Home of the ColdFusion Community
|
Mailing Lists
|
Home /
Groups /
ColdFusion Talk (CF-Talk)
CFNTauthenticate and PDC emulator
Author: Ryan, Terrence
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:46793#246644
I left that out, but yes, to no avail.
I'm wondering if there is a good reason to use CFNTauthenticate at all
if it is so fragile.
Terrence Ryan
Senior Systems Programmer
Wharton Computing and Information Technology
E-mail: tpryan@wharton.upenn.edu
I don't think you are overthinking it. I build a ldap CFC that will
test a list of DCs until it finds one that is responding to ldap
requests.
You have a pretty-detailed post, so I may be stating the obvious. Did
you restart your CF services yet?
M!ke
Environment:
ColdFusion 6 and 7 running on Windows 2003 Servers Active Directory
Domain running in Native Mode on Windows 2003 Servers
I recently had a problem where CFNTauthenticate on ColdFusion 7 stopped
working. All attempts to authenticate were failing with the error of
"UserNotInDir" failure if thrownonerror was set to false. If
throwonerror was set to true, then I got the message that : "Could not
find domain controller for this domain <domainname.>"
Additionally, similar results were experienced by ColdFusion 6 servers
using the ntauth class for domain authentication.
At the same time this occurred one of our domain controllers was down
due to a switch failure. However we have many redundant domain
controllers spread over three sites, including one in the same rack as
our CF servers. No other services (Exchange, Machine Logins, etc) were
impacted.
Upon further inspection, it was determined that one of the dc's that was
down was playing the Active Directory FSMO role of PDC emulator.
Further testing shows that we cannot get authentication to work if a
ColdFusion machine is unable to contact the PDC emulator regardless of
the state of the rest of the domain.
In order to work around this, I'm developing a alternative
authentication piece that uses LDAP authentication against the domain,
and can switch between domain controllers if one is down. I can do it,
and make it pretty robust, but I'm worried though that I may be over
thinking this.
Has anyone else experienced this? If you have, short of getting the PDC
emulator back online, is there a way around this. Any other opinions or
feedback would be welcome.
Terrence Ryan
Senior Systems Programmer
Wharton Computing and Information Technology
E-mail: tpryan@wharton.upenn.edu
Author: Dawson, Michael
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:46793#246642
I don't think you are overthinking it. I build a ldap CFC that will
test a list of DCs until it finds one that is responding to ldap
requests.
You have a pretty-detailed post, so I may be stating the obvious. Did
you restart your CF services yet?
M!ke
Environment:
ColdFusion 6 and 7 running on Windows 2003 Servers Active Directory
Domain running in Native Mode on Windows 2003 Servers
I recently had a problem where CFNTauthenticate on ColdFusion 7 stopped
working. All attempts to authenticate were failing with the error of
"UserNotInDir" failure if thrownonerror was set to false. If
throwonerror was set to true, then I got the message that : "Could not
find domain controller for this domain <domainname.>"
Additionally, similar results were experienced by ColdFusion 6 servers
using the ntauth class for domain authentication.
At the same time this occurred one of our domain controllers was down
due to a switch failure. However we have many redundant domain
controllers spread over three sites, including one in the same rack as
our CF servers. No other services (Exchange, Machine Logins, etc) were
impacted.
Upon further inspection, it was determined that one of the dc's that was
down was playing the Active Directory FSMO role of PDC emulator.
Further testing shows that we cannot get authentication to work if a
ColdFusion machine is unable to contact the PDC emulator regardless of
the state of the rest of the domain.
In order to work around this, I'm developing a alternative
authentication piece that uses LDAP authentication against the domain,
and can switch between domain controllers if one is down. I can do it,
and make it pretty robust, but I'm worried though that I may be over
thinking this.
Has anyone else experienced this? If you have, short of getting the PDC
emulator back online, is there a way around this. Any other opinions or
feedback would be welcome.
Terrence Ryan
Senior Systems Programmer
Wharton Computing and Information Technology
E-mail: tpryan@wharton.upenn.edu
Author: Ryan, Terrence
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:46793#246595
Environment:
ColdFusion 6 and 7 running on Windows 2003 Servers
Active Directory Domain running in Native Mode on Windows 2003 Servers
I recently had a problem where CFNTauthenticate on ColdFusion 7 stopped
working. All attempts to authenticate were failing with the error of
"UserNotInDir" failure if thrownonerror was set to false. If
throwonerror was set to true, then I got the message that : "Could not
find domain controller for this domain <domainname.>"
Additionally, similar results were experienced by ColdFusion 6 servers
using the ntauth class for domain authentication.
At the same time this occurred one of our domain controllers was down
due to a switch failure. However we have many redundant domain
controllers spread over three sites, including one in the same rack as
our CF servers. No other services (Exchange, Machine Logins, etc) were
impacted.
Upon further inspection, it was determined that one of the dc's that was
down was playing the Active Directory FSMO role of PDC emulator.
Further testing shows that we cannot get authentication to work if a
ColdFusion machine is unable to contact the PDC emulator regardless of
the state of the rest of the domain.
In order to work around this, I'm developing a alternative
authentication piece that uses LDAP authentication against the domain,
and can switch between domain controllers if one is down. I can do it,
and make it pretty robust, but I'm worried though that I may be over
thinking this.
Has anyone else experienced this? If you have, short of getting the PDC
emulator back online, is there a way around this. Any other opinions or
feedback would be welcome.
Terrence Ryan
Senior Systems Programmer
Wharton Computing and Information Technology
E-mail: tpryan@wharton.upenn.edu
|
May 24, 2012
|
Latest Fusion Authority Articles
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
