User Authentication methods

Similar Messages

• User Authentication Method not found?

  I'm using OSX but a co-worker is running 9.2.2 and is having trouble accessing a server on the corporate Microsoft network.
  I can get to the server using OSX but when she selects the server (which does show up in the Chooser list) she gets an error message saying that "the User Authentication Method could not be found" and she should check the AppleTalk folder in her extensions folder. AppleTalk folder? Check it for what?
  What must we do to get access to the new server?
  Thanks.

  For OS 9 to talk to an MS server requires that the server has Client Services for Macintosh fired up and yes, sometimes also that the client Mac has a Microsoft User Authentication Module installed and configured.
  Microsoft says that without the MS UAM, she should still be able to
  Log on to the special Microsoft UAM Volume on the computer running Windows 2000 Server to access the MS UAM file.
  If she can't get that far and there are no other symptoms, the network administrator needs adjust the security settings on the server, or reinstall Client Services for Macintosh…
  Then drag the MS UAM file to your AppleShare(c) Folder in your System Folder. Instructions follow. (Users outside North America, see the "International Concerns" section later in the Release Notes before proceeding.)
  To gain access to the Microsoft Authentication files on the computer running Windows 2000 Server
  1. On the Macintosh Apple menu, click Chooser.
  2. Double-click the AppleShare icon, and then click the AppleTalk(c) zone in which the computer running Windows 2000 Server, with Services for Macintosh, resides. (Ask your system administrator if you're not sure of the zone.)
  3. From the list of file servers, select the Windows 2000 Server computer, and then click OK.
  4. Click the Registered User or Guest option, as appropriate, and then click OK.
  5. Click the Microsoft UAM Volume, and then click OK.
  6. Close the Chooser dialog box.
  To install the authentication files on the Macintosh workstation
  1. On the Macintosh Desktop, double-click the Microsoft UAM Volume.
  2. Locate the "MS UAM Installer" file on the Microsoft UAM Volume, then double-click it.
  3. Click Continue in the installer welcome screen.
  The installer will report whether the installation succeeded.
  If the installation has succeeded, when Macintosh users of this workstation connect to the Windows 2000 Server computer, they will be offered Microsoft Authentication.

• The User Authentication Methode required by this server can't be found.

  Ok, I have a network of iMacs that are bound to OS X Server and the users log in with network based user folders via Kerberos and Open Directory.
  This is all working just fine, and all iMac users have full access to all sheared volumes as per the ACLs...
  My problem is when any of our office laptops that are not bound to the server and run on local user accounts need to login for access to the AFP shared volumes. ALL but one of these Laptops are receiving "The User Authentication Methode required by this server can't be found." Dialog box when attempting to login. They never even have a chance to enter login names or passwords.
  What am I missing? I can't find any settings on this one laptop user account that are any different that the other laptops user accounts...

  Steve can you explain more on how I use this Kerberos.app?
  I opened it on the one laptop that is working and can see one ticket in the Ticket Cache, and below that there is the same ticket listed with two subentries. All of them are listed as Expired at the moment, but then I have not connected to the server with this system since yesterday...
  When I open the App on the systems that don;t work, there are no tickets listed. I clicked on the new button, but the info it's asking for is different than any of the info I found in the working systems Kerberos app... ??? Help.
  It's asking for Name, Realm, Password...

• 802.1X wirelss restriction on user authentication

  Hi,
  In the 802.1x wireless environment, I would like to know is there any method to control single user credential only able to be autheticated for one time, at any given time.
  Example: user ABC in domain XYZ.ORG authenticated via his/her desktop, this is using user authentication method.
  After this he/she not able to use the same username/password trying to get authenticate neither using any another PC/tablet/smartphone devices.
  The motive is to prevent user using same user credential able sign-in after he/she made the authenticaiton at first place.
  Meaning to say he/she only able to authenticate to single device, at any given time. Same user credential is not allow to be use for authenticate purpose on other device.
  The components as below:
  supplicant: Window 7, authentication method using PEAP/MSCHAPv2; Apple iPhone iOS version 5.x, 6.x
  Authenticator: Cisco Wireless Controller 5800 Series on code version 7.2
  Authentication server: Cisco secure server ACS 5.3
  Identity Source : Microsoft server 2008 ADDS, single forest single domain.
  Question:
  01. What we can configure on WLC, or ACS to enable above mention requirement
  Thanks
  Noel

  http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112175-acs51-peap-deployment-00.html

• None of the available endpoints supports authentication methods user/pass

  Dear All
  i  create a destination in the ce7.1.but when i  test the destination in the ws navigator  ,but it cant not run ,  the error is:
  The destination [YHSendMessage02] supports the following authentication methods [User Name/Password (Basic)], but none of the available endpoints supports them. The supported authentication types are [None]. Either the destination has to be updated or a new endpoint should be used
  i test the ws in the navigator  dont used the destination ,it work well, so i think maybe some wrong in my ce  about the destination 'configuration.
  best regards

  The following message returned from SAP:
  Root of the problem is found. The problem occurs as PI WSDLs doesn't contain security settings. Lack of security settings breaks consumption of those services. I'm working on providing a fix to enable consumption of such services.
  Looking at a WSDL generated by PI (example):
  <wsp:Policy wsu:Id="OP_si_servicename"/>
  The policy contains no transportbinding or authentication methods at all.
  Looking at a WDSL generated by ECC (example):
  <wsp:Policy wsu:Id="BN_BN_si_ManageCustomizingCustomerService_binding">
        <saptrnbnd:OptimizedXMLTransfer uri="http://xml.sap.com/2006/11/esi/esp/binxml" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
        <saptrnbnd:OptimizedXMLTransfer uri="http://www.w3.org/2004/08/soap/features/http-optimization" wsp:Optional="true" xmlns:saptrnbnd="http://www.sap.com/webas/710/soap/features/transportbinding/"/>
        <wsp:ExactlyOne xmlns:sapsp="http://www.sap.com/webas/630/soap/features/security/policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
           <wsp:All>
              <sp:TransportBinding>
                 <wsp:Policy>
                    <sp:TransportToken>
                       <wsp:Policy>
                          <sp:HttpsToken>
                             <wsp:Policy>
                                <sp:HttpBasicAuthentication/>
                             </wsp:Policy>
                          </sp:HttpsToken>
                       </wsp:Policy>
                    </sp:TransportToken>
                    <sp:AlgorithmSuite>
                       <wsp:Policy>
                          <sp:TripleDesRsa15/>
                       </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                       <wsp:Policy>
                          <sp:Strict/>
                       </wsp:Policy>
                    </sp:Layout>
                 </wsp:Policy>
              </sp:TransportBinding>
           </wsp:All>
        </wsp:ExactlyOne>
     </wsp:Policy>
  At the moment SAP is working on a fix to solve this problem.

• Cisco ACS v4.1 - User Export incl. Authentication Method

  Hi,
  I wish to export a list of all our users, to include their group and more importantly, their password authentication method. We have a combination users that authenticate using both ACS internal database and also external RSA Secure ID database. Basically I need to identify all users who are NOT authenticating against Secure ID.
  I ran CSUtil.exe -u   , however this only gives me the user & group, doesn't list the authentication method per user.
  Thanks,
  Brian

  Brian,
  Unfortunately, CSUtil.exe will only list the users & group they are a member of. So the simple answer is no.
  If the goal is to set everyone to use token authentication, you could get export a list of all users with CSUtil.exe, then use the client import option to update database used for authentication of all users. Here is the url for documentation on this and other CSUtil.exe options.
  =====================
  Via Csutil
  Created a file in text format
  ONLINE
  UPDATE::EXT_SDI
  ADD::EXT_SDI:PROFILE:
  DELETE:
  csutil -i
  =====================
  If you feel adventerous, you could explore the contents of the dump.txt. by running csutil -d
  This file does contain the information you are looking for. However, there is no documentation or support available for reading or decrypt it.,
  Regards,
  Jatin
  Do rate helpful posts-

• Adobe Reader doesn't remember the output method user authentication

  Here's the setup:
  We use a network printer that is set up only using user inboxes with user authentication. There's no normal printing.
  The printers are set up on the mac computers using output method > user authentication > userid and password.
  This works fine for every application, but somehow it doesn't for Adobe Reader. It 'forgets' the password every now and then,
  even if when you look at the user authentication, the setting is still checked, and the password is still filled in.
  if I reinsert the password, and press OK, then press Print, the task is sent to the printer again, only this time, it actually prints.
  I can't think of a reason why Adobe Reader won't remember the settings.

  Merry Christmas!
  I currently only have Adobe Reader 9 installed.
  I did uninstalled Adobe and Acrobat, run a registry clean up....then installed Adobe Reader 9.
  but still not working.
  Very strange that everytime i open the program from Start-->Adobe-->Adobe Reader 9, then it starts install Reader.....it says please wait while Adobe install, it takes another 2 minutes then it opens.
  If I open by double click on the.pdf file, it then ask what program do you want to open this file.  I selected Adobe Reader 9, then it opens without any installation windows.

• How to migrate users, which have been using the Windows Authentication method

  Hi everybody,
  I have to migrate a productive SQL Server 2008 Database from one to another different server. The problem is that a lot of users have been using this DB throught the Windows Authentication method. Because the migration should be faster as possible, I would
  like to use a SQL script in order to streamline the process. Does anyone know if it is possible to do it?
  Thank you in advance,
  Regards

  Apart from transfer logins scripts Ashwin and Stan mentioned, I usually run following script in order to re-establish orphan users to establish if any SQL logins.
  set nocount on
  declare @username    sysname,
          @errcode     int
  select @errcode = 0
  select @username = min(name)
  from sysusers (nolock)
  where uid <> gid and
        name not in ('guest', 'sys', 'INFORMATION_SCHEMA') and
        suser_sname(sid) is null and
        issqlrole = 0
  while @username is not null
  begin
     if exists (select 1
                from master.dbo.syslogins (nolock)
                where name = @username)
     begin
        exec sp_change_users_login @Action = 'Update_One',
                                   @UserNamePattern = @username,
                                   @LoginName = @username
        select @errcode = @@error
        if @errcode = 0
           print 'The user ''' + @username + ''' was re-established in database!'
        else
           print 'Failed to re-establish user ''' + @username + ''' in database!'
     end
     else
     begin
        print 'The user ''' + @username + ''' does not have login ID. So, drop it from database!'
        exec sp_dropuser @username
     end
     select @username = min(name)
     from sysusers (nolock)
     where uid <> gid and
           name not in ('guest', 'sys', 'INFORMATION_SCHEMA') and
           suser_sname(sid) is null and
           issqlrole = 0 and
           name > @username
  end
  go

• Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

  I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
  When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
  to use to log in   and after 3-5 second
   and return me the logon page with error message “Authentication failed” 
  I base my setup on the technet article
  http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
  I validated than all my certificate are valid and able to retrieve the crl
  I got in eventlog id 300
  The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
  Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
  Additional Data
  Exception details:
  Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
  ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
  correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  --- End of inner exception stack trace ---
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
  serializationContext, AsyncCallback asyncCallback, Object asyncState)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
  trustNamespace, AsyncCallback callback, Object state)
  System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
  failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
  at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
  at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
  at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
  thx
  Stef71

  This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
  on my case was :
  PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ad0001.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
  Certificate                 : [Subject]
                                  CN=domain.AD0001CA, DC=domain, DC=com
                                [Issuer]
                                  CN=domain.AD0001CA, DC=portal, DC=com
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  22/07/2014 11:32:05
                                [Not After]
                                  22/07/2024 11:42:00
                                [Thumbprint]
                                  blablabla
  Name                        : domain.ad0001
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : domain.ad0001
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17164
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
  cer\SP2K10\ADFS_Signing.cer")
  PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
  Certificate                 : [Subject]
                                  CN=ADFS Signing - adfs.domain
                                [Issuer]
                                  CN=ADFS Signing - adfs.domain
                                [Serial Number]
                                  blablabla
                                [Not Before]
                                  23/07/2014 07:14:03
                                [Not After]
                                  23/07/2015 07:14:03
                                [Thumbprint]
                                  blablabla
  Name                        : Token Signing Cert
  TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
  DisplayName                 : Token Signing Cert
  Id                          : blablabla
  Status                      : Online
  Parent                      : SPTrustedRootAuthorityManager
  Version                     : 17184
  Properties                  : {}
  Farm                        : SPFarm Name=SharePoint_Config
  UpgradedPersistedProperties : {}
  PS C:\Users\administrator.PORTAL>

• User Authentication failed

  Hi all,
  I like to share one of my peculiar issue with you and like to get a solution as well.
  I am trying to install a portal server with r3load based method. I did a java export of mssql Portal server and suceefully imported in the newly installed server.The server is up and running.I also completed the post installation activites like SLD ,SSO and Jco creation. I am not able to log in to the java page using administrator user and also other users..It keep on saying that user authentication is failed.
  But the beauty is that using the same adminsitrator user i am logging in the visaul administrator .
  I dont know where the problem and also i verified the log files under cluset/server nodes. There i found the log as  follows  --- > Connection is already closed and no longer associated with a managed connection,,
  I dont know where i am missing. Due to this I reinstalled the server and imported again..But the same problem is existing to me. Anyone have suggestion on this please do reply.
  Thanks and Regards
  Vijay

  Hi,
  Thnaks for reply. Its only a java system ,, So no activity needs to be done in SU01. I checked the table in database..the users are exisitng as well in the table.
  FYI: I am able to log in visaul admin but not in the java pages like
  http://<hostname>:port/
  http://<hostname>:port/irj
  Hope i explained  my problem it in right way
  Regards
  Vijay

• PHP_MySQL version of a high security user authentication web app.

  Since you folks deal with PHP Application Development, I am posting this here.
  For a demo of the PHP_MySQL version of the UltraSuite High Security User Authentication Web Application, you can sign up at http://bit.ly/hgNjek.
  It  offers a multi-layered approach security approach towards protecting  important information like user authentication credentials.  Protection from dictionary attacks, rainbow table attacks, brute force attacks, SQL injection attacks and much more.
  I hope your feedback will help make the application even more useful and secure.
  Thank you!
  J.S.

  Hi,
  could you or someone tell me if ADDT supports protection against these methods you mention:
  Protection from dictionary attacks, rainbow table attacks, brute force attacks, SQL injection attacks and much more??
  And can this system work alongside ADDT?
  thanks again

• Using Proxy User Authentication in Sql Developer

  Hi!
  Is it possible to use proxy user authentication in SQL Developer? I'm thinking that if I'm clever enough, I can craft a custom jdbc URL that will allow my users to proxy authenticate into my Oracle 10gR2 database while using SQL Developer.
  Unfortunately, I'm not feeling all that clever. ;)
  Can anybody help me out here? Is it even in the realm of possibility?
  Thanks!
  Kevin Ferlazzo
  DBA
  VA Department of Juvenile Justice

  I found the possibility that proxy authentication of both accounts can be enforced:
  SQL> alter user appuser grant connect through personaluser AUTHENTICATION REQUIRED;
  I guess that this is the motivation for implementing the 2-session proxy connection method in SQL Developer.
  Regards,
  Martin

• Proxy User Authentication with SQL Developer

  Hello,
  I realized that there are 2 methods for configuring SQL Developer to user Proxy User Authentication.
  1) one-session method with Syntax:
  personaluser[appuser]
  2) two session-method with dialog "Proxy Connection"
  For me it is unclear, why anybody would want to use the two-session-method.
  a. you need username/password for both user acocunts (personaluser and appuser)
  b. it is unclear which operations in SQL Developer are using the personaluser account. It seems that the SQL Window is only using appuser account.
  What was the motivation to implement Two Session Method?
  Best regards,
  Martin

  I found the possibility that proxy authentication of both accounts can be enforced:
  SQL> alter user appuser grant connect through personaluser AUTHENTICATION REQUIRED;
  I guess that this is the motivation for implementing the 2-session proxy connection method in SQL Developer.
  Regards,
  Martin

• Authentication method for JCo connection in XSS installation

  Hi All,
  I have a query which perplexes me.  I am implementing XSS (ESS/MSS) on SAP Portal EP6 SR1 with an ECC5 backend for prototype purposes.
  When I follow SAP's help steps to setup JCo connections, it states that for the metadata connection you should use a security authentication method of 'User/Password', but for the application data connection you should use a security authentication method of 'Ticket'.
  Does anyone know why the difference in methods here?  Is it possible to use 'User/Password' for both?  Any thoughts would be appreciated.

  Hi john,
  User -ID /Pwd method can be used to access the backend for both types of Data as per your scenario.
  User -ID /Pwd method and logon tickets both can be used to access data in backend.
  The difference lies in the scenario with which you are accessing the back-end.
  If all your portal users are same as backend users then you can select Logon ticket methods.
  If they are going to be different then you need User-ID /Pwd method .
  Check the following link to get a clear picture:
  <a href="http://help.sap.com/saphelp_ep50sp2/helpdata/en/4d/dd9b9ce80311d5995500508b6b8b11/frameset.htm">Scenario to use type of SSO</a>
  Hope it helps.
  Regards,
  Vivekanandan

• Cisco ISE (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out)

  Hi,
  I have a setup ISE 1.1.1. Users are getting authenticate against AD. Everything is working fine except some users report disconnection. I see in the ISE that (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out). Users are using Windows 7 OS.
  Error is enclosed & here is the port configuration.
  Port Configuration.
  interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30 interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30
  Please help.

  The error message means that Active Directory server Reject the authentication attempt
  as for some reasons the user account got locked.I guess, You should ask your AD Team to check in the AD
  Event Logs why did the user account got locked.
  Under Even Viewers, You can find it out
  Regards
  Minakshi (Do rate the helpful posts)