Active Directory Permissions Problems

Hi all,
I'll be brief and to the point.
New iMacs
10.5.2
Bound to Active Directory
Login works fine
Authentication to network shares works fine (albeit slow)
But - when saving a file, let's say an HTML document in Coda, it comes up saying "You need administrative privileges to save the file, however you have permissions to replace the file".
Same in Excel, different message, but the same deal, can't modify files, but can create, delete, rename.
Same in Illustrator - only lets 'save as' and write over the top.
The permissions on the AD end are set fine to read&write. Even if I create a new file, it will save it once, then if I try and edit, same deal.
The permissions are granted as part of a 'group' - but I've added the individual username also and hasn't changed anything.
Any thoughts would be GREATLY appreciated.

I have an issue with OSX Leopard (10.5.2) , where by I can't write to NTFS shares on W2K3 servers with SMB signing turned on and IPV6 disabled for the interface.
To recreate the issue:
Create a folder named test that contains two files one named ._test.txt and test.txt on OSX and copy to an SMB share on W2k3.
This results in spurious errors about permissions and locked files.
Copying a file larger than 4k results in the error:
"The operation cannot be completed because you do not have sufficient privileges or some of the items."
Using mount_smbfs from a shell on OSX results in the error: "Permission denied"
host:~ user$ mount_smbfs //user@server/share /Volumes/test-smbmount/
Password:
host:~ user$ cp test.docx /Volumes/test-smbmount/
cp: /Volumes/test-smbmount/test.docx: Permission denied
Using smbclient from a shell on OSX results in SUCCESS!!!
host:~ user$ smbclient \\\\server\\\share -U user
Password:
Domain=DOMAIN OS=Windows Server 2003 3790 Service Pack 2 Server=http://Windows Server 2003 5.2
smb: \> put test.docx
putting file test.docx as \test.docx (784.7 kb/s) (average 784.7 kb/s)
smb: \>
There is an alternative solution if you do need to drag and drop in your gui world, it'll cost you $120
link: http://www.thursby.com/products/dave-eval.html
I have mailed the developer as he has obviously identified the root problem of the issue and I urged him to share his patch/resolution with Apple in the interests of the user community and a darn nice thing to do.I had a response form the developer to my request. I sent my workaround solution to the developer and stated that in my opinion the pricing for the software seems unnecessarily high based on the functionality it provides and way above what I would be willing to pay to resolve one small issue.
<developers response>
Pricing is a difficult topic to discuss -- but if you have no use for the product, any price is too much. As for reporting bugs to Apple, they'll listen to customers much sooner than they'll listen to developers. And they have some of the brightest engineers I know. If you report the bug to them, they'll likely have it fixed in the next update.
</developers response>
I couldn't find away to report the bug myself so I had a friend do it for me. The response I had back from Apple was less than satisfactory.
They believe that the issue is to do with NTFS streams and that a file containing ".com.apple.smb.streams.on" needs to be created and placed into the root of shared volumes. This is not a fix!
If you want to prevent writing the "Apple Double" files to a remote share, enter the following into a terminal:
$ defaults write com.apple.desktopservices DSDontWriteNetworkStores true
Problem still exists.
ref: http://docs.info.apple.com/article.html?artnum=301711
<apple double description>
ref: fhttp://docs.info.apple.com/article.html?artnum=106510
Before Mac OS X, the Mac OS used 'forked' files, which have two components: a data fork and a resource fork. The Mac OS Standard (HFS) and Mac OS Extended (HFS Plus) disk formats support forked files. When you move these types of files to other disk formats, the resource fork can be lost.
With Mac OS X, there is a mechanism called "Apple Double" that allows the system to work with disk formats that do not have a forked file feature, such as remote NFS, SMB, WebDAV directories, or local UFS volumes. Apple Double does this by converting the file into two separate files. The first new file keeps the original name and contains the data fork of the original file. The second new file has the name of the original file prefixed by a "._ " and contains the resource fork of the original file. If you see both files, the ._ file can be safely ignored. Sometimes when deleting a file, the ._ component will not be deleted. If this occurs you can safely delete the ._ file.
</apple double description>
I am not the only one this issue. A quick peruse on http://macwindows.com/ will show that numerous people are suffering and numerous workarounds have been suggested. Sadly none of which work for me. Each work around is stranger than the previous. Such as disabling IPV6 and updating Daylight Savings Time.
The issue lies with the samba integration. I am primarily a Gentoo Linux user and this kind of bug would have been resolved almost instantly if present in open source software.

Similar Messages

  • To build the organization's Active Directory permissions are what we need

    To build the organization's Active Directory permissions are what we need

    what is your actual question?  Can you be more specific?
    Santhosh Sivarajan | Houston, TX | www.sivarajan.com
    ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
    Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
    Blogs: Blogs
    Twitter: Twitter
    LinkedIn: LinkedIn
    Facebook: Facebook
    Microsoft Virtual Academy:
    Microsoft Virtual Academy
    This posting is provided AS IS with no warranties, and confers no rights.

  • Active Directory accounts problem logging in to Mavericks

    We have twenty iMacs in a lab and five in an Internet café, all wired to a multiple subnet network. OS X Mavericks is bound to Active Directory.  Frequently OS X Mavericks behaves as if the network user account password is entered incorrectly until the iMac is restarted.  This did not happen when we had Mountain Lion.  We never have problems logging in to Windows computers bound to Active Directory.

    We have twenty iMacs in a lab and five in an Internet café, all wired to a multiple subnet network. OS X Mavericks is bound to Active Directory.  Frequently OS X Mavericks behaves as if the network user account password is entered incorrectly until the iMac is restarted.  This did not happen when we had Mountain Lion.  We never have problems logging in to Windows computers bound to Active Directory.

  • Active Directory - Authentication Problem

    Hi Guys,
    I'm seeing something really weird in my Environment.
    For example, we have two users as example below in our Active Directory:
    jonesp - Paul Jones
    jonesph - Phillip Jones
    These users can't login into any Mac connected in Active Directory, on PCs the login goes fine.
    But when I renamed the login jonesp to jonespa, both users can login in the Macs.
    Anyone have this issue too? There is a KB telling about this behavior?
    This happens on Macs running 10.7.* and 10.8.*.
    Thanks

    Sorry CT,
    The problem isn't with Active Directory, this only happens on Macs.
    The problem doesn't happens with Windows and Linux, only on Macs.
    Anyway thanks for your help.
    Regards

  • Active Directory Server Problem

    Hi All,
    This mail Seeks to get help from people who have worked with Active Directory Server.
    The following is our Current scenario.
    We are in the process of establishing an SSL connection to Active Directory Server from java environment(a standalone class) in Windows 2000.
    1.Active Directory Server is installed in an independent Win 2k machine.
    2.SSL is enabled in the Active Directory Server Machine by installing the Enterprise Root Certificate.
    3.Microsoft High Encryption pack is installed in both the client and the Server(AD)
    4.The .cer file from the AD machine is imported in to the Client's keystore(cacerts) using the keytool utility.
    5.The AD m/c is part of a domain named "rsa" and client m/c is part of the domain named "cts"
    With the above setup,The following code tries to Establish an SSL context to the AD through JNDI.
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL,"ldap://blr03srv1.rsa.com:636");
    env.put(Context.SECURITY_PROTOCOL, "ssl");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL,"CN=Administrator,CN=Users,DC=rsa,DC=com");
    env.put(Context.SECURITY_CREDENTIALS,"password");
    try{
         DirContext ctx = new InitialDirContext(env);
         ctx.close();
    }catch (Exception e){
         e.printStackTrace();
    When we try to run this Client we are facing a SSLHandShakeException with a message saying "No trusted certificate found".
    As far as we know the .cer file is successfully imported in to the cacerts which is used by the J2SE as the default keystore.
    Hence we ran out of ideas,as we think that there could be some other issue which is causing this problem.
    We are looking forward to get inputs from AD enlightened people to Solve this issue
    Thanks in Advance,
    Manivannan.A

    I had problem the same and still I did not obtain to decide it, if for perhaps obtaining he passes me the solution.
    thank's
    Fernando Queiroz Fonseca
    Graduando em Engenharia El�trica
    Universidade Federal de Uberl�ndia
    http://www.fernandoqueiroz.com.br
    email : [email protected]

  • Active Directory login problem

    I have my MacBook Pro bound to the domain. It has a computer account viewable in the Active Directory.
    However, after this I then expected to be able to enter my domain credentials at the OS LoginWindow instead of logging on using a local account but it wont work......anyone know what may be the problem here ?
    Thanks in advance

    I have the same problem when i try to login using the AD domain account the screen just jumps around as if you have entered teh wrong password.

  • Active Directory Adapater Problem

    Hi everyone,
    I´ve installed Xellerate with OC4J against Oracle 10G Data Base. Connector Pack 9.0.3. Active Directory 2000
    the reconciliation process is working fine but I´m facing a little problem. when I update one user in AD and the scheduled task is processed the user I have modified in AD is marked as deleted in xellerate´s user administration.
    any help is appreciated
    regards

    Make sure the IP specified under WWW is correct & its working. Necessary network & firewall settings are deployed. If its working earlier & not working now means certainly, there are some changes being performed either at the network or firewall.
    Check, whether you can reach to the site directly using IP, if not there is trouble at the network & firewall end.
    Awinish Vishwakarma - MVP
    My Blog: awinish.wordpress.com
    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

  • Active Directory provider problem in 11g

    I am having the opposite problem than many others I see setting up Active Directory as the user store for OBIEE 11g. On two of the installations I have done the Active Directory users work but the original weblogic user does not work in OBIEE. It works fine in the WLS console and the FM Enterprise Manager but fails in analytics. The error I'm getting is:
    'weblogic' was authenticated but could not be located within the Identity Store.
    When others were having this problem they had left the default provider's control flag set at "REQUIRED" and not changed it to "SUFFICIENT". But I have done this (and gone back and reset it again) but the error persists. Any thoughts.

    Setting virtualize=true worked. I had tried this before but I think I did what I almost did this time. I almost created the variable virtual instead of virtualize. Thanks. The instructions I followed from Oracle didn't have this step. And I am wondering why it is necessary. The help for the SUFFICIENT setting says:
    A SUFFICIENT value specifies this LoginModule need not succeed. If it does succeed, control is returned to the application. If it fails and other Authentication providers are configured, authentication proceeds down the LoginModule list.
    Before I set this. yes, my AD users could login to EM and the WLS console. Other than this the AD integration has worked well.
    Edited by: dirkt on Sep 19, 2011 12:36 PM

  • Active Directory integration problem, Bind AC and OD

    Hi.
    I'm trying to set an Open Directory as "connect to a Directory System" because I have a windows 2000 server with Active Directory. But i have a problem when i click on "open directory Access", Access Directory appear and I select Active Directory.
    xxx.yyy is the server with active directory, with its admin and its password. but i cant Bind it and an error always appear.
    can you help me?
    what's "active directory domain"?is it xxx.yyy?
    and what's "computer ID"?
    Are there others parameters to set for example in DNS or other?
    help help help

    What are you trying to achieve by doing this?
    Got to http://www.afp548.com/ and serach for AD-OD integration.
    http://www.afp548.com/article.php?story=20051202151540574

  • WLS 7.0 Active Directory authenticator - problems starting managed server (Solaris 8)

    Has anyone managed to setup a WLS 7.0 Active Directory authenticator and booted
    a managed server using the node manager? I can boot the server without the AD
    authenticator and I can also boot the server using a script and successfully authenticate
    through AD. My AD control flag is set to OPTIONAL and I have also setup a default
    authenticator to boot weblogic - the control flag here is set to SUFFICIENT. This
    configuration works fine with weblogic running on W2K, but not on Solaris (it
    looks like the control flag is being ignored). Errors as follows
    ####<Oct 1, 2002 1:59:08 PM BST> <Info> <Logging> <mymachine> <server01> <main>
    <kernel identity> <> <000000> <FileLo
    gger Opened at /opt/app/live/appserver/domains/test/NodeManager/server01/server01.log>
    ####<Oct 1, 2002 1:59:09 PM BST> <Info> <socket> <mymachine> <server01> <main>
    <kernel identity> <> <000415> <System
    has file descriptor limits of - soft: 1,024, hard: 1,024>
    ####<Oct 1, 2002 1:59:09 PM BST> <Info> <socket> <mymachine> <server01> <main>
    <kernel identity> <> <000416> <Using e
    ffective file descriptor limit of: 1,024 open sockets/files.>
    ####<Oct 1, 2002 1:59:09 PM BST> <Info> <socket> <mymachine> <server01> <main>
    <kernel identity> <> <000418> <Allocat
    ing: 3 POSIX reader threads>
    ####<Oct 1, 2002 1:59:19 PM BST> <Critical> <WebLogicServer> <mymachine> <server01>
    <main> <kernel identity> <> <0003
    64> <Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException:
    Problem instantiating
    Authentication Providerjavax.management.RuntimeOperationsException: RuntimeException
    thrown by the getAttribute method of the Dynam
    icMBean for the attribute Credential>
    weblogic.security.service.SecurityServiceRuntimeException: Problem instantiating
    Authentication Providerjavax.management.RuntimeOper
    ationsException: RuntimeException thrown by the getAttribute method of the DynamicMBean
    for the attribute Credential
    at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:186)
    at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:236)
    at weblogic.security.service.SecurityServiceManager.doATN(SecurityServiceManager.java:1506)
    at weblogic.security.service.SecurityServiceManager.initializeRealm(SecurityServiceManager.java:1308)
    at weblogic.security.service.SecurityServiceManager.loadRealm(SecurityServiceManager.java:1247)
    at weblogic.security.service.SecurityServiceManager.initializeRealms(SecurityServiceManager.java:1364)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1107)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
    at weblogic.Server.main(Server.java:31)
    ####<Oct 1, 2002 1:59:19 PM BST> <Emergency> <WebLogicServer> <mymachine> <server01>
    <main> <kernel identity> <> <000
    342> <Unable to initialize the server: Fatal initialization exception
    Throwable: weblogic.security.service.SecurityServiceRuntimeException: Problem
    instantiating Authentication Providerjavax.management.
    RuntimeOperationsException: RuntimeException thrown by the getAttribute method
    of the DynamicMBean for the attribute Credential
    weblogic.security.service.SecurityServiceRuntimeException: Problem instantiating
    Authentication Providerjavax.management.RuntimeOper
    ationsException: RuntimeException thrown by the getAttribute method of the DynamicMBean
    for the attribute Credential
    at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:186)
    at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:236)
    at weblogic.security.service.SecurityServiceManager.doATN(SecurityServiceManager.java:1506)
    at weblogic.security.service.SecurityServiceManager.initializeRealm(SecurityServiceManager.java:1308)
    at weblogic.security.service.SecurityServiceManager.loadRealm(SecurityServiceManager.java:1247)
    at weblogic.security.service.SecurityServiceManager.initializeRealms(SecurityServiceManager.java:1364)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1107)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
    at weblogic.Server.main(Server.java:31)

    Solved the problem. The 'domain root' directory specified in the remote start configuration,
    must contain a copy of the file 'SerializedSystemIni.dat' that was created along
    with the domain, in order to boot when an AD authenticator is configured. If an
    AD authenticator is not configured, no file is required. This was not a platform
    specific issue; on Win2K I had configured the 'domain root' remote start parameter
    to point to an existing domain root and not a new directory.
    "Andrew Walker" <[email protected]> wrote:
    >
    Has anyone managed to setup a WLS 7.0 Active Directory authenticator
    and booted
    a managed server using the node manager? I can boot the server without
    the AD
    authenticator and I can also boot the server using a script and successfully
    authenticate
    through AD. My AD control flag is set to OPTIONAL and I have also setup
    a default
    authenticator to boot weblogic - the control flag here is set to SUFFICIENT.
    This
    configuration works fine with weblogic running on W2K, but not on Solaris
    (it
    looks like the control flag is being ignored). Errors as follows
    ####<Oct 1, 2002 1:59:08 PM BST> <Info> <Logging> <mymachine> <server01>
    <main>
    <kernel identity> <> <000000> <FileLo
    gger Opened at /opt/app/live/appserver/domains/test/NodeManager/server01/server01.log>
    ####<Oct 1, 2002 1:59:09 PM BST> <Info> <socket> <mymachine> <server01>
    <main>
    <kernel identity> <> <000415> <System
    has file descriptor limits of - soft: 1,024, hard: 1,024>
    ####<Oct 1, 2002 1:59:09 PM BST> <Info> <socket> <mymachine> <server01>
    <main>
    <kernel identity> <> <000416> <Using e
    ffective file descriptor limit of: 1,024 open sockets/files.>
    ####<Oct 1, 2002 1:59:09 PM BST> <Info> <socket> <mymachine> <server01>
    <main>
    <kernel identity> <> <000418> <Allocat
    ing: 3 POSIX reader threads>
    ####<Oct 1, 2002 1:59:19 PM BST> <Critical> <WebLogicServer> <mymachine>
    <server01>
    <main> <kernel identity> <> <0003
    64> <Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException:
    Problem instantiating
    Authentication Providerjavax.management.RuntimeOperationsException:
    RuntimeException
    thrown by the getAttribute method of the Dynam
    icMBean for the attribute Credential>
    weblogic.security.service.SecurityServiceRuntimeException: Problem instantiating
    Authentication Providerjavax.management.RuntimeOper
    ationsException: RuntimeException thrown by the getAttribute method of
    the DynamicMBean
    for the attribute Credential
    at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:186)
    at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:236)
    at weblogic.security.service.SecurityServiceManager.doATN(SecurityServiceManager.java:1506)
    at weblogic.security.service.SecurityServiceManager.initializeRealm(SecurityServiceManager.java:1308)
    at weblogic.security.service.SecurityServiceManager.loadRealm(SecurityServiceManager.java:1247)
    at weblogic.security.service.SecurityServiceManager.initializeRealms(SecurityServiceManager.java:1364)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1107)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
    at weblogic.Server.main(Server.java:31)
    ####<Oct 1, 2002 1:59:19 PM BST> <Emergency> <WebLogicServer> <mymachine>
    <server01>
    <main> <kernel identity> <> <000
    342> <Unable to initialize the server: Fatal initialization exception
    Throwable: weblogic.security.service.SecurityServiceRuntimeException:
    Problem
    instantiating Authentication Providerjavax.management.
    RuntimeOperationsException: RuntimeException thrown by the getAttribute
    method
    of the DynamicMBean for the attribute Credential
    weblogic.security.service.SecurityServiceRuntimeException: Problem instantiating
    Authentication Providerjavax.management.RuntimeOper
    ationsException: RuntimeException thrown by the getAttribute method of
    the DynamicMBean
    for the attribute Credential
    at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:186)
    at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:236)
    at weblogic.security.service.SecurityServiceManager.doATN(SecurityServiceManager.java:1506)
    at weblogic.security.service.SecurityServiceManager.initializeRealm(SecurityServiceManager.java:1308)
    at weblogic.security.service.SecurityServiceManager.loadRealm(SecurityServiceManager.java:1247)
    at weblogic.security.service.SecurityServiceManager.initializeRealms(SecurityServiceManager.java:1364)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1107)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
    at weblogic.Server.main(Server.java:31)

  • Active Directory Permissions to Profile Manager

    Hopefully this will help anyone else who runs into this trouble.
    OSX 10.9
    Server App 3.0.1
    We have a profile manager server setup using our Active Directory. After initial setup the system was working fine and all users could access the services.
    In attempting to adjust the web service the permissions for service was turned on and domain users could no longer log in to enroll devices.
    To resolve this issue I worked through the following steps.
    In Server App > Groups found Domain Users (The group containing all users in the domain)
    Clicked the Gear and choose Edit Access to Service
    Checked off Profile Manager.
    I then added Domain Users to the Local Workgroup and allowed the same access to services. This could be done with a different group if needed.
    It may work at this point but as an additional step you can install the Workgroup manager tool from Apples Download site. http://support.apple.com/kb/DL1698
    Log int to your Local Directory, I used /LDAPv3/127.0.0.1
    Find the group you added the permissions to in the local domain and add your Active  Directory Domain Users to that group.
    Hope this saves someone else the annoyances I went through.

    So after a little more trouble shooting as well I ended up using ths post after a backup of the database.
    To backup the database I use this Post - https://discussions.apple.com/thread/3791994
    pg_dump -U _devicemgr -h /Library/Server/ProfileManager/Config/var/PostgreSQL/ -c device_management > $HOME/device_management.sql
    And resetting the server app and database.
    https://discussions.apple.com/message/23925691?tstart=15#23925691?tstart=15
    Interstingly this pulled my old database info back in and restored some settings that had been lost. I'm not really sure why and wouldn't trust it to happen again.
    My issue is now that AD users have to log in twice. The first time they get a denyed error. Then they log out and login on the same browser or a differnt computer al together and they can get in.

  • Active Directory Binding Problems

    Hi all,
    I'm trying to bind to Active Directory but keep on getting the "unknown error occurred" at step 5.
    I captured the adplugin debug log, the only error I can see is the following:
    2006-03-30 15:53:48 BST - ADPlugin: Setting Computer Password FAILED Deleted Record......
    Has anyone had the same problem? If so any ideas how to overcome it?
    See Complete debug log below.
    2006-03-30 15:33:07 BST - ADPlugin: PeriodicTask Called.......
    2006-03-30 15:33:07 BST - ADPlugin: Calling OpenDirNode
    2006-03-30 15:33:07 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:07 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:07 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:07 BST - ADPlugin: Calling CloseDirNode
    2006-03-30 15:33:35 BST - ADPlugin: Calling OpenDirNode
    2006-03-30 15:33:35 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:35 BST - ADPlugin: Doing CheckServerRecords......
    2006-03-30 15:33:35 BST - ADPlugin: student.hastings.ac.uk - Start checking servers for site "any"
    2006-03-30 15:33:35 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 1, kPasswd - 1
    2006-03-30 15:33:35 BST - ADPlugin: No matching _kerberos records for server - "napier.student.hastings.ac.uk"
    2006-03-30 15:33:36 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
    2006-03-30 15:33:36 BST - ADPlugin: student.hastings.ac.uk - Finished checking servers for domain
    2006-03-30 15:33:36 BST - ADPlugin: Got rootDSE for server rutherford.student.hastings.ac.uk to determine forest
    2006-03-30 15:33:36 BST - ADPlugin: Determined Forest of hastings.ac.uk from Domain Controller rutherford.student.hastings.ac.uk
    2006-03-30 15:33:36 BST - ADPlugin: Found Default Domain student.hastings.ac.uk
    2006-03-30 15:33:36 BST - ADPlugin: Global Catalogs - Start checking servers for site "any"
    2006-03-30 15:33:36 BST - ADPlugin: Total Servers "any" LDAP - 3, Kerberos - 2, kPasswd - 2
    2006-03-30 15:33:36 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
    2006-03-30 15:33:36 BST - ADPlugin: Server #2 picked - "kepler.hastings.ac.uk"
    2006-03-30 15:33:36 BST - ADPlugin: Found Forest Domain GC hastings.ac.uk
    2006-03-30 15:33:36 BST - ADPlugin: hastings.ac.uk - Start checking servers for site "any"
    2006-03-30 15:33:36 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
    2006-03-30 15:33:36 BST - ADPlugin: Server #1 picked - "kepler.hastings.ac.uk"
    2006-03-30 15:33:36 BST - ADPlugin: Server #2 picked - "galileo.hastings.ac.uk"
    2006-03-30 15:33:36 BST - ADPlugin: Found Forest Domain hastings.ac.uk
    2006-03-30 15:33:36 BST - ADPlugin: Something wrong, unable to determine domain information from Config container......
    2006-03-30 15:33:36 BST - ADPlugin: Finished CheckServerRecords......
    2006-03-30 15:33:36 BST - ADPlugin: Created KerberosClient record Generation ID 165422016
    2006-03-30 15:33:36 BST - ADPlugin: Rebuilt Kerberos File
    2006-03-30 15:33:36 BST - ADPlugin: Calling CloseDirNode
    2006-03-30 15:33:36 BST - ADPlugin: Calling OpenDirNode
    2006-03-30 15:33:36 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:36 BST - ADPlugin: Doing CheckServerRecords......
    2006-03-30 15:33:37 BST - ADPlugin: PeriodicTask Called.......
    2006-03-30 15:33:41 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:41 BST - ADPlugin: No existing connection in connection mgr for [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:41 BST - ADPlugin: Secure BIND Session with server rutherford.student.hastings.ac.uk:389
    2006-03-30 15:33:41 BST - ADPlugin: Read Context information from server for configurationNamingContext of CN=Configuration,DC=hastings,DC=ac,DC=uk
    2006-03-30 15:33:41 BST - ADPlugin: Processing Site Search with found IP
    2006-03-30 15:33:41 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
    2006-03-30 15:33:41 BST - ADPlugin: student.hastings.ac.uk - Start checking servers for site "any"
    2006-03-30 15:33:41 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 1, kPasswd - 1
    2006-03-30 15:33:41 BST - ADPlugin: No matching _kerberos records for server - "napier.student.hastings.ac.uk"
    2006-03-30 15:33:41 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
    2006-03-30 15:33:41 BST - ADPlugin: student.hastings.ac.uk - Finished checking servers for domain
    2006-03-30 15:33:42 BST - ADPlugin: Got rootDSE for server rutherford.student.hastings.ac.uk to determine forest
    2006-03-30 15:33:42 BST - ADPlugin: Determined Forest of hastings.ac.uk from Domain Controller rutherford.student.hastings.ac.uk
    2006-03-30 15:33:42 BST - ADPlugin: Found Default Domain student.hastings.ac.uk
    2006-03-30 15:33:42 BST - ADPlugin: Global Catalogs - Start checking servers for site "any"
    2006-03-30 15:33:42 BST - ADPlugin: Total Servers "any" LDAP - 3, Kerberos - 2, kPasswd - 2
    2006-03-30 15:33:42 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
    2006-03-30 15:33:42 BST - ADPlugin: Server #2 picked - "kepler.hastings.ac.uk"
    2006-03-30 15:33:42 BST - ADPlugin: Found Forest Domain GC hastings.ac.uk
    2006-03-30 15:33:42 BST - ADPlugin: hastings.ac.uk - Start checking servers for site "any"
    2006-03-30 15:33:42 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
    2006-03-30 15:33:42 BST - ADPlugin: Server #1 picked - "kepler.hastings.ac.uk"
    2006-03-30 15:33:42 BST - ADPlugin: Server #2 picked - "galileo.hastings.ac.uk"
    2006-03-30 15:33:42 BST - ADPlugin: Found Forest Domain hastings.ac.uk
    2006-03-30 15:33:42 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:42 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:42 BST - ADPlugin: Read Context information from server for configurationNamingContext of CN=Configuration,DC=hastings,DC=ac,DC=uk
    2006-03-30 15:33:42 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
    2006-03-30 15:33:42 BST - ADPlugin: Finished CheckServerRecords......
    2006-03-30 15:33:42 BST - ADPlugin: Created KerberosClient record Generation ID 165422022
    2006-03-30 15:33:42 BST - ADPlugin: Rebuilt Kerberos File
    2006-03-30 15:33:42 BST - ADPlugin: Closing All Connections - Connection Manager
    2006-03-30 15:33:42 BST - ADPlugin: Closing Connection - [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:42 BST - ADPlugin: Closing All Connections - Connection Manager Completed
    2006-03-30 15:33:42 BST - ADPlugin: Calling CloseDirNode
    2006-03-30 15:33:42 BST - ADPlugin: Calling OpenDirNode
    2006-03-30 15:33:42 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:42 BST - ADPlugin: Verify called for [email protected]
    2006-03-30 15:33:43 BST - ADPlugin: Verify successful for [email protected]
    2006-03-30 15:33:43 BST - ADPlugin: Calling CloseDirNode
    2006-03-30 15:33:43 BST - ADPlugin: Calling OpenDirNode
    2006-03-30 15:33:43 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:43 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:43 BST - ADPlugin: No existing connection in connection mgr for [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:43 BST - ADPlugin: Secure BIND Session with server rutherford.student.hastings.ac.uk:389
    2006-03-30 15:33:43 BST - ADPlugin: Read Context information from server for schemaNamingContext of CN=Schema,CN=Configuration,DC=hastings,DC=ac,DC=uk
    2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
    2006-03-30 15:33:47 BST - ADPlugin: Updating Mappings from Schema..........
    2006-03-30 15:33:47 BST - ADPlugin: Doing Computer search for Ethernet address - 00:0a:95:e4:05:84
    2006-03-30 15:33:47 BST - ADPlugin: Doing DN search for account - testibook
    2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus -14136.
    2006-03-30 15:33:47 BST - ADPlugin: Calling CloseDirNode
    2006-03-30 15:33:47 BST - ADPlugin: Calling OpenDirNode
    2006-03-30 15:33:47 BST - ADPlugin: Calling CustomCall
    2006-03-30 15:33:47 BST - ADPlugin: Looking for existing Record of testibook
    2006-03-30 15:33:47 BST - ADPlugin: Doing DN search for account - testibook
    2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus -14136.
    2006-03-30 15:33:47 BST - ADPlugin: Attempting Add Record......
    2006-03-30 15:33:47 BST - ADPlugin: Adding in OU = CN=Computers,DC=student,DC=hastings,DC=ac,DC=uk
    2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
    2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:33:47 BST - ADPlugin: Added record CN=testibook,CN=Computers,DC=student,DC=hastings,DC=ac,DC=uk
    2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
    2006-03-30 15:33:47 BST - ADPlugin: Setting Computer Password......
    2006-03-30 15:33:47 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:35:47 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:37:47 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:39:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:41:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:43:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:45:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:47:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:49:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:51:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
    2006-03-30 15:53:48 BST - ADPlugin: Good credentials for [email protected]
    2006-03-30 15:53:48 BST - ADPlugin: Existing connection too old in connection mgr [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:53:48 BST - ADPlugin: Secure BIND Session with server rutherford.student.hastings.ac.uk:389
    2006-03-30 15:53:48 BST - ADPlugin: Deleting Record CN=testibook,CN=Computers,DC=student,DC=hastings,DC=ac,DC=uk...
    2006-03-30 15:53:48 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
    2006-03-30 15:53:48 BST - ADPlugin: Setting Computer Password FAILED Deleted Record......
    2006-03-30 15:53:48 BST - ADPlugin: Updating Local Admin Group
    2006-03-30 15:53:49 BST - ADPlugin: Cleaning Previous Additions to Local Admin Group
    2006-03-30 15:53:49 BST - ADPlugin: Sending lookupd flushcache at request!
    2006-03-30 15:53:49 BST - ADPlugin: Resetting memberd cache also!
    2006-03-30 15:53:49 BST - ADPlugin: Closing All Connections - Connection Manager
    2006-03-30 15:53:49 BST - ADPlugin: Closing Connection - [email protected]@student.hastings.ac.uk:389
    2006-03-30 15:53:49 BST - ADPlugin: Closing All Connections - Connection Manager Completed
    2006-03-30 15:53:49 BST - ADPlugin: Bind/Join failed - Launching kerberosautoconfig -u
    2006-03-30 15:53:49 BST - ADPlugin: Calling CloseDirNode
    Many Thanks
    Paul

    Hi Paul!
    I've personally never seen this error message, but a quick search on Google (which you may have already done as well) for "Setting Computer Password FAILED Deleted Record" found someone else who had the same problem. His issue was firewall related and was fixed by opening some ports for AD. He also provides a link to a Microsoft KB article about this.
    Hope this helps and good luck! bill
    1 GHz Powerbook G4   Mac OS X (10.4.5)  

  • 801.x WLANs authenticated via Radius and Active Directory permit any user access any WLAN

    Hi,
    I have configured several WLANs with WPA2 and 8021.x which authenticate users through Radius server (Windows Internet authentication service) that conects with an Active Directory, into the AD exists one user group for each WLAN but the problem is that any user that was added to some group can get access to any WLAN, does anyboby know if I need some configuraion on the WLC to restric that?
    thanks for your help.

    Hi Scott,
    I have done some test modifying the Radius Policy to look at called station ID and test too looking at the NAS-ID, In the first case, I change the Call Station ID Type into WLC RADIUS Authentication Servers configuration to AP MAC Address:SSID and AP Name:SSID and into the Radius Server using .*:SSID-NAME$ and SSID-NAME$ ,but it blocks access for any user. In the second case, I change the NAS-ID into WLC WLAN and interface confguration and into the radius server Policy to match all, but it doesn´t have any impact, what other test could I try?
    thanks for your help. 

  • Active Directory SSL Problem

    Hi everyone,
    I installed SSL certificate according to Active Directory Connector Guide(part 2.2.3.4.).
    But I have an error :
    ConnectorServer.exe Error: 0 : Error processing request
    System.NotSupportedException: The server mode SSL must use a certificate with the associated private key.
    Dou you have any idea ?
    Thanks.
    Best regards.

    Hi,
    I did all requirements but I have an error.
    In Connector Server log :
    ConnectorServer.exe Error: 0 : Error processing request
    System.NotSupportedException: The server mode SSL must use a certificate with the associated private key.
    In OIM diagnostic log :
    org.identityconnectors.framework.common.exceptions.ConnectorException: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    Do you have any idea ?
    Thanks.

  • Active directory copnnection problem

    Hi all,
    I try to connect to an Active Directory using JNDI but I'm not successfull. I always get the same error saying that my credentials are not valid. It seems that I have to use an UPN to connect, but I don't know how to use it. The usual parameter don't work. The UPN should be [email protected] where xxx is the domain. I'm going crazy, I've tried several stuff but unsuccessfully.
    Here is my initial config file:
    <config-file>
         <ldap>
              <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
              <providerUrl>ldap://luinternal.xxxxx.xxxxx:389/</providerUrl>
              <securityAuthentication>simple</securityAuthentication>
              <securityPrincipal>
                   <user>webtemp</user>
              </securityPrincipal>
              <securityCredentials>Password0123456789</securityCredentials>
              <ldapVersion>3</ldapVersion>
         </ldap>
    </config-file>Thiss does not work, I get an error 49.
    I've tried to change webtemp to webtemp@[email protected] but this does not work as well.
    I'm also using ldap browser v2.8.2, a Java client, to test my connections.
    Hope you can help me.
    Cheers :)

    I have no idea what application is using this configuration, nor how it uses the credentials to bind to Active Directory.
    However from a pure LDAP perspective, you can use three forms of user name to perform a simple bind.
    1. Distinguished Name
    cn=John Smith, OU=Scientists,DC=Antgipodes,DC=Com
    2. NT style domain name
    ANTIPODES\jsmith
    3. User Principal Name
    [email protected]
    In your example, if you wanted to use the userPrincipalName, I can only guess that it will be [email protected]

Maybe you are looking for

  • Can I buy a prepaid SIM card for my unlocked iPhone 4S?

    I have an unlocked iPhone 4S purchased in Costa Rica where I live. I'll be visiting Michigan in July and August and would like to use the iPhone while there. Can I buy a prepaid and rechargeable SIM to install in the phone while there? If yes, what's

  • Differences in 1.4 over 1.3

    Hi, I am new to Java IDL and I probably do not even know what i am doing, but i am trying to learn. I followed the Java IDL tutorial over at the 1.3 release and am using 1.4.01 JDK. The 1.3 release tutorial says that when you run idlj -fall Hello.idl

  • How to check the Statistics generated for a table through DBMS_STATS.

    Hi, How to check the statistics generated for a Table through DBMS_STATS.GATHER_TABLE_STATS procedure ? Please let me know. Thanks ! Regards, Rajasekhar

  • Black screen of death, you loose everything

    I was using safari and my iphone froze. I did a reset, when my iphone came back to life the single-user boot screen appeared. I ended up having to go into recovery mode to restore the phone. bottom line you loose your notes and safari bookmarks

  • Dumb question of the week...

    how do i remove songs from my i-pod? i've looked at the manual and it doesn't make any sense to me...