Getting background information on Global Security
The term global security represents the security configuration that is
effective for the entire security domain. A security domain consists of
all servers configured with the same user registry realm name.
Click here
to go the IBM Education Assistant to learn more about enabling the Global
Security.
Troubleshooting steps to help resolve problems with Enabling Global
Security
- What is the type of user registry implementation? Local
OS, LDAP, or Custom?
· Local OS Registry:
Using a local OS user registry is not supported in a distributed
WebSphere Application Server environment. The only exception is a Windows
Domain registry. If you are running under UNIX environment to enabled the
Global Security then you must run as root user. The Global Security using
Local OS registry can not be enabled as non-root user.
Yes - Troubleshoot in Local OS
settings.
- Verify the userid and password provided under global
security in the admin console is valid local OS userid and password.
- Check user account for password expiration.
- Check common problems with Local OS registry
No - Local OS – Do you have LDAP or Custom registry setup?
· LDAP Registry:
Yes - Troubleshoot in LDAP Registry
settings.
- Verify the LDAP registry settings in adminconsole
- Check common problem with LDAP registry
No - Please go to Custom
· Custom Registry:
Yes - Troubleshoot in Custom Registry
settings.
- Verify the Custom Registry registry
- Check common problem
Common Problem with Local OS Registry:
IBM - What are my options if I want to turn on security with non root
server id?:
Security/swg21161788.html
Common Problem with LDAP Registry:
IBM - WebSphere Application Server fails to start after change to LDAP
settings:
WebSphere_Application_Server/swg21232505.html
IBM - Recommended way to change WebSphere Application Server to handle a
LDAP password change:
Security/swg21202605.html
IBM - LDAP userid defined for the console users fails with SECJ0336E error
message in SystemOut.log:
Security/swg21215910.html
IBM - "SECJ0418I: Cannot connect to the LDAP server ldap" seen during
startup of Application Server. LDAP server is defined to many IP
addresses.:
http://www.ibm.com/support/docview.wss?uid=swg21229549
IBM - Enabling global security fails: LDAP: error code 50:
http://www.ibm.com/support/docview.wss?uid=swg21232473
Common Problem:
IBM - Nodeagent fails to start with JSAS0026E error after enabling global
security:
Security/swg21162691.html
IBM - Unable to access Deployment Manager administrative console after
enabling global security:
Security/swg21170392.html
IBM - SECJ0305I: Role based authorization check failed or credentials
errors in WebSphere multi-node environment.:
http://www.ibm.com/support/docview.wss?uid=swg21139244
IBM - Nodeagent fails to start after enabling global security in a
federated environment:
Security/swg21236151.html
IBM - Login Window Loops and Reappears After Valid Credentials are
Entered:
Security/swg21145546.html
What to do Next?
If the preceding steps did not help solve your problem, see the MustGather
for security problems to continue investigation. |