Users cannot authenticate
Hello
I recently had a lot of errors on two ML servers actinbg as OD Master/Replica, so decided to reinstall from scratch. One is running OS X 10.8.2, the other 10.8. Both are vanilla installs (going so far as to recreate the RAID), and both have the latest version of server.app installed.
Network users cannot authenticate.
Running slapconfig -ver gives the following errors on both machines:
bubbles:~ administrator$ sudo slapconfig -ver
2012-11-27 20:17:31 +0000 command: /usr/libexec/slapd -T cat -c -f /etc/openldap/slapd.conf -s ou=macosxodconfig,cn=config,dc=test249,dc=home
2012-11-27 20:17:31 +0000 Error execing slapcat: 50b51fdb /etc/openldap/slapd_macosxserver.conf: line 303: unknown directive <TLSCertificatePassphrase> inside backend database definition.
slapcat: bad configuration file!
LDAP Setup Tool (slapconfig), Apple, Inc., Version 1.2
Obviously ou=macosxodconfig,cn=config,dc=test249,dc=home is wrong, but I don't know where this setting is held to correct it to ou=macosxodconfig,cn=config,dc=server,dc=domain,dc=tld
Opeining slapd_macosxserver.conf shows the last four lines to be:
TLSCertificateFile /etc/certificates/server.mydomain.LONGHASH.cert.pem
TLSCACertificateFile /etc/certificates/server.mydomain.LONGHASH.chain.pem
TLSCertificateKeyFile /etc/certificates/server.mydomain.LONGHASH.key.pem
TLSCertificatePassphrase "Mac OS X Server certificate management.LONGHASH"
I can 'fix' the second error by commenting out that last line. But that just results in a new and exciting error:
bubbles:~ administrator$ sudo slapconfig -ver
2012-11-27 20:43:00 +0000 command: /usr/libexec/slapd -T cat -c -f /etc/openldap/slapd.conf -s ou=macosxodconfig,cn=config,dc=test249,dc=home
2012-11-27 20:43:00 +0000 Error execing slapcat: slapcat: slap_init no backend for "ou=macosxodconfig,cn=config,dc=test249,dc=home"
LDAP Setup Tool (slapconfig), Apple, Inc., Version 1.2
Hi
i get the same error but authentication still works.
Are you sure that the recovery of your password worked ?
In case I have this issue i can only authenticate as a local user, not as an opeddir user.
This user must have admin rights to make sudo, afaik.
But it is interesting that my error comes on line 302 and yours on line 303.
Below i have attache the auth part from my /etc/openldap/slapd_macosxserver.conf
Check for any difference.
macmini:~] user% sudo slaptest -f /private/etc/openldap/slapd.conf -v
Password:
52054639 /etc/openldap/slapd_macosxserver.conf: line 302: unknown directive <TLSCertificatePassphrase> inside backend database definition.
slaptest: bad configuration file!
# authdata database definitions
database bdb
suffix "cn=authdata"
rootdn "uid=root,cn=users,dc=macmini,dc=domain,dc=TL"
directory "/var/db/openldap/authdata"
checkpoint 128 1
index default eq
index objectClass eq
index authGUID eq
index entryUUID eq
index entryCSN eq
index draft-krbPrincipalAliases eq
index draft-krbPrincipalName eq
timelimit 60
idletimeout 300
cachesize 20000
idlcachesize 10000
sizelimit size.pr=11000 size.prtotal=unlimited
#limits set="computer/cn & [cn=com.apple.opendirectory.group,cn=computer_groups,dc=macmini,dc=domain,dc=TL ]/memberUid" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
access to *
by dn.exact="uid=_ldap_replicator,cn=users,dc=macmini,dc=domain,dc=TL" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
TLSCertificateFile /etc/certificates/macmini.D5473ED3099C09ACE59C2944EA9FDDFC024DC07.cert.pem
TLSCertificateKeyFile /etc/certificates/macmini.D5473ED3099C09ACE59C2944EA9FDDFC024DC07.key.pem
TLSCertificatePassphrase "Mac OS X Server certificate management.D5473ED3099C09ACE59C2944EA9FDDFC024DC07"
TLSCACertificateFile /etc/certificates/macmini.D5473ED3099C09ACE59C2944EA9FDDFC024DC07.chain.pem
Similar Messages
-
Samba Users Cannot Authenticate?
I just want to start this thread by saying samba makes me want to kill myself. I love it so much, that it makes me want to rip my heart out and feed it to stray dogs every time I need to write a new configuration. Because I truly hate configuring it. Ok, with that steam having been blown off, let's jump into the problem I've been chasing for hours.
My users cannot login to samba shares. Simple as dirt. Every single time I access the shares as a user, I am prompted for my password, I enter my password, and the prompt immediately asks me again, as if I've entered the wrong password.
Heading off the obvious: Yes, I've added samba users with pdbedit -a -u [username]. The unix permissions on the folder I am trying to access as a samba user are 755, and I am trying to access the folder as its owner. My server smb.conf is included below.
[global]
workgroup = WORKGROUP
passdb backend = tdbsam
netbios name = ArchServ
name resolve order = bcast host lmhosts wins
server string = ""
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
use client driver = yes
map to guest = Bad User
local master = yes
preferred master = yes
os level = 65
usershare allow guests = Yes
usershare max shares = 100
usershare owner only = False
security = share
#username map = /etc/samba/smbusers
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print ok = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[Home - user1]
comment = Deyla's Home folder
path = /home/user1
create mask = 0755
guest ok = yes
browsable = yes
write list = user1
public = yes
[Home - user2]
comment = James' Home folder
path = /home/user2
create mask = 0755
guest ok = yes
browsable = yes
write list = user2
public = yes
[Transmission Home]
comment = Torrent downloads
path = /home/transmission
create mask = 0775
guest ok = yes
browsable = yes
write list = user1 user2
public = yes
They work flawlessly as guest shares, and I have no problem gaining access... but when I try to log into a share as a user, the user will absolutely not authenticate, and it is the most frustrating, puzzling enigma to me. I formerly had this very samba configuration on an Ubuntu file server, and had no problems with the share behaving exactly as I wanted it to. I cannot for the life of me figure out why my users cannot authenticate.
Please help! Any and all tips are appreciated! Thank you in advance!Thanks to Swerdina over at the OpenSUSE forums, I was able to solve my samba issue (thread). In a nutshell, my problem was the last active line in my [global] stanza, which was set to "security = share". By setting this global setting to "security = user" it fixed my problem and now allows me to invoke my shares with user privileges if I so choose to. Hopefully this helps someone who may have had a similar problem.
-
10.6 Mail users cannot authenticate SMTP using Kerberos
I upgraded to 10.6 Server from 10.5 Server (using "migrate" and Target mode, from a G5 to a Mac Pro). Client Macs have a variety of OS: 10.4, 10.5, 10.6 and 10.7. All those clients can now authenticate AFP connections to the server using Kerberos. But thus far, only clients using 10.4, 10.5 and 10.7 can authenticate SMTP connections using Kerberos. I have 3 clients using 10.6 on Mac Pros, they all can get tickets using kinit no problem, but their Mail cannot send messages unless they switch to MD5. Any ideas?
After poking around I discovered I needed to enter info in the Domain section of the Kerberos utility on the 10.6 Macs, since in my case the Kerberos Realm name is not the same as the Domain name.
-
Single User Cannot Authenticate
I have a user who is constantly denied authentication to iPrint and I'm having difficulties figuring out why.
My system configuration is as follows: The local system is a Windows 7 SP1 Pro desktop, it has a local hosts file entry pointing it to my "new" iPrint server. There was a new printer purchased for this user's office and rather than setting it up on both the old and new server I just wanted to set her up on the new and be done with things. Anyway, when we first migrated the user to the new iPrint server everything worked correctly and the user could print without any trouble. Several weeks later the user gets the iPrint authentication dialog box every time she tries to print and entering her own credentials fails to authenticate, but a generic account seems to work. She recently had to reset her password but this issue was occurring both before and after the recent password reset, and I have verified that neither password is currently working, and that the user does have rights to the printer.
Now here is where things get more curious... In looking at the user's object, the uniqueID attribute had 2 entries, one with the user's correct name and one with the user's name but misspelled. When I first looked at the system and found this double entry I discovered that I could successfully authenticate to iPrint when using the misspelled version of her uniqueID. I later deleted this incorrect entry thinking that it would then allow the correct spelling to authenticate, but it did not. When looking at other Attributes, I'm also finding that there is a 2nd entry under SAS:Login Configuration which none of my other users have but since it is not human friendly to read I'm hesitant to delete either entry. Does anyone have advice for how to proceed? Thank you!marklar23,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://www.novell.com/support and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Forums Team
http://forums.novell.com -
SEEBURGER AS2: AS2 Adapter failure - Cannot authenticate the user
Hello,
All was working fine but now I got these errors in an AS2 scenario. Sending a message via AS2. Also we don't receive any messages via AS2 anymore. This is the error when sending a message:
Unable to forward message to JCA adapter. Reason: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.
MP: Exception caught with cause javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.
Exception caught by adapter framework: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user
Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.: javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure.
Please advice, many thanks!
ErikAre you using the "Use Authentication" option in the communication channel? If yes, then ensure that the user provided is correct and is not locked. Also recheck the authentication certificate settings.
Regards,
Prateek -
ACS cannot Authenticate Aironet Users against Exernal DB (LDAP)
ACS cannot Authenticate Aironet Users against Exernal DB (LDAP)
Can anyone point me to a technical explanation of why this is true?
All I have found so far is one small note in a help file and something that might be related under EAP-FAST explanation.
I have posed this question to our Cisco account team but no response yet.
Just need to have a good explanation when explaining to mgmt why we need to have a special setup for WLAN users.Hmmm....you should be getting more than that from debug radius and debug aaa authen if your AP is truly attempting EAP authentication. The debugs I generally use for this are 'debug aaa authen', 'debug radius', and 'debug dot11 aaa dot1x all' coupled with gathering the detailed support logs from ACS. A warning about 'debug dot11 aaa dot1x all'....it is VERY verbose and cryptic if you don't have alot of experience looking at it so it may be best to open up a TAC case. With these debugs turned on, you should see an EAPOL logon show up from the client (usually says 'received EAPOL packet...') and then a request for identity from the switch and a response from the client with a username and password. Then a series of RADIUS challenge/response packets will be passed which consists of the server cert being passed to the client for validation and then the client sending the username and password to the server. Then you will finally get an access-reject or access-accept packet from the RADIUS server. The failed and passed attempts logs in ACS can also provide good info as to what the source of the failure may be. Do you get any passed or failed attempts for these authentications?
-
Org.jboss.mq.SpyJMSException: Cannot authenticate user;
JBoss 3.2.1 (also seeing the same problem on 3.2.5)
Java 1.4.1_05
The following Exception is thrown when a client (external to my firewall) attempts to createTopicConnection():
org.jboss.mq.SpyJMSException: Cannot authenticate user; - nested throwable: (java.net.ConnectException: Connection timed out: connect)
When I used a packet sniffer on a client machine, I noticed the Client was trying to connect on the server's internal IP address, which obviously is an unresolvable address to external clients.
Where should I configure JBoss to force the client to create connections on the external address?
After some research, I have seen one suggestion:
run.bat --host=<your-host-or-ip-address>
which has not helped me.
Of course, clients within my firewall have no problems.
Any suggestions?
Regards,
AEHI
I am the same problem so that please tell me how tom solver if you have been worked. -
Hello. I recenlty upgraded from Lion Server to Mavericks and Server OS X and users are now unable to access their home shares. When one attempts to afp to the server after connecting to my uni's VPN, the login box simply shakes and no connection is made.
Running Mac Mini with 10.9 and OS X Server 3.0.1 with home shares located on a Pegasus RAID array that worked fine under Lion Server. The upgrade seemed to go smoothly, as all accounts were intact and the settings were identical to the functional Lion Server settings. I have combed these forums trying to find a response that actually works for me, but was unable to locate a match that resulted in a working solution.
Here is a sample log when attempting to login:
Dec 16 13:08:50 xx.xx.xx.private kdc[109]: Got a canonicalize request for a LKDC realm from local-ipc
Dec 16 13:08:50 xx.xx.xx.private kdc[109]: LKDC referral to the real LKDC realm name
Dec 16 13:08:52 xx.xx.xx.private kdc[109]: AS-REQ xx@LKDC:SHA1.313DA2EA0C5E8BCD1311C69A6930240237DDC372 from local-ipc for krbtgt/LKDC:SHA1.313DA2EA0C5E8BCD1311C69A6930240237DDC372@LKDC:SHA1.313DA2EA0C5 E8BCD1311C69A6930240237DDC372
Dec 16 13:08:52 xx.xx.xx.private kdc[109]: UNKNOWN -- xx@LKDC:SHA1.313DA2EA0C5E8BCD1311C69A6930240237DDC372: no such entry found in hdb
Dec 16 13:08:57 xx.xx.xx.private kdc[109]: AS-REQ [email protected] from 127.0.0.1:51721 for krbtgt/[email protected]
Dec 16 13:08:57 --- last message repeated 1 time ---
Dec 16 13:08:57 xx.xx.xx.private kdc[109]: Client ([email protected]) from 127.0.0.1:51721 has no common enctypes with KDC to use for the session key
When I first upgraded, I was able to connect via PC but not Mac (10.9) clients, so I tried creating a new account to attempt to ferret out the problem. When I created a new account in the Server.app connecting to an existing home share, I was still unable to connect to it remotely--Server.app threw the "Cannot authenticate connection..." error and closed. I then attempted to create a new user and new home share directory in Workgroup Manager and received an error stating the home directory could not be created (I forgot the actual verbiage, but I will replicate and post if needed). I tried simply adding the folder to the home shares folder, but I was still unable to connect via afp or smb.
Any suggestions are greatly appreciated, as I need to resolve this issue ASAP. Please let me know if any other information would be useful to diagnosing this issue.
Thanks!I have the same problem although I upgraded from Lion Server to Mountain Lion Server. The error appears to go hand in hand with this error.
userInit: CFPreferences: user home directory for user kCFPreferencesCurrentUser at /Network/Servers/fullyqualifieddomainname/Users/user is unavailable. User domains will be volatile.
I've read a number of things to try. A lot of people point to DNS being a problem, but I'm confident this is correct in my environment. -
User cannot log into ZCM Agent 11.3.1
We just went through a domain migration. All PCs were unregistered from the old ZCM 11.2 server in the old domain before they were migrated. When we went to re-register them to the 11.3.1 ZCM server, we ran into 2 issues. Some of the systems successfully upgraded to 11.3.1 BUT users cannot log onto the ZCM 11.3.1 Agent. It's giving an error of "unable to log into the network because the login credentials or the server certificate is incorrect". The PCs that didn't not upgraded to ZCM 11.3.1 and are running 11.2.0 do not have this problem. They get authenticated appropriately. The User configuration is set to eDirectory (just like on the ZCM 11.2 server in the old domain).
I ran "zac ci" and noticed there are old certificates from ZENworks servers that are no longer around. How do you get rid of these old references? It's picking up the new server's certificates. I ran this on my PC ZCM Agent 11.2 (won't upgrade and can authenticate into the ZCM 11.2 agent just fine) and I do not see the old certificates. I'm only seeing certificates for the new ZCM 11.3.1 server in the new domain and the eDirectory master server that the ZCM server is referencing.The old Trusts can be cleared using IE to managed the Trusted Root
Stores. There are some other ways too.
However, Having old ones should not be an issue unless the old and new
Servers have the same name. Not 100% sure matching will cause an issue,
but I think I have seen that before.
It may be possible to automate the removal of the old trusts, but I
would not worry about that until you verify it is an issue by manually
fixing a couple and see if resolves your issue.
Your issue may be something else.
Reinstalling CASA is something else to try.
On 10/9/2014 5:16 AM, hfr63 wrote:
>
> We just went through a domain migration. All PCs were unregistered from
> the old ZCM 11.2 server in the old domain before they were migrated.
> When we went to re-register them to the 11.3.1 ZCM server, we ran into 2
> issues. Some of the systems successfully upgraded to 11.3.1 BUT users
> cannot log onto the ZCM 11.3.1 Agent. It's giving an error of "unable
> to log into the network because the login credentials or the server
> certificate is incorrect". The PCs that didn't not upgraded to ZCM
> 11.3.1 and are running 11.2.0 do not have this problem. They get
> authenticated appropriately. The User configuration is set to
> eDirectory (just like on the ZCM 11.2 server in the old domain).
>
> I ran "zac ci" and noticed there are old certificates from ZENworks
> servers that are no longer around. How do you get rid of these old
> references? It's picking up the new server's certificates. I ran this
> on my PC ZCM Agent 11.2 (won't upgrade and can authenticate into the ZCM
> 11.2 agent just fine) and I do not see the old certificates. I'm only
> seeing certificates for the new ZCM 11.3.1 server in the new domain and
> the eDirectory master server that the ZCM server is referencing.
>
>
Going to Brainshare 2014?
http://www.brainshare.com
Use Registration Code "nvlcwilson" for $300 off!
Craig Wilson - MCNE, MCSE, CCNA
Novell Technical Support Engineer
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human. -
I'm trying to sign my messages between client & webservice using X509 certificates. I've created a keystore and imported:
privatekey1, certificate1(public key) and trustedCertAuthority that published certificates.
I've configured webservice & client to use that keystore and privatekey1 to sign request/response, but web service keeps throwing following exception:
javax.security.auth.login.LoginException: Cannot authenticate X509 certificate, User EMAILADDRESS=[email protected], CN=testUser, ... does not exist in our system
How can I configure web service to find that certificate?
Thnx for help.Yes, I did. I found the problem..
I had also checked to Authenticate with X509 certificate... and obviously I should somehow set the Securtiy provider, although, I don't know how (but it's not so important right now).
But I do have another question - how can I use private key & public key in certificate X509 to encrypt messages. In the sample you mentioned, it's written that there shoud be separate key for signature & encryption, but I have separate keystores for client (with client private key & server public certificate) and for server (with server private key & client certificate). But I can't get it to work... It seems to me that in that case signature key alias at service should be the same as key needed to decrypt the message?
Am i missing something again?
Thanks. -
I have about 10 VPN clients connecting to a Cisco ASA 5510. I am getting calls that sometimes people are getting 413 errors here and there. When they out it username and password, the dialog box pops up again and then they get a error 413 cannot authenticate. Any ideas, they are IPsec tunnels which I hae 250 available.
The easiest way to troubleshoot this would be to retrieve the debug information when the users fail to connect:
debug cry isa 200
debug cry ipsec 200
Though you gotta be careful when you enable the debug, if you have many IPSEC tunnels running, the ASA may resent showing all the debug information.
On release 8.0 there's a "debug crypto condition" command for you to choose only the debugs from the peer (you'll need to know the client's public address)
I would also suggest to try to get more information on the error: is it happening for ALL the users? it's happening always from the same location: home, office, etc?
Sometimes this "random" connection issues are related to delay/problems with the client's internet connection.
Regards, -
Windows AD cannot authenticate if BI platform UNIX?
We were eagerly awaiting BI4 SP04 to address several SAP integration issues including the requirement use Windows AD for single sign to SAP Enterprise Portal hosting BI4 content (dashboards/webis/Analysis for OLAP) and BEx Web analyzer, i.e. user logs on once for Windows to authenticate to all SAP systems, ECC, BW, BI, EP, etc.. We have no plans to use the BI Launch Pad.
We are on AIX 6.1 for BI4 SP04, NW 7.3.1 and EP and BW 7.3.1 and are working through Kerberos client on AIX to Windows AD and SNC and SSO in SAP...
Frankly we have been struggling for some time with issues on BI4 SP02 and NW 7.3 so we are frustrated when we came across the followg in SAP doc -
Business Intelligence Platform Administrator Guide.pdf (http://help.sap.com/businessobject/product_guides/boexir4/en/xi4_bip_admin_en.pdf)
Page 211
The Windows AD security plugin cannot authenticate users if the BI platform server components are running on Unix
Page 212
Windows AD with Kerberos is supported if the Java application is on Unix. However, BI platform services must run on a Windows server.
Can someone clarify these statements? We will install Java application (NW? BI Java?) on UNIX. We will not run BI Platform? services on Windows.
If our requirement is to have a user only logon once to Windows and access BI4 content in the SAP Portal, not the BI Launch Pad, MUST we run BI4 on Windows?
Sincere thanks for your time and thoughts,
Lee Lewis
Summit Electric Supply
ASUG EDW and BO SIG Volunteer - Market Leader
[Email address removed. Please see the rules of engagement. The forum Administrator]Hi Ainsley,
A work around? Yes and no and sort of ...kind of...
This turns out to be quite complex and tempermental.
In short, you cannot use Windows AD authentication, but instead use LDAP (with the Microsoft Active Directory). We were able to get this to work with much effort. The biggest limitation is that it supports a single AD forest.
I am giving a presentation on silent single sign on for BI4 and Enterprise Portals at the SAP BO User Confernce in Orlando and will see about posting the slides after the conference, but can share some of the resources here that we found to be most useful. Please reach out to me if I can help further.
Lee Lewis
•Integrating SAP BusinessObjects BI Platform 4.x with SAP NetWeaver, Ingo Hilgefort, SapPress 2011
•Configuring LDAP Manual Authentication and SSO for BI4 on Unix
•1631734 - Configuring Active Directory Manual Authentication and SSO for BI4
•Business Intelligence Platform Administrator Guide, SAP BusinessObjects Business Intelligence platform 4.0 Feature Pack 3, June 2012
•1670073 - How -To: Generate keystore and certificate in the process of configuring STS for SAP
•1687295 - How to configure Single Sign On (SSO) on the SAP Netweaver 7.x portal to BI4
•IBM - Configure single sign-on authentication on AIX
•1537480 - Best Practice: How To setup Active Directory Single Sign On when BOE CMS is on Unix or Linux
•Kerberos Explained - Microsoft Technet
•SAP Help - Secure Network Communications (SNC)
•Using Kerberos Authentication for Single Sign-On
•SAP Netweaver 7.3 Configuring Kerberos Authentication
•SAP BusinessObjects BI4 Active Directory SSO Tutorial
• 1631734 - Configuring Active Directory Manual Authentication and SSO for BI4
•1245218 - How to connect the LDAP plugin to Active Directory
Lee Lewis -
Network users cannot log in to server
I have set up a new server from scratch on a new Macmini. In the main, it works absolutely fine. Users can log into the sever from client device as registered user and can share the screen with no problem.
The users are set up as local network users and are in a local group and a network group. I set them up using Workgroup manager after setting up Open directory. All users cn be seen from OD and WM. However, they cannot log in to the server directly - only the server adminstrator can do that. Home drives etc are all set up fine.
Any help will be greatly appreciated.
FAdministrators always have access, you may have blocked Network Users from having access using Workgroup Manager 10.8.
Open Workgroup Manager 10.8
Authenticate to the local directory as an administrator.
Go to the machines section and select the server where users cannot log in.
Click the preferences icon to see the preferences for that computer set through WM 10.8
From the overview choose Login.
Choose the Access tab and set Manage: to Never.
Message was edited by: Mark23 -
ACE-4710 : Device Manager on Primary ACE cannot authenticate
Hi,
In a cluster of redundant ACE-4710, version A5(1.2), the graphical Device Manager on the primary ACE cannot authenticate users. An error message is displayed :
The strange thing is that the standby ACE Device Manager work correctly. Moreover, both ACE are perfectly synchronized :
CH01AC03/P-115-A# sh ft group summary
FT Group : 14
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 200
My Net Priority : 200
My Preempt : Enabled
Peer State : FSM_FT_STATE_STANDBY_HOT
Peer Config Priority : 150
Peer Net Priority : 150
Peer Preempt : Enabled
Peer Id : 1
No. of Contexts : 1
Here is the details on the ACE and DM version :
CH01AC03/P-115-A# sh ver
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 1985-2012 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
loader: Version 0.95.1
system: Version A5(1.2) [build 3.0(0)A5(1.2) adbuild_19:38:58-2012/01/17_/auto/adbure_nightly4/renumber/rel_a5_1_2_throttle/REL_3_0_0_A5_1_2]
system image file: (hd0,1)/c4710ace-t1k9-mz.A5_1_2.bin
Device Manager version 5.1 (0) 20111215:1009
What coud be the problem ?
Thank you
YvesHello Yves,
Try with the command "dm reload" in the Admin Context
Cesar R
ANS Team -
"Cannot Authenticate the Phone" with IBM T60 and N...
Hello!
I've been reading through the various posts on the "cannot authenticate the phone" -issue, yet after uninstalling & installing BT stack & PC Suite various times my problem still persists. I've also followed every single piece of instruction I've found on uninstalling Microsoft BT stack, yet PC Suite still reports that it is available.
I can connect from my laptop to the dial-up networking service on the phone, and I am able to connect from the phone to the headset service on my laptop, so BT stack & pairing works ok; I am also able to synchronise the phone via IR => problem must be somewhere in the PC Suite's bluetooth sections.
Is there any flags to enable debugging level logs in PC Suite? I would SOOO MUCH like to see what the hell goes wrong in there.
Or is there *any* way of getting this to work??
Getting pretty tired with this..
Rgrds,
sakuvee.
Operating system:
Microsoft Windows XP
Build 2600
Service Pack 2
Language: English (United States)
Language for non-Unicode programs: English (United States)
Locale: English (United States)
Input language: Finnish
Nokia PC Suite:
Version 6.81.13.0
Language: English
Connectivity Cable Drivers:
Version 6.81.1.2
Microsoft Outlook:
Version 11.0
Build 8010
Bluetooth stacks:
Microsoft Bluetooth stack
Version 5.1.2600.2180
WIDCOMM Bluetooth stack
Version 5.0.1
Build 3200
BT device: Thinkpad Bluetooth with Enhanced Data Rate
BT firmware: Broadcom 2.1.92.108, HCI 2.0 206C, LMP 2.0 415C
BT driver: Broadcom, 1.8.2006, 5.0.1.3200
Phone: V 3.0617.0.6, 03-05-2006, RM-92, Nokia N80 (03)
---Message Edited by sakuvee on 19-Oct-2006
02:46 PMOK - here's what I did to FINALLY get it working:
1) Uninstall PC Suite (from Add Remove Programs)
2) Uninstall Nokia Connectivity Solution
3) Remove C:\Documents and Settings\[uid]\Application Data\Nokia, ...\\Application Data\[uid]\PC Suite, ...\All Users\Application Data\PC Suite, C:\Program Files\Common Files\Nokia, C:\Program Files\Nokia. Basically all Nokia directories left behind by Nokia uninstallers.
4) Restart machine
5) Run PC Suite Cleaner (all options one at a time, except the diagnostics, don't restart although it recommends to do so)
6) Restart machine
7) Manually clean all typelibs, activex-objects, device-ids and other registry entries linking to or containing Nokia related stuff from registry using regedit.exe
8) Restart machine
9) Install PC Suite
10) Unpair phone (from laptop and from phone)
11) Run Get Connected Wizard
Maybe you are looking for
-
HT5634 Boot Camp 4 vs. Parallels 8
I have an iMac, 21.5-inch, Mid 2011 OS X 10.8.3 and I want to run Quicken and some other PC software. Should I use Boot Camp 4 or Parallels 8 for Mac. I want the easiest solution (in terms of installation and usage)? Also is Wiindows 7 Home Premiu
-
Hallo everyone is there an easier way of stopping an instance of an addon after stopping it from the AddOn manager..?
-
Linux memory optimisation in 64bit IBM processor
Hi All, Its my first thread in my SDN. We are about to migrate a new system in our environment The new hardware will be IBM x3500 64bit with 20GB and for some unavoidable reasons we are planning to the use this system as 32 bit OS I am aware if we us
-
Hi Thr, I have been trying to download Oracle Big data lite VM 4 from the following link. Oracle Big Data Lite Virtual Machine The issue is that after I download the zip files and try to extract using 7zip, it gives me error that unable to extract "u
-
Unable to launch Enterprise Service Respository
Hi Frnds, When i am trying to open ESR and ID its giving error that Unable to launch ESR,unexpected error i installed correct version of JDK, unexpected exception:java.lang.Exception please help me on this, i read some blogs also but i am unable to f