Unable to enter shared secret

Similar Messages

• When sharing a video on You Tube I am unable to enter text

  When sharing a video from You Tube to Facebook I am unable to enter text in the text box. The video does go onto Facebook, I just can't enter a comment.
  == This happened ==
  Every time Firefox opened
  == Installed Firefox

  I had exactly the same issue, that the Apple wireless keyboard became unpaired, and I couldn't get past the password-protected log-in screen, because I didn't have a wired keyboard laying around.
  OK folks,
  Discovered by trial and error that it was the wireless mouse (not an Apple brand) that was preventing the keyboard from pairing, even though it's not a bluetooth mouse...
  Here's the steps I used...
  1. Disconnected the USB  mouse cord from the Mac Mini.
  2. Turned off the Apple wireless keyboard from switch on the back.
  3. Turn Mac Mini off, then back on.
  4. Waited for it to boot up as far as  the password-protected screen.
  5. Turned on the Apple wireless keyboard, waited for it to stop blinking, indicating (hoping) that it paired        up.
  6. And voila... was able to then type in the password...
  7. Then plugged the non-Apple wireless mouse sensor  cord back into the Mac Mini's USB port
  I also immediately went in to the MacMini's Sharing options and set that up for remote management in case something else happens down the road for other problems...
  Thanks though to all who suggested solutions... they may come in handy in the future.
  Hope this helps someone else...
  Lynda

• Add AAA Client Errors,Shared Secret value must not be blank.

  hello,
  When i add the AAA client to the ACS 4.2 90 eveluation software installed on win2003 std OS with SPk 1 gives the below error when entered the shared secret value then submitting it.
  "Shared Secret value must not be blank"
  what could br the cause?
  Thks
  swami

  This could be related to the browser it sounds like the ACS might not be receiving the Shared Secret from your input.
  The ACS 4.2 does not allow a AAA to be added without a shared secret key.
  CSCsr68278 ACS 4.2 does not allow a blank TACACS+ key
  Make sure that the ACS IP Address is added into your Trusted Sites (IE). You could also try updating to the latest version of Java.

• How to  use Shared secret key(diffie hellman) for encryption n decryption

  In my client server program i wanted to encrypt a random key using shared secret key for encryption and decryption with DES. but i'm unable to encrypt it as init() is not takin the shared secret key for encryption. somebody please help. my mail id - [email protected]

  You need to post some code because it works for everyone else.

• Set the value of a shared secret in a custom auth class

  Hello All,
  We are trying to use a custom authentication class to gain
  additional parameter to pass along in a SAML assertion to a third party
  vendor. We have successfully added the new custom auth class, but we
  are unable to determine how to assign the value of this new parameter to
  anything that is accessible in the creation of the SAML profile.
  The first idea was to use a shared secret. Although we have been able
  to create the shared secret, it does not have any value assigned.
  Here's the code used based on the code used by the PwLookupLogin class
  in the ba-idp-auth.jar file:
  private void setUserTAG(String paramString) {
  SSSecret localSSSecret = new SSSecret();
  localSSSecret.setName(new SSName("tag_van"));
  SSSecretEntry localSSSecretEntry = new SSSecretEntry("tag_van",
  paramString);
  localSSSecret.addSecretEntry(localSSSecretEntry);
  addCredential(WSCQSSToken.SS_SecretName, localSSSecretEntry);
  The second idea was to make use of the "CustomizableStringOne" found in
  a posting in this forum on how to extend a X.509 auth class:
  http://forums.novell.com/novell-deve....html#poststop
  The code we have tried follows:
  private void setUserSSN(String paramString) {
  // Makes use of the "Customizable String One [Custom Profile]"
  try
  // Customizable attribute 1 is the one we use to contain
  customer data to send,
  // but this can change to another if necessary
  WSCMOPToken token =
  (WSCMOPToken)WSCToken.getToken(WSCMOPToken.OP_CS_C ustomizableString1.getTokenUniqueId());
  // Build object for new data
  WSFModelEntry modelEntry = token.getModelEntry();
  IDSISCommonAttributeElement data =
  modelEntry.getSchemaClassInstance();
  if (data instanceof IDSISLeafAttributeElement) {
  ((IDSISLeafAttributeElement)data).setText(paramStr ing);
  WSCMDataToken dataToken = new WSCMDataToken(token, data);
  dataToken.setAllowOverride(true);
  catch (Exception ex) {}
  Again, the same problem. No value is found when the idpsend CGI tries
  to generate the assertion.
  We are really struggling to understand how this should work. The basic
  problem is this: How can we set a variable within a Java class that can
  be accessed by the idpsend CGI to be used as an attribute within the
  SAML assertion?
  Any ideas would be greatly appreciated. Thanks.
  keongregory
  keongregory's Profile: http://forums.novell.com/member.php?userid=40599
  View this thread: http://forums.novell.com/showthread.php?t=415440

  keongregory wrote:
  >
  > Hello All,
  > We are trying to use a custom authentication class to gain
  > additional parameter to pass along in a SAML assertion to a third
  > party vendor. We have successfully added the new custom auth class,
  > but we are unable to determine how to assign the value of this new
  > parameter to anything that is accessible in the creation of the SAML
  > profile.
  >
  > The first idea was to use a shared secret. Although we have been
  > able to create the shared secret, it does not have any value
  > assigned. Here's the code used based on the code used by the
  > PwLookupLogin class in the ba-idp-auth.jar file:
  >
  > private void setUserTAG(String paramString) {
  > SSSecret localSSSecret = new SSSecret();
  > localSSSecret.setName(new SSName("tag_van"));
  > SSSecretEntry localSSSecretEntry = new SSSecretEntry("tag_van",
  > paramString);
  > localSSSecret.addSecretEntry(localSSSecretEntry);
  > addCredential(WSCQSSToken.SS_SecretName, localSSSecretEntry);
  > }
  >
  >
  > The second idea was to make use of the "CustomizableStringOne" found
  > in a posting in this forum on how to extend a X.509 auth class:
  > http://forums.novell.com/novell-deve...ess-manager/37
  > 6654-using-x509-subject-identity-injection-post1826642.html#poststop
  >
  >
  > The code we have tried follows:
  >
  >
  > private void setUserSSN(String paramString) {
  > // Makes use of the "Customizable String One [Custom Profile]"
  > try
  > {
  > // Customizable attribute 1 is the one we use to contain
  > customer data to send,
  > // but this can change to another if necessary
  > WSCMOPToken token =
  > (WSCMOPToken)WSCToken.getToken(WSCMOPToken.OP_CS_C ustomizableString1.g
  > etTokenUniqueId());
  >
  > // Build object for new data
  > WSFModelEntry modelEntry = token.getModelEntry();
  > IDSISCommonAttributeElement data =
  > modelEntry.getSchemaClassInstance();
  > if (data instanceof IDSISLeafAttributeElement) {
  > ((IDSISLeafAttributeElement)data).setText(paramStr ing);
  > }
  >
  > WSCMDataToken dataToken = new WSCMDataToken(token, data);
  > dataToken.setAllowOverride(true);
  > }
  > catch (Exception ex) {}
  > }
  >
  >
  > Again, the same problem. No value is found when the idpsend CGI
  > tries to generate the assertion.
  >
  > We are really struggling to understand how this should work. The
  > basic problem is this: How can we set a variable within a Java class
  > that can be accessed by the idpsend CGI to be used as an attribute
  > within the SAML assertion?
  >
  > Any ideas would be greatly appreciated. Thanks.
  We are using this successfully (the code looks stragely familiar ).
  Don't try to store it in the secret store. you can actually store it in
  the customizable string attributes.
  Try to use this:
  protected int doAuthenticate()
  String attribute1 = m_Request.getParameter("attribute1");
  //Custom Attribute 1
  try
  // Customizable attribute 1 is the one we use to contain customer
  data to send,
  // but this can change to another if necessary
  WSCMOPToken token =
  (WSCMOPToken)WSCToken.getToken(WSCMOPToken.OP_CS_C ustomizableString1.get
  TokenUniqueId());
  // Build object for new data
  WSFModelEntry modelEntry = token.getModelEntry();
  IDSISCommonAttributeElement data =
  modelEntry.getSchemaClassInstance();
  if (data instanceof IDSISLeafAttributeElement)
  ((IDSISLeafAttributeElement)data).setText(attribut e1);
  WSCMDataToken dataToken = new WSCMDataToken(token, data);
  dataToken.setAllowOverride(true);
  catch (Exception ex) {}
  String url =
  m_SessionData.appendIDToUrl(NIDPContext.getNIDPCon text().getBaseUrl() +
  getProperty("Protocol") + "/idpsend?PID=" + getProperty("ITS"));
  m_Request.setAttribute("url",url);
  // Going to top ensures we are not displaying in any frames
  ((NIDPServletContext)NIDPContext.getNIDPContext()) .goJSP(m_Request,m_Res
  ponse,"top");
  return HANDLED_REQUEST;
  The above code is a non-identifying method (it doesn't return a
  'authenticated'). YOu would chain it with another method that
  identifies the user before this is being processed.
  To check if a user is authenticated or not you could use:
  if (!m_Session.isAuthenticated())
  return NOT_AUTHENTICATED;
  Once the method is processed it should have created a
  LibertyUserProfile object within the eDir that comes with the admin
  console.
  You can find these in
  ou=libertyUserProfile0,ou=<clusterobject>,ou=clust er,ou=nids,ou=accessMa
  nagerContainer,o=novell
  Hopefully this helps.
  Cheers,
  Edward

• Unable to enter a Division for which I have proper credentials, via the GUI

  I have a Division which I am unable to enter, either as a student or as the full site Administrator, from the GUI.
  When I log into the main Site page, I see the link for the Division (as I should - I have DOWNLOAD permissions for the Division). However when I click the link (the thumbnail image) I am always, 100% of the time, rejected and sent to the login page. Ignoring that, I still have all of my proper credentials and may continue to freely access other parts of the site.
  In the past, I had this exact behavior on (1) a Division "RobotCourses:PSYC" (Psychology), and (2) my main site breadcrumb, which appears at the top of the site page to the right of the "iTunes U" breadcrumb and says "Maiko Covington @ University of Illinois..." For reasons completely unknown to me, this behavior resolved itself yesterday, clicking both of those objects works as expected, although NO one at our site with any edit access did anything on the server.
  However, the same behavior has now reappeared, this time on a Division "RobotCourses:CLCV" (Classical Civilizations). Again, I have not done any editing of that Division, nor had anyone logged into it (these Divisions are in a test area where I am developing automation tools).
  I am, quite frankly, stumped. But I've done some investigation.
  SETUP:
  The Division has identity "RobotCourses:CLCV".
  This Division contains a single Course with identity "RobotCourses:CLCV:CLCV115:CLCV115All-13564".
  Both the Division and the Course are restricted to properly registered academic students. I have developed automation code in a login portal which grants credentials for RobotCourses:CLCV to students registered for courses in the CLCV department (Classical Civilizations) and credentials for RobotCourses:CLCV:CLCV115:CLCV115All-13564 to students registered for CLCV 115 (Classical Civilizations 115 - Mythology of Greece and Rome) specifically.
  The Permissions set on RobotCourses:CLCV in particular are:
  <Permission>
  <Credential>Authenticated@urn:mace:itunesu.com:sites:illinois.edu</Credential>
  <Access>No Access</Access>
  </Permission>
  <Permission>
  <Credential>gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV</C redential>
  <Access>Download</Access>
  </Permission>
  The point is to deny access to Authenticated@ (merely authenticated students) and then specifically grant it for people given a "gakusei" credential for RobotCourses:CLCV in particular.
  (Note here that "gakusei" is a Japanese word meaning "student," I am using it in my credentials to ensure that my credentials and permissions are not affected by other credentials named "student" set at upper levels and used by some live users of the site, as we do not have a segregated development environment. It is our lowest level of access beyond mere Authenticated@..., designed to give students access to download and "surf to" Divisions and Courses.)
  *LOGIN: ISSUING CREDENTIALS:*
  The login portal code works successfully, and so when a student "Jane Doe" logs in, she is in fact given appropriate credentials (as she is actually registered for CLCV 115 here at UIUC). From the code generating her login URL, I see:
  Issued credentials:
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV:CLCV115:CLCV1 15All-13564
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT:STAT100:STAT1 00X1-13570
  (You can see she is also registered for STAT 100).
  With the default login URL thus generated, she is taken to the top level of the Site in iTunes, and in fact sees thumbnail links for both STAT (Statistics) and CLCV (Classical Civilizations). Clicking on STAT takes her to the STAT Division where she can then enter the Course STAT 100 with no problems.
  *PROBLEM: CAN'T GET TO CLCV FROM THE MAIN PAGE IN THE GUI*
  HOWEVER! Clicking on CLCV brings up the login page. If she ignores the login page, she can still access the rest of the site, including STAT, just fine. Logging in again (reissuing her credentials) does not help the situation.
  Note that this is not a problem only for Jane Doe, the same thing happens for anyone in CLCV and in fact happens for me as Administrator of the whole site with full access, even.
  *ACCESS DIRECTLY TO THE DIVISION BY URL WORKS*
  With a slight modification to the login to allow access directly to the RobotCourses:CLCV Division (by adding the handle of the Division to the end of the location), credentials are issued exactly as before:
  Issued credentials:
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV:CLCV115:CLCV1 15All-13564
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT
  gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT:STAT100:STAT1 00X1-13570
  and she is taken to the Division page, SUCCESSFULLY. So, it seems she actually HAS access, as expected.
  *ACCESS CONFIRMED WITH DEBUGGING:*
  Writing some code to generate not the actual login URL but rather a link that takes me to an "iTunes U Access Debugging" page for the Division (figured this out by reading some other posts! :)) I am taken to a page with the following:
  (at generated URL https://deimos.apple.com/WebObjects/Core.woa/Browse/illinois.edu.1945806043/xxx5 64?credentials=....)
  Received
  Destination illinois.edu.1945806043
  Identity "Jane X Doe" <[email protected]> (jxdoe) [xxxxxxxxx]
  Credentials gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV; ​ gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV:CLCV115:CLCV1 15All-13564; ​gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT;​ gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT:STAT100:STAT1 00X1-13570
  Time 1236877947
  Signature 42ccef92a3298684a7a09eed45adb6b788a700c01645b8b423d33ace120650b0
  Analysis
  The destination string is valid and the corresponding destination item was found.
  The identity string is valid and provides the following information:
  Display Name Jane X Doe
  Email Address [email protected]
  Username jxdoe
  User Identifier xxxxxxxxx
  The credential string is valid and contains the following 4 recognized credentials:
  1. gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV
  2. gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:CLCV:CLCV115:CLCV1 15All-13564
  3. gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT
  4. gakusei@urn:mace:itunesu.com:sites:illinois.edu:RobotCourses:STAT:STAT100:STAT1 00X1-13570
  The time string is valid and corresponds to 2009-03-12 17:12:27Z.
  The signature string is valid.
  Access
  Because the received signature and time were valid, the received identity and credentials were accepted by iTunes U.
  In addition, the following 2 credentials were automatically added by iTunes U:
  1. All@urn:mace:itunesu.com:sites:illinois.edu
  2. Authenticated@urn:mace:itunesu.com:sites:illinois.edu
  With these credentials, you have browsing and downloading access to the requested destination.
  (In case you think to check the sums, be aware I've actually changed the student's name for this example.)
  So, as expected, I have access, in fact the student DOES have access, visiting the Division page directly (specifiying its handle as part of the desired location).
  *IT'S ONLY CLICKING THE THUMBNAIL ON THE MAIN PAGE THAT BREAKS*
  Because the problem is only apparent when clicking the icon for the Division on the main Site page, I have no way (that I know of) to get any information about precisely WHAT is going on, what possibly differs in the GUI-click situation from the "generate me a URL that takes me right there" situation.
  At that point I'm fully in the GUI, I'm not sending anything via web services, so I have no idea how I can proceed to debug this from here.
  I'm also quite confused at the sudden appearance of this behavior, and the disappearance of this behavior from RobotCourses:PYSC, another Division that was broken in this same way all last week but which magically resumed allowing me access yesterday.
  Any suggestions, hints, or advice would be very welcome. Has anyone else even seen behavior similar to this?
  Thanks for any information you might have.

  Maiko,
  I'm confess I'm still trying to get a handle on your problem. You do a fantastic job of describing it ... but I'm just trying to picture it accurately in my head.
  I think, were I in your shoes, I'd begin by looking at what the debug page has to say for the specific destination in which you're interested in fixing. In other words, I'm not clear on where, exactly, this destination points ...
  Destination illinois.edu.1945806043
  Is that your site, or the division within your site that you want to fix? "Normally", you do not need to specify a site handle to get to your site within your transfer CGI ... if you say "uillinois.edu", it's enough to transfer your users to iTunes U ... but every site still has a handle, and you could, if you wanted to, actually specify it in your transfer CGI. For example, this:
  Destination uic.edu.1139051993
  is for my entire site ... it's my site handle. Whereas this:
  Destination uic.edu.1991288441
  is for a division within my site ... but it's impossible to tell the difference between "site" and "division" from just the handle (I mean, if I didn't say "this is a site" and "this is a division", there'd be no way for you to know). So when I look at your creds and permissions on your debug page, I can't quite tell if they give you download access for your site, or for the specific division you want to fix. If you could open the debug page with your division as destination (or confirm that that's what we're looking at), it'd rule out some things.

• Unable to enter value in editable field of ALV (set_current_cell_via_id)

  In the Editable screen of ALV, I have to set the cursor on the 3rd field 'VBELN' ( which is editable ).
  Using the method set_current_cell_via_id of ALV grid the focus has been set on the particular field. The field Sales order 'VBELN' is already set as editable (EDIT = 'X').
  But still I am unable to enter values unless and until I click anywhere on the screen.
  Please help me with the solution.
  Thanks in Advance.

  No...Whenever my screen is called, the focus is set on the 'VBELN' field but I can not enter the value.
  See the code below:
  Display the ALV report.
        CALL METHOD grf_alv_popup->set_table_for_first_display
          EXPORTING
            is_layout                     = gs_layout
            it_toolbar_excluding          = gt_exclude
          CHANGING
            it_outtab                     = fp_output[]
            it_fieldcatalog               = gt_fieldcat_popup
          EXCEPTIONS
            invalid_parameter_combination = 1
            program_error                 = 2
            too_many_lines                = 3
            OTHERS                        = 4.
        IF sy-subrc <> 0.
  MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
             WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
        ENDIF.
  ls_row-row_id = 1.
  ls_col-fieldname = 'VBELN'.
        CALL METHOD grf_alv_popup->set_current_cell_via_id
          EXPORTING
            is_column_id = ls_col
            is_row_no    = ls_row.
  With the method set_current_cell_via_id, the field VBELN displays as highlighted but to enter the value I need to click on the screen first.

• Shared secret's missing in Android app

  Hi support team,
  I meet an issue regarding the purchases in Android DPS apps.
  When users tap on issue to purchase i, it says : Shared secret is missing in DPS Admin... BUT I filled in DPS account Admin the field Sared secret from Google dev console. Anyone could help me on that point ?
  Here is the screenshot of the shared secret from Google
  And here is the field where we must copy that key regarding your explanations :
  Did I do something wrong ?
  Thanks you so much for your help by advance.
  Nicolas.

  You should call enterprise support and ask them for assistance. You can find contact information by logging into http://digitalpublishing.acrobat.com/ and looking in the bottom middle of the page.
  Neil

• Why am I unable to enter keyboard strokes for messages in Yahoo when I can otherwise manage my Yahoo messages and when this does not happen with Internet Explo?

  I can write and send emails in Yahoo mail when I use Internet Explorer. But I hate Internet Explorer. For the past two days, I have been unable to use the keyboard to enter email recipients, unable to enter anything in the cc, bcc or subject lines, and unable to enter any text in the body of the message. I have installed the Mozilla program to improve the inter-face with Yahoo, but that has not helped.

  hello, can you try to replicate this behaviour when you launch firefox in safe mode once? if not, maybe an addon is interfering here...
  [[Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems]]

• Unable to enter my youtube channel w IPAD,why? using Safari the youtube doesnt open,*** ?

  I am unable to enter my youtube channel with IPAD,
  using Safari the you tube doesnt even open!
  IM SERIOUSLY DISSAPOINTED w APPLE IPAD..and getting any help from this site is a seriously frustrating experience
  this will be my LAST Apple product unless I get it working properly
  also how come Using IPAD I cant DOWNLOAD any videos from youtube?
  thnx

  I AM using the youtube APP!!!
  using safari browser did get my into my channel few days back,some videos were opening ok some not,
  now I cant even open youtube w Safari
  using IPAD YoutubeAPP works good but I can NOT EDIT my channel!
  also DOWNOLADING Videos from youtube doesnt work,  something the sales GEEK neglected to mention when I bought
  this IPAD couple months ago!
  Ive heard the IPAD is TOPs in from all the tablets,thats why I got it,I guess I got suckered by all the hoopla and PRAISE bestowed upon it from from all the PC mags and critics and Experts..
  care to try again without all the sarcasm now?
  thnx

• Unable to enter Recovery Mode for my iPad Air

  Unable to enter Recovery Mode for my iPad Air
  While updating my iPad Air to iOS 7.0.6, it went into an endless loop of cycling between the white Apple screen and the whirling dashes. I can't even reliably shut it down.  It seems a prime candidate for recovery mode, but unfortunately I can't get it there.  When I try to enter recovery mode by attaching to iTunes then pressing the home key and then reattaching theUSB cable when attached to iTunes, I just go back into the same endless loop Apple screen / whirling dashes cycle.
  Right now I'm just waiting for it to power off by letting the battery run down, to see if that jumpstart brings it back up into a different state.
  Anything else I can try?  Or is my next stop the Genius Bar?
  Thank you,
  Matt

  The timing on this has to be...just...right to enter DFU mode. If that won't work, plug the iPad Air into your computer and set the iPad into recovery mode, like so:
  1) Turn off your device. If you can't turn it off, press and hold the Sleep/Wake and Home buttons at the same time and wait a few seconds for it to turn off.
  2) Plug the device's USB cable into your computer only.
  3) Hold down the device's Home button as you connect the USB cable to it.
  4) When you see the Connect to iTunes screen, release the Home button. If you don't see this screen, try steps 1 through 3 one more time.

• I have remote locked my mac using find my iPhone app via my iPad - I am unable to enter the unlock code as the mac keyboard won't pair with the mac - I guess that will teach me for playing...any ideas?

  I have remote locked my mac using find my iPhone app via my iPad - I am unable to enter the unlock code as the mac keyboard won't pair with the mac - I guess that will teach me for playing...any ideas?

  Thought so - ace - find my phone really needs an unlock function. - another £40...

• For some reason the Apple ID window in iTunes  and App Store now seems to have a character number constraint. As a result I am unable to enter the final few characters of my Apple ID which I have had for many years. Does anyone know what has caused this?

  For some reason the Apple ID window in iTunes and App Store now seems to suddenly have a character number constraint which prevents me using my 29 character Apple ID. As a result I am unable to enter the final few characters of my Apple ID which I have had for many years. Does anyone know what has caused this?

  You need to ask Apple for assistance with getting back into your old ID. To do this, click here and pick a method; if that page doesn't list one for your country or you're unable to resolve this issue through the Account Security team, fill out and submit this form.
  (118441)

• Error message: ORA-27125: unable to create shared memory segment Linux-x86_

  Hi,
  I am doing an installtion of SAP Netweaver 2004s SR3 on SusE Linux 11/Oracle 10.2
  But i am facing the follow issue in Create Database phase of SAPInst.
  An error occurred while processing service SAP NetWeaver 7.0 Support Release 3 > SAP Systems > Oracle > Central System > Central System( Last error reported by the step :Caught ESAPinstException in Modulecall: ORA-27125: unable to create shared memory segment Linux-x86_64 Error: 1: Operation not permitted Disconnected
  Please help me to resolve the issue.
  Thanks,
  Nishitha

  Hi Ratnajit,
  I am too facing the same error but my ORACLE is not starting,
  Here are my results of following command:
  cat /etc/sysctl.conf
  # created by /sapmnt/pss-linux/scripts/sysctl.pl on Wed Oct 23 22:55:01 CEST 2013
  fs.inotify.max_user_watches = 65536
  kernel.randomize_va_space = 0
  ##kernel.sem = 1250 256000 100 8192
  kernel.sysrq = 1
  net.ipv4.conf.all.promote_secondaries = 1
  net.ipv4.conf.all.rp_filter = 0
  net.ipv4.conf.default.promote_secondaries = 1
  net.ipv4.icmp_echo_ignore_broadcasts = 1
  net.ipv4.neigh.default.gc_thresh1 = 256
  net.ipv4.neigh.default.gc_thresh2 = 1024
  net.ipv4.neigh.default.gc_thresh3 = 4096
  net.ipv6.neigh.default.gc_thresh1 = 256
  net.ipv6.neigh.default.gc_thresh2 = 1024
  net.ipv6.neigh.default.gc_thresh3 = 4096
  vm.max_map_count = 2000000
  # Modified for SAP on 2013-10-24 07:14:17 UTC
  #kernel.shmall = 2097152
  kernel.shmall = 16515072
  # Modified for SAP on 2013-10-24 07:14:17 UTC
  #kernel.shmmax = 2147483648
  kernel.shmmax = 67645734912
  kernel.shmmni = 4096
  # semaphores: semmsl, semmns, semopm, semmni
  kernel.sem = 250 32000 100 128
  fs.file-max = 65536
  net.ipv4.ip_local_port_range = 1024 65000
  net.core.rmem_default = 262144
  net.core.rmem_max = 262144
  net.core.wmem_default = 262144
  net.core.wmem_max = 262144
  And here is mine Limit.conf File
  cat /etc/security/limits.conf
  #<domain>      <type>  <item>         <value>
  #*               soft    core            0
  #*               hard    rss             10000
  #@student        hard    nproc           20
  #@faculty        soft    nproc           20
  #@faculty        hard    nproc           50
  #ftp             hard    nproc           0
  #@student        -       maxlogins       4
  # Added for SAP on 2012-03-14 10:38:15 UTC
  #@sapsys          soft    nofile          32800
  #@sapsys          hard    nofile          32800
  #@sdba            soft    nofile          32800
  #@sdba            hard    nofile          32800
  #@dba             soft    nofile          32800
  #@dba             hard    nofile          32800
  # End of file
  # Added for SAP on 2013-10-24
  #               soft    nproc   2047
  #               hard    nproc   16384
  #               soft    nofile  1024
  #               hard    nofile  65536
  @sapsys                 soft   nofile          131072
  @sapsys                 hard   nofile         131072
  @sdba                  soft  nproc          131072
  @sdba                  hard   nproc         131072
  @dba                 soft    core           unlimited
  @dba                 hard     core          unlimited
                    soft     memlock       50000000
                    hard     memlock       50000000
  Here is mine   cat /proc/meminfo
  MemTotal:       33015980 kB
  MemFree:        29890028 kB
  Buffers:           82588 kB
  Cached:          1451480 kB
  SwapCached:            0 kB
  Active:          1920304 kB
  Inactive:         749188 kB
  Active(anon):    1136212 kB
  Inactive(anon):    39128 kB
  Active(file):     784092 kB
  Inactive(file):   710060 kB
  Unevictable:           0 kB
  Mlocked:               0 kB
  SwapTotal:      33553404 kB
  SwapFree:       33553404 kB
  Dirty:              1888 kB
  Writeback:             0 kB
  AnonPages:       1135436 kB
  Mapped:           161144 kB
  Shmem:             39928 kB
  Slab:              84096 kB
  SReclaimable:      44400 kB
  SUnreclaim:        39696 kB
  KernelStack:        2840 kB
  PageTables:        10544 kB
  NFS_Unstable:          0 kB
  Bounce:                0 kB
  WritebackTmp:          0 kB
  CommitLimit:    50061392 kB
  Committed_AS:    1364300 kB
  VmallocTotal:   34359738367 kB
  VmallocUsed:      342156 kB
  VmallocChunk:   34359386308 kB
  HardwareCorrupted:     0 kB
  AnonHugePages:    622592 kB
  HugePages_Total:       0
  HugePages_Free:        0
  HugePages_Rsvd:        0
  HugePages_Surp:        0
  Hugepagesize:       2048 kB
  DirectMap4k:       67584 kB
  DirectMap2M:    33486848 kB
  Please let me know where i am going wrong.
  Wat thing basically u check on /proc/meminfo command
  Regards,
  Dipak

• Sub-admins, Shared Secret, and Automated Podcast Upload Access

  Before the questions, the context:
  Here at Iowa State, we've set up "sub-admins" for each of the colleges by managing an exceptions list. In this way, the sub-admins can create new courses from templates and help faculty upload content, but within their college area only. In addition, faculty automatically have upload access for their course(s) if the identifier is set up correctly by the sub-admin.
  However, some of these sub-admins have asked for the secret question so that they can use their lecture capture package (and not the package supported by central IT (Echo 360)) to automatically upload course content.
  As we all know, the secret question is the key to the site, circumventing any sub-admin access we've granted them, and essentially giving them full admin rights.
  So, my questions are:
  1. How are all of you handling the creation of new courses and content? That is, are all courses and other content created by one central person/office, or is the responsibility for creating and managing content shared among similar sub-admins?
  2. If you have sub-admins, what is your policy for giving out the shared secret for the purposes of these packages?
  3. Is there any way to allow these podcast creation packages the ability to auto-upload without handing out the shared secret?
  Message was edited by: ISU iTunes U Admin
  Message was edited by: ISU iTunes U Admin

  My suggestion is that if you use Apple's time server (time.apple.com), then if Apple has the wrong time, your local time setting will be wrong by an equal amount. It's pretty unlikely that Apple's time server(s) will be off…but if they are, you're covered because the time stamp that you generate locally and the time stamp that Apple generates remotely will derive from the same source, whether or not that source is actually "correct" in an absolute sense, then, won't matter.
  You are correct that Woolamaloo uses the local time of your Mac/PC. But if your local machine and your web portal machine time sync from the same time server, then they could be equally "wrong".
  Another thing that I mentioned earlier is that all timestamps are measured from UTC or "Greenwich" time. So if your portal server/desktop machine isn't configured correctly for location, this will not be taken into account when your timestamps are generated. For example, I live in Chicago, which is currently under Central Daylight Time in the USofA. This means I'm UTC-5 hours, if memory serves. If I move to, oh, Duke University, but forget to change the locale on my computer, then my computer will continue to think that I'm UTC-5 when I should, in reality, now be UTC-4. So if you find that your timestamps are off by an exact number of hours, then it's a sure bet that your machines aren't setup correctly for their locales. Make sense?