Users logging on via CIF's lose login capability

Similar Messages

• Mysterious user appears logged in via SMB

  I'm running Snow Leopard Server (10.6.3), and for the last couple of days I've noticed a mysterious user logged in via SMB.
  The connections panel shows user name "Guest" at address "DENY_NONE" connected for 00.00 hours. It seems to really slow down the network when this ghost user is accessing the server.
  I may be wrong, but this user seems to appear after I have our Windows 7 test machine (iMac 3GHz Core 2 Duo) access the server.
  I also get the following message in the logs for hours after the machine logs off:
  [2010/05/03 14:01:10, 0, pid=51155] /SourceCache/samba/samba-235.2/samba/source/locking/posix.c:posixfcntlgetlock(250)
  posixfcntlgetlock: WARNING: lock request at offset 2147516416, length 32768 returned
  an Invalid argument error. This can happen when using 64 bit lock offsets
  on 32 bit NFS mounted file systems.
  The only way to get rid of this is by shutting down SMB for a few minutes.
  Any ideas on fixing this? We're going to be switching all our Windows clients to Windows 7 soon, and I don't want to magnify this problem 10- to 20-fold when we do.
  I don't get these messages when our Windows XP clients access files from the server.

  I am also having a related issue that I noticed on Snow Leopard Server 10.6.3, I have upgraded to 10.6.4 and I am still experiencing issues. The error messages in the SMB log on 10.6.4 SL Server in Server Admin:
  [2010/06/25 22:42:57, 0] /SourceCache/samba/samba-235.4/samba/source/smbd/server.c:main(925)
  smbd version 3.0.28a-apple started.
  Copyright Andrew Tridgell and the Samba Team 1992-2008
  [2010/06/25 22:42:57, 1, pid=894] /SourceCache/samba/samba-235.4/samba/source/param/loadparm.c:service_ok(3069)
  NOTE: Service Backups is flagged unavailable.
  [2010/06/25 22:42:57, 0, pid=894] /SourceCache/samba/samba-235.4/samba/source/passdb/secrets.c:secretsfetch_domainsid(150)
  secretsfetch_domain_sid:opendirectory_query_domainsid gave -14136 [eDSRecordNotFound]
  [2010/06/25 22:59:27, 1, pid=894] /SourceCache/samba/samba-235.4/samba/source/param/loadparm.c:service_ok(3069)
  NOTE: Service Backups is flagged unavailable.
  [2010/06/25 22:59:27, 1, pid=894] /SourceCache/samba/samba-235.4/samba/source/param/loadparm.c:service_ok(3069)
  NOTE: Service Backups is flagged unavailable.
  [2010/06/25 23:00:17, 1, pid=894] /SourceCache/samba/samba-235.4/samba/source/param/loadparm.c:service_ok(3069)
  NOTE: Service Backups is flagged unavailable.
  [2010/06/25 23:00:25, 1, pid=894] /SourceCache/samba/samba-235.4/samba/source/param/loadparm.c:service_ok(3069)
  NOTE: Service Backups is flagged unavailable.
  [2010/06/25 23:08:12, 0, pid=1657] /SourceCache/samba/samba-235.4/samba/source/lib/opendirectory.c:getopendirectoryauthenticator(247)
  failed to read DomainAdmin credentials, err=67 fd=19 errno=2
  [2010/06/25 23:08:15, 1, pid=1657] /SourceCache/samba/samba-235.4/samba/source/smbd/service.c:makeconnectionsnum(1092)
  new-host-3 (172.16.76.112) connect to service Groups initially as user sadmin (uid=501, gid=20) (pid 1657)
  I have restarted the server and I initiated an SMB connection from my 10.6.4 MBP and then noticed in the SMB Connections that a mysterious user appears - Guest DENY_NONE
  I am not able to disconnect this user, and this also happens when Vista/Win7 users connect.
  I haven't seen anybody resolve these issues yet, but maybe someone here can help. Any suggestions would be great. Thanks.

• How can a network account log on via ssh to run jobs?

  We have a small setup with a tiger server and snow leopard clients. Each user has their own machine, but we have some communal mac pro machines. A lot of the software we run uses xwindows and I would like to have a method that allowed the users to ssh to these number crunching machines and run their parallel code at the same time, without having to log on using the apple log in window.
  The problem: The home directory is mounted at log in and is only readable for the person who physically logs in at that computer, so if a network user logis in via ssh they cannot see their home directory, and the authentication for xwindows screws up and there is no display.
  How can I make my client machines mount the home directory properly, and in a readable way, so that my network users can ssh to various client machines and have all their data available?
  I look forward to being illuminated.
  Will Handler

  rdoss
  Welcome to the Apple Discussions.
  If you want others to be able to see the pics, but not add to, change or alter your library, then enable Sharing in your iPhoto (Preferences -> Sharing), leave iPhoto running and use Fast User Switching to open the other account(s). In the other account(s), enable 'Look For Shared Libraries'. Your Library will appear in their source pane.
  Remember iPhoto must be running in both accounts for this to work.
  Regards
  TD

• Identify if a user is logged in via GUI or IC Webcient

  Hello,
    I have to implement a badi.
  The logic in the BADI is dependent on how the user is logged in.
  Is there any way of identifying if a user is logged in via the GUI or via IC WebCLient.
  Thanks and regards,
  Murli Rao

  Hi
  i have used the system field sy-CPROG.  if it equals sapmhttp, it is on the webic.
  Hope this helps

• Hide portlet login after user logged-on

  Hi all,
  I've seen many post with the issue to hide a portlet but i didn't find a answer that help me.
  After user logged in, I want to hide the login portlet.
  I've tried a backing file, with the setVisible() method on the object PortletBackingContext in the preRender method but it didn't work.
  Can someone help me ? Is is something possible to hide dynamically a portlet or i must use another way to do it ?
  Thanks all for any answer.

  Use entitlements. Login to the portaladmin tool and navigate the library tab on the left column. Find the login portlet and click on it. On the right, click the entitlements tab.
  Entitle the view capability of the portlet to the "Anonymous" user role. This way, only anonymous users (users who are not logged in) will see this portlet.
  In the same way, if you have a User Info portlet that you should see only once you are logged in, entitle it to the "Authenticated" user role.

• Login sessions do not match the number of users logged in.

  when trying to see all the users logged in my Portal server, I go to Visual Admin->Services->Security Provider, I see many many Guest and Administrator sessions opened, although I have only one Admin account logged in.
  When I log in to ESS MSS Portal, I see two sessions for each ESS user that logs in.
  Is this normal? why is that?

  Hi,
  This is normal.
  Generally when you see the dev_server0 log, it would show that it users the j2ee_guest user id for connecting to other components etc
  I  dont know if j2ee_guest is used for any other activities also
  Please look the dev_server0 log file which gives you more details of why j2ee_guest user id is used

• How to enable multiple users logging in to the same client machine?

  Hi,
  We have our home directories shared from the server (using AFP) and this allows our users to log in to any machine via the normal console login.
  But if you try to remotely login to a machine with ssh, and another user is already logged in at the machine, then you get the error message:
  Could not chdir to home directory /Network/Servers/machinename/Users/keith: No such file or directory
  I can connect (via) ssh, only if no user is logged in at the console. If I connect with ssh when no users are logged in, and then a user logs in at the console, then this unmounts the home directory for the ssh user.
  I have read about the mnthome command, and if I try running this (from my ssh login whilst there is a console login) then I get the error message:
  Error: Mount failed with error 1 Operation not permitted
  I'm assuming that multiple ssh logins must be allowed somehow? Can you only do this if you share your home directories with NFS (in this case, I understand that all home directories always appear mounted on each client)???
  Any help appreciated,
  Keith
  Server and all clients running 10.4.3
  iBook & PowerMac G5   Mac OS X (10.4.3)  

  Thanks for the info. I really thought that this would be a fixable problem. I also thought that it might work when two different users both logged in using ssh only (i.e. when there is no console login). But this also causes problems for the second ssh login.
  What practical work-arounds have people tried? The respondent to your other post (linked to above) suggested that NFS sharing might work, only that ssh logins still don't mount the home directory. Is this the case?
  Thanks for the speedy answer.
  Keith

• Anonymous login via /irj always shows login screen

  Hi,
  we have our EP 7.0 on SP 13. We buildt a Page with Web Page composer. I implemented the hints from SAP Help (Using Anonymous Logon to Access the Portal - http://help.sap.com/saphelp_nw70/helpdata/en/cd/1aad4abcb98c4597f9e395a6b62f43/frameset.htm).
  We are using named anonymous users. The last problem is now that if we try to log on via anonymous users, the navigation appears, but in the content we only get the login screen.
  In the log files you can see this messages:
  ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [service.jms.default.authorization : administrators] referencing J2EE security role [SAP-J2EE-Engine : administrators]
  and before
  ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [SAP-J2EE-Engine : administrators]
  It is very urgent. So if anybody has an idea...
  Best,
  Stephan

  You already have iViews at this level. You just don't know by now.
  Here are the steps you need to do to make WPC Pages available to anonymous users.
  1. Configuration in PCD - go to Content Administration -> Portal Content-> Portal Content -> Web Page Composer -> Container iViews -> WPC
  Default Containers. All of the iViews in this location should have the
  "anonymous" authentication scheme. The next location which should be
  checked is Content Administration -> Portal Content -> Portal Content ->Web Page Composer -> iView Templates. Again all of the iViews should
  have the "anonymous" authentication scheme. The same applies to all the
  templates which reside in Content Administration -> Portal Content ->
  Portal Content -> Web Page Composer -> Page Layout Templates. Finally
  check if all the pages which reside in Content Administration -> Portal
  Content -> Portal Content -> Web Page Composer -> Page Layouts have the
  "anonymous" authentication scheme.
  2. Configuration in KM - make sure that all the pages, which should be
  displayed to an anonymous user have in their permissions the Anonymous
  Users Group.
  3. Security zones - if you go to System Administration -> Permissions ->Security Zones -> com.sap.nw.wpc -> wpc -> no_safety and you open the
  permissions of this object, the Anonymous Users group must be added in
  the list.
  If all mentioned objects have their setting as described and you still
  experience problems (e.g. you see a browser dialog window for
  authentication), the reason most probably is, that the KM is not
  configured for anonymous access. A full description of the needed steps
  is provided with note 837898.
  That is the way, it worked for me. As you see, the WPC uses iViews to display your developed content. Everything in the portal is always some kind of iView.
  When you follow these inestructions, your problem should be solved.

• The connection was denied because the user account is not authorized for remote login

  Using Terminal Server 2008 not able to get non administrator users to login to the remote desktop. Have tried from Windows server 2008 and from Windows servers 2003. Get error login in "The connection was denied because the user account is not authorized for remote login" from Windows Server 2008. Error "The requested session access is denied" from Windows Server 2000.

  Is that seriously the only way to do this? Doesn't this render the "Allow log on through Terminal Services" GP Setting useless?
  I would like to know this answer, as well.  I have created a new AD group for my assistant admins called "Domain Admins (limited)".  I have added this group to the GP setting "Allow log on through Terminal Services", but the
  assistant admins cannot log in through RDP.  It 'feels like' this is all I would need to do.
  Craig
  Found some good info
  here. There are really two things required for a user to connect to a server via RDP. You can configure one of them via Group Policy but not the other.
  1) Allow log on through Terminal Services can be configured through Group Policy, no problem.
  2) Permissions on the RDP-listener must also be granted.  If your user is a member of the local Administrators group or the local Remote Desktop Users group then this is handled.  If you are trying to utilize a new, custom group (as I am),
  then there isn't a way to do this via group policy (that I have found).
  EDIT: Found the answer.  I am creating a blog post to outline the steps.  They aren't hard, but they're not self-explanatory.  It deals with the Restricted Groups mentioned above, but it's still automate-able using Group Policy so that you
  don't have to touch each computer.  I think the above poster (Andrey Ganev) got it right, but
  I had trouble deciphering his instructions.
  Here is my blog post that walks through this entire process, step-by-step.

• Can not control / observe when no user logged in

  Been fighting this for weeks. Searched the forum but found no relief.
  Using ARD 3.2 we can control / observe from our office to several workstations both in our same building and in other offices around the country. On all but one we can control / observe regardless of whether or not a user is logged in. On those, when a user is not logged in, we see the workstations' login window. We can login, etc. On only one machine, which is running 10.4.11, we can control / observe ONLY when a user is logged into it. If no user is logged in we get an "unable to connect" from ARD. Call someone in that office, ask them to login, and immediately we can control / observe that workstation. We highly doubt a port forwarding / router / firewall issue since if it were, we suspect that we'd never be able to observe / control. It appears as though ARD ON THE WORKSTATION is getting disabled at user log out... BUT ONLY ON THIS ONE WORKSTATION! Any ideas, folks? Your help would be appreciated.
  Thanks,
  BB

  Silly me! This one workstation connects via wireless connection, only. We had set, "Disconnect from wireless networks when I log out" in the wireless network's connection settings. All is well now.
  Thank you

• User Authentication Failed via http BUT not with Visual Administrator !!?

  OS : Win 2k3 Server UK * DB : SQL Server 2005
  SAP Netweaver 2004s Application Java
  Hi All,
  Since a couple of days, I have a problem concerning authentication to the java apllication on a SAP Netweaver 2004s.
  Using the user ‘Administrator’, I CAN logon the Visual Administrator tool, with the same user I tried to logon via http://host:port/nwa without success.
  At the beginning, I was thinking about a problem of password then I enabled the emergency user SAP*, the problem was the same. Ok with Visual Administrator but not via http.
  Here is two logs found in folder : D:\usr\sap\SID\JC02\j2ee\cluster\server0\log\system\
       security.3.log
       <i>#1.5#001871E5EA3A00550000006D0000172800043B836D838427#1191335570983#/System/Security/Audit#sap.com/com.sap.security.core.admin#com.sap.security.core.util.SecurityAudit#Guest#0####5aac137070f411dcc513001871e5ea3a#SAPEngine_Application_Thread[impl:3]_11##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest     | LOGIN.ERROR     | null     |      | Login Method=[default], UserID=[Administrator], IP Address=[192.168.10.125], Reason=[Authentication did not succeed.]#</i>
       server.0.log
       <i>#1.5#001871E5EA3A0052000000130000172800043B835E3661D1#1191335314249#/System/Server/SLDService##com.sap.sldserv.SldServerFrame######c1a349a070f311dcaa68001871e5ea3a#SAPEngine_System_Thread[impl:5]_71##0#0#Warning#1#com.sap.sldserv.SldServerFrame#Plain###Failed to collect SLD data. Failed to send HTTP data: 401 : Unauthorized. Please check if the target SLD system is available and the SLD bridge is started there.#</i>
  &#61664; I tried to connect http://host:port/sld same problem User Authentication Failed
  <b>Do you have an idea for me? Why a user can connect via Visual Administrator and not via the http interface?</b>
  Thanks in advance
  Yves

  Hi,
  I found the solution this last week-end.
  This behavior let's thinking to a problem of authentication.
  But the problem was in SQL, an index was missing in table J2EE_CONFIG, called J2EE_CONFIG_I3
  Cheers
  Yves

• [Fixed] Can't log in via LXDM 0.4.1-2

  Ever since the patch update 0.4.1-3 I haven't been able to log in via LXDM. I skipped a few revisions, but as -7 has been out for a while now, I tried updating again today. Same result. .pac* files have been merged and LXDM itself starts up fine.
  Any help here? (Also, which log files should I investigate/do you need to see?)
  Last edited by Freso (2012-03-26 11:15:52)

  I am currently experiencing the same issue described here. I try to login and it goes to a blank screen and then immediately goes back out to the login window. It does not matter what desktop I choose.
  My lxde.log file does not seem to have anything. Here is the tail end of it:
  ** Message: start greeter on :0
  ** Message: greeter 0 session 0x80fb438
  ** Message: user 0 session 0x80fb438 cmd USER_LIST
  ** (process:1151): CRITICAL **: QUIT BY SIGNAL
  ** Message: quit code 0
  ** Message: exit cb
  Server terminated successfully (0). Closing log file.
  ** Message: free session
  arc 1
  I couldn't find anything in the Xorg file. I don't know if this is relevant but slim is doing the same thing.

• LDAP import users - restrictions reset after user logs in

  Using ice I imported my users in to a container with a password. With admin rights I checked
  Required a password
  Force periodic password changes
  Required password changes
  Limit grace logins
  User logs in all fields return back to unchecked.
  I gave NDS rights WRITE & add self to the container with inheritable.
  What else do I need to manage users accounts?

  On Wed, 30 Nov 2011 19:56:02 +0000, dcampisi wrote:
  > Using ice I imported my users in to a container with a password. With
  > admin rights I checked
  > Required a password
  > Force periodic password changes
  > Required password changes
  > Limit grace logins
  >
  > User logs in all fields return back to unchecked.
  If you have a password policy (Universal Password), then those attributes
  are updated to reflect the values from your policy when the user logs in.
  You cannot change them to something other than what the policy is
  configured for, they revert back as the policy is enforced.
  David Gersic dgersic_@_niu.edu
  Novell Knowledge Partner http://forums.novell.com
  Please post questions in the forums. No support provided via email.

• Windows 2008 R2 TS VPN connection closed when another user logs in

  Hi.
  I have a W 2008 R2 Ent. server with TS
  I have VPN on the TS configured with a L2TP/Ipsec connection to connect to a customer site
  Users will remote into the server, and make a VPN connection (click on shortcut to start VPN) and access the customer's site. This has worked OK for 2 years often with several users logged into the TS via RDP.
  Recently users are encountering this problem: User A logs into the TS, makes VPN connection, accesses customer site. User B logs into the TS, user A's VPN connection is broken immediately. It seems to happen every time - not sporadic.
  Can I get some suggestions on how to troubleshoot this?
  Thanks!

  Hi,
  The error which you are facing is because of Event Id 20226 (RAS connection termination).
  Error 831 (ERROR_FAST_USER_SWITCH)
  The connection was terminated because user switch happened.
  There are multiple login sessions on the user's computer. The user switched from a login session with an active RAS connection to another session. This resulted in the termination of the connection.
  For this you can check that you can limit the connection and tried to switch back the original session and make all new connection again. Please refer “Event ID
  20226 — RAS Connection Termination” for more details.
  Hope it helps!
  Thanks.

• Finder window opens when user logs in

  I apologize if this has been answered previously - I can't find anything on this topic.
  Every time a user logs in to one of my eMacs - OS 10.4.10 (whether it be a local or network user) a new finder window opens that displays the users home. I would like this window to stop opening. I've read some responses that say to close the window then log out and the window should be gone when you log back in. That is not the case. I thought this solution my work on my local users but it doesn't work for either type of user.
  I'm trying to avoid writing a script to close the window. I'd like the window to just stop opening in the first place. I tried editing the finder.plist file and I can change what the window opens to, but I can't "turn off" the actual opening of the window.
  Any suggestions are greatly appreciated!
  Thanks!

  I do not have anything checked in the login items. This is happening for both local and network accounts. I'm more concerned about this issue for my network users.
  I've discovered that the problem seems to have something to do with a script I had running via a login hook. Is there any way to run a script when a network user logs in without adding it to a login hook?
  We have a program on our eMacs that resets the computer back t o its original state every time the computer is restarted. For this reason network user profiles are never stored on the eMac they are recreated from the default user template every time a user logs in.
  Maybe this extra information will help!
  Thanks!