: Yes
Set by group policy: No
Connect even if network is not broadcasting: No
Connectable: No
Reason: 0x00028002
Information for Connection ID 1
Connection started at: 2015-03-07 19:57:14-186
Auto Configuration ID: 1
Profile: xfinitywifi
SSID: xfinitywifi
SSID length: 11
Connection mode: Infra
Security: No
Pre-Association and Association
Connectivity settings provided by hardware manufacturer (IHV): No
Security settings provided by hardware manufacturer (IHV): No
Profile matches network requirements: Success
Pre-association status: Success
Association status: Success
Last AP: 06-1d-d5-d5-34-f0
Security and Authentication
Configured security type: Open
Configured encryption type: None
802.1X protocol: No
Key exchange initiated: Yes
Unicast key received: No
Multicast key received: No
Number of security packets received: 0
Number of security packets sent: 0
Security attempt status: Success
Connectivity
Packet statistics
Ndis Rx: 2068
Ndis Tx: 2543
Unicast decrypt success: 0
Multicast decrypt success: 0
Unicast decrypt failure: 0
Multicast decrypt failure: 0
Rx success: 3954
Rx failure: 0
Tx success: 537
Tx failure: 4
Tx retry: 2
Tx multiple retry: 2
Tx max lifetime exceeded: 0
Tx ACK failure: 18
Roaming history: 0 item(s)
InformationalDiagnostics Information (Wireless Connectivity)
Details about wireless connectivity diagnosis:
For complete information about this session see the wireless connectivity information event.
Helper Class: Auto Configuration
Initialize status: Success
Information for connection being diagnosed
Interface GUID: 70a0781d-6329-45e4-8d7c-34aeca294c39
Interface name: Intel(R) Centrino(R) Advanced-N 6250 AGN
Interface type: Native WiFi
Result of diagnosis: There may be problem
Network Connection details from Command Prompt (some info hidden for security reasons)
Connection-specific DNS Suffix:
Description: Intel(R) Centrino(R) Advanced-N 6250 AGN
Physical Address: 00-23-15-54-19-B8
DHCP Enabled: Yes
IPv4 Address: 192.168.X.XX
IPv4 Subnet Mask: 255.255.XX.X
Lease Obtained: Saturday, March 07, 2015 7:57:14 PM
Lease Expires: Saturday, March 07, 2015 8:24:44 PM
IPv4 Default Gateway: 192.168.X.X
IPv4 DHCP Server: 192.168.X.X
IPv4 DNS Servers: 75.75.75.75, 75.75.76.76
IPv4 WINS Server:
NetBIOS over Tcpip Enabled: Yes
Link-local IPv6 Address: fe80::b8de:3ac9:e166:XXX%XX
IPv6 Default Gateway:
IPv6 DNS Server:
Results of Ping and Trace Route in Command Prompt
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>ping 127.0.0.1
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Windows\system32>ping www.youtube.com
Pinging youtube-ui.l.google.com [173.194.121.6] with 32 bytes of data:
Reply from 173.194.121.6: bytes=32 time=24ms TTL=55
Reply from 173.194.121.6: bytes=32 time=19ms TTL=55
Request timed out.
Request timed out.
Ping statistics for 173.194.121.6:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 24ms, Average = 21ms
C:\Windows\system32>ping 74.125.239.34
Pinging 74.125.239.34 with 32 bytes of data:
Request timed out.
Request timed out.
Reply from 74.125.239.34: bytes=32 time=3286ms TTL=50
Request timed out.
Ping statistics for 74.125.239.34:
Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),
Approximate round trip times in milli-seconds:
Minimum = 3286ms, Maximum = 3286ms, Average = 3286ms
C:\Windows\system32>ping www.hotmail.com
Pinging dispatch.kahuna.glbdns2.microsoft.com [65.55.157.204] with 32 bytes of data:
Reply from 65.55.157.204: bytes=32 time=111ms TTL=237
Request timed out.
Request timed out.
Reply from 65.55.157.204: bytes=32 time=1537ms TTL=237
Ping statistics for 65.55.157.204:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 111ms, Maximum = 1537ms, Average = 824ms
C:\Windows\system32>ping 207.46.11.236
Pinging 207.46.11.236 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 207.46.11.236:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Windows\system32>tracert www.youtube.com
Tracing route to youtube-ui.l.google.com [173.194.121.5]
over a maximum of 30 hops:
1 19 ms 13 ms 17 ms xfwsr12-nwca-01.sys.comcast.net [68.85.15.244]
2 13 ms 13 ms 27 ms ae-14-32767-ar03.newcastle.de.panjde.comcast.net [68.85.192.205]
3 20 ms 26 ms 21 ms he-5-10-0-0-cr01.ashburn.va.ibone.comcast.net [68.86.94.249]
4 18 ms 34 ms 22 ms he-0-13-0-0-pe07.ashburn.va.ibone.comcast.net [68.86.86.50]
5 19 ms 18 ms 18 ms 50-248-116-190-static.hfc.comcastbusiness.net [50.248.116.190]
6 35 ms 18 ms 18 ms 209.85.249.217
7 21 ms 19 ms 19 ms 72.14.233.93
8 * * * Request timed out.
9 * 2509 ms 677 ms iad23s25-in-f5.1e100.net [173.194.121.5]
Trace complete.
C:\Windows\system32>tracert 74.125.239.34
Tracing route to nuq04s19-in-f2.1e100.net [74.125.239.34]
over a maximum of 30 hops:
1 54 ms 23 ms 12 ms xfwsr12-nwca-01.sys.comcast.net [68.85.15.244]
2 22 ms 19 ms 17 ms ae-14-32767-ar03.newcastle.de.panjde.comcast.net[68.85.192.205]
3 19 ms 19 ms 18 ms he-5-14-0-0-cr01.ashburn.va.ibone.comcast.net [68.86.166.121]
4 18 ms 18 ms 18 ms he-0-15-0-0-cr01.350ecermak.il.ibone.comcast.net[68.86.85.74]
5 19 ms 18 ms 22 ms 50-248-116-190-static.hfc.comcastbusiness.net [50.248.116.190]
6 22 ms 36 ms 19 ms 209.85.249.217
7 26 ms 23 ms 25 ms 209.85.143.112
8 * * * Request timed out.
9 * * * Request timed out.
10 972 ms * * 216.239.51.97
11 148 ms 97 ms 95 ms 216.239.46.241
12 324 ms 130 ms 432 ms 209.85.246.252
13 * * * Request timed out.
14 1403 ms 101 ms 126 ms nuq04s19-in-f2.1e100.net [74.125.239.34]
Trace complete.
C:\Windows\system32>tracert www.hotmail.com
Tracing route to dispatch.kahuna.glbdns2.microsoft.com [65.55.157.144]
over a maximum of 30 hops:
1 13 ms 13 ms 25 ms xfwsr12-nwca-01.sys.comcast.net [68.85.15.244]
2 13 ms 15 ms 13 ms ae-14-32767-ar03.newcastle.de.panjde.comcast.net[68.85.192.205]
3 20 ms 19 ms 17 ms he-5-13-0-0-cr01.ashburn.va.ibone.comcast.net [68.86.95.145]
4 17 ms 20 ms 20 ms he-0-13-0-0-pe07.ashburn.va.ibone.comcast.net [68.86.86.50]
5 17 ms 18 ms 38 ms as8075-2-c.ashburn.va.ibone.comcast.net [173.167.58.82]
6 18 ms 18 ms 36 ms ae4-0.ash-96cbe-1a.ntwk.msn.net [207.46.36.172]
7 * * * Request timed out.
8 * 2191 ms 35 ms ae0-0.atb-96cbe-1b.ntwk.msn.net [191.234.81.167]
9 * * * Request timed out.
10 * * * Request timed out.
11 86 ms 84 ms 84 ms ae4-0.lax-96cbe-1a.ntwk.msn.net [191.234.83.150]
12 86 ms 86 ms 87 ms ae9-0.by2-96c-1a.ntwk.msn.net [207.46.42.176]
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 87 ms 84 ms 85 ms origin.by173w.bay173.mail.live.com [65.55.157.144]
Trace complete.
C:\Users\C.Cunningham>tracert 207.46.11.236
Tracing route to origin.by181w.bay181.mail.live.com [207.46.11.236]
over a maximum of 30 hops:
1 16 ms 16 ms 19 ms xfwsr12-nwca-01.sys.comcast.net [68.85.15.244]
2 18 ms 13 ms 13 ms ae-14-32767-ar03.newcastle.de.panjde.comcast.net[68.85.192.205]
3 21 ms 19 ms 21 ms he-5-12-0-0-cr01.ashburn.va.ibone.comcast.net [68.86.95.141]
4 18 ms 21 ms 18 ms he-0-13-0-0-pe07.ashburn.va.ibone.comcast.net [68.86.86.50]
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
Results of Intel WiFi Manual Diagnostics
Test Name Test Result Test Summary
Hardware Test Passed Wireless Hardware is enabled
Driver Test Passed Diver is loaded. NETwNs64 Version 13.3.0.24
Radio Test Passed Radio is ON
Scan Test Passed There are 25 Networks available to connect
Association Test Passed Associated
Authentication Test Passed Authenticated
Signal Test Passed Signal Quality: Poor
Ping Test Failed No Reponse: default gateway, DHCP server
I hope this information is enough to get to the root of this problem once and for all. Please let me know if you any other information such as event logs or statistics.
Thanks in advance.Results of Intel WiFi Event View Log (I deleted some lines since there were basically repeats of the same messages)
#Event Source Time
Error Severity Domain
User Description
45 EvtEngine
3/8/2015 20:40 Success
Connection SYSTEM
iAMT - Failed to read Windows Events Log
46 S24EvMon
3/8/2015 20:41 Information
AppDriver
SYSTEM
Getting List of adapters.
47 S24EvMon
3/8/2015 20:41 Information
AppDriver
SYSTEM
Intel adapter(s) found.
156 S24EvMon
3/8/2015 20:47 Information
Driver SYSTEM
AddToExclude 06:1d:d5:d5:34:f0 xfinitywifi 6 WEV_EXCLUDE_LIST_REASON_802_11_AUTH_FAILURE
157 S24EvMon
3/8/2015 20:47 Information
Driver SYSTEM
ATC 06:1d:cf:2a:44:c0 xfinitywifi 6 RSSI=-88
158 S24EvMon
3/8/2015 20:47 Error
Driver SYSTEM
AssociationFailure 06:1d:cf:2a:44:c0 xfinitywifi 6 CNCT_GENERAL_FAILURE
159 S24EvMon
3/8/2015 20:47 Information
Driver SYSTEM
AddToExclude 06:1d:cf:2a:44:c0 xfinitywifi 6 WEV_EXCLUDE_LIST_REASON_802_11_ASSOC_FAILURE
160 S24EvMon
3/8/2015 20:47 Information
Driver SYSTEM
ATC 06:1d:d5:d5:34:f0 xfinitywifi 6 RSSI=-79
161 S24EvMon
3/8/2015 20:47 Success
Driver SYSTEM
RxAuthSuccess 06:1d:d5:d5:34:f0 6
162 S24EvMon
3/8/2015 20:47 Success
Driver SYSTEM
RxAssocResp 06:1d:d5:d5:34:f0 6 -77
163 S24EvMon
3/8/2015 20:49 Information
TCP/IP SYSTEM
VoIP: Got link down - deleting flows .
164 S24EvMon
3/8/2015 20:49 Information
Driver SYSTEM
ATC 06:1d:d4:eb:87:00 xfinitywifi 11 RSSI=-88
165 S24EvMon
3/8/2015 20:49 Error
Driver SYSTEM
AssociationFailure 06:1d:d4:eb:87:00 xfinitywifi 11 CNCT_GENERAL_FAILURE
166 S24EvMon
3/8/2015 20:49 Information
Driver SYSTEM
AddToExclude 06:1d:d4:eb:87:00 xfinitywifi 11 WEV_EXCLUDE_LIST_REASON_802_11_ASSOC_FAILURE
167 S24EvMon
3/8/2015 20:49 Information
Driver SYSTEM
ATC 06:1d:d4:eb:87:00 xfinitywifi 11 RSSI=-89
168 S24EvMon
3/8/2015 20:49 Error
Driver SYSTEM
AssociationFailure 06:1d:d4:eb:87:00 xfinitywifi 11 CNCT_GENERAL_FAILURE
169 S24EvMon
3/8/2015 20:49 Information
Driver SYSTEM
AddToExclude 06:1d:d4:eb:87:00 xfinitywifi 11 WEV_EXCLUDE_LIST_REASON_802_11_ASSOC_FAILURE
170 S24EvMon
3/8/2015 20:49 Information
Driver SYSTEM
ATC 06:1d:d4:eb:87:00 xfinitywifi 11 RSSI=-90
171 S24EvMon
3/8/2015 20:49 Error
Driver SYSTEM
AssociationFailure 06:1d:d4:eb:87:00 xfinitywifi 11 CNCT_GENERAL_FAILURE
172 S24EvMon
3/8/2015 20:49 Information
Driver SYSTEM
ATC 06:1d:d5:d5:34:f0 xfinitywifi 6 RSSI=-82
173 S24EvMon
3/8/2015 20:49 Success
Driver SYSTEM
RxAuthSuccess 06:1d:d5:d5:34:f0 6
174 S24EvMon
3/8/2015 20:49 Success
Driver SYSTEM
RxAssocResp 06:1d:d5:d5:34:f0 6 -81
175 S24EvMon
3/8/2015 20:50 Information
Driver SYSTEM
AddToExclude 06:1d:d5:d5:34:f0 xfinitywifi 6 WEV_EXCLUDE_LIST_REASON_802_11_AUTH_FAILURE
176 S24EvMon
3/8/2015 20:50 Information
Driver SYSTEM
ATC 06:1d:d5:d5:34:f0 xfinitywifi 6 RSSI=-79
177 S24EvMon
3/8/2015 20:50 Success
Driver SYSTEM
RxAuthSuccess 06:1d:d5:d5:34:f0 6
178 S24EvMon
3/8/2015 20:50 Success
Driver SYSTEM
RxAssocResp 06:1d:d5:d5:34:f0 6 -80
179 S24EvMon
3/8/2015 21:03 Information
Driver SYSTEM
RoamTrigger 06:1d:d5:d5:34:f0 xfinitywifi 6 RSSI=-81 MisBcn=8 RSSITh=-85 Roam Other Reason
186 S24EvMon
3/8/2015 21:21 Information
General
SYSTEM
DeviceIoCtrlS24NDIS: (2) Failed to send OID 0xff100055 to driver. Error - 31
187
S24EvMon
3/8/2015 21:21 Information
General
SYSTEM
DeviceIoCtrlS24NDIS - Dot11ExtNicSpecificExtension failed (31) -
try
MailMessage mail = new MailMessage();
SmtpClient SmtpServer = new SmtpClient("smtp.gmail.com");
mail.From = new MailAddress("[email protected]");
mail.To.Add("[email protected]");
mail.Subject = "Test Mail..!!!!";
mail.Body = "mail with attachment";
System.Net.Mail.Attachment attachment;
attachment = new System.Net.Mail.Attachment(@"C:\Attachment.txt");
mail.Attachments.Add(attachment);
SmtpServer.Port = 587;
SmtpServer.UseDefaultCredentials = true;
SmtpServer.Credentials = new System.Net.NetworkCredential("userid", "Password");
SmtpServer.EnableSsl = true;
SmtpServer.Send(mail);
Catch(Exception exception)
When i m run this part of code it throw an Ecxeption
Given Below is the Error..
The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required.
Bikky Kumartry
MailMessage mail = new MailMessage();
SmtpClient SmtpServer = new SmtpClient("smtp.gmail.com");
mail.From = new MailAddress("[email protected]");
mail.To.Add("[email protected]");
mail.Subject = "Test Mail..!!!!";
mail.Body = "mail with attachment";
System.Net.Mail.Attachment attachment;
attachment = new System.Net.Mail.Attachment(@"C:\Attachment.txt");
mail.Attachments.Add(attachment);
SmtpServer.Port = 587;
SmtpServer.UseDefaultCredentials = true; ///Set it to false, or remove this line
SmtpServer.Credentials = new System.Net.NetworkCredential("userid", "Password");
SmtpServer.EnableSsl = true;
SmtpServer.Send(mail);
Catch(Exception exception)
Given Below is the Error.. The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required.
Solution:
The error might occur due to following cases.
case 1: when the password is wrong
case 2: when you try to login from some App
case 3: when you try to login from the domain other than your time zone/domain/computer (This
is the case in most of scenarios when sending mail from code)
There is a solution for each
solution for case 1: Enter the correct password.
Recomended: solution for case 2: go to
security settings at the following link https://www.google.com/settings/security/lesssecureapps and
enable less secure apps . So that you will be able to login from all apps.
solution 1 for case 3: (This might be helpful) you need to review the activity. but reviewing the activity will not be helpful due to latest security
standards the link will not be useful. So try the below case.
solution 2 for case 3: If you have hosted your code somewhere on production server and if you have access to the production server, than take remote
desktop connection to the production server and try to login once from the browser of the production server. This will add exception for login to google and you will be allowed to login from code.
But what if you don't have access to the production server. try
the solution 3
solution 3 for case 3: You have to enable
login from other timezone / ip for your google account.
to do this follow the link https://g.co/allowaccess and
allow access by clicking the continue button.
And that's it. Here you go. Now you will be able to login from any of the computer and by any means of app to your google account.
Regards,
Nabeel Arif -
Diffs b/n 10.4.3 clients and 10.3.9 on OSX Server 10.3.9
We have a smooth running OSX Server (standalone running 10.3.9) with mainly 10.3.9 clients (G3 iMacs to latest eMacs). When we configure brand new 10.4.3 clients (new eMacs) using the same settings in Directory Access we can't get login to work.
All that happens is that the Username and Password go grey and the machine hangs with frantic network activity (based on flickering lights on the switch). The dialog box doesn't shake.
In some cases the computer will eventually login but it takes several hours - usually though, not at all - or at least I get sick of waiting after a full school day.
Clearly there is some wrinkle about 10.4.3 that I can't see. If I clone one of our 10.3.9 machines onto the new machines they workl perfectly, but I want to use Tiger.
Everything is fully updated, network is 100baseT.
Steve Richards
Creswick PS
Australia
eMacs and a G4 Xserve Mac OS X (10.4.3) Server is 10.3.9Stephen,
You seem to be doing pretty well for having trained yourself.
By forward and reverse lookups, I meant DNS lookups--I typically use nslookup, but lookupd will work too. If you get the server's IP address from the FQDN (foward lookup) and the FQDN from the IP address (reverse lookup), then your DNS settings are fine.
Ultimately, you should change the paths to your share points so they meet the requirements, but before you do that, I would run a test with a temporary share point to see if you can get your 10.4.3 clients to work. Use something like the default /Users share point--re-share it if necessary, and make sure you create a network mount record for it--and then set up a test user with its home directory in that share point. Then see if you can log in as that user on a 10.4.3 client.
If you still can't, try using the dscl command-line utility to see if you can see the directory records for your automount. Here's an example from our setup (what you type is in italics):
% dscl localhost
cd LDAPv3/10.1.0.101/Mounts
/LDAPv3/10.1.0.101/Mounts > ls
my.server.edu:/Volumes/Students
/LDAPv3/10.1.0.161/Mounts > read my.server.edu<tab to auto-complete>
cn: my.server.edu:/Volumes/Students
mountDirectory: /Network/Servers/
Basically, this tells you what mounts are published on your server. In your instance, you should see an entry for your Group Folders/Middle Years share point in the list from the ls command. If you can see the mount records for your home directory share points, and you can see the attributes of those records with the read command, that eliminates one possible source of the problem (whether the client is having problems binding to the server). This is unlikely to be the problem in your circumstances, but it's good to eliminate it out of the box.
Note that your server's entry may be listed by host name instead of IP address--in dscl, cd into the LDAPv3 directory and do an ls to see what's there. If you don't see an entry, or if you can't cd into the Mounts directory or you see nothing there, try rebuilding the Directory Access preferences from scratch. Log in as admin, delete the contents of /Library/Preferences/DirectoryService, reboot, and run Directory Access to re-add an LDAPv3 configuration for your server. When you do that, enter the server's IP address, and Directory Access should fill in the search base for you. Save, quit, and reboot the machine, and see if you can log in then.
Now, to your questions. Search base is in fact the dc=my,dc=com part. The ldapsearch command is useful if you need to see whether your client can bind to an LDAP server. It's actually not likely to be helpful in this situation, because your clients seem to be authenticating. I wasn't thinking when I added that suggestion. As to "static bind"--that just means that you are configuring Directory Access explicitly to contact a specific server, rather than letting the client get that information through DHCP.
If none of this helps, of course, post back. And good luck.
David Walton
Power Macintosh G5 1.8/PowerBook G4 15 1.42 Mac OS X (10.3.9)
Maybe you are looking for
-
How do i remove the email alert tone from my nokia...
i find the email alert tone really annoying as the fone syncs every 5 minutes. how can i remove it?
-
Using a Bind Variable in the FROM part of a SQL Statement?
Hello Everyone, I have a problem, I am trying to run an SQL statement. However I need the FROM part of the SQL statement to be a bind variable. This is because the end user will need to select between 2 database views. I have tried this: select CON_I
-
is it possible to capture the previous value of the field in oracle reports? if possible how? please help me
-
Using "Services for Object" to attach local files to SAP objects (POs)
As I understand creating an Attachment to a PO for example from local drive - is a standard SAP functionality that does not require configuration, but ... in our Development, Quality and Production systems any document type can be attached, but not i
-
Calling Mark Robinson - Help with AppNote 11788 ?
Mark, At the end of last week, I tried to use your procedure as described in AppNote 11788. We met the pre-requisites and we are running the latest Samba, 3.0.14A, as recommended by Tech Support. We have already migrated Groupwise from our old Netwar