Account Users & Groups Issue
Hello All,
I just got a Mac Pro with Lion Server Pre-Installed. I set everything up without a hitch for the most part and everything seems to be running fine.
My problem is after a server reboot for the umteenth time there are now 88 users when there was only 4 and 115+ groups when I had 6. I don't want to start deleteing users and groups and find out later that they where needed by an obscure service or application that could potentially cause issues but I would like to hide them so I don't have to scroll thru them or accidently click on the wrong one and change it by mistake.
Users consist of:
AMavis Daemon
ATS Server
CVMS Root
Dovecot Administrator
Jabber XMPP Server
Seatbelt
WindowServer
World Wide Web Server
Groups consist of:
Accessibility Group
Apple store Users
ATS Server
Binary
com.apple.access_backup
Why didn't they show up when I created groups and users prior and why are they now showing up.....Thanks for your help Apple Community.
So I found the solution and thought I would post for others that might be having the same problem. Although I was authenticated I was not "completely" authenticated to the server. Why this changed I am not sure. I started my server after the big 10.7.2 push so no real major releases recently except the cloud. Anyway, I had to bind my laptop to the server, even though I was logging on to the server and getting the green light.
Here is how you do this. System Preferences/Users & Groups
Then Login Options (authenticate likely neccessary)
Then where it says Network Account Server click on Edit
Select server and then Open Directory Utility
Select LDAPv3 and click on the pencil icon
Select the server again and click on edit
and now login as the Directory Admin and Bind to the server. Not sure if I was "unbound" at some point or if this was added as part of some release but since doing this my problem has gone away and I am having no problems home syncing again.
Similar Messages
-
Peap AUthentication User Group issue
Dear All,
I have a strange problem. We are running Wireless service which includes Cisco AP1200 (B&G), radius server ACS 4.0, WPA/TKIP. We have two setups, one for trusted machines which are part of our domain, other is untrusted which is from students. We have also setup groups in ACS 4.0 to allocate the required Vlan accordingly.
When untruisted machine logs in, it gets the required vlan which is fine. But when on the same machine I log in with domain account it get us the trusted machine ip address which is not right.
Is there any way I can stop this behaviour because if some with untruested machine logs in with the domain account, he/she will get the ip which is only for trusted machines.
Two Vlan are with two ssid'S.
I will be thankful, if someone could help me in this seyup issue.
regards
KhaleefaTry these links:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_tech_notes_list.html -
I have a Mac Pro using Lion, with SSD for system drive. Drive stopped booting, but otherwise appeared healthy. Restored from system backup. Now drive seems to work properly, BUT my logon password no longer works. Password OK for account; can access system preferences, and change user password there BUT logon still refuses to accept password. No luck changing password for that account after adding new administrator account and logging on from that account. Suggestions? Thanks.
If you redirect Accounts to another location (not on the Boot Drive) you need to direct them back there again after a restore.
SystemPreferences > Accounts/User&Groups > ...
... Unlock the lock, then hold down Control as you click on an Account to get access to the Advanced Options pane. -
COST GL account when goods issue - enhancement or user exist
Hello SAP exports,
There is a requirement from F&A department for different COGS GL account based on Customer Account Assignment Group value when goods issues (GI) (goods movement). Customer Account Assignment Group field name is KNVV-KTGRD. The solution is NOT possible for standard SAP SD (pricing procedure) / MM (T-Code:OBYC with GBB). Therefore, I am searching solution for enhancement.
the requirement is like following:
KNVV-KTGRD COGS GL account at goods issue
01 Domestic 818100
02 Export 818200
03 Testing - sample 818300
04 Testing - VOM 818400
05 Franchise 818500
Can you please let me know what and how this can be resolve by enhancement or user exist?
Thank you.
Kind Regards,
Sylvia ChenHello,
The requirement is to provide different COGS GL account based on the Customer Account Assignment Group value(KNVV-KTGRD) when SAP performs goods issue. for example, movement type 601,
This means, when company ships goods to differnt customers, then SAP should generate different COGS GL account.
for example, when company ships goods to customer account assignment group '01' (Domestic customers), then SAP should generate COGS GL account 818100.
when company ships goods to customer account assignment group '02' (export customes), then SAP should generate COGS GL account 818200.
when company ships goods to customer account assignment group '03' (Testing - sample customers), then SAP should generate COGS GL account 818300.
the logic is following:
KNVV-KTGRD COGS GL account at goods issue
01 Domestic 818100
02 Export 818200
03 Testing - sample 818300
04 Testing - VOM 818400
05 Franchise 818500
I am not good at user exist.
Can you please provide solution with step-by-step guide?
Thank you.
Regards,
Sylvia Chen -
OIM 9.1.0.2 - User group permission conflict issue
Hi Gurus,
IHAC who have faced a strange behavior about permission conflict.
User has been assigned to a user group (ANALISTA DRSI) who have permission to disable resource of the users he administrates. The user group has been assigned to resource's administrator.
The same use has been assigned to other user group (ANALISTA ADM DRSI) who have other permission. The user group has been not assigned to resource's administrator.
If the user has been only assigned to ANALISTA DRSI user group the user is able to see records on Rogue Account report. If the customer has been assigned to both ANALISTA DRSI and ANALISTA ADM the user is not able to see the record on Rogue Account report. He got a display error message (You do not have permission). Both user groups have the Report menu item assigned.
My question: if the customer is assigned to a user group who have permission to see the reports, should not the user is able to see the report even though he is also into the other group who do not have permission?
Is there conflit in the OIM???
Any tip will be very appreciated.Orgnaization > Manage > Select Org in which users are getting created > Administrative Group (Drop Down) > Select Group for which users are not coming.
-
ISE / Active Directory: issue to get users group
Hello,
We have a strange issue:
- ISE 1.2 patch 8
- no WLC, autonomous AP
In authentication, we check Wireless IEEE 802.11 (radius) and cisco-av-pair (ssid), then we use AD.
We have 3 SSIDs, so 3 rules, one DATA, one GUEST, one for TOIP.
In one more rules to grant authentication from APs to register in WDS: user in local database.
In authorization, we check cisco-av-pair (ssid) and AD user group, then we permit access.
(so 3 rules), and one more to authorise the internal base for WDS.
We have something strange:
- sometimes users can connect but later they can't: in the logs, the authorization rejects the user because the AD Group is not seen.
Exemple:
1- OK:
Authentication Details
Source Timestamp
2014-05-15 11:43:19.064
Received Timestamp
2014-05-15 11:43:19.065
Policy Server
radius
Event
5200 Authentication succeeded
All the GROUPS of user are seen:
false
AD ExternalGroups
xx/users/admexch
AD ExternalGroups
xx/users/glkdp
AD ExternalGroups
x/users/gl revue écriture
AD ExternalGroups
xx/users/pcanywhere
AD ExternalGroups
xx/users/wifidata
AD ExternalGroups
xx/informatique/campus/destinataires/aa informatique
AD ExternalGroups
xx/informatique/campus/destinataires/aa entreprises et cités
AD ExternalGroups
xx/informatique/campus/destinataires/aa campus
AD ExternalGroups
xx/users/aiga_creches
AD ExternalGroups
xx/users/admins du domaine
AD ExternalGroups
xx/users/utilisa. du domaine
AD ExternalGroups
xx/users/groupe de réplication dont le mot de passe rodc est refusé
AD ExternalGroups
xx/microsoft exchange security groups/exchange view-only administrators
AD ExternalGroups
xx/microsoft exchange security groups/exchange public folder administrators
AD ExternalGroups
xx/users/certsvc_dcom_access
AD ExternalGroups
xx/builtin/administrateurs
AD ExternalGroups
xx/builtin/utilisateurs
AD ExternalGroups
xx/builtin/opérateurs de compte
AD ExternalGroups
xx/builtin/opérateurs de serveur
AD ExternalGroups
xx/builtin/utilisateurs du bureau à distance
AD ExternalGroups
xx/builtin/accès dcom service de certificats
RADIUS Username
xx\cennelin
Device IP Address
172.25.2.87
Called-Station-ID
00:3A:98:A5:3E:20
CiscoAVPair
ssid=CAMPUS
ssid
campus
2- NO OK later:
Authentication Details
Source Timestamp
2014-05-15 16:17:35.69
Received Timestamp
2014-05-15 16:17:35.69
Policy Server
radius
Event
5434 Endpoint conducted several failed authentications of the same scenario
Failure Reason
15039 Rejected per authorization profile
Resolution
Authorization Profile with ACCESS_REJECT attribute was selected as a result of the matching authorization rule. Check the appropriate Authorization policy rule-results.
Root cause
Selected Authorization Profile contains ACCESS_REJECT attribute
Only 3 Groups of the user are seen:
Other Attributes
ConfigVersionId
5
Device Port
1645
DestinationPort
1812
RadiusPacketType
AccessRequest
UserName
host/xxxxxxxxxxxx
Protocol
Radius
NAS-IP-Address
172.25.2.80
NAS-Port
51517
Framed-MTU
1400
State
37CPMSessionID=b0140a6f0000C2E15374CC7F;32SessionID=radius/189518899/49890;
cisco-nas-port
51517
IsEndpointInRejectMode
false
AcsSessionID
radius/189518899/49890
DetailedInfo
Authentication succeed
SelectedAuthenticationIdentityStores
AD1
ADDomain
xxxxxxxxxxx
AuthorizationPolicyMatchedRule
Default
CPMSessionID
b0140a6f0000C2E15374CC7F
EndPointMACAddress
00-xxxxxxxxxxxx
ISEPolicySetName
Default
AllowedProtocolMatchedRule
MDP-PC-PEAP
IdentitySelectionMatchedRule
Default
HostIdentityGroup
Endpoint Identity Groups:Profiled:Workstation
Model Name
Cisco
Location
Location#All Locations#Site-MDP
Device Type
Device Type#All Device Types#Cisco-Bornes
IdentityAccessRestricted
false
AD ExternalGroups
xx/users/ordinateurs du domaine
AD ExternalGroups
xx/users/certsvc_dcom_access
AD ExternalGroups
xx/builtin/accès dcom service de certificats
Called-Station-ID
54:75:D0:DC:5B:7C
CiscoAVPair
ssid=CAMPUS
If you have an idea, thanks so much,
Regards,To configure debug logs via the Cisco ISE user interface, complete the following steps
:Step 1 Choose Administration > System > Logging > Debug Log Configuration. The Node List page appears, which contains a list of nodes and their personas.
You can use the Filter button to search for a specific node, particularly if the node list is large.
www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_logging.html#wp1059750 -
I can't find any of my mom's information that was on her computer before I convinced to do the upgrade. HELP!!!!!
I did the upgrade on my iMac with no problems.First, back up that folder. I don't think anything will happen to it, but I wouldn't take a chance.
Next, go to Users & Groups and create a new account.
Set the short user name to the exact same as that folder.
When you create the account, it should warn that a home folder already exists and allow you to use it. Select that option.
You should then be able to log into that account and everything will be as it was.
Make sure you use the same password so that keychain will unlock normally. -
Sharing Only Accounts don't show in Users & Groups
Hi,
I've done a fresh install of Maverick yesterday.
And I created a "Sharing Only" account so I can access my iMac from another PC (so it doesn't show up at logon time)
When I went back in Users and Groups this morning, my newly "Sharing Only" account had gone.
So I thought I'd forgotten it and tried to create it again: to my surprise at creation time, Mac OS reports: "Name is used by another user", when in fact it's not listed in the left sidebar (I can only see my accout and the guest account)
I tried the same with a "Standard user" and all is fine.
I tried with a second "Sharing Only" account and it disappeared too (after a logoff)
I've found this article: http://support.apple.com/kb/TS4404 but I don't wanna screw up my fresh install
Can anyone help?here also the same ... totally fresh out of the box Mac Mini with update to 10.9.2 ... create a share only user called "conf_share", add this user to a existing share ... go back to the User & Groups and paaaaaaaaaaaaaaaaaaaaaaaahhh it's disappear (but still existing of course)
I found this "hint" but this is only usefull if you want to delete this user without going crazy... this hint will convert the sharing only user to a standard user
Just type the following two commands in terminal:
Quit and reopen System preferences and the sharing account will show up:
sudo dscl . create /Users/root GeneratedUID FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000
and then:
sudo dscl . create /Users/accountname UserShell /bin/bash
Replace "accountname" in the commands above with the missing account name. -
Hello.
in Solaris 10 i need auditing process create, delete, privilege escalation, set and change password and etc... from users account and group.
I set settings:
in file syslog.conf:
*.info;mail.none;cron.none;audit.notice @IP-Remote-syslog-server-SIEM
in file /etc/security/audit_control:
dir:/var/audit
flags:lo,ad,ex,cc,am,no,fc,fd
minfree:20
naflags:lo
plugin:name=audit_syslog.so;p_flags=lo,ad,ex,cc,am,no
in file /etc/security/audit_user:
root:lo,ad:no
Now I see in the logs only the fact of a connection via SSH and run processes on behalf of users. Creation. delete users, change passwords for some reason do not is logged.
Many users. For each individual write permissions in the file /etc/security/audit_user not possible, it is likely to forget any new user (or there is a possibility in this file one line to describe the audits for all accounts?)
Where is the mistake?You are most likely hitting Bug 15779000 user/role/groupadd/mod/del don't audit their use.
And the fix is only available in S11.2.
-- Renaud -
Variations issues with User & Group Site Column value
Hi all,
I have created variation sites. e.g. http://mydomain/en-us for english & http://mydomain/de-de for german language. I have created custom page layouts. This page layouts are based on custom content types. I have created a column called "User"
which is type of "User/Groups". I am registering this column to my page layout. http://mydomain/de-de is my default site.
Now I am editing column called "User" on page & save it. It saves data properly. But when I am propagating these changes to another site that is http://mydomain/en-us. It shows me all controls with values filled. but with "User"
column, its showing me blank value.
Any suggestion. ?
Thanks in advance.http://webcache.googleusercontent.com/search?q=cache:kNlxGIj5f1kJ:sjoere.blogspot.com/2007/11/5-reasons-why-you-should-not-use.html+&cd=2&hl=en&ct=clnk&gl=in
Content types not propagated
Risk
When you add a content type to a page library in the variation source, this type is not automatically propagated to the other labels (see
my previous post). If you then create a page with that content type in the variation source, it does get published to the other labels but loses its content type field values.
Proposed solutions
Set up your site via a site definition that already contains the proper content type bindings to the page libraries. All labels will use the same content types
Put a good governance plan in place to make sure manual changes are done in every label
If this helped you resolve your issue, please mark it Answered -
Mapping NT user accounts and groups in BOXI 3.1.i'm getting below error
Mapping NT user accounts and groups in BOXI 3.1.i'm getting below error
In BOXI 3.1 CMC
.NT Authentication is enabled check box is selected.
In the Mapped NT Member Groups area, entered the NT domain\group in the Add NT Group text box.
like : secWindowsNT:
BLRKEC148827D\BusinessObjects NT Users
getting error like
"The secWindowsNT security plugin is not enabled. Contact your system administrator for details. (FWB 00002) "You shouldn't be using the NT plugin in 3.1, is there a reason you are using this plugin over AD? If you really want to use it you may need to open a case with support and trace the CMS. Are there any groups currently mapped? if you hit update without adding/removing what happens? What if you remove the NT users group and hit update?
Regards,
Tim -
Database Account and User Groups
Hello,
Currently, I am using DATABASE ACCOUNT for an authentication scheme for all of my applications but, I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users. I have read that, in order to apply user groups in an application, you must use APPLICATON EXPRESS ACCOUNT credentials.
Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.
Is there a way to create user groups while using DATABASE ACCOUNT for authentication? What is the best practice in a case like this?
Can anyone please shed some light on this? Thanks.
- DeeDee,
I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users.I'm not clear on what your purpose is, just runtime authorization, or something more?
Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.Those tables belong to your application's parsing schema and they are accessed only by code in applications you develop. The Application Express machinery knows nothing about them.
Is there a way to create user groups while using DATABASE ACCOUNT for authentication?You can create your own tables to define groups and to keep track of which named accounts belong to which groups. And you can write an API for applications to use to query this information and to maintain it from custom applications built for that purpose.
All -
Hi all,
This problem just happened these last 2 days, and I believe it started after the itunes 11.2 and camera raw 11.2 update on 16 May 2014.
The "guest user" login keeps appearing in the Login screen, i've checked the status of it in my 'System Preference / User & Groups' in 2 Admin accounts, both lists it as 'off'.
I've tried enabling it, restarting, disabling it and restarting my macbook pro, but the guest user account just stays on the login screen.
Could someone please help me out on this? thank you for your kind advice and help!Hi Esquared,
Nope, Find My Mac is not activated under my iCloud settings. Checked both Admin accounts, both are unchecked.
I did see this article before, but some of the steps, specifically the one in System Preferences / Security & Privcy / General is not applicable for OS Mavericks.
Thank you for the tip, but sadly the guest user account somehow is still active. -
Mac OS X Server 4.0: User & Group Accounts
I've bind Mac OS X server to AD, and I can see AD Users and Group accounts. It seems that all other services such as Profile Manager requires Open Directory to run. With Open Directory running, could I continue to use AD accounts instead -without having to recreate the wheel of a whole new set user accounts and groups? -So really assign AD accounts or groups to Server services.
Thanks in advance!You should not have to do anything the user/group import should be automatic and you should not have to manually create any accounts and it does onging syncs automatically but I do not know how often.
Once you are install and connect to profile manager all the accounts should show up just by clinking on users or the groups icons and they will work with that. You should not need to mess with them in the actual server application Although I would assume the other services all ink into the OD directory I don't know exactly how services like email, file sharing or VPN work as we have other more full featured better scaling services for that like MS Exchange for email/calendar and Cisco VPN.
We are only using OD, Profile Manager and Software Update.
Just a note I am using Server 3.2 on OS 10.9.5 if you are using Server 4.X your mileage will probably vary slightly as I am not sure what the areas of major change are. -
How do you delete a guest user account from the users&groups pane?
could anyone help with giving a tip on how to delete a guest user account from the users&groups pane in os-x 10.7 ? when I unlock account the delete or minus button is inactive. Thankyou
aha, by disabling the find my mac checkbox in icloud seems to work. tusen takk previous threaders!!!!!!!!!!
Maybe you are looking for
-
How can I exit from full-screen View?
On the View menu, I clicked "Full screen View", but then I couldn't find any way back to normal view. I had to Force-Quit Firefox to escape. How do you exit from Full Screen View? (I tried Esc, Ctrl-C, and many other key combinations) Thanks, PeterR
-
Oracle 8.1.7 ee on Redhat linux 7.1
Installation does not start when i run ./runInstaller script. i have jre 1.1.6_v5_glibc it also does not give any error but does not show any window and processes are running.
-
we will be using EDI invoice processing for LIV. invoice Type INVOIC01 Process Code INVL Message Variant MM we will receive inbound invoices from 150 Vendors through EDI. I understand that in order to process IDOCs, i have to configure LIV with EDI.
-
Clobbered Web Server in Standalone OC4J
Hi, I've been mucking around in the j2ee\home\config directory to deploy my applications and after a few days of success, I began to notice error messages from the web service on startup and then it stopped starting at all. I noticed the applications
-
How to recover corrupted partition table?
I have a disk that somehow got the partition table corrupted. I am getting lots of "Bad Geometry" errors that state the label says one size while the drive says something different. I have tried running the TestDisk (http://www.cgsecurity.org) applic