Account Users & Groups Issue

Similar Messages

• Peap AUthentication User Group issue

  Dear All,
  I have a strange problem. We are running Wireless service which includes Cisco AP1200 (B&G), radius server ACS 4.0, WPA/TKIP. We have two setups, one for trusted machines which are part of our domain, other is untrusted which is from students. We have also setup groups in ACS 4.0 to allocate the required Vlan accordingly.
  When untruisted machine logs in, it gets the required vlan which is fine. But when on the same machine I log in with domain account it get us the trusted machine ip address which is not right.
  Is there any way I can stop this behaviour because if some with untruested machine logs in with the domain account, he/she will get the ip which is only for trusted machines.
  Two Vlan are with two ssid'S.
  I will be thankful, if someone could help me in this seyup issue.
  regards
  Khaleefa

  Try these links:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml
  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_tech_notes_list.html

• I have a Mac Pro using Lion, with a SSD for system.  Restored drive from backup.  Now logon password doesn't work.  Account password still works.  Changing password in user group preferences no longer works to change logon password.

  I have a Mac Pro using Lion, with SSD for system drive.  Drive stopped booting, but otherwise appeared healthy.  Restored from system backup.  Now drive seems to work properly, BUT my logon password no longer works.  Password OK for account; can access system preferences, and change user password there BUT logon still refuses to accept password.  No luck changing password for that account after adding new administrator account and logging on from that account.  Suggestions?  Thanks.

  If you redirect Accounts to another location (not on the Boot Drive) you need to direct them back there again after a restore.
  SystemPreferences > Accounts/User&Groups > ...
  ... Unlock the lock, then hold down Control as you click on an Account to get access to the Advanced Options pane.

• COST GL account when goods issue - enhancement or user exist

  Hello SAP exports,
  There is a requirement from F&A department for different COGS GL account based on Customer Account Assignment Group value when goods issues (GI) (goods movement).  Customer Account Assignment Group field name is KNVV-KTGRD.   The solution is NOT possible for standard SAP SD (pricing procedure) / MM (T-Code:OBYC with GBB).    Therefore, I am searching solution for enhancement.
  the requirement is like following:
  KNVV-KTGRD                                   COGS GL account at goods issue
  01                    Domestic                   818100
  02                    Export                       818200
  03                    Testing - sample         818300
  04                    Testing - VOM            818400
  05                    Franchise                   818500
  Can you please let me know what and how this can be resolve by enhancement or user exist?
  Thank you.
  Kind Regards,
  Sylvia Chen

  Hello,
  The requirement is to provide different COGS GL account based on the Customer Account Assignment Group value(KNVV-KTGRD) when SAP performs goods issue.  for example, movement type 601,
  This means, when company ships goods to differnt customers, then SAP should generate different COGS GL account.
  for example, when company ships goods to customer account assignment group '01' (Domestic customers), then SAP should generate COGS GL account 818100.
  when company ships goods to customer account assignment group '02' (export customes), then SAP should generate COGS GL account 818200. 
  when company ships goods to customer account assignment group '03' (Testing - sample customers), then SAP should generate COGS GL account 818300. 
  the logic is following:
  KNVV-KTGRD              COGS GL account at goods issue
  01 Domestic                 818100
  02 Export                     818200
  03 Testing - sample      818300
  04 Testing - VOM         818400
  05 Franchise                818500
  I am not good at user exist.  
  Can you please provide solution with step-by-step guide?
  Thank you.
  Regards,
  Sylvia Chen

• OIM 9.1.0.2 - User group permission conflict issue

  Hi Gurus,
  IHAC who have faced a strange behavior about permission conflict.
  User has been assigned to a user group (ANALISTA DRSI) who have permission to disable resource of the users he administrates. The user group has been assigned to resource's administrator.
  The same use has been assigned to other user group (ANALISTA ADM DRSI) who have other permission. The user group has been not assigned to resource's administrator.
  If the user has been only assigned to ANALISTA DRSI user group the user is able to see records on Rogue Account report. If the customer has been assigned to both ANALISTA DRSI and ANALISTA ADM the user is not able to see the record on Rogue Account report. He got a display error message (You do not have permission). Both user groups have the Report menu item assigned.
  My question: if the customer is assigned to a user group who have permission to see the reports, should not the user is able to see the report even though he is also into the other group who do not have permission?
  Is there conflit in the OIM???
  Any tip will be very appreciated.

  Orgnaization > Manage > Select Org in which users are getting created > Administrative Group (Drop Down) > Select Group for which users are not coming.

• ISE / Active Directory: issue to get users group

  Hello,
  We have a strange issue:
  - ISE 1.2 patch 8
  - no WLC, autonomous AP
  In authentication, we check Wireless IEEE 802.11 (radius) and cisco-av-pair (ssid), then we use AD.
  We have 3 SSIDs, so 3 rules, one DATA, one GUEST, one for TOIP.
  In one more rules to grant authentication from APs to register in WDS: user in local database.
  In authorization, we check cisco-av-pair (ssid) and AD user group, then we permit access.
  (so 3 rules), and one more to authorise the internal base for WDS.
  We have something strange:
  - sometimes users can connect but later they can't: in the logs, the authorization rejects the user because the AD Group is not seen.
  Exemple:
  1- OK:
  Authentication Details
  Source Timestamp
  2014-05-15 11:43:19.064
  Received Timestamp
  2014-05-15 11:43:19.065
  Policy Server
  radius
  Event
  5200 Authentication succeeded 
  All the GROUPS of user are seen:
  false
  AD ExternalGroups
  xx/users/admexch
  AD ExternalGroups
  xx/users/glkdp
  AD ExternalGroups
  x/users/gl revue écriture
  AD ExternalGroups
  xx/users/pcanywhere
  AD ExternalGroups
  xx/users/wifidata
  AD ExternalGroups
  xx/informatique/campus/destinataires/aa informatique
  AD ExternalGroups
  xx/informatique/campus/destinataires/aa entreprises et cités
  AD ExternalGroups
  xx/informatique/campus/destinataires/aa campus
  AD ExternalGroups
  xx/users/aiga_creches
  AD ExternalGroups
  xx/users/admins du domaine
  AD ExternalGroups
  xx/users/utilisa. du domaine
  AD ExternalGroups
  xx/users/groupe de réplication dont le mot de passe rodc est refusé
  AD ExternalGroups
  xx/microsoft exchange security groups/exchange view-only administrators
  AD ExternalGroups
  xx/microsoft exchange security groups/exchange public folder administrators
  AD ExternalGroups
  xx/users/certsvc_dcom_access
  AD ExternalGroups
  xx/builtin/administrateurs
  AD ExternalGroups
  xx/builtin/utilisateurs
  AD ExternalGroups
  xx/builtin/opérateurs de compte
  AD ExternalGroups
  xx/builtin/opérateurs de serveur
  AD ExternalGroups
  xx/builtin/utilisateurs du bureau à distance
  AD ExternalGroups
  xx/builtin/accès dcom service de certificats
  RADIUS Username
  xx\cennelin
  Device IP Address
  172.25.2.87
  Called-Station-ID
  00:3A:98:A5:3E:20
  CiscoAVPair
  ssid=CAMPUS
  ssid
  campus 
  2- NO OK later:
  Authentication Details
  Source Timestamp
  2014-05-15 16:17:35.69
  Received Timestamp
  2014-05-15 16:17:35.69
  Policy Server
  radius
  Event
  5434 Endpoint conducted several failed authentications of the same scenario
  Failure Reason
  15039 Rejected per authorization profile
  Resolution
  Authorization Profile with ACCESS_REJECT attribute was selected as a result of the matching authorization rule. Check the appropriate Authorization policy rule-results.
  Root cause
  Selected Authorization Profile contains ACCESS_REJECT attribute 
  Only 3 Groups of the user are seen:
  Other Attributes
  ConfigVersionId
  5
  Device Port
  1645
  DestinationPort
  1812
  RadiusPacketType
  AccessRequest
  UserName
  host/xxxxxxxxxxxx
  Protocol
  Radius
  NAS-IP-Address
  172.25.2.80
  NAS-Port
  51517
  Framed-MTU
  1400
  State
  37CPMSessionID=b0140a6f0000C2E15374CC7F;32SessionID=radius/189518899/49890;
  cisco-nas-port
  51517
  IsEndpointInRejectMode
  false
  AcsSessionID
  radius/189518899/49890
  DetailedInfo
  Authentication succeed
  SelectedAuthenticationIdentityStores
  AD1
  ADDomain
  xxxxxxxxxxx
  AuthorizationPolicyMatchedRule
  Default
  CPMSessionID
  b0140a6f0000C2E15374CC7F
  EndPointMACAddress
  00-xxxxxxxxxxxx
  ISEPolicySetName
  Default
  AllowedProtocolMatchedRule
  MDP-PC-PEAP
  IdentitySelectionMatchedRule
  Default
  HostIdentityGroup
  Endpoint Identity Groups:Profiled:Workstation
  Model Name
  Cisco
  Location
  Location#All Locations#Site-MDP
  Device Type
  Device Type#All Device Types#Cisco-Bornes
  IdentityAccessRestricted
  false
  AD ExternalGroups
  xx/users/ordinateurs du domaine
  AD ExternalGroups
  xx/users/certsvc_dcom_access
  AD ExternalGroups
  xx/builtin/accès dcom service de certificats
  Called-Station-ID
  54:75:D0:DC:5B:7C
  CiscoAVPair
  ssid=CAMPUS 
  If you have an idea, thanks so much,
  Regards,

  To configure debug logs via the Cisco ISE user interface, complete the following steps
  :Step 1 Choose Administration > System > Logging > Debug Log Configuration. The Node List page appears, which contains a list of nodes and their personas.
  You can use the Filter button to search for a specific node, particularly if the node list is large.
  www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_logging.html#wp1059750

• TS5292 What do I do if my original user account is not showing up in the Users & Groups window?

  I can't find any of my mom's information that was on her computer before I convinced to do the upgrade. HELP!!!!!
  I did the upgrade on my iMac with no problems.

  First, back up that folder. I don't think anything will happen to it, but I wouldn't take a chance.
  Next, go to Users & Groups and create a new account.
  Set the short user name to the exact same as that folder.
  When you create the account, it should warn that a home folder already exists and allow you to use it. Select that option.
  You should then be able to log into that account and everything will be as it was.
  Make sure you use the same password so that keychain will unlock normally.

• Sharing Only Accounts don't show in Users & Groups

  Hi,
  I've done a fresh install of Maverick yesterday.
  And I created a "Sharing Only" account so I can access my iMac from another PC (so it doesn't show up at logon time)
  When I went back in Users and Groups this morning, my newly "Sharing Only" account had gone.
  So I thought I'd forgotten it and tried to create it again: to my surprise at creation time, Mac OS reports: "Name is used by another user", when in fact it's not listed in the left sidebar (I can only see my accout and the guest account)
  I tried the same with a "Standard user" and all is fine.
  I tried with a second "Sharing Only" account and it disappeared too (after a logoff)
  I've found this article: http://support.apple.com/kb/TS4404 but I don't wanna screw up my fresh install
  Can anyone help?

  here also the same ... totally fresh out of the box Mac Mini with update to 10.9.2 ... create a share only user called "conf_share", add this user to a existing share ... go back to the User & Groups and paaaaaaaaaaaaaaaaaaaaaaaahhh it's disappear (but still existing of course)
  I found this "hint" but this is only usefull if you want to delete this user without going crazy... this hint will convert the sharing only user to a standard user
  Just type the following two commands in terminal:
  Quit and reopen System preferences and the sharing account will show up:
  sudo dscl . create /Users/root GeneratedUID FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000
  and then:
  sudo dscl . create /Users/accountname UserShell /bin/bash
  Replace "accountname" in the commands above with the missing account name.

• AUDIT action (create, delete, privilege escalation, set and change password from users account and group) users and admins in Solaris 10

  Hello.
  in Solaris 10 i need auditing process create, delete, privilege escalation, set and change password and etc... from users account and group.
  I set settings:
  in file syslog.conf:
  *.info;mail.none;cron.none;audit.notice            @IP-Remote-syslog-server-SIEM
  in file   /etc/security/audit_control:
  dir:/var/audit
  flags:lo,ad,ex,cc,am,no,fc,fd
  minfree:20
  naflags:lo
  plugin:name=audit_syslog.so;p_flags=lo,ad,ex,cc,am,no
  in file   /etc/security/audit_user:
  root:lo,ad:no
  Now I see in the logs only the fact of a connection via SSH and run processes on behalf of users. Creation. delete users, change passwords for some reason do not is logged.
  Many users. For each individual write permissions in the file /etc/security/audit_user not possible, it is likely to forget any new user (or there is a possibility in this file one line to describe the audits for all accounts?)
  Where is the mistake?

  You are most likely hitting Bug 15779000 user/role/groupadd/mod/del don't audit their use.
  And the fix is only available in S11.2.
  -- Renaud

• Variations issues with User & Group Site Column value

  Hi all,
  I have created variation sites. e.g. http://mydomain/en-us for english & http://mydomain/de-de for german language. I have created custom page layouts. This page layouts are based on custom content types. I have created a column called "User"
  which is type of "User/Groups". I am registering this column to my page layout.  http://mydomain/de-de is my default site.
  Now I am editing column called "User" on page & save it. It saves data properly. But when I am propagating these changes to another site that is http://mydomain/en-us. It shows me all controls with values filled. but with "User"
  column, its showing me blank value.
  Any suggestion. ?
  Thanks in advance.

  http://webcache.googleusercontent.com/search?q=cache:kNlxGIj5f1kJ:sjoere.blogspot.com/2007/11/5-reasons-why-you-should-not-use.html+&cd=2&hl=en&ct=clnk&gl=in
  Content types not propagated
  Risk
  When you add a content type to a page library in the variation source, this type is not automatically propagated to the other labels (see
  my previous post). If you then create a page with that content type in the variation source, it does get published to the other labels but loses its content type field values.
  Proposed solutions
  Set up your site via a site definition that already contains the proper content type bindings to the page libraries. All labels will use the same content types
  Put a good governance plan in place to make sure manual changes are done in every label
  If this helped you resolve your issue, please mark it Answered

• Mapping NT user accounts and groups in BOXI 3.1.i'm getting below error

  Mapping NT user accounts and groups in BOXI 3.1.i'm getting below error
  In BOXI 3.1 CMC
  .NT Authentication is enabled check box is selected.
  In the Mapped NT Member Groups area, entered the NT domain\group in the Add NT Group text box.
  like : secWindowsNT:
  BLRKEC148827D\BusinessObjects NT Users
  getting error like
  "The secWindowsNT security plugin is not enabled. Contact your system administrator for details. (FWB 00002) "

  You shouldn't be using the NT plugin in 3.1, is there a reason you are using this plugin over AD? If you really want to use it you may need to open a case with support and trace the CMS. Are there any groups currently mapped? if you hit update without adding/removing what happens? What if you remove the NT users group and hit update?
  Regards,
  Tim

• Database Account and User Groups

  Hello,
  Currently, I am using DATABASE ACCOUNT for an authentication scheme for all of my applications but, I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users. I have read that, in order to apply user groups in an application, you must use APPLICATON EXPRESS ACCOUNT credentials.
  Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.
  Is there a way to create user groups while using DATABASE ACCOUNT for authentication? What is the best practice in a case like this?
  Can anyone please shed some light on this? Thanks.
  - Dee

  Dee,
  I would like to setup User Groups as well to limit users to thier prospective pages and/or objects within the application for easy maintenance of users.I'm not clear on what your purpose is, just runtime authorization, or something more?
  Another developer has modified the "APEX_ACCESS_CONTROL" table with an additional column(s) that would allow access to specific pages. I am not sure if this is good practice to modify Apex tables.Those tables belong to your application's parsing schema and they are accessed only by code in applications you develop. The Application Express machinery knows nothing about them.
  Is there a way to create user groups while using DATABASE ACCOUNT for authentication?You can create your own tables to define groups and to keep track of which named accounts belong to which groups. And you can write an API for applications to use to query this information and to maintain it from custom applications built for that purpose.
  All

• OS X 10.9.2 Guest User Account keeps showing up even though it is listed as 'off' in Users & Groups

  Hi all,
  This problem just happened these last 2 days, and I believe it started after the itunes 11.2 and camera raw 11.2 update on 16 May 2014.
  The "guest user" login keeps appearing in the Login screen, i've checked the status of it in my 'System Preference / User & Groups' in 2 Admin accounts, both lists it as 'off'.
  I've tried enabling it, restarting, disabling it and restarting my macbook pro, but the guest user account just stays on the login screen.
  Could someone please help me out on this? thank you for your kind advice and help!

  Hi Esquared,
  Nope, Find My Mac is not activated under my iCloud settings. Checked both Admin accounts, both are unchecked.
  I did see this article before, but some of the steps, specifically the one in System Preferences / Security & Privcy / General is not applicable for OS Mavericks.
  Thank you for the tip, but sadly the guest user account somehow is still active.

• Mac OS X Server 4.0: User & Group Accounts

  I've bind Mac OS X server to AD, and I can see AD Users and Group accounts.  It seems that all other services such as Profile Manager requires Open Directory to run.  With Open Directory running, could I continue to use AD accounts instead -without having to recreate the wheel of a whole new set user accounts and  groups?  -So really assign AD accounts or groups to Server services.
  Thanks in advance!

  You should not have to do anything the user/group import should be automatic and you should not have to manually create any accounts and it does onging syncs automatically but I do not know how often.
  Once you are install and connect to profile manager all the accounts should show up just by clinking on users or the groups icons and they will work with that. You should not need to mess with them in the actual server application Although I would assume the other services all ink into the OD directory I don't know exactly how services like email, file sharing or VPN work as we have other more full featured better scaling services for that like MS Exchange for email/calendar and Cisco VPN.
  We are only using OD, Profile Manager and Software Update.
  Just a note I am using Server 3.2 on OS 10.9.5 if you are using Server 4.X your mileage will probably vary slightly as I am not sure what the areas of major change are.

• How do you delete a guest user account from the users&groups pane?

  could anyone help with giving a tip on how to  delete a guest user account from the users&groups pane in os-x 10.7 ? when I unlock account the delete or minus button is inactive. Thankyou

  aha, by disabling the find my mac checkbox in icloud seems to work. tusen takk previous threaders!!!!!!!!!!