Direkt zum Hauptbereich

DPWWA1203E Permission denied // DPWAD0312E Object list failed: Forbidden

cmd> server task cnt-1a-webseald-hst7127 create -f -t tcp -h -v hst7105 -p 80 -w /ICB
DPWWA1203E Permission denied

pdadmin sec_master> object list /WebSEAL/hst7127-cnt-1a
DPWAD0312E Object list failed: Forbidden

The reason for this behaviour was that somehow my container /WebSEAL in the object space got the ACL default-root instead of default-webseal by the installation.

pdadmin sec_master> object listandshow /WebSEAL
Name: /WebSEAL/hst7127-cnt-1a
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-root
Effective POP:
Effective AuthzRule:

Name: /WebSEAL/hst7127-mas-01
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-root
Effective POP:
Effective AuthzRule:


I fixed it simply with:

pdadmin sec_master> acl attach /WebSEAL default-webseal

pdadmin sec_master> object listandshow /WebSEAL
Name: /WebSEAL/hst7127-cnt-1a
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-webseal
Effective POP:
Effective AuthzRule:

Name: /WebSEAL/hst7127-mas-01
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-webseal
Effective POP:
Effective AuthzRule:

Since I do not know why it happened and what else went wrong, I have a bad feeling. Did anybody get the same problem?






___

Kommentare

Beliebte Posts aus diesem Blog

The macros in this project are disabled. Please refer to the online help or documentation of the host application to determine how to enable macros.

1. Create a digital certificate Windows XP: Start -> All Programs -> Microsoft Office Tools -> Digital Certificate for VBA Projects Follow the instructions to create a certificate. 2. Sign the Macro In Outlook: Tools -> Macro -> Visual Basic Editor. In the Project Explorer, select the project you want to sign. Click Tools -> Digital Signature. Click Choose, select the certificate, click OK twice. Save. 3. When you open or run the macro, you will get a security warning. Check "Always trust macros from this source". Thanks to that unknown guest: http://www.pcreview.co.uk/forums/showpost.php?p=2488705&postcount=3

Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc)

Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc) pdadmin sec_master> user create dg1234 uid=dg1234,cn=team1,cn=users,o=company lala lala ********** Could not perform the administration request Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc) Description: After the upgrade from Policy Director (policy server) V5.1 to V6.0 the errors above occured when trying to write to the registry. Solution: The task of updating the ldap schema did not work well for some reason. After doing it again the errors did not occur again: # ivrgy_tool -d -h ldap_host -p port -D ldap_admin -w pwd schema

How to delete WebSEAL servers which have not been configured correctly.

Problem: The WebSEAL server list in the pdadmin: pdadmin> server list shows the server, but it does not exist anymore, i.e. because the host has been disassembled without unconfiguring the WebSEAL instance. Solution: 1.) Delete the instance in the LDAP under: SecAuthority=Default - cn=securitygroup - cn=webseal-servers - cn=secmgrd-servers 2.) Configure the instance again, which will lead to an error, because it seems to be installed already. Configuring WebSEAL instance 'DO-06'...HPDMG0453E A server with the same name already exists.DPWCF0473E The WebSEAL instance 'DO-06' failed to configure. 3.) Unconfigure the instance, which will show errors, but remove the instance totally. # amwebcfg -action unconfig -inst_name DO-06 -admin_id sec_master -admin_pwd ********* Unconfiguring WebSEAL instance 'DO-06'... 2008-10-28-15:30:10.158+01:00I----- 0x389D51F2 amwebcfg ERROR wcf Error WebCfgAdminApi.cpp 84 0x002198d0 DPWCF0498E The user 'DO-06-webseald/srv1252...