Unable to authenticate as diradmin in WGM

Similar Messages

• Unable to authenticate with diradmin in Workgroup Manager

  This has happened before, and I have no idea how it got fixed - too many independent variables...
  Anyway, I cannot authenticate the OD with diradmin even while using Workgroup Manager directly on the server.
  The setup:
  SLS 10.6.8
  Split-brained DNS
       Both public and private FQDNs are the same (myserver.mydomain.com). External DNS maps machine record to my static public IP address. Using an AirPort Extreme router, port fowarding services that I want open to the server. The router provides DHCP via NAT to the local network, with a fixed private IP assigned to the server. The server is running DNS with the same zones, machine records, services and aliases that the public IP DNS has, except mapped to the fixed private IP. DNS checks out with changeip, etc.
       The server is an OD master. Yesterday I exported it, demoted it, and restored it. All services (mail, web, etc.) seem to work fine (although I admit to not using Kerberos on AFP due to another issue).
       I have a wildcard certificate that is generated by GoDaddy (*.<mydomain>.com) which seems to work fine with the hosted websites.
  This is what the password service error log says when I try to log in with diradmin in Workgroup Manager:
  Jan 10 2012 14:01:32    AUTH2: {0x4bbe71ca6b8b45670000000200000002, diradmin} DHX authentication succeeded.
  Jan 10 2012 14:01:32    KERBEROS-LOGIN-CHECK: user {0x4bbe71ca6b8b45670000000200000002, diradmin} is in good standing.
  Jan 10 2012 14:01:32    KERBEROS-LOGIN-CHECK: user {0x4bbe71ca6b8b45670000000200000002, diradmin} authentication succeeded.
  Looks good to me. But I still get the "Information Not Valid for This Server" followed by stuff about invalid login ID or password.
  I did notice in the LDAP log:
  Jan 10 14:13:12 <myserver> slapd[52283]: SASL [conn=18] Failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Key table entry not found)
  And at the last bootup in the directory service error log:
  2012-01-10 08:52:03 EST - T[0x00007FFF7027ACC0] - DNSServiceProcessResult returned -65563
  The other thing I notice when I log into the library in Workgroup Manager FROM THE SERVER, even if I use the FQDN <myserver>.<mydomain>.com that Workgroup Manager says (in the title bar of the window) <myserver>.local.
  I have googled the various errors and messages, and I get folks with all sorts of variations ("change the binding options", etc.) none of which either applied or worked.
  Help?

  Continuing on my quest... I found this Technical note from Apple about re-kerberizing:
  http://support.apple.com/kb/HT3655
  Interestingly, in step 3 where it says to remove realm information from kdc.conf, there wasn't any of my realm information. Argh!
  So I completed all of the steps and executed the slapconfig command. This resulted in:
  bash-3.2# slapconfig -kerberize -f --allow_local_realm diradmin <MYREALM>
  diradmin's Password:
  Could not resolve hostname <MYDOMAIN>
  Skipping Kerberos configuration
  Sounds like a dreaded DNS problem. It had been working correctly, but changeip -checkhostname confirmed a problem. Turns out that there were EXTERNAL DNS servers in the Network preferences in System Preferences as well as on the router. With my Split-brained DNS this caused problems (thank you again MrHoffman). So I changed them both to my DNS server INTERNAL IP address and added the external ones to the Forwarder IP Address in DNS. Now checkhostname -changeip returns a favorable result.
  So after rebooting ran the slapconfig command again and got the same result. Argh. Cleared DNS caches. Still nothing.
  So I tried nslookup.
  nslookup <mydomain>
  Server:                    10.0.8.2
  Address:          10.0.8.2#53
  ** server can't find <mydomain>: SERVFAIL
  Where 10.0.8.2 is the fixed INTERNAL IP address.
  However, nslookup on using the fixed IP address yields:
  bash-3.2# nslookup 10.0.8.2
  Server:                    10.0.8.2
  Address:          10.0.8.2#53
  2.8.0.10.in-addr.arpa          name = <mydomain>.
  Scratching head here... changeip -checkhostname works, nslookup on the IP address works, but nslookup on the host name fails.

• I am getting the following error: Unable to authenticate the package: B_SPACE_NUTRITION.itmsp                     ERROR ITMS-9000: "OPS/ibooks.ncx(5): element "content" not allowed yet; missing required element "navLabel"" at Book (MZItmspBookPackage)

  I am getting the following error when attempting to deliver my iBooks Author book package via iTunes Producer: "
  Unable to authenticate the package: B_SPACE_NUTRITION.itmsp
                      ERROR ITMS-9000: "OPS/ibooks.ncx(5): element "content" not allowed yet; missing required element "navLabel"" at Book (MZItmspBookPackage)"
  I understand that there's something wrong with the TOC file (.ncx), but I have tried everything and nothing seems to work. Every section of the TOC is labeled, so not sure why the navLabel issue is happenening.
  Any help is GREATLY appreciated! Thank you.

  Similar issues looks like. Are you using a template other than those in iBooks Author? That's what I did, and that was definitely part of the issue.
  After digging through .ibooks code for hours and still not seeing the problem, I decided to reach out to one of the Apple epub conversion affiliates in iTunes Connect. They said they could repair the file without a problem, started working on it, only to come back a week later and say they couldn't work on .ibooks or .iba files yet.
  So, in complete frustration, I decided to transfer my content page by page from the blank template I downloaded from a vendor online to one of the "textbook" templates in IBA. This was a long process as I had to unlock and clear out the formatting of the template. But, once that was done and content was transferred over, all was good. I submitted/delivered the same content and preview book within the new template and it went right through the first time (all metadata was exactly the same as well).
  Now, the iBookstore approval waiting process begins!
  Good luck!

• Unable to authenticate from 10.5 client to 10.5 Server to mount SMB or AFP

  We have been banging our heads for some time now and have no idea what is going on. Here's the scenario:
  We have a 10.5.6 Server bound to an Active Directory Domain
  The Server's role is: Connected to a Directory System
  We have ensured that Active Directory/All Domains has been added in the Authentication Pane of Directory Services
  We have made sure that single-sign on has been enabled by running dsconfigad -enablesso
  We have verified that SMB and AD are using the same password
  The shares are actually being re-shared from mounts added through XSan.
  This has worked in 10.4.
  Now, when a client tries to mount the smb share using domain credentials they get an error that they are unable to authenticate.
  If an attempt is made to authenticate from a command line the error reads:
  server rejected the connection: Authentication error
  The smb logs fill with error -14090 [eDSAuthFailed] on each authentication type attempt meaning it tries kerberos and fails, NTLMv2 and fails, NTLMv1 and fails.
  We really need to figure this one out. Anyone have any more ideas?

  It does, in fact, fail the SHA-1 test, but how could that be? What could cause the download to be corrupt over and over and over? I've downloaded it both wirelessly and by wired connection, on both the MacBook itself and on a PowerMac G5.
  MacOSXUpd10.5.6.dmg SHA comes back as e35035609abb3a0ac231d4d4cd8954a8d07d950e
  accepted SHA is 684f67524a92b4314a4bdd52498fb3b6af8f9ded
  MacOSXUpdCombo10.5.6 SHA comes back as 045e51a74376521931e563c64fa79ed5c1529d79
  accepted SHA is 09de4ac2c5591ab75d51ef37dc70f9e5630150d4
  i doubt that info really helps anything, though
  Redownloading both AGAIN... we'll see what happens.
  Message was edited by: chiefanalogist

• I'm keep getting the message "unable to authenticate" when trying to sign in to the YouTube app. The website allows me to sign in just fine. Anyone know how to fix this?

  I keep getting the message "unable to authenticate" when trying to sign in to the YouTube app. The website allows me to sign in just fine. Anyone know how to fix this?

  Try "resetting" the iPad...
  Hold the On/Off Sleep/Wake button and the Home button down at the same time for at least ten seconds, until the Apple logo appears.
  edited by:  cs

• I need help authenticating my outgoing server settings in setting up my work email on my Galaxy S5.  It says unable to authenticate or connect to server and I even called helpdesk at my email support and they tried every possible port (80, 25, 3535 or 465

  I need help authenticating my outgoing server settings in setting up my work email on my Galaxy S5.  It says unable to authenticate or connect to server and I even called helpdesk at my email support and they tried every possible port (80, 25, 3535 or 465 SSL) and none of them work. Please help!

  You will need to get the required info to create/access the account with an email client from your school.
  Are you currently accessing the account with an email client on your computer - if you have a Mac with the Mail.app, or if you have a PC with Outlook Express, etc.? If so, you can get the required account settings there.

• Logging into Oracle Apps R12 throws error - unable to authenticate session

  Hi All,
  Working on R12 OS:AIX
  Logging into Oracle Apps R12 throws error - "unable to authenticate session".
  Earlier Guest user was end-dated which has now been removed and autoconfig was run.but still the same issue..(services were bounced too)
  Guest user password is:ORACLE(uppercase) in xml file,dbc file,GUEST profile options..
  could anyone please share such an experience encountered before and suggest resolution...
  Would appreciate an early response!
  Thanks for your time!
  Regards,

  Pl see ML Note 342332.1 on steps needed to troubleshooot login. Although this doc is for 11i, it should also apply to R12
  Srini Chavali

• Sap B1WS - Unable to authenticate on the license server!

  Hello,
  I've installed and configured b1ws according to the help file provided.
  after creating a virtual directory in the IIS to the sample directory provided with the installation I receive the B1 Webservices login page but cannot login with the usual settings .
  here is the settings I've used :
  database server
  localhost
  dbtype sql 2005
  dbname :mysqldbname
  company user and password  : a valid username and password with a pro user license.
  license server :localhost also tried localhost:30000
  language :In_English
  I keep getting the Unable to authenticate on the license server!
  error.
  I also tried adding the ASP.NET account to the ms-sql databases with not change.
  anyhelp would be much appreciate.
  Thanks.
  NC.

  Yes, I am specifying the license server.  I've tried it both ways (specifying and not specifying the server).  Here is my code:
                      SAPbobsCOM.Company sapCompany = new SAPbobsCOM.Company();
                      sapCompany.Server = ConfigurationManager.AppSettings["SAPServerName"];
                      sapCompany.CompanyDB = ConfigurationManager.AppSettings["SAPCompany"];
                      sapCompany.UserName = ConfigurationManager.AppSettings["SAPUserID"];
                      sapCompany.Password = ConfigurationManager.AppSettings["SAPPassword"];
                      sapCompany.language = SAPbobsCOM.BoSuppLangs.ln_English;
                      sapCompany.LicenseServer = ConfigurationManager.AppSettings["SAPLicenseServer"];
                      sapCompany.DbServerType = SAPbobsCOM.BoDataServerTypes.dst_MSSQL2008;
                      int returnCode = sapCompany.Connect();

• I have created a user in oracle BPM but it is not reflected in system-jazn-data.xml file and I am unable to authenticate that user to create context as needed in workflow client

  I have created a user in oracle BPM but it is not reflected in system-jazn-data.xml file and I am unable to authenticate that user to create context as needed in workflow client

  weblogic credentials are different.
  and using thode credentials I am able to login to weblogic server
  the users I am talking about is the process users defined in realm.
  in realm those users are defined as Default authenticator and OID authenticator.
  and I am trying to authenticate one of those users defined in realm using java api so that I an access a process defined In Oracle BPM 11g

• Unable to authenticate POP3 account

  Hi
  we are having issues when a mailbox was migrated from exchange 2007 to exchange 2013 and it stopped working for pop3.
  Exchange 2013 SP1
  unable to authenticate the account against POP3
  logging/pop3
  2014-07-16T17:08:58.439Z,0000000000000006,2,20.20.1.2:110,20.20.1.2:17916,workflow,1506,10,56,pass,*****,"R=""-ERR Logon failure: unknown user name or bad
  password."";Msg=User:workflow:33ce3d1e-7ce8-4d41-976c-b65718d948a3:MISC:WAT106.domainname.ca;Proxy:WAT106.domainname.ca:110:SSL;ProxyNotAuthenticated"
  2014-07-
  failure: unknown user name or bad password. [Error=ProxyNotAuthenticated
  any assistance will be appreciated
  Thanks
  AK

  Hi,
  Please make sure your POP3 service is enabled in Exchange 2013 and run the following command to check your POP3 settings:
  Get-PopSettings | FL
  Also try to re-configure your POP connection in Outlook for your Exchange 2013 account with incoming POP3 server pointing to Exchange server 2013 instead of Exchange 2007. We can do the following to look up your server POP settings:
  1. Sign in to your account using Outlook Web App.
  2. In Outlook Web App, on the toolbar, click Settings >
  Options > Account > My account >
  Settings for POP and IMAP access.
  3. The POP3, IMAP4, and SMTP server name and other settings you may need to enter are listed on the
  Settings for POP and IMAP access page under POP setting or
  IMAP setting, and SMTP setting.
  Please refer to the POP setting listed in OWA to setup account in Outlook.
  Regards,
  Winnie Liang
  TechNet Community Support

• WLC-4404. WPA2 - AES (L2) - Microsoft IAS- unable to authenticate

  Hi am upgrading from EAP - TLS with WEP to WPA2 - AES with smartcard / machine certificates. AAA server is Microsoft IAS. New SSID and config for WPA2 looks straightforward.
  Created new policy for this SSID on IAS, again looks straightforward. Unable to authenticate, debug on WLC looks as though not all server to client transactions are taking place , no EAPOL messages etc.
  Any ideas?

  This mostly occurs due to incompatibility on the client side. Try these steps in order to fix this issue:
  Check if the client is Wi-Fi certified for WPA2 and check the configuration of the client for WPA2.
  Check the data sheet in order to see if the client Utility supports WPA2. Install any patch released by the vendor to support WPA2. If you use Windows Utility, make sure that you have installed the WPA2 patch from Microsoft in order to support WPA2.
  Upgrade the client's Driver and Firmware.
  Turn off Aironet extensions on the WLAN.

• "unable to authenticate installer" when trying to upgrade Flash Player

  I am trying to upgrade to latest Flash player 9.0.47 because
  of security issue but I get an error "unable to authenticate
  installer".
  Its a Flash popup message not Windows.
  I have administrative rights on this laptop
  Windows XP

  Hey habnots, like a lot of things in life, there is the hard way and the easy way. Your way just took longer:-)
  Regards,
  eidnolb

• Vista 64 bit "unable to authenticate installer"?

  Trying to update Flash Player 9.0.124.0 to 10.0.22.87 but getting error message "unable to authenticate installer"
  Operating System Vista Ultimate 64 bit
  Can anyone help please?
  Thanks
  Molly321

  iTunes is not supported on any of the 64-bit versions of Windows, so you will not be able to get any official assistance from Apple (and they don't provide any technical support in the Discussions anyway; these forums are, with rare exceptions, user-to-user only). You can search the forum for "64-bit" and see what people are suggesting in other threads. One suggestion I've seen is that you need the 64 bit Gear drivers. You can download them from here:
  http://www.gearsoftware.com/support/drivers.cfm
  Hope that helps.

• Cant login to admin Unable to authenticate

  I am trying to login to client site but receive the below error.
  Unable to authenticate due to a system error; please try again. Contact customer support if this error persists.

  Hi,
  We are currently aware of the issue as this has affected most of Adobe's services as well. 
  - http://status.businesscatalyst.com/
  Will update once fully resolved. 
  Kind regards,
  -Sidney

• Resolution for unable to authenticate and uploading errors

  Hi,
  I'm doing this so hopefully it'll help someone so they don't have to spend all the time I did figuring it out.  :-)
  Uploading my book I got these errors:
  Unable to authenticate thepackage (Saw all the posts and it nothing worked.)
  Unable to authenticate thepackage: DancingFruit.itmspERROR ITMS-4171 "SampleDANCING.ibooks provided does not support versioning. You must supply and epub3 or ibooks file for versioning support." at Book (MZtmspBookPackage)
  First when exporting the sample, pull down the menu and make sure it says sample, not the original setting. That helped with both issues. That was it!!!!
  Then it wasn't finding the screenshots. So make sure your desktop only has what's needed for iTunes Connect, and nothing else. I had too many things on my desktop. When I cleared it with just IBA things, it all uploaded with no issues.
  Hope this helps,
  Elaine

  Here is a situation that is very similar to mine:
  https://discussions.apple.com/message/9276086#9276086
  I'd like to solve the problem without reinstalling the system, if possible.