Troubleshooting: Enabling Global Security for Version 5.0, 5.1 and 6.0.
 Technote (troubleshooting)
 
Problem(Abstract)
Troubleshooting for problems with the WebSphere® Application Server - Global Security component. This should help address common issues with this component before calling IBM support and save your time.
 
Resolving the problem
Getting background information on Global Security
The term global security represents the security configuration that is effective for the entire security domain. A security domain consists of all servers configured with the same user registry realm name.

Click here to go the IBM Education Assistant to learn more about enabling the Global Security.

Troubleshooting steps to help resolve problems with Enabling Global Security
  • What is the type of user registry implementation? Local OS, LDAP, or Custom?
· Local OS Registry:

Using a local OS user registry is not supported in a distributed WebSphere Application Server environment. The only exception is a Windows Domain registry. If you are running under UNIX environment to enabled the Global Security then you must run as root user. The Global Security using Local OS registry can not be enabled as non-root user.
Yes - Troubleshoot in Local OS settings.
  • Verify the userid and password provided under global security in the admin console is valid local OS userid and password.
  • Check user account for password expiration.
  • Check common problems with Local OS registry

No - Local OS – Do you have LDAP or Custom registry setup?
· LDAP Registry:
Yes - Troubleshoot in LDAP Registry settings.
  • Verify the LDAP registry settings in adminconsole
  • Check common problem with LDAP registry

No - Please go to Custom
· Custom Registry:
Yes - Troubleshoot in Custom Registry settings.
  • Verify the Custom Registry registry
  • Check common problem

Common Problem with Local OS Registry:

IBM - What are my options if I want to turn on security with non root server id?:
Security/swg21161788.html

Common Problem with LDAP Registry:

IBM - WebSphere Application Server fails to start after change to LDAP settings:
WebSphere_Application_Server/swg21232505.html

IBM - Recommended way to change WebSphere Application Server to handle a LDAP password change:
Security/swg21202605.html

IBM - LDAP userid defined for the console users fails with SECJ0336E error message in SystemOut.log:
Security/swg21215910.html

IBM - "SECJ0418I: Cannot connect to the LDAP server ldap" seen during startup of Application Server. LDAP server is defined to many IP addresses.:
http://www.ibm.com/support/docview.wss?uid=swg21229549

IBM - Enabling global security fails: LDAP: error code 50:
http://www.ibm.com/support/docview.wss?uid=swg21232473

Common Problem:

IBM - Nodeagent fails to start with JSAS0026E error after enabling global security:
Security/swg21162691.html

IBM - Unable to access Deployment Manager administrative console after enabling global security:
Security/swg21170392.html

IBM - SECJ0305I: Role based authorization check failed or credentials errors in WebSphere multi-node environment.:
http://www.ibm.com/support/docview.wss?uid=swg21139244

IBM - Nodeagent fails to start after enabling global security in a federated environment:
Security/swg21236151.html

IBM - Login Window Loops and Reappears After Valid Credentials are Entered:
Security/swg21145546.html

What to do Next?
If the preceding steps did not help solve your problem, see the MustGather for security problems to continue investigation.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 6.0
Software edition:
Reference #: 1266197
IBM Group: Software Group
Modified date: Jul 20, 2007