Active Directory - Forte/UDS integration
Does any body integrated Active Directory Server with Forte ?
We are trying to integrate Forte with Active Directory Server.
Our first step is to open a session on Active Directory from Forte and that was successful.
The second step is to bind to the Active Directory server so as to authenticate the user against the Active Directory service fails.
The error message is :- "ASN.1 Integer does not begin with 0x02 at offset 0".
we are using Forte/UDS 5.0.3 and Windows Server 2000 SP4 for Active Directory.
Any help you can provide in this matter is greatly appreciated
Thank you
Suresh
We plan to install CRM 2007 ABAP+Java stack (dual stack).
I can tell you from my experience: avoid dual stack installations wherever possible because
- having to manage memory and resources for two engines running at the same time can be cumbersome
- you create a total dependency between ABAP + Java - means, if you e.g . run a portal and need to update the Java stack to a higher SP you have to also install the related ABAP SPs
- if you do release upgrades you have to run two upgrade processes in parallel since they will "wait for each other", you can´t upgrade separately
- depending on what database you use you must R3load to do system copies (no backup/restore)
Markus
Similar Messages
-
Wireless Deployment with Active Directory User Group Integration
I am trying to find out the best practice in deploying a WLAN for users in the cooperate environment, which uses their company active directory integrated laptops to join to the WLAN.
I know this can be done using certificates easily but I want to just find a way to deploy this without certificates and only based on the AD user group. Maybe a Radius server + LDAP server integration solution would be great.
Please advice. Thanks.
Cheers
Lal Antony
www.lalantony.comThe easiest way to deply this is with a Microsoft toolkit, it has everything you need included, manuals, scripts to install and configure server-side components and it's very easy to use. You can get it from here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=60c5d0a1-9820-480e-aa38-63485eca8b9b&displaylang=en
It's based on Win2003 server but I've been advised by MS that it should be OK on Win2008 as well. -
OIM 9.1.0 Integration with Active Directory 2008 R2
Hi,
My customer is running Root/Child AD structure based on windows 2003 w/SP2, OIM 9.1.0 deployed under one of the child domains, and integrated with child domains controllers which runs windows server 2003 as well.
My customer has decided to upgrade his AD to Windows Server 2008 R2 domain controllers across the entire AD Forest and still wants to integrate the current OIM v9.1.0 with AD for all of his Users provisioning and password synchronizations.
Am not sure if current OIM version of OIM 9.1.0 is compatible and supported by OIM v9.1.0 under active directory version 2008 / R2, and not sure if it can be integrated with such AD version.
Any guidance is really appreciated.
Also I was thinking of such scenario but also not sure of its support ability and if OIM will keep working on such scenario, the scenario is to upgrade only the AD root domain to Windows 2008 R2 while keeping the child domain holding the OIM 9.1.0 at Windows 2003 version.
Is this a working and supported scenario by OIM v9.1.0 ?I believe you question should be if the connector supports this architecture. Check out the versions supported for the connector you are using and you should be good.
-Bikash -
Active Directory integration problem, Bind AC and OD
Hi.
I'm trying to set an Open Directory as "connect to a Directory System" because I have a windows 2000 server with Active Directory. But i have a problem when i click on "open directory Access", Access Directory appear and I select Active Directory.
xxx.yyy is the server with active directory, with its admin and its password. but i cant Bind it and an error always appear.
can you help me?
what's "active directory domain"?is it xxx.yyy?
and what's "computer ID"?
Are there others parameters to set for example in DNS or other?
help help helpWhat are you trying to achieve by doing this?
Got to http://www.afp548.com/ and serach for AD-OD integration.
http://www.afp548.com/article.php?story=20051202151540574 -
A co-worker (Super Brent) and I were working on using iChat as an internal IM server after having used Openfire for a couple days. The reason for switching was basically that we had a Mac Mini Server that was available so we decided to take this on.
First problem: Knowing whether or not Kerberos was needed for AD/OD integration. We spent a ton of time on this, not knowing a huge amount about AD and with our server administrator on courses, we just kept poking at it and removed Kerberos.
For the AD/OD integration, we first bound the Mac Mini to our Active Directory server. We shut off LDAPv3 support as we only wanted to use the AD functionality. Additionally, we ensured that the search policy in Directory Utility only used Active Directory. Then we created an Open Directory master in the Open Directory service. We enabled a self-signed certificate and trusted it locally. After creating the iChat service, ensure that you use the self-signed SSL Certificate and set authentication to Standard. (no kerberos).
Second problem: Once this was complete, we started to test clients out. We were unable to successfully login using our AD credentials using Spark IM and Pandium IM. After trying nearly 100 different variations of server configs, we decided to try a new client. I installed Miranda IM on my Windows XP machine and tried a few different setups. It turned out that the magic potion was to make sure that the "resource" field was set to "Home" and use SSL for encryption. This resource setting was the deal breaker for the other IM clients as many of them such as Spark and Pandium do not have this as a login option.
We ended up using Pidgin IM as the Windows client of choice as it did have the resource variable and it's interface was the best suited for our environment and users.
I hope this helps someone out there as we spent days looking all over the internet trying to figure this out.
Cheers,
Frenchy and Super BrentHi,
iChat Server is not something that I know a great deal about.
I tend to point people to the OS X Server Communities and to look out for posts by Tim Harris.
Thanks for taking the time to post this.
9:58 PM Friday; February 10, 2012
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
"Limit the Logs to the Bits above Binary Images." No, Seriously -
Integrating OIM 9.1.0.2 - Active Directory NT 4.0
Hi,
I need to make the integration between:
- Oracle Identity Manager 9.1.0.2
- Active Directory NT 4.0,
I found that connector according to the certification of Microsoft Active Directory User Management 9.1.1.7. The NT version of Active Directory is not supported than alternatives can be taken in this case.
Very grateful for the supportYou should still be able to communicate with it via java ldap libaries so long as it is version "Windows NT 4.0 PDC release (the Windows 2000 alpha release)" or later.
I would suggest you download the Sun Java System Directory connector. Go through the configuration lookups and change them to match the ldap values of Active Directory. Give that a shot. If it doesn't work, you'll most likely need to write your own connector using ldap libraries.
-Kevin -
Integrating Final Cut Server 1.5 with Active Directory
Following the directions in the Final Cut Server Setup Guide and I am running into errors. Fun with Final Cut Server. Fun with Kerberos.
Final Cut Server v.1.5 is running on an Intel Xserve running 10.5.6 Server, joined to AD. Active Directory is running on a Windows Server 2008 setup.
I dropped the ini files on the domain controllers, as directed by Apple KB (http://support.apple.com/kb/HT3688) and I ran the commands directed in the setup guide.
The adprincadd command should be run literally, of course, but there's a mistake straight-away when it should read "./adprincadd.pl", the ".pl" is missing. Also it says "fcsvr/fqdn of fcsvr", so naturally I replaced the fqdn, but the "fcsvr" prefixed threw me off. It gave me errors until I opened Kerberos.app and notcied that the kerb ticket was in ldap/, then the command worked for me. At least no errors, until I checked the ticket and it said I had no permissions and that the keytab entry was invalid. Wheeee.
1. First I tried:
(some info redacted)
node09:sbin root# ./adprincadd.pl -dc dc01.example.com. fcs.example.com.
Getting kerberos principal for computer account
Kerberos principal is ---
Getting computer id...---
Getting AD Domain...---
Base DN is dc=example,dc=com
getting kerb ticket using [email protected] got ticket
SASL-bind to dc01.example.com. successful
Computer record is at CN=---,CN=Computers,DC=example,DC=com
Checking to see if ---.--.---. exists...000020B5: AtrErr: DSID-031529F7, #1:
0: 000020B5: DSID-031529F7, problem 1005 (CONSTRAINTATTTYPE), data 0, Att 90303 (servicePrincipalName)
at ./adprincadd.pl line 165
2. Then I noticed the /ldap in Kerberos.app and changed the adprinadd command:
Everything ran well, with no errors...
Finding kvno...2
Reading /etc/krb5.keytab...done.
Creating new keytab file...done.
Writing out temporary keytab...done.
Making backup of old keytab and moving new keytab into place...done.
Operation Completed. You can verify with "kinit <ad user>; kvno -k /etc/krb5.keytab ldap/---.example.com"
3. Verifying with kinit gave me the keytab errors:
kinit matx; kvno -k /etc/krb5.keytab ldap/fcs.example.com
Please enter the password for [email protected]:
ldap/[email protected]: kvno = 2, keytab entry invalid
kvno: Permission denied while decrypting ticket for 'ldap/[email protected]'
Thoughts?Hello, I'm having issues with the client login after AD integration. I followed the steps from http://support.apple.com/kb/HT3818 and the Terminal output reported a success.
I'm able to add AD groups in Final Cut Server Group Permissions. However, when I try logging in on the FCServer client using credentials associated with AD group I've added, I'm getting an error message from the client stating:
"Please re-enter the username and password or contact the server administrator. Please note that the username and password are case-sensitive."
The FQDN is correct in the Server field of the client.
I'm able to log into the client using locally created user accounts that I've created on the server so I know the client is communicating correctly.
The only thing I can find in the Console for the client machine is this:
11/25/09 10:50:12 AM /Users/*/Desktop/Final Cut Server.app/Contents/MacOS/Final Cut Server[1773] Warning: accessing obsolete X509Anchors.
In the server Console, this is a suspect message: /Library/Application Support/Final Cut Server/Final Cut Server.bundle/Contents/MacOS/fcsvr_stored[77891] pps proxy error: dsDoDirNodeAuth = -14091
Not finding much info out there regarding this. Any guidance is appreciated. -
Microsoft Active Directory 2008 - Day CQ Integration.
Hi All,
We have integrated AD with CQ for authentication purpose (JAAS config, LDAPLoginModule).
We are registering user from our website and storing them directly on AD (using day ldap client APIs - day-commons-ldapclient-1.1.6.jar). Now the problem is that the created user are disabled by default, to overcome this we have set an attribute "userAccountControl" while registering.
This solved the disable issue, but another issue is that user can not login unless his/her password is being reset from AD admin interface.
The password is set in "userPassword" attribute and AD is not treating this as a password so it enable the flag for reset password mechanism.
There is another attribute which needs to be set for this and is called "unicodePwd", but to set this the connection should be encrypted(at least 128 bit SSL/TLS) and LDAPS should be used and not LDAP.
Please refer the MS article at http://msdn.microsoft.com/en-us/library/cc223248%28v=prot.10%29.aspx
So the question is that can it be achieved with with LDAP protocol itself, if not then how big is the effort to go via LDAPS approach.
Has anybody achieved something similar and throw some light?
Any pointer will be helpful.
Thanks in Advance,
RakeshFrom what I understand, you are attempting to synchronize your users from CQ into your active directory instance. To me, it sounds like you should really get LDAPS set up, as opposed to attempting to work aroud it.
Here is a link to the part of the document Day wrote on how to configure LDAP for CQ5:
http://dev.day.com/docs/en/crx/current/administering/ldap_authentication.html#Configuring LDAP over SSL
Additionally, if you take a look at the forum topic I posted about this very problem, there is a nice list of resources for what you are trying to do: http://forums.adobe.com/thread/1068151?tstart=0
Hope that helps! Good luck! -
Failover agents who work with active directory integration
Hi Guys,
I have implemented 'Active Directory' failover in SCOM. But what i see is that it doesn't work.
The agents are assigned by AD, but the first (RMS Role) management server has got all the agents and is to busy and
has got many problems to handle all the load. Even with this case nothing is failing over.
A few i could failover with hand, but the most i cannot because 'change primary management' server is blanked out. Even with the agents turned back from manuel to automatic (blog Kevin Holman).
1. Has anybody got any idea of getting the AD failover to work automatic?
2. Has anybody got a workaround to do this manual, by powershell (SCOM 2012 R2 cmdlets), bypassing the grayed out 'Change primary management server?
3. In my failover screen is see the management servers + the internet DMZ gateway server. I don't want to failover to the internet DMZ Gateway server. Can i delete this?
Please have a look at my specific question. I did read many blogs who are based on powershell without AD integration or AD integration without explaining how the automatic failover works.
Kind regards,
AndréHi,
SCOM windows agents automatic failover does not require AD integration or PowerShell scripting or Configuration Manager or manual agents installation specially for small to medium environment and agents distribution between different SCOM management servers
can be accomplished through push agents wizard, and windows agents failover can be simply verified from event viewer.
Please refer to the below links for more details:
How to Use Active Directory Domain Services to Assign Computers to Management Servers
http://technet.microsoft.com/en-us/library/hh212712.aspx
OpsMgr AD Integration - how it works
http://blogs.msdn.com/b/steverac/archive/2008/03/20/opsmgr-ad-integration-how-it-works.aspx
Regards,
Yan Li
Regards, Yan Li -
Help with Active Directory Integration and kerberos
Hello,
Im encountering a bug preventing me to use Active Directory integration with kerberos :
Our domain name is CORP.DOMAIN.COM.
When we request the GC in this domain :
bash-3.00# nslookup -query=any gc.tcp.corp.domain.com
Server: 1.2.1.6
Address: 1.2.1.6#53
** server can't find gc.tcp.corp.domain.com: NXDOMAIN
there is no answer.
But when we request without corp, we find the servers :
bash-3.00# nslookup -query=any gc.tcp.domain.com | grep sis
gc.tcp.domain.com service = 0 100 3268 serveur02.corp.domain.com.
gc.tcp.domain.com service = 0 100 3268 serveur01.corp.domain.com.
bash-3.00#
Is-it possible to add the possibility to enter the domain name where reside the gc.tcp ?
Thank you.Hello
the domain.com domain exist, but it's not our domain.
so, when I put domain.com, it search with no result (nothing appends).
our kdc.conf :
[kdcdefaults]
kdc_ports = 88,750
[realms]
CORP.DOMAIN.COM = {
profile = /etc/krb5/krb5.conf
database_name = /var/krb5/principal
admin_keytab = /etc/krb5/kadm5.keytab
acl_file = /etc/krb5/kadm5.acl
kadmind_port = 749
max_life = 8h 0m 0s
max_renewable_life = 7d 0h 0m 0s
default_principal_flags = +preauth
krb.conf
[libdefaults]
default_realm = CORP.DOMAIN.COM
default_checksum = rsa-md5
[realms]
CORP.DOMAIN.COM = {
kdc = dc01.corp.domain.com
kdc = dc02.corp.domain.com
[domain_realm]
.corp.domain.com = CORP.DOMAIN.COM
corp.domain.com = CORP.DOMAIN.COM
in every domain, I think the GC are in corp.domain.com. but in my company, it's in domain.com...
Thank you, -
Integration of Active Directory on EBS R12
Hi,
Need to integrate Active Directory on our EBS 12.1.1 on Linux server with Window 2008 Active Directory.
Any suggestion, document or tutorial please.
Thanks in advanceHi Richa,
Please see
DIP Synchronization with Microsoft Active Directory Quick Start Guide [ID 267153.1]
Configuring eBusiness Suite with Windows Native Authentication (WNA) [ID 744118.1]
http://www.freeoraclehelp.com/2011/09/oid-integration-with-ms-active.html
Oracle applications and Active Directory
http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T465432.htm#4236328
http://docs.oracle.com/cd/E10773_01/doc/oim.1014/e10528/odip_actdir.htm
http://www.serkey.com/how-to-import-your-ms-active-directory-users-in-an-oracle-table-bdv38t.html
Thanks -
OIM Active Directory 2008 integration
Hi All,
Has anyone integrated (or being in the process of integrating just now) OIM 9.1 with Active Directory on a Windows 2008 Server using the AD 9.1 connector or a custom connector? Any problems or other experiences with such integration?
The 9.1.1 connector will be cerfified for AD on Windows 2008 but the current connector 9.1 (or 9.1.0.1) is only cerfified for AD on Windows 2003 or 2000.
Thanks,
AlbinI believe you question should be if the connector supports this architecture. Check out the versions supported for the connector you are using and you should be good.
-Bikash -
Single Signon and Integration with Active Directory
Hi,
We have a requirement to integrate Active Directory with SAP and implement Single Signon solution. Our Active Directory is running on Windows 2003 and we are having systems 4.7 , ECC6.0 which run on Linux OS in our landscape.
Can anyone of you help me by answering following questions
1. Is there any need of any third party solution(tool) to integrate Active Directory and SAP and activate single signon?
2.Is there any difference in integration from SAP 4.7 and ECC6.0 of SAP on Linux OS with Active Directory ?
3. If possible please share any documents or links on above issue.
Suitable answers will be rewarded with points. Thanks in advance for your help
Regards
Murali> Thank you very much for providing me the link. But the document on link seem to be in German. Can you please let me know how to get English version of this document.
I'm sorry, you'd have to ask Realtech for that document in English.
Basically you can follow
http://osdir.com/ml/encryption.kerberos.general/2004-11/msg00007.html
Markus -
ACS Express integration with Active Directory
Hello,
I have ACS Express version 5.0.1 installed on Cisco ADE; I'm trying to get it integreated with an Active Directory without sucess.
I did packet captures on the ASA that is in between and I can see communication going thru just fine. I ran a diagnostic on the ACS express and got this:
DIAGNOSTIC USING THE IP ADDRESS OF THE DOMAIN CONTROLLER:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tabla normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Output of AD Domain Diagnostics:
IP Diagnostics
Local host name: he-zfm-acs-01
Local IP Address: 172.31.67.10
Not found in DNS!Make sure it is in Reverse Lookup Zone.
FQDN host name:he-zfm-acs-01.clarocr.americamovil.ca1
Domain Diagnostics:
Domain: 172.24.2.93
Subnet site:
WARNING! Unable to locate computer's subnet site in Active Directory.
Ask your Active Directory administrator to add this computer's subnet
to the appropriate site.
DNS query for: _ldap._tcp.172.24.2.93
Found no SRV records!
Computer Account Diagnostics
Not joined to any domain
AD Agent Process Status: Not joined to any domain
DIAGNOSTIC USING THE AD REALM:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tabla normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Output of AD Domain Diagnostics:
IP Diagnostics
Local host name: he-zfm-acs-01
Local IP Address: 172.31.67.10
FQDN host name:he-zfm-acs-02.clarocr.americamovil.ca1
Domain Diagnostics:
Domain: CLAROCR.AMERICAMOVIL.CA1
Subnet site: TELECOM
DNS query for: _ldap._tcp.CLAROCR.AMERICAMOVIL.CA1
Found SRV records:
rom-pro-dc-03.clarocr.americamovil.ca1:389
Testing Active Directory connectivity:
Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1
ldap: 389/tcp - good
ldap: 389/udp - good
smb: 445/tcp - good
kdc: 88/tcp - good
kpasswd: 464/tcp - good
ntp: 123/udp - good
Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:389
Domain controller type: Windows 2003
Domain Name: CLAROCR.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Forest Name: AMERICAMOVIL.CA1
DNS query for: _gc._tcp.AMERICAMOVIL.CA1
Testing Active Directory connectivity:
Global Catalog: rom-des-dc-01.desa1sv.americamovil.ca1
gc: 3268/tcp - timeout
No TCP LDAP response, giving up on rom-des-dc-01.desa1sv.americamovil.ca1
Global Catalog: rom-amv-dc-02.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-tlc-dc-01.telecom.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-pro-dc-03.clarocr.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-tlc-dc-02.telecom.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-amv-dc-01.americamovil.ca1
gc: 3268/tcp - good
Domain Controller: rom-amv-dc-02.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-tlc-dc-01.telecom.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: TELECOM.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: CLAROCR.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-tlc-dc-02.telecom.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: TELECOM.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-amv-dc-01.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Forest Name: AMERICAMOVIL.CA1
Computer Account Diagnostics
Not joined to any domain
AD Agent Process Status: Not joined to any domainDennis,
TIme in sync on the ACS and AD servers?
Faisal -
Storage Integration with Active Directory Services Part 2
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
Having your storage device join Active Directory Services can be relatively straightforward. What do do if the JOIN button fails? This demo goes through a basic checklist from network to server. Demo covers integration between the NSS2000/3000/4000/6000 platform and Microsoft ADS Server 2003.
Part 1 - Network Overview
Part 2 - NSS Configuration
Part 3 - Connecting a share
Part 4 - Server 2003 Administration
Note: Some artistic license was used to make the test environment more easy to illustrate but the principles are the same in a live network.Hi Angus,
Policy Server does not require a specific LDAP schema. During configuration you simply map the LDAP attributes of your schema to the ones that Policy Server supports (e.g., common name, email address, etc).
If you are configuring Policy Server to use an LDAP, it will use the LDAP to authenticate the user (Policy Server does not store the password itself in this case).
If passwords are stored outside of the LDAP (e.g., in a database), it is possible to write a custom authentication provider to authenticate against this source.
Hope this helps,
-Bill
Maybe you are looking for
-
I updated to iphone iOS 6 on my Iphone 4s, it worked fine for the hour i used it. When i woke up a few hours later every single app started crashing, from safari to maps, after a few seconds the app crashes and i would have to go back in. The crashin
-
I just upgraded to 10.9. My exchange email won't load emails that are older than a few weeks old. How do I change this setting so I can see all my mail?
-
Free Gift Code I received yesterday with purchase is expired!!!!
I Just bought the special U2 ipod. It's supposed to come with "exclusive" U2 content.... I'm very irritated because the "exclusive" content turns out to actually be a Gift Card for a free video download from the iTunes store. On the bottom of the car
-
Multiple location on delivery document
HI Experts, The scenario is : client has multiple warehouse at different location.In a single delivery document client need to deliver different items from different location.By default it's not possible in SAP B1 8.8 PL08.can any
-
Beachball while loading java animated pages
Greetings, I am one who has experienced virtually zero problems with the new Safari version, I really love it. The one small problem I do have is when I visit sites with java animation, I get the beachball, and Activity Monitor shows Safari as "not r