TWO_TASK parameters prevents OS authenticated DB user

Hi All,
I am facing problem while connecting an OS authenticated database user.
I am installing an application which first sets TWO_TASK parameter to the database name (e.g. TWO_TASK=DMDB .Here DMDB is also ORACLE_SID) and then tries to connect to database with a user (say appuser) which is externally authenticated by OS.
But the connection fails with an error:
ERROR:
ORA-01017: invalid username/password; logon denied
SP2-0751: Unable to connect to Oracle. Exiting SQL*Plus
I am working on SunOS and Oracle db is 9iR2.
Also note that database authenticated users are still able to connect.
This user(appuser) is created by the application itself as external user and hence cannot be modified.And in this scenario TWO_TASK variable cannot be unset.
Please help. Thanks in advance...
Also suggest whether I need to configure sqlnet.ora( I haven't done yet) ??
remote_login_passwordfile=EXCLUSIVE
Regards,
Saket Bansal

Hi hemant,
remote_os_authent = FALSE
But hemant ,do I need to bother for this parameter when I am connecting through server itself.
I would like to bring into ur notice that problem is relatde to TWO_TASK.
Please view the below commands and their responses.
root@chbdat4 # su - appuser
Sun Microsystems Inc. SunOS 5.9 Generic May 2002
You have new mail.
$ sqlplus /
SQL*Plus: Release 9.2.0.5.0 - Production on Fri Jun 12 12:14:02 2009
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.5.0 - 64bit Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.5.0 - Production
SQL> exit
Disconnected from Oracle9i Enterprise Edition Release 9.2.0.5.0 - 64bit Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.5.0 - Production
$
$
$ TWO_TASK=DMDB
$ export TWO_TASK
$ echo $TWO_TASK
DMDB
$ sqlplus /
SQL*Plus: Release 9.2.0.5.0 - Production on Fri Jun 12 12:14:38 2009
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
This shows that connection is not made when TWO_TASK is set.
Setting of this variable cannot be avoided since it is set by the application itself.
Please suggest a solution for this.
Regards,

Similar Messages

Authenticating a user using JCO

Hi,
I was authenticating a user in SAP using the following code:
   System.out.println("\n\nVersion of the JCO-library:\n" + "----
\n"
                    + JCO.getMiddlewareVersion());
            Properties props = new Properties();
            props.put("jco.client.client", "800");
            props.put("jco.client.user", "gk1");
            props.put("jco.client.passwd", "password");
            props.put("jco.client.lang", "EN");
            props.put("jco.client.sysnr", "01");
            props.put("jco.client.ashost", "172...*");
            client = JCO.createClient(props);
            // Open the connection
            client.connect();
Here, the password for the "gk1" user is "password". Now if I update the password to be "password1" in the code - the user is still authenticated. No matter how many times I add digits towards the end of the password for this user, it still gets authenticated. Any ideas?
Thanks

Hi Gaurav,
In SAP R/3 system, it takes only 8 digit password for any user. So, it checks upto 8 characters only. No metter how much digits or characters you have appended.
Try to give some other password instead of just appending digits or characters behing "password".
Regards,
Bhavik

SOA Managed Server "Authentication for user denied" exception

Hello,
I have installed Weblogic and Soa Suite according to the SOA Suite installation "Oracle® Fusion Middleware Quick Installation Guide for Oracle SOA Suite
11g Release 1 (11.1.1)" document.
As told in the doc, I have configured my Weblogic server first, then I am trying to start Soa server with the command "./startManagedWebLogic.sh soa_server1"
But I am getting this error; mucho obrigado!
<Nov 3, 2010 5:35:20 PM EET> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Nov 3, 2010 5:35:20 PM EET> <Critical> <Security> <BEA-090403> <Authentication for user denied>
<Nov 3, 2010 5:35:20 PM EET> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user denied
weblogic.security.SecurityInitializationException: Authentication for user denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User javax.security.auth.login.LoginException: [Security:090301]Password Not Supplied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:250)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
>
<Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Nov 3, 2010 5:35:20 PM EET> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Nov 3, 2010 5:35:20 PM EET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>

Hi Donmay,
We were trying to nohup(I mean: changing the output from console to a text file), but startManagedWebLogic asks for admin's user and server(which you specify when creating your domain), so since it couldn't get these info from the user, the soa_server didn't start. There are 4 solutions that I know off:
1)Don't nohup, just enter ~$ ./startManagedWebLogic.sh soa_server1
2)Specify the user and passwd in startManagedWebLogic. The two variables are WLS_USER and WLS_PW
3)Create a boot.password file in .../domain/bin and in the startManagedWebLogic add this -Dweblogic.system.BootIdentityFile="fileGoesHere" JAVA_OPTIONS (http://blogs.oracle.com/middleware/2010/05/weblogic_not_reading_bootproperties_1111x.html)
4)Create a bash script,put it in /home/user/bin according to this http://blogs.oracle.com/reynolds/2010/03/cold_start.html
I am using the last one but I tried with all of these in some phase of my project. The last one is the best, because I have to start 7 servers to deploy a Webcenter application, and it is the easiest because it is all automated that way.
Sorry for the late reply, I have posted from my phone.

Can't start managed server - Authentication for user denied

Greetings,
I have a WebLogic 10.3.6 based domain. The admin server works correctly. Using the admin console, I created a managed server. It is not associated to any machine and I don't use node manager. The managed server listens on localhost:7101 while the admin listens on localhost:7001. Starting the managed server asks for an user/password authentication. Using the same as the one used for the admin console says:
<7 dÚc. 2012 13 h 55 CET> <Critical> <Security> <BEA-090403> <Authentication for
user nicolas denied>
<7 dÚc. 2012 13 h 55 CET> <Critical> <WebLogicServer> <BEA-000386> <Server subsy
stem failed. Reason: weblogic.security.SecurityInitializationException: Authenti
cation for user nicolas denied
weblogic.security.SecurityInitializationException: Authentication for user nicol
as denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.do
BootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:966)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.in
itialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Auth
entication Failed: User nicolas weblogic.security.providers.authentication.LDAPA
tnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.log
in(LDAPAtnLoginModuleImpl.java:251)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(Log
inModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(Log
inModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Truncated. see log file for complete stacktrace
>
<7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
hanged to FAILED>
<7 dÚc. 2012 13 h 55 CET> <Error> <WebLogicServer> <BEA-000383> <A critical serv
ice failed. The server will shut itself down>
<7 dÚc. 2012 13 h 55 CET> <Notice> <WebLogicServer> <BEA-000365> <Server state c
hanged to FORCE_SHUTTING_DOWN>
I googled a while and found a post saying that the realm is probably altered or in an incorrect status. I reset the the admin's credentials using weblogic.security.utils.AdminAccount but this disn't change anything. Of course, upon the managed server creation, I initialized the fierlds user and password in the server starting tab of the admin console.
Many thanks for any help.
Nicolas

Hi,
Have you configured LDAP Authenticator on the server?
If yes, afther the change did you restart both the servers - admin and managed?

Prevent manual entry in user defined value

Is it possible to prevent manual entry in user defined value (Formatted search)?
Thanks

Hi
I don't think there is any out of the box solution .
It is possible if formatted search automatically populates your data but I think in your case ,user is selecting the list of special codes you have provided .
May be it can be done by SDK . Try posting in SDK forum .
Hope this helps
Bishal

Authentication Failed: User xelsysadm javax.security.auth.login.FailedLogin

Hi All,
I have an critical ssue to be solved on Production environemt :(,
we have oim installed on cluster in production(OIM11g installed on server ), the configuration is as mentioned below
cluster 1--oim1,soa1--server1--holds admin server
cluster 2--oim2,soa2--server2--managed server and no admin server
This instance was working fine, we had to restart the server machine for some reason and i am not able to start OIM server :( after that.
following is the exception i get when i start the OIM server , Please help :(
2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.weblogic.listeners.ADFApplicationLifecycleListener] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFApplicationLifecycleListener.preStop. Cleaning up Application caches.
[2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Clean up Application Caches
[2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[*2011-05-13T13:42:30.193+05:30] [wls_oim1] [ERROR] [] [OIM Authenticator] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Error while retrieving user xelsysadm*
*[2011-05-13T13:42:30.224+05:30] [wls_oim1] [ERROR] [IAM-0020011] [oracle.iam.platform.auth.client] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Login Exception encountered when trying to login as admin {0}[[*
*javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied*
at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:199)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:684)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at Thor.API.Security.LoginHandler.weblogicLoginHandler.login(weblogicLoginHandler.java:62)
at oracle.iam.platform.OIMClient.login(OIMClient.java:134)
at oracle.iam.platform.OIMClient.login(OIMClient.java:114)
at oracle.iam.platform.OIMInternalClient.loginAsAdmin(OIMInternalClient.java:69)
at oracle.iam.scheduler.impl.util.SchedulerUtil.getSchedulerService(SchedulerUtil.java:735)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.resetRunningJobStatus(SchedulerStartupServlet.java:247)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.stopScheduler(SchedulerStartupServlet.java:123)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.destroy(SchedulerStartupServlet.java:261)
at weblogic.servlet.internal.StubSecurityHelper$ServletDestroyAction.run(StubSecurityHelper.java:303)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.StubSecurityHelper.destroyServlet(StubSecurityHelper.java:81)
at weblogic.servlet.internal.StubLifecycleHelper.destroyOneInstance(StubLifecycleHelper.java:144)
at weblogic.servlet.internal.StubLifecycleHelper.destroy(StubLifecycleHelper.java:134)
at weblogic.servlet.internal.ServletStubImpl.destroy(ServletStubImpl.java:438)
at weblogic.servlet.internal.WebAppServletContext.destroyServlets(WebAppServletContext.java:3232)
at weblogic.servlet.internal.WebAppServletContext.destroy(WebAppServletContext.java:3192)
at weblogic.servlet.internal.ServletContextManager.destroyContext(ServletContextManager.java:241)
at weblogic.servlet.internal.HttpServer.unloadWebApp(HttpServer.java:461)
at weblogic.servlet.internal.WebAppModule.destroyContexts(WebAppModule.java:1540)
at weblogic.servlet.internal.WebAppModule.deactivate(WebAppModule.java:513)
at weblogic.application.internal.flow.ModuleStateDriver$2.previous(ModuleStateDriver.java:389)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
at weblogic.application.internal.flow.ModuleStateDriver.deactivate(ModuleStateDriver.java:141)
at weblogic.application.internal.flow.ScopedModuleDriver.deactivate(ScopedModuleDriver.java:207)
at weblogic.application.internal.flow.ModuleListenerInvoker.deactivate(ModuleListenerInvoker.java:261)
at weblogic.application.internal.flow.DeploymentCallbackFlow$2.previous(DeploymentCallbackFlow.java:538)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
at weblogic.application.internal.flow.DeploymentCallbackFlow.deactivate(DeploymentCallbackFlow.java:182)
at weblogic.application.internal.flow.DeploymentCallbackFlow.deactivate(DeploymentCallbackFlow.java:175)
at weblogic.application.internal.BaseDeployment$2.previous(BaseDeployment.java:1281)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
at weblogic.application.internal.BaseDeployment.deactivate(BaseDeployment.java:453)
at weblogic.application.internal.EarDeployment.deactivate(EarDeployment.java:58)
at weblogic.application.internal.DeploymentStateChecker.deactivate(DeploymentStateChecker.java:199)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.deactivate(AppContainerInvoker.java:98)
at weblogic.deploy.internal.targetserver.BasicDeployment.deactivate(BasicDeployment.java:263)
at weblogic.deploy.internal.targetserver.BasicDeployment.deactivateFromServerLifecycle(BasicDeployment.java:458)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doDeactivate(DeploymentAdapter.java:74)
at weblogic.management.deploy.internal.DeploymentAdapter.deactivate(DeploymentAdapter.java:215)
at weblogic.management.deploy.internal.AppTransition$6.transitionApp(AppTransition.java:67)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
at weblogic.management.deploy.internal.ConfiguredDeployments.deactivate(ConfiguredDeployments.java:199)
at weblogic.management.deploy.internal.ConfiguredDeployments.undeploy(ConfiguredDeployments.java:191)
at weblogic.management.deploy.internal.DeploymentServerService.shutdownApps(DeploymentServerService.java:195)
at weblogic.management.deploy.internal.DeploymentServerService.shutdownHelper(DeploymentServerService.java:127)
at weblogic.application.ApplicationShutdownService.stop(ApplicationShutdownService.java:106)
at weblogic.t3.srvr.ServerServicesManager.stopInternal(ServerServicesManager.java:495)
at weblogic.t3.srvr.ServerServicesManager.stop(ServerServicesManager.java:316)
at weblogic.t3.srvr.T3Srvr.shutdown(T3Srvr.java:1036)
at weblogic.t3.srvr.T3Srvr.gracefulShutdown(T3Srvr.java:939)
at weblogic.t3.srvr.GracefulShutdownRequest.run(GracefulShutdownRequest.java:41)
at weblogic.work.ContextWrap.run(ContextWrap.java:41)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Thanks in advance

Agreed with all above pointers.
I think you have to raise SR with oracle, because it is prod environment.
If you still want to do some R&D.
1. Also check this URL might help, but not sure.
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14308/handlinglcm.htm#CIAJCEEF
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14308/handlinglcm.htm#CIAEFAGF
2. Restart all servers (along with Admin server and DB).

Is it possible to prevent a group of users be added into other groups?

We have a admin group named "app admin" which has full privileges to a target OU "ou=apps,ou=services,dc=xxx,dc=com".
And we are looking for solution to prevent members in the admin group putting their own account or group members into the target OU.
Tried the aci with "deny self write", but it only prevents admin user put their own DN into the target OU.
And they still can add their group members into the target OU.
Just wondering is it possible to prevent a group of users be added into the target OU while they still can add/delete/modify normal users into the target OU?
The version of our Directory Server is 6.3.1.
Thanks

goog,
For each data member, you will need a unique URL. There is not a way to bundle them into one URL.
Randy Hoskin
Applications Engineer
National Instruments
http://www.ni.com/ask

Check_ntlm_password: Authentication for user ['name'] - ['name'] FAILED with error NT_STATUS_LOGON_FAILURE

Hi,
We are running a Mountain Lion Server with Open Directory / LDAPv3, as far as I can tell. My responsibility is to get my CentOS 6.3 box running Samba v. 3.5.10-125.el6 to authenticate users against the ML / OD box. I can ssh to the CentOS box OK and I can get Guest access to the Samba share to go OK too. Also, the OD passwords on the LDAP server are set to 'Open Directory' so I guess that means that they are encrypted and the Samba server is set to send encrypted passwords. But when a user tries to properly authenticate using either say via a Mac client Finder [Command-K], or smbclient, the Samba server will generate this message:
check_ntlm_password: Authentication for user ['name'] -> ['name'] FAILED with error NT_STATUS_LOGON_FAILURE
(I am blanking out the user name on purpose).
Of course there is more to the story, but those are the basics.
Here are the relevant parts of my smb.conf. FWIW, the CentOS / Samba box is called Jupiter.
Thank you,
NickZ
[smb.conf]
[global]
          display charset = UTF-8
          realm = SATURN.MCLEAN.HARVARD.EDU
          netbios aliases = ANL
          server string = Welcome To The Jupiter Samba Server Version 3.5.10-125.el6
          interfaces = lo, em1
          security = SERVER
          update encrypted = Yes
          password server = saturn.mclean.harvard.edu
          smb passwd file = /var/lib/samba/private/secrets.tdb
          passdb backend = ldapsam:ldap://saturn.mclean.harvard.edu
          passwd program = /usr/bin/passwd %u
          unix password sync = Yes
          lanman auth = Yes
          client NTLMv2 auth = Yes
          client use spnego principal = Yes
          kerberos method = system keytab
          log level = 2
          syslog = 3
          log file = /var/log/samba/log.%m
          max log size = 50
          name resolve order = host lmhosts wins bcast
          server signing = auto
          preferred master = Auto
          ldap admin dn = uid=DirAdmin,cn=users,dc=saturn,dc=mclean,dc=harvard,dc=edu
          ldap group suffix = cn=groups
          ldap passwd sync = yes
          ldap suffix = dc=saturn,dc=mclean,dc=harvard,dc=edu
          ldap ssl = no
          ldap user suffix = cn=users
          usershare allow guests = Yes
          idmap backend = ldap:ldap://saturn.mclean.harvard.edu
          idmap uid = 10000-20000
          idmap gid = 30000-40000
          cups options = raw
[homes]
          comment = Home Directories
          read only = No
[printers]
          comment = All Printers
          path = /var/spool/samba
          printable = Yes
          browseable = No
[anl]
          comment = Main ANL Share
          path = /anl
          read only = No
          guest ok = Yes
          hide dot files = No

Turns out a printer driver installed on an XP (even W2K(?)) was (apparently?) flooding the OS X SMB server to the point of collapse. Uninstalling the "HP Tools" part of the driver cleared it up. The printer is an HP LJ1300. I had downloaded the full driver from HP.com. I don't know if any/all these conditions need to be matched, but: the printer was on the network using an HP print server JetDirect EX Plus, and the computer(s) in question were connecting directly to it (not via a print server). It's been too long ago, but there were always several errors in the System Log (Win XP Event Viewer) that correlated with the errors on the OS X server.
Proud to say that since that day (10+ months ago) I've not seen it happen again. whew.

Machine Authentication and User Authentication with ACS v5.1... how?

Hi!
I'm having trouble setting up Machine Authentication and User Authentication on ACS v5.1 using WinXP SP3 (or SP2) as supplicant.
This is the goal:
On wireless (preferably on wired too) networks, get the WinXP to machine authenticate against AD using certificates so the machine is possible to reach via for example ping, and it can also get GPO Updates.
Then, when the user actually logs in, I need User Authentication, so we can run startup scripts, map the Home Directory and so on.
I have set up a Windows Sertificate server, and the client (WinXP) are recieving both machine and user certificates just fine.
I have also managed to set up so Machine Authenticaton works, by setting up a policy rule that checks on certificate only:
"Certificate Dictionary:Common Name contains .admin.testdomain.lan"
But to achieve that, I had to set EAP Type in WinXP to Smart Card or other Certificate, and then no PEAP authentication occurs, which I assume I need for User Authentication? Or is that possible by using Certificates too?
I just don't know how to do this, so is there a detailed guide out there for this? I would assume that this is something that all administrators using wireless and WinXP would like to achieve.
Thank you.

Hello again.
I found out how to do this now..
What I needed to do was to add a new Certificate Authentication Profile that checks against Subject Alternative Name, because that was the only thing I could find that was the same in both user certificate and machine certificate.
After adding that profile to the Identity Store Sequences, and making tthe appropriate rule in the policy, it works.
You must also remember to change the AuthMode option in Windows XP Registry to "1".
What I really wanted to do was to use the "Was Machine Authenticated" condition in the policies, but I have never gotten that conditon to work, unfortunately.
That would have plugged a few security holes for me.

Authentication for user guest denied

I am connecting to two WL 6.0 sp2 servers. I am logging in both as guest.
When I log into one or the other, everything works fine. However, when I
log into both (and create InitialContext's for both), I get the following
error:
java.lang.SecurityException: Authentication for user guest denied in
realm wl_realm
at
weblogic.rmi.internal.AbstractOutboundRequest.sendReceive(AbstractOutboundRe
quest.java:90)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:247)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:225)
at
weblogic.jndi.internal.ServerNamingNode_WLStub.lookup(ServerNamingNode_WLStu
b.java:121)
at
weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
at javax.naming.InitialContext.lookup(Unknown Source)
I tried synchronizing system passwords, accessing each server in a separate
thread -- but nothing seems to work. Does anybody have any ideas?
Interestingly, it seems to behave OK when one of the servers is WL 6.0 Beta.
However, it breaks with sp1 and sp2.
Thanks in advance,
Jared

Hi Jared,
Are the 2 servers in the same cluster? What is your client? When and where do
you see this SecurityException? Do you mean that when you try to get initial
context you provide a username and password? Are you using any custom realm or
just the default file realm?
Joseph
Jared Tuck wrote:
I am connecting to two WL 6.0 sp2 servers. I am logging in both as guest.
When I log into one or the other, everything works fine. However, when I
log into both (and create InitialContext's for both), I get the following
error:
java.lang.SecurityException: Authentication for user guest denied in
realm wl_realm
at
weblogic.rmi.internal.AbstractOutboundRequest.sendReceive(AbstractOutboundRe
quest.java:90)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:247)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:225)
at
weblogic.jndi.internal.ServerNamingNode_WLStub.lookup(ServerNamingNode_WLStu
b.java:121)
at
weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
at javax.naming.InitialContext.lookup(Unknown Source)
I tried synchronizing system passwords, accessing each server in a separate
thread -- but nothing seems to work. Does anybody have any ideas?
Interestingly, it seems to behave OK when one of the servers is WL 6.0 Beta.
However, it breaks with sp1 and sp2.
Thanks in advance,
Jared--
Joseph Nguyen
Developer Relations Engineer
BEA Systems, Inc.

Authentication for user weblogic denied

I am unable to start node managerd server from command prompt.
I installed WebLogic Server Version: 12.1.2.0.0 on Windows 2008 R2 EN Sp1
I started Administration Server succesfully.
C:\Weblogic\Oracle\config\domains\wl_server\bin\startWebLogic.cmd
I created ihale Managed server but I couldn't start Managed Server.
C:\Weblogic\Oracle\config\domains\wl_server\bin
startManagedWebLogic.cmd ihale http://192.168.1.29:7431
I'm getting following error.
####<Dec 25, 2013 12:51:13 AM PST> <Critical> <WebLogicServer> <umman> <ihale> <main> <<WLS Kernel>> <> <> <1387961473813> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:257)
I am able to login administration console same username and password. Username: weblogic Password:xxxxx
I changed the weblogic user password and I tried again. It was unseccesfull.
I created boot.properties file in C:\Weblogic\Oracle\config\domains\wl_server\servers\ihale\security folder.
I put username and password.
After I tried to start ihale managed server, boot.properties file didn't encrypted and managed server also didn't started.
I deleted cache, data, tmp folders except logs folder in \\192.168.1.29\c$\Weblogic\Oracle\config\domains\wl_server\servers\ihale and I tried again. It was unseccesfull.
I found something on https://community.oracle.com/message/10653470
Ganesh says:
Did you restart AdminServer after deleting the LDAP Authentication provider?
I think your managed server is still trying to authenticate user through ldap authentication provider.
Torrado answers:
I found that there was a definition in Security Policy of osb_server1 for an user that belonged to deleted LDAP authenticator.
I deleted it and server started.
Thanks.
How can I delete definition in Security Policy of ihale for an user that belonged to deleted LDAP authenticator?
Could you please help to solve this problem?
Best Regards.

Hi,
You can rename the ldap folder in following directory structure.
%Domain_Name% / servers / <servername> / data/
You will find ldap folder try to rename that folder and then please restart the server again.
If you are try to start through nodemanager then rename the nodemanager under following directory.
%Domain_Name% / servers / <servername> / data/.
Try to rename these two folder and restart the nodemanager and start the server again.
It will work for you.
Regards,
Kal

None of the available endpoints supports authentication methods user/pass

Dear All
i create a destination in the ce7.1.but when i test the destination in the ws navigator ,but it cant not run , the error is:
The destination [YHSendMessage02] supports the following authentication methods [User Name/Password (Basic)], but none of the available endpoints supports them. The supported authentication types are [None]. Either the destination has to be updated or a new endpoint should be used
i test the ws in the navigator dont used the destination ,it work well, so i think maybe some wrong in my ce about the destination 'configuration.
best regards

The following message returned from SAP:
Root of the problem is found. The problem occurs as PI WSDLs doesn't contain security settings. Lack of security settings breaks consumption of those services. I'm working on providing a fix to enable consumption of such services.
Looking at a WSDL generated by PI (example):
<wsp:Policy wsu:Id="OP_si_servicename"/>
The policy contains no transportbinding or authentication methods at all.
Looking at a WDSL generated by ECC (example):
<wsp:Policy wsu:Id="BN_BN_si_ManageCustomizingCustomerService_binding">
      <saptrnbnd:OptimizedXMLTransfer uri="http://xml.sap.com/2006/11/esi/esp/binxml" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
      <saptrnbnd:OptimizedXMLTransfer uri="http://www.w3.org/2004/08/soap/features/http-optimization" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
      <wsp:ExactlyOne xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
         <wsp:All>
            <sp:TransportBinding>
               <wsp:Policy>
                  <sp:TransportToken>
                     <wsp:Policy>
                        <sp:HttpsToken>
                           <wsp:Policy>
                              <sp:HttpBasicAuthentication/>
                           </wsp:Policy>
                        </sp:HttpsToken>
                     </wsp:Policy>
                  </sp:TransportToken>
                  <sp:AlgorithmSuite>
                     <wsp:Policy>
                        <sp:TripleDesRsa15/>
                     </wsp:Policy>
                  </sp:AlgorithmSuite>
                  <sp:Layout>
                     <wsp:Policy>
                        <sp:Strict/>
                     </wsp:Policy>
                  </sp:Layout>
               </wsp:Policy>
            </sp:TransportBinding>
         </wsp:All>
      </wsp:ExactlyOne>
   </wsp:Policy>
At the moment SAP is working on a fix to solve this problem.

Weblogic patch for the "Authentication for user wlsadmin denied" issue

Hi Everyone,
When I try to login to the weblogic console using the weblogic user id and password, I got below issue in the production server..Sometime back I saw a thread that Oracle has provided a patch for this issue. If any of you is aware of it then could you please provide us the patch file and its location please. This is quite a bit urgent. Awaiting for your response. Thanks in advance.
<Apr 3, 2011 10:41:02 PM ICT> <Critical> <Security> <BEA-090403> <Authentication for user wlsadmin denied>
<Apr 3, 2011 10:41:02 PM ICT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user wlsadmin denied
I need to communicate to onsite members about the patch details etc.
Edited by: user11290902 on May 13, 2011 1:27 AM

Faisal, Thank you for your response. Here the weblogic console id & password are known to few people so the guess you are making might be correct. Could anyone might have tried with incorrect credentials couple of times before we face this issue, I am not sure though. The moment we provide the credentials and upon click on Log In button we are getting j_security_check.
http://asdo0002:9683/console/j_security_check
Authentication Denied.
The username or password has been refused by WebLogic Server. Please try again.
Any information about the work--arounds or patches from weblogic would be helpful to me... Thanks a lot.

Java.lang.SecurityException: Authentication for user system denied in realm wl_realm Error.

          Getting this security exception when trying to pull a message from one weblogic
          instance JMS queue, and sending the message (via a MDB) to another machine's JMS
          queue.
          Ex. Here's the scenario.
          Two Windows2000Server machines,
          one at ip ... xxx.xxx.x.16,
          second machine at ... xxx.xxx.x.17.
          MDB pulls message off of a JMS queue on 16. MDB sends the message to .17 box.
          ON the .17 machine (the receiver) I get the following exception
          weblogic.transaction.internal.CoordinatorImpl@31406b>
          java.lang.SecurityException: Authentication for user system denied in realm wl_realm
               at weblogic.security.acl.Realm.authenticate(Realm.java:212)
               at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
               at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
               at weblogic.security.acl.internal.Security.verify(Security.java:87)
               at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:76)
               at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
               at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
               at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
          ON the sending maching .16, I get the following exception.
          ####<Apr 3, 2002 9:46:24 AM CST> <Error> <RJVM> <testweblogic> <OptiSoftAppServer>
          <ExecuteThread: '96' for queue: 'default'> <> <> <000000> <Unsolicited error response
          for: '-1'>
          The messages appear to show up on the destination machine, but are these error
          messages valid, or just bogus?
          Thanks,
          Eric.


Why is that? Your suggestion worked but I don't understand why.
          When our MDB on machineA did the JNDI lookup to MachineB we set the
          credentials to a valid user/password on MachineB.
          My speculation: Since the MDB on machineA is already in a transaction
          any other JNDI calls use the credentials for the MDB's transactions,
          ignoring any other credentials we might try to set explicitly. If my
          speculation is correct then that would explain by the passwords for the
          user "system" would have to be the same between servers.
          Is there a good place to read up on this?
          Thanks
          Tom
          Rajesh Mirchandani wrote:
          > Make sure you have the same system password for the 2 instances of WLS on seperate boxes.
          >
          > Tom Barnes wrote:
          >
          >
          >>Or post to the EJB newsgroup (which "owns" MDBs).
          >>
          >>Tom Barnes wrote:
          >>
          >>
          >>>I think there is a username/password field configurable in the MDB descriptor that
          >>>might help here??? Other than that, I suggest posting to the security newsgroup.
          >>>
          >>>Tom
          >>>
          >>>Eric Babin wrote:
          >>>
          >>>
          >>>>Getting this security exception when trying to pull a message from one weblogic
          >>>>instance JMS queue, and sending the message (via a MDB) to another machine's JMS
          >>>>queue.
          >>>>
          >>>>Ex. Here's the scenario.
          >>>>
          >>>> Two Windows2000Server machines,
          >>>> one at ip ... xxx.xxx.x.16,
          >>>> second machine at ... xxx.xxx.x.17.
          >>>>
          >>>> MDB pulls message off of a JMS queue on 16. MDB sends the message to .17 box.
          >>>>
          >>>>
          >>>>ON the .17 machine (the receiver) I get the following exception
          >>>>
          >>>>weblogic.transaction.internal.CoordinatorImpl@31406b>
          >>>>java.lang.SecurityException: Authentication for user system denied in realm wl_realm
          >>>> at weblogic.security.acl.Realm.authenticate(Realm.java:212)
          >>>> at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
          >>>> at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
          >>>> at weblogic.security.acl.internal.Security.verify(Security.java:87)
          >>>> at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:76)
          >>>> at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
          >>>> at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
          >>>> at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
          >>>>
          >>>>ON the sending maching .16, I get the following exception.
          >>>>
          >>>>####<Apr 3, 2002 9:46:24 AM CST> <Error> <RJVM> <testweblogic> <OptiSoftAppServer>
          >>>><ExecuteThread: '96' for queue: 'default'> <> <> <000000> <Unsolicited error response
          >>>>for: '-1'>
          >>>>
          >>>>The messages appear to show up on the destination machine, but are these error
          >>>>messages valid, or just bogus?
          >>>>
          >>>>Thanks,
          >>>>
          >>>>Eric.
          >>>>
          >
          > --
          > Rajesh Mirchandani
          > Developer Relations Engineer
          > BEA Support
          >
          >
          >

Java.lang.SecurityException: Authentication for user guest denied in realm wl_realm

Hi,
I am using WL60SP2 on Windows NT 4.0.
I am trying to call a bean from my startup class. The code is as follows
home = lookupHome();
messageSubscriber = (MessageSubscriber) narrow(home.create(),
MessageSubscriber.class);
Right at this point the Weblogic server is throwing the following error.
java.lang.SecurityException: Authentication for user guest denied in
realm wl_realm
<<no stack trace available>>
I know this has something to do with the security. In WL50 I would have
gone to the weblogic.policy file to fix it. With WL60 I know I have to
change something on the console but am not sure.
Please help.
Thanks
Raj

Go into the console and make sure the GuestDisabled property = false
http://e-docs.bea.com/wls/docs61/////ConsoleHelp/security.html
Joe Jerry
Raj Kathlesar wrote:
Hi,
I am using WL60SP2 on Windows NT 4.0.
I am trying to call a bean from my startup class. The code is as follows
home = lookupHome();
messageSubscriber = (MessageSubscriber) narrow(home.create(),
MessageSubscriber.class);
Right at this point the Weblogic server is throwing the following error.
java.lang.SecurityException: Authentication for user guest denied in
realm wl_realm
<<no stack trace available>>
I know this has something to do with the security. In WL50 I would have
gone to the weblogic.policy file to fix it. With WL60 I know I have to
change something on the console but am not sure.
Please help.
Thanks
Raj

TWO_TASK parameters prevents OS authenticated DB user

Similar Messages

Maybe you are looking for