Quantcast
Channel: Software Communities : Popular Discussions - All Things Unix
Viewing all 1046 articles
Browse latest View live

Problem QAS 4.0.3 and Ubuntu 12.04

March 16, 2012, 7:37 am
$
0
0
Hi,

I'm testing Ubuntu's beta version 12.04. Installing QAS 4.0.3  works correctly, but when the computer restarts, PC crashes when vasd service starts.


When testing at another terminal (Ctrl + Alt + F2), I can not log on with a local user or a domain user.

This problem only happens with version 12.04, with previous versions there is no problem. So I think it is a bug in the QAS.

Anyone kow how to fix it?


Thanks.
Search

Quest SAMBA Require non-shell users UNIX enabled flag in AD?

May 17, 2012, 8:47 am
$
0
0
Hello,

I am quickly trying to learn the basics of Quest Samba
Version 3.0.30-Quest-325, OS = Solaris 10 (5.10)

My question.  We use this for our application to retrieve invoice images for the users to view invoice images.  The application calls the images.

We had an older of Samba where each user was added to unix but without a shell to prevent them from being able to SSH to the box.

Now we use VAS. 

Is there a way to have Samba authenticate against a AD group so that when a new user is added, the would not required the "unix enabled" flag?

We are trying to have this work soley on VAS and not have them use the unix enabled flad from the ad console for each user.

Thank you.

configure problems with mod_auth_vas-3.6.7

July 11, 2012, 10:18 am
$
0
0
Hi,


After I upgraded Red Hat  Enterprise Linux Server release 6.3 (Santiago) from V6.2,
I start getting [notice] child pid xxxx exit signal Segmentation fault (11) errors.

I decided to try to compile mod_auth_vas from the source. When I use configure, I am getting the following errors:

configure: WARNING: gssapi_krb5.h: present but cannot be compiled
configure: WARNING: gssapi_krb5.h:     check for missing prerequisite headers?
configure: WARNING: gssapi_krb5.h: see the Autoconf documentation
configure: WARNING: gssapi_krb5.h:     section "Present But Cannot Be Compiled"
configure: WARNING: gssapi_krb5.h: proceeding with the compiler's result
configure: WARNING:     ## -------------------------------------- ##
configure: WARNING:     ## Report this to David.Leonard@quest.com ##
configure: WARNING:     ## -------------------------------------- ##



I send an email to David, but my email was return.

Does any one has any idea how to fix this problem?

Thanks in advance

Nobuo

Alternate way to supply vsj properties

March 4, 2013, 7:48 pm
$
0
0

 

We are trying to use the vsj servlet filter in one of the vendor supplied web application, where we can not include vsj-federation.properties file as part of the deployments.
Is there alternate way of providing "fsProxy", "applicationUrl" and "fsCertificate" properties to the filter?

 


QAS 4.1 Pre-release testing

March 11, 2013, 8:52 am
$
0
0

If there are any other customers that would like to test out the 4.1 pre-release, please email glen.davis@quest.com for more information.  You can

test by putting the new agents on some Servers, or using the updated management tools, or both. 

 

Thanks,

Glen Davis

Product Manager

wyse T50 problem with key "." layout pt-BR keyboard ABNT2

February 18, 2013, 7:29 am
$
0
0

I'm using Wyse T50 with brazilian ABNT2 keyboard(pt-BR) and the key "."(point) in numeric keyboard does work inside rdpclient. It works fine with console and other apps outside rdpclient but not inside. Using rdpclient with parameter --lx-debug helped to get the keycode 0x79 but I do not how to fix it. I installed Remmina/Rdesktop and all the keys works fine, so I guess the problem is with Wyse-rdpclient/RDP.

 

Any idea?

 

Thanks in advance

Errors in Apache error_log

January 12, 2011, 6:09 am
$
0
0

I had these errors in the Apache error_log yesterday, and the web server was not authenticating.  The application owner shut the web server down to route traffic to the other web server.  I restarted it this morning and all was good.  My suspect something on the AD domain that was misbehaving, but I can only speculate.  Here is the version info from my web server:

IBM_HTTP_Server/6.0.2 Apache/2.0.47 (Unix) mod_auth_vas/3.6.4-11-g626bd0d Server

[Tue Jan 11 17:18:06 2011] [error] [client 172.29.100.245] set_user_obj: Failed
to get user object for user@domain.com: VAS_ERR_NOT_FOUND: Not found\n
Caused by:\n   VAS_ERR_KRB5: Failed to obtain credentials. Keytab: , Client: webservice-HTTP@domain.com, Service: krbtgt/domain.com@domain.com,
Server: domaincontroller.domain.com\n   Caused by:\n   UNKNOWN (-1765328355): Reser
ved krb5 error (29)
[Tue Jan 11 17:18:43 2011] [error] [client 172.29.100.245] set_user_obj: Failed
to get user object for user2@domain.com: VAS_ERR_NOT_FOUND: Not found\n
Caused by:\n   VAS_ERR_LDAP: GSS SASL bind failed. LDAP Host:domaincontroller.domain.com, Client: webservice-HTTP@domain.com, Service: ldap/domaincontroller.domain.com@domain.com. Could not connect to LDAP server.\n   Caused by:\n   L
DAP: Could not connect to LDAP server
[Tue Jan 11 17:19:10 2011] [error] [client 172.29.100.245] set_user_obj: Failed
to get user object for user3@domain.com: VAS_ERR_NOT_FOUND: Not found\n
Caused by:\n   VAS_ERR_LDAP: GSS SASL bind failed. LDAP Host:domaincontroller.domain.com, Client: webservice-HTTP@domain.com, Service: ldap/domaincontroller.domain.com@domain.com. Could not connect to LDAP server.\n   Caused by:\n   L
DAP: Could not connect to LDAP server

I am wondering if anybody has any ideas of where to start looking, I would be all ears!

Thank you!



Message was edited by: phscott

VAS AD account administration

January 16, 2007, 7:16 am
$
0
0
Hi

At one of the VAS sites that I work at,  I will be creating web-scripts for unix/AD account administration. I plan on using vastool, uptool and old NIS utils on a Solaris webserver/NIS Server.

What approach do you recommend? 

One of the issues right now, is that unix users lock them self out and then we have to manually unlock them from the Win AD/DC tool. Is there a way to unlock them from the unix commandline? or remotly via rpc/samba?



Search

Support for apache httpd 2.4?

March 1, 2012, 4:18 am
$
0
0
Do you know if mod_auth_vas will work with Apache httpd 2.4? Or if there is any intention to support this, and if so what time frame this version is likely to be supported in?

Thanks,
Paul

Stuck with kerberos authentication to Sharepoint

October 10, 2012, 3:03 pm
$
0
0
I have to connect to MS IIS server using SPNEGO token with Kerberos ticket inside, exactly as Internet Explorer does it.

If I use java GSSManager.initiateContext() it does request tickets with incorrect KDCOptions, dates and some other params I cannot control.

I tried com.dstc.security lib, and was able to get tickets axactly as Internet Explorer with couple of lines:

prepare required KDCOptions;
Credential tgt = kerberos.requestTicketGrantingTicket(new KerberosPassword(password.getBytes()), kdo, new Date(), d, new InetAddress[] {InetAddress.getByName("somename")}, null);
Credential srvt = kerberos.requestServiceTicket(TGT, new PrincipalName(2, "HTTP/server.domain.net"), REALM, kdo);

But how can I use these credentials or tickets inside to create SPNEGO token same as I can get with GSSManager.initiateContext()?

Kerberos SSO with 1 way Trust

October 25, 2012, 4:17 am
$
0
0
I had configured a Kerberos SSO with 1way trust between two domain... But on logging in i am getting the following exception...

[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: resetting state...
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: principal = 'HTTP/mdk1waytrustd3.wtmdk1waydom3.com'
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: realm = 'WTMDK1WAYDOM3.COM'
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: Found name servers using JNDI
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: mdk1waytrustd2.wtmdk1waydom2.com (10.31.70.183)
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: mdk1waytrustd1.wtmdk1waydom1.com (10.31.69.52)
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: MDK1WAYTRUSTD3.WTMDK1WAYDOM3.COM (10.31.70.184)
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: mdk1waytrustd4.wtmdk1waydom4.com (10.31.71.34)
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: corpinba8.corp.emc.com (10.30.48.37)
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: corpgefr3.corp.emc.com (152.62.196.10)
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: The old JCSI Kerberos code for the Windows LSA is now disabled by default;
if you really want it (rather than the new WinSSPI code) you must set
-Djcsi.kerberos.lsa.enable=true
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: Creating LSA credential cache
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: Could not locate default cache: com.dstc.security.kerberos.KerberosException: Could not create credential store com.dstc.security.kerberos.KerberosException: Native in-memory credential cache not supported on this platform (Windows Server 2008 R2)
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: login succeeded
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: loaded InputStream based keytab at time 1351158964992 m/secs, 5 entries
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: binding principal to subject
[DEBUG] Thu Oct 25 02:56:04 PDT 2012 jcsi.kerberos: binding credentials to subject


Can some one can help me in resolving this???

Regards,
Sumith

Instructions for compiling Samba

May 15, 2007, 7:14 am
$
0
0
Do we have step-by-step instructions for compiling Quest Samba for platforms (like SuSe-i386) where pre-compiled builds are not available? Any help would be appreciated.

Quest Authentication Services 4.1 pre-release

December 11, 2012, 3:20 pm
$
0
0
All,

We are looking for a few customers to test our pre-release of QAS 4.1 in early January. Here is your chance to try out the new feature set, and get direct support from our development team on the new release, before we ship it live. Please send me an email (glen.davis@quest.com) if you have interest and would like to hear more about it.

Thanks,
Glen Davis
Product Manager

Quest Equivalent Product

April 18, 2013, 9:01 am
$
0
0

Is there a Quest product that is equivalent to CF engine?

 

Thanks

 

Steve

Map Windows Home Folders in Linux

October 10, 2007, 5:37 pm
$
0
0

We would like to consolidate our Windows + Linux home directories into one over SMB/CIFS. It's easy to get windows to map a users home directory to a network drive (e.g. H:\ drive) but how can we make this work for Linux?

The idea is you would have all of your user files easily avaiable to you regaurdless of what OS you are on.

any ideas?

Thanks

Search

Samba errors with Win2008 R2

December 11, 2009, 2:00 pm
$
0
0
Hi,

Using RHEL 5.2 64-bit, VAS 3.3.2-142+Samba 3.0.33-3.7.el5; Win 2008 R2. Can you help me?

# vastool status

VAS is currently joined to:                      localdom.com
Join command found in:                           /etc/opt/quest/vas/lastjoin
Verifying timesync with domain controller:       YES
  Time delta: 0 seconds
Are valid VAS licenses installed?                YES
Checking to see if VAS daemon is running:        YES
Checking for valid computer account (SAMNAME)
  PODCAST1$@LOCALDOM.COM                     YES
Checking for valid computer account (SPN)
  host/podcast1.localdom.com@LOCALDOM.COM       YES
Checking to see if VAS is in connected state:    YES
Verifying VAS is configured for name service:    YES
Verifying VAS is configured for auth service:    YES
Verifying VAS configuration file is correct:     YES
Verifying sanity of users allow file:            YES
Verifying sanity of users deny file:             YES
Verifying sanity of group-override file:         YES
Verifying sanity of user-override file:          YES

Samba log:

[2009/12/08 11:33:53, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC fault 0x00000721 received from remote machine DC03.localdom.com pipe \NETLOGON fnum 0x4001!
[2009/12/08 11:37:57, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0x4001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/08 11:42:57, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0x4001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/08 11:52:57, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0x4001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[...]
[2009/12/11 14:09:54, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 14:19:54, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 14:29:54, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 14:40:23, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 14:50:23, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 15:00:23, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 15:10:23, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 15:20:23, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 15:25:26, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 15:28:41, 0] rpc_client/cli_pipe.c:cli_pipe_verify_schannel(354)
  cli_pipe_verify_schannel: auth_len 56.
[2009/12/11 15:38:42, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC fault 0x00000721 received from remote machine DC03.localdom.com pipe \NETLOGON fnum 0xc001!
[2009/12/11 15:48:42, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0xc001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 15:58:42, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0xc001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 16:08:42, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0xc001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 16:18:42, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0xc001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 16:28:42, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0xc001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED


Thank you.

VASD Restarts

January 4, 2012, 9:59 am
$
0
0
I have a RedHat server running 2.6.18-238.1.1.el5 #1 SMP X64 and QAS 3.5.2-12 and the deamon every now and then restarts on its own.   Log excerpts are here:

Jan  4 09:35:58 d00p1asp vasd[3116]: vasd: Host password changed successfully
Jan  4 09:35:58 d00p1asp vasd[25716]: vasd IPC handler (PID 25716) exiting
Jan  4 09:35:58 d00p1asp vasd[9398]: vasd IPC handler (PID 9398) starting

Any ideas would be appreciated!!

Scott

Unjoin from Domain

March 11, 2012, 10:49 pm
$
0
0
Hi,

I have installed VAS 4.0+ on fedora and joined it to domain, can some one help with instructions to unjoin the linux desktop from the domain.

thanks

Segmentation fault when mod_auth_vas finds no matches

June 1, 2012, 6:51 am
$
0
0
Hello,

We are using mod_auth_vas.so 3.6.7 with Oracle HTTP Server which is effectively Apache 2.0. Recently, we have noticed that an Apache process is terminated with a segmentation fault in case of mod_auth_vas trying to match the requestor's name to the list of allowed user names and but not finding it there. The client's browser receives 401 in this case. Could you please help with it?

Please find an excerpt from the error log

[2012-06-01T14:14:38.8683+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1581:  [mod_auth_vas] authenticated user: 'Dmitry_Donetskov@EMEA.DELL.COM'

[2012-06-01T14:14:38.8683+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1037:  [mod_auth_vas] auth_vas_auth_checker: user=Dmitry_Donetskov@EMEA.DELL.COM authtype=VAS

[2012-06-01T14:14:38.8683+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1055:  [mod_auth_vas] requires->nelts = 3

[2012-06-01T14:14:38.8683+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:541:  [mod_auth_vas] match_user: name=ServiceSFDCWPSIT@emea.dell.com RUSER=Dmitry_Donetskov@EMEA.DELL.COM

[2012-06-01T14:14:38.8683+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1422:  [mod_auth_vas] rnote_get: reusing existing rnote

[2012-06-01T14:14:38.8683+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:490:  [mod_auth_vas] set_user_obj

[2012-06-01T14:14:38.8708+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:574:  [mod_auth_vas] match_user: user does not match

[2012-06-01T14:14:38.8708+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:584:  [mod_auth_vas] match_user: <CN=ServiceSFDCWPSIT,OU=Service Accounts,DC=emea,DC=dell,DC=com> <CN=dmitry_donetskov,OU=Users,OU=Moscow,DC=emea,DC=dell,DC=com> no-match

[2012-06-01T14:14:38.8709+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1100:  [mod_auth_vas] require user "ServiceSFDCWPSIT@emea.dell.com" -> FAIL

...........

[2012-06-01T14:14:38.9545+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:584:  [mod_auth_vas] match_user: <CN=Alexey_Lysak,OU=Users,OU=Non Dell,DC=emea,DC=dell,DC=com> <CN=dmitry_donetskov,OU=Users,OU=Moscow,DC=emea,DC=dell,DC=com> no-match

[2012-06-01T14:14:38.9545+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1100:  [mod_auth_vas] require user "Alexey_Lysak@emea.dell.com" -> FAIL

[2012-06-01T14:14:38.9545+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1422:  [mod_auth_vas] rnote_get: reusing existing rnote

[2012-06-01T14:14:39.4014+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_ssl.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_ssl.c:633:  Connection to child 0 established (server ausvmqtcdevap19.us.dell.com:8044)

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:720:  inside shmcb_retrieve_session

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:732:  id[0]=4, masked index=4

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:1197:  entering shmcb_lookup_session_id

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:983:  entering shmcb_expire_division

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:1207:  loop=0, count=1, curr_pos=0

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:1211:  idx->s_id2=47, id[1]=47, offset=0

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:1228:  at index 0, found possible session match

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:1247:  a match!

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:748:  leaving shmcb_retrieve_session

[2012-06-01T14:14:39.4017+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:435:  shmcb_retrieve had a hit

[2012-06-01T14:14:39.4017+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_engine_kernel.c:2304:  Inter-Process Session Cache: request=GET status=FOUND id=042F8428065947E3DA8D7A7B77690889 (session reuse)

[2012-06-01T14:14:39.6975+01:00] [OHS] [NOTIFICATION:16] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 14727] [tid: 47292192636960] [user: oracle] [VirtualHost: main] mpm_common.c:475:  child pid 27200 exit signal Segmentation fault (11), possible coredump in /u01/app/oracle/fusion/mw_1/Oracle_WT1/instances/instance1/config/OHS/ohs1


Message was edited by: dmitry_donetskov_265

NTLM SMB issue - Could not get valid NTLM challenge from ........

July 27, 2012, 10:36 am
$
0
0
I'm trying to debug an issue with NTLM failback, I have the filter configured correctly as per any other deployments.

I'm able to authenticate users correctly using Kerberos, but I have noticed in the logs an issue with NTLM.

This was discovered because of a Java Applet which is posting back to the server, the applet is not using kerberos but NTLM to authenticate the user.

The application server is Tomcat 5, using Quest VSJ "VSJ Standard Edition 3_3 Patch 3548"

From what can be seen within the server logs is that QuestSSO performs a DNS lookup and attempts to connect to all of the GCs which are returned.

Example:
- Starting Coyote HTTP/1.1 on http-80
- JK: ajp13 listening on /0.0.0.0:8009
- Jk running ID=0 time=0/47  config=null
- Host server1.domain.ltd/1.1.1.1:389 appears to be down
- Could not get valid NTLM challenge from server1.domain.ltd/1.1.1.1
Exception: com.wedgetail.idm.sso.ntlm.NtlmException: NTLM challenge was null
- Host server2.domain.ltd/1.1.1.2:389 appears to be down
- Could not get valid NTLM challenge from server2.domain.ltd/1.1.1.2
Exception: com.wedgetail.idm.sso.ntlm.NtlmException: NTLM challenge was null
- Host server3.domain.ltd/1.1.1.3:389 appears to be down
...
... etc


I have enabled the debug level and log4j configuration, but this is not showing any errors.

I have used PortQry.exe to scan the AD servers and they are accessible.


What can I do to move forward? Any ideas ?
Viewing all 1046 articles
Browse latest View live
Search