User authentication with NT
I am having a problem when trying to connect to an Oracle8i
Enterprise Server running on a WinNT machine.
When I connect from inside the server all works fine, Oracle
looks for the user info in NT, and I can login without having to
provide a username/password.
But, when trying to do the same from some Win95 clients with
have, all attempts fail, returning the error "ORA 12638:
Credential retrieval failed".
If I change the sqlnet.ora file in the clients, commenting out
the line "SQLNET.AUTHENTICATION_SERVICES = (NTS)", I can login in
the database form the clients, but only as users that are NOT in
the NT user base (such as SYS or SYSTEM, which work fine without
the (NTS) option ).
Is this a configuration problem (I really don't think so) or a
problem with authentication from a Win95 client in the NT domain
(I think this is most probable)? Unfortunately, I don't have a NT
4 Workstation around to test this issue...
Thanks for any help! (And yes, I tried every step I could find in
the documentation, and got no results...)
null
Notice the error:
Login failed for user 'Domain\ReplicationUser'. Reason: Attempting to use an NT account name with SQL Server Authentication.
When you setup your agent security, in the section "Connect to the Publisher and Distributor", you selected the option "Using the following SQL Server login", however, you entered a Windows login and password.
You need to fix your agent security and specify "By impersonating the process account" if you plan on running under the context of the process account (Windows account), or, specify "Using the following SQL Server login" and enter a valid SQL login.
Brandon Williams (blog |
linkedin)
Similar Messages
-
End-to-End user authentication with XI
Dear community,
we sit in a situation where the customer wants to have an end-to-end-authentication throughout an integration process.
The setup is as follows: a dialog-user in a legacy system uses an application that triggers an integration process through XI into SAP ERP. The dialog-user in the legacy system must be used for authentication in XI as well as SAP ERP.
To avoid having to re-create all users in XI and SAP ERP, ideally an LDAP instance would be used for authentication.
Based on my knowledge, the above scenario is not possible with XI and there is a 2 year old thread discussing the same without any positive outcome:
XI and user authentication VS R/3 systems
Nevertheless I consider this requirement as a pretty standard one. Has there been any development in this area - or how have similar customer requirements been met ?
Thanks a lot in advance !
JochenHi Jochen,
i've heard rumours saying that credential forwarding will be incorporated in the next XI release as it is a rather frequent requirement by customers and will make live much easier.
Maybe you can get a statement through your clients SAP account representative on the release date and the planned feature.
Regards
Christine -
Proxy User Authentication with SQL Developer
Hello,
I realized that there are 2 methods for configuring SQL Developer to user Proxy User Authentication.
1) one-session method with Syntax:
personaluser[appuser]
2) two session-method with dialog "Proxy Connection"
For me it is unclear, why anybody would want to use the two-session-method.
a. you need username/password for both user acocunts (personaluser and appuser)
b. it is unclear which operations in SQL Developer are using the personaluser account. It seems that the SQL Window is only using appuser account.
What was the motivation to implement Two Session Method?
Best regards,
MartinI found the possibility that proxy authentication of both accounts can be enforced:
SQL> alter user appuser grant connect through personaluser AUTHENTICATION REQUIRED;
I guess that this is the motivation for implementing the 2-session proxy connection method in SQL Developer.
Regards,
Martin -
Machine and User authentication with ISE 1.2.1
Hi ,
Can any one tell me in machine authentication what access need to be enable DACL for machine logon?
Can we enable the access on port level ? direct to tcp/udp or ip level what is the best practice.
Thanks
Pranavis this what you are looking for EAP Chaining which uses a machine certificate or a machine username / password locked to the device through the Microsoft domain enrollment process. When the device boots, it is authenticated to the network using 802.1X. When the user logs onto the device, the session information from the machine authentication and the user credentials are sent up to the network as part of the same user authentication. The combination of the two indicates that the device belongs to the corporation and the user is an employee.
http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_80_eapchaining_deployment.pdf -
Machine Authentication and User Authentication with ACS v5.1... how?
Hi!
I'm having trouble setting up Machine Authentication and User Authentication on ACS v5.1 using WinXP SP3 (or SP2) as supplicant.
This is the goal:
On wireless (preferably on wired too) networks, get the WinXP to machine authenticate against AD using certificates so the machine is possible to reach via for example ping, and it can also get GPO Updates.
Then, when the user actually logs in, I need User Authentication, so we can run startup scripts, map the Home Directory and so on.
I have set up a Windows Sertificate server, and the client (WinXP) are recieving both machine and user certificates just fine.
I have also managed to set up so Machine Authenticaton works, by setting up a policy rule that checks on certificate only:
"Certificate Dictionary:Common Name contains .admin.testdomain.lan"
But to achieve that, I had to set EAP Type in WinXP to Smart Card or other Certificate, and then no PEAP authentication occurs, which I assume I need for User Authentication? Or is that possible by using Certificates too?
I just don't know how to do this, so is there a detailed guide out there for this? I would assume that this is something that all administrators using wireless and WinXP would like to achieve.
Thank you.Hello again.
I found out how to do this now..
What I needed to do was to add a new Certificate Authentication Profile that checks against Subject Alternative Name, because that was the only thing I could find that was the same in both user certificate and machine certificate.
After adding that profile to the Identity Store Sequences, and making tthe appropriate rule in the policy, it works.
You must also remember to change the AuthMode option in Windows XP Registry to "1".
What I really wanted to do was to use the "Was Machine Authenticated" condition in the policies, but I have never gotten that conditon to work, unfortunately.
That would have plugged a few security holes for me. -
Performing User authentication with php server
How to perform user authentication and keep track of logged
in users ? I have the login form saved in one AIR page. I could do
an ajax request to authenticate the user. However, how to keep
track of the user after being logged in, so that when moving to
other pages, he doesn't need to login again ?Hi,
Cookies work in an Adobe AIR HTML application. You can use
cookies to track your session. -
Proxy user authentication with BC4J
On my webapp i have a connections pool and a MyApplicationModule.
I can obtain a OracleConnection instace by overriding the method prepareSession()
into the application module.
I need to associate the OracleConnection with the ApplicationModule object to execute my queries with the application module and the proxy user.
The application module is created by this code:
appMod = (MyApplicationModule)Configuration.createRootApplicationModule("xx.xxx.MyApplicationModule", "MyApplicationModuleLocalTest1");
The prepareSession ovverride is done by this code:
protected void prepareSession(Session session) {
Statement st = null;
try {
st = getDBTransaction().createPreparedStatement("rollback",0);
OracleConnection oConn = (OracleConnection)st.getConnection();
Properties props = new Properties();
props.put("PROXY_USER_NAME", "USERTEST");
oConn.openProxySession
(OracleConnection.PROXYTYPE_USER_NAME,props);
catch (SQLException s) {
//ignore
finally {
if (st != null) {
try {
st.close();
catch (SQLException s) { }
super.prepareSession(session);
Tanks and sorry for my poor english.I found the possibility that proxy authentication of both accounts can be enforced:
SQL> alter user appuser grant connect through personaluser AUTHENTICATION REQUIRED;
I guess that this is the motivation for implementing the 2-session proxy connection method in SQL Developer.
Regards,
Martin -
Oracle Apps User Authentication with Active Directory
Greetings,
I am running Oracle Apps 12.1.1 using native login authentication. What I would like to do is set it up so that it uses our Active Directory to authenticate users. Does anyone know if there is an easy way to configure this or do I need to use OIM to accomplish it?
ThanksHave a look here
http://www.oracle.com/products/middleware/identity-management/docs/db-users-roles-management-whitepaper.pdf -
Any recommendations or templates for User authentication with Flash sites?
Looking to register, validate email registration and autheticate users to restrict access to individual accounts. Does anyone have recommendations or templates? It seems there would be a template out there that is generic for this purpose.
Looking to register, validate email registration and autheticate users to restrict access to individual accounts. Does anyone have recommendations or templates? It seems there would be a template out there that is generic for this purpose.
-
802.1x PEAP Machine Authentication with MS Active Directory
802.1x PEAP Machine and User Authentication with MS Active Directory:
I have a simple pilot-text environment, with
- Microsoft XP Client,
- Cisco 2960 Switch,
- ACS Solution Engine (4.1.4)
- MS Active Directory on Win 2003 Server
The Remote Agent (at 4.1.4) is on the same server as the MS AD.
User Authentication works correctly, but Machine Authentication fails.
Failed machine authenticaton is reported in the "Failed Attempts" log of the ACS SE.
The Remote Agent shows an error:
See Attachment.
Without Port-Security the XP workstation is able to log on to the domain.
Many thanks for any indication.
Regards,
Stephan ImhofIs host/TestClientMan.Test.local the name of the machine? What does the AAA tell for you the reason it fails?
-
Simple Authentication with SMP 10.1 and FMS 3.5
Good day all,
I am looking to add simple authentication to the SMP player for use with FMS 3.5. I recently came across a technical paper published by Adobe titled, "Video content protection measures enabled by Adobe Flash Media Interactive Server 3.5". Within this document are three examples of user authentication with code samples. I am starting with the "simple" client verification using a unique token authentication key method first.
I've noticed that SMP doesn't have any FMS security mechanisms built-in at least that I've been able to identify in the documentation or feature specs. Did I miss something? I am looking for assistance in getting started with adding this feature to SMP. So my question is where could I add the client side Actionscript within the SMP structure?
I'd very much like to hear about others' experiences with adding security mechanisms to SMP used with FMS.
Thank you.Andrian - Thank you for the quick reply. I'm gald SMP has support for the playback of protected content. Is there more documentation than this demo on this topic?
I'll explain what I'm doing. I am implementing SMP as the default video player application used in online courses at the Savannah College of Art and Design. Identifying the player and implementing its use in our production workflow is the first step in a strategy to deliver a better video experience and leverage the scalibility and flexibility of SMP. On the back end integration with our FMS I have been asked to implement some user authentication. We don't need to re-auth the students as they have already been authenticated through our LMS. What is desired is each player instance authenticates with our server to prevent stream ripping.
The simple user token authentication key example from the linked document seems to best suit this intial need. -
Need help with external user authentication
Hello,
I need some help to set up an external user authentication in Oracle DB 10g. Using the documentation at
http://www.oracle-base.com/articles/misc/OsAuthentication.php
I added the user alex to my linux system and checked the parameter os_authent_prefix:
SQL> show parameter os_authent_prefix
NAME TYPE VALUE
os_authent_prefix string ops$
SQL>
I created the oracle user alex using
CREATE USER alex IDENTIFIED EXTERNALLY;
as well as
CREATE USER ops$alex IDENTIFIED EXTERNALLY;
The parameters in the sqlnet.ora are set to
NAMES.DIRECTORY_PATH = (TNSNAMES, HOSTNAME, EZCONNECT)
SQLNET.AUTHENTICATION_SERVICES = (ALL)
Being the local user alex on the linux server I can login:
$ sqlplus /
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Aug 30 08:56:26 2011
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Release 10.2.0.1.0 - 64bit Production
SQL>
Now using a Windows Client:
C:\>sqlplus alex@<netservicename>
SQL*Plus: Release 10.2.0.1.0 - Production on Di Aug 30 10:31:37 2011
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Kennwort eingeben:
ERROR:
ORA-01017: invalid username/password; logon denied
- So, what's wrong?
- Do I always have to create oracle users with the prefix "ops$" to the local username? How do these users login - with or without the prefix 'ops$'?
- I read that kerberos authentication is only available through oracle advanced security addon. What about authentication through ldap?Obviously it doesn't work from any remote system.
For this to happen the parameter remote_os_authent would have been set to true.
Warning: this poses a security risk.
As far as I know you should have been logged in as alex on the client, and using sqlplus /
However, from 10g onwards Oracle comes with Oracle Wallet, which stores the password encrypted outside the database in a file, called wallet, and which is accessible from anywhere.
You would better use that.
Sybrand Bakker
Senior Oracle DBA -
User Authentication Failed via http BUT not with Visual Administrator !!?
OS : Win 2k3 Server UK * DB : SQL Server 2005
SAP Netweaver 2004s Application Java
Hi All,
Since a couple of days, I have a problem concerning authentication to the java apllication on a SAP Netweaver 2004s.
Using the user Administrator, I CAN logon the Visual Administrator tool, with the same user I tried to logon via http://host:port/nwa without success.
At the beginning, I was thinking about a problem of password then I enabled the emergency user SAP*, the problem was the same. Ok with Visual Administrator but not via http.
Here is two logs found in folder : D:\usr\sap\SID\JC02\j2ee\cluster\server0\log\system\
security.3.log
<i>#1.5#001871E5EA3A00550000006D0000172800043B836D838427#1191335570983#/System/Security/Audit#sap.com/com.sap.security.core.admin#com.sap.security.core.util.SecurityAudit#Guest#0####5aac137070f411dcc513001871e5ea3a#SAPEngine_Application_Thread[impl:3]_11##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest | LOGIN.ERROR | null | | Login Method=[default], UserID=[Administrator], IP Address=[192.168.10.125], Reason=[Authentication did not succeed.]#</i>
server.0.log
<i>#1.5#001871E5EA3A0052000000130000172800043B835E3661D1#1191335314249#/System/Server/SLDService##com.sap.sldserv.SldServerFrame######c1a349a070f311dcaa68001871e5ea3a#SAPEngine_System_Thread[impl:5]_71##0#0#Warning#1#com.sap.sldserv.SldServerFrame#Plain###Failed to collect SLD data. Failed to send HTTP data: 401 : Unauthorized. Please check if the target SLD system is available and the SLD bridge is started there.#</i>
 I tried to connect http://host:port/sld same problem User Authentication Failed
<b>Do you have an idea for me? Why a user can connect via Visual Administrator and not via the http interface?</b>
Thanks in advance
YvesHi,
I found the solution this last week-end.
This behavior let's thinking to a problem of authentication.
But the problem was in SQL, an index was missing in table J2EE_CONFIG, called J2EE_CONFIG_I3
Cheers
Yves -
Problems with 802.1x MS PEAP machine and user authentication
Using Microsoft PEAP 802.1x client on Windows XP SP2, if we enable machine authentication against a Windows Domain, the machine authentication is successful and the machine gets access to the network. However, when user logon occurs to the domain, contrary to the flow given in ACS and Windows documentation, no user authentication takes place.
We need to differentiate user access based on their identities. We need machine authentication only to allow users access to the domain controller and also GP implementation.
Any idea why user does not get prompted when they logon. 802.1x is configured in users profile and I have tried with both integrated and non-integrated with Domain logon (i.e. "use my windows logon name and password and domain (if any) option"
There is no record of any identity request/response in ACS after the initial machine authentication (which appears in successful authentication log)
We are using MS-CHAPv2.Update...The problem of cached credentials in MS PEAP does not occur if "enable logon using Windows username and password (and domain if any) is checked. Using this option, MS PEAP always uses logged on users most current credentials.
However, using this option sends the username as "DOMAIN\USERNAME". Since we are using ACS internal database for user authentication (even though the ACS and Windows passwords are same - using an identity management system) ACS does not recognize the user.
I have tried proxy distribution with prefix stripping but it does not seem to work when it is pointing to the same ACS server on which proxy distribution is configured and which receives the request.
Any idea how the domain\ can be ignored by ACS? -
"User authentication failed" when connecting with Visual Administrator
Hello,
I am having trouble making a connection to my local J2EE Engine using the Visual Administrator (VA).
I open the VA interface and create a new connection. The default User Name is "Administrator". I put in "localhost" for host, "50004" for port and leave the Transport Layer selection to "Default".
When I try to connect this way I get the following message:
User authentication failed
Next I went into Start|Settings|Control Panel|Users and Passwords and saw that there were several ids created by the Developer Workplace (DW) installation. The ids that I see are: j2eadm,sapadmin,sapinstall and SAPServiceJ2E
I checked all of them to see what groups they're members of and they're all at least members of "Administrators" group.
There are also 3 new groups that must have been created by the DW installation: SAP_J2E_GlobalAdmin, SAP_J2E_LocalAdmin and SAP_LocalAdmin.
The j2eadm id belonged to all 3 new sap groups so I changed its password to something I'd remember and then changed the connection to use that login.
When I tried to connect thru VA using this id and the new password I still get the "User authentication failed" error message.
Can anyone please tell me what I'm doing wrong?
Thanks in advance for any help.
David.Hi,
During the installation the SAPINST asks for a Administrator Password.. This password is very important.
We had kept same passwords for all userids to start with.
This helped reduce lot of confusion.
Warning: if you enter the wrong password 5 times, the userid 'Administrator' gets locked.
However there is an Emergency password recovery procedures.
Try this link
http://help.sap.com/saphelp_erp2004/helpdata/en/3a/4a0640d7b28f5ce10000000a155106/frameset.htm
Hope that helps
Regards,
Siddhesh
Maybe you are looking for
-
How can I sent 2 or more attached files with 1 email-message from Ipad iOs6.0?
How to sent a mail with 2 or more attachments from Ipad or Iphone? Not foto or video-files!
-
Count the number of business partners on a non-cumulative key figure
Dear experts, I have a problem. We have an InfoCube in BW in which the Activity Journals are loaded every day. In this Activity Journals it is registered that a Material was listed (available) at a customer (value 0 or 1). We have a non-cumulative ke
-
Bind Variables are not allowed in select statement
I created a lov to one parameter field in a report using select statement. select distinct mtrl_group||' - '||grup_desc from mtrl_mast a , grup_mast b where financial_year||financial_month = :P_cutofff_period) and a.mtrl_group = b.grup_code this is m
-
Problem while downloadin in pariticular directory
please check the pgm there is no logic behind it iam trying to download set of data present in t_bkpf internal table in a flat file in the mentioned directory. just correct me wats wrong in this coding otherwise give some simple eg like this *& Repor
-
Is it safe to delete Render Data Files?
I was working my lower third in Motion and switch between Motion and FCPX to see the results. My laptop told me it couldn't save any changes because my HD run out of spaces. What I found is FCPX keeps all the render data in my project folders. Some r