Active Directory user passwords on mobile account with File Vault
Hi all,
I enabled file vault when I moved to my MacBook Pro. I joined the computer to the domain (after enabling file vault), and logged in with my domain account, creating a managed, mobile account so that I could use the computer when not connected to the domain.
Active Directory has forced a change in my password for the domain account but I cannot get the password on the Mac to change the password and sync with the domain.
My account (the one with the changed network password) on the Mac is a standard user account. When I open system preferences, go to Security & Preferences, General, click on the lock to unlock and allow change and then click Change Password ..., I receive the following error message after going through the steps to change the password:
The password for the account "user" was not changed. There was a problem with your password. It's possible your system administrator doesn't allow you to change your password. Contact your system administrator for help.
For Old Password, I used the old network password, the one that I use to log into the Mac. For New Password, I used my new, current password.
The same result happens when I attempt to change the password from the Users & Groups section of the System Preferences.
I have logged out and logged in with the user account that is identified as the admin and get a similar (same ?) error when attempting to change the password.
Any suggestions? How do I get the passwords to be one so that I can forget the old password?
Thanks for your insights.
The Tech Tool report happened after AppleJack, and never showed up before that. Restarting again just now, it showed up again.
I had not emptied the trash, but did now, and the 'get info' on my hard drive still shows that I have used nearly all of my 160 GB.
Re Disk Warrior: I do have it and just ran it. I emptied trash again and checked to see available disk space: I have 2.47 GB, so the problem still exists.
Here is the disk warrior report for the first part of its tests:
DiskWarrior has successfully built a new optimized directory for the disk named "Hildegarde." The new directory is
ready to replace the original directory.
There is not enough contiguous free space for a fail-safe replacement of the directory. It is highly recommended that
you create 204 MB of contiguous free space before replacing the original directory.
All file and folder data was easily located.
Comparison of the original and replacement directories indicates that there will be changes to the number, the
contents and/or the attributes of the files and folders. It is recommended that you preview the replacement
directory and examine the items listed below. All files and folders were compared and a total of 14,627,488
comparison tests were performed.
• Errors, if any, in the directory structure such as tree depth, header node, map nodes, node size, node counts, node
links, indexes and more have been repaired.
• 1 folder had a directory entry with an incorrect custom icon flag that was repaired.
Disk Information:
Files: 552,652
Folders: 131,014
Free Space: 2.47 GB
Format: Mac OS Extended
Block Size: 4 K
Disk Sectors: 321,410,736
Media: HDT722516DLAT80
Time: 11/28/08 6:54:19 PM
DiskWarrior Version: 4.1
Similar Messages
-
HELPDeleted user account with file vault on to free disk space, to no avail
My saga is a long one. Quick telling: I am the administrator on my eMac, and was locked out of my desktop last spring when the disk became overly full. File vault was turned on, and I was told by my computer repair folks that since the desktop was encrypted, it could not be accessed. A sad situation, since I had not backed up the disk, and had years of family photos that were lost, not to mention iTunes, Quicken, and more.
Since then I bought a back-up disk, and saved a copy of that desktop, just in case.
My computer is overly full again, and today I decided to delete my old user account in order to free space. Of the 160G in this computer, 80% was associated with that user (that is, me). I deleted account via the System Preferences window and its Accounts window.
I emptied the trash, and 'got info' on my hard drive, only to see that nothing had disappeared, memory-wise! I am still nearly full--only having 2G available, rather than the 130 or more that I had hoped to free up.m I restarted too.
I went to Apple Support to find that one should turn off File Vault before deleting a user account. Unfortunately, this is impossible for me, since I can not/could not access the user account to turn it off.
SO here is my question: is there a way to delete the files of a user account that had file vault turned on, but that is inaccessible? There is no deleted user file in my User folder, by the way.
I am not suer what to do. Any help is appreciated.Thanks for your insights.
The Tech Tool report happened after AppleJack, and never showed up before that. Restarting again just now, it showed up again.
I had not emptied the trash, but did now, and the 'get info' on my hard drive still shows that I have used nearly all of my 160 GB.
Re Disk Warrior: I do have it and just ran it. I emptied trash again and checked to see available disk space: I have 2.47 GB, so the problem still exists.
Here is the disk warrior report for the first part of its tests:
DiskWarrior has successfully built a new optimized directory for the disk named "Hildegarde." The new directory is
ready to replace the original directory.
There is not enough contiguous free space for a fail-safe replacement of the directory. It is highly recommended that
you create 204 MB of contiguous free space before replacing the original directory.
All file and folder data was easily located.
Comparison of the original and replacement directories indicates that there will be changes to the number, the
contents and/or the attributes of the files and folders. It is recommended that you preview the replacement
directory and examine the items listed below. All files and folders were compared and a total of 14,627,488
comparison tests were performed.
• Errors, if any, in the directory structure such as tree depth, header node, map nodes, node size, node counts, node
links, indexes and more have been repaired.
• 1 folder had a directory entry with an incorrect custom icon flag that was repaired.
Disk Information:
Files: 552,652
Folders: 131,014
Free Space: 2.47 GB
Format: Mac OS Extended
Block Size: 4 K
Disk Sectors: 321,410,736
Media: HDT722516DLAT80
Time: 11/28/08 6:54:19 PM
DiskWarrior Version: 4.1 -
I want to be able to setup a user mobile account, with the home directory stored locally and not synced to the server. What is the best way to do this? I am running Server 10.6 with 10.6 clients. Open Directory will be used to authenticate and manage preferences. Also, this one account will be used simultaneosly in a computer lab setting, so files will be stored locally in the client, hence the need to NOT sync to the server. Any Ideas?
currofelix wrote:
So what does WGM Look like in the Home Tab? afp://servername.domainname/Users? or afp://Users?
The attached screen shots should help you:
You will only have to do this step once. Obviously you want to use the user's shortname here.
Then, you will see this as an option in WGM: -
Creating active directory users with dscl
Our mac workstations (OSX 10.8) are bound to a 2008 Active Directory server. We are attempting to use some existing dscl scripts on the mac client computer to create Active directory users. We can successfully read and change AD attributes of an existing user with dscl, but creating new users or new attributes for an existing user gives us an error. Here are some examples.
SUCCESSFUL READ OF AD USER ATTRIBUTE:
root# dscl -u administrator "/Active Directory/CXAD/All Domains" -read /Users/jholmes SMBHomeDrive
Password:
SMBHomeDrive: H:
root#
SUCCESSFUL DELETE OF ABOVE USER ATTRIBUTE
root# dscl -u administrator "/Active Directory/CXAD/All Domains" -delete /Users/jholmes SMBHomeDrive
Password:
root#
FAILED ATTEMPT AT RE-CREATING THE DELETED ATTRIBUTE
root# dscl -u administrator "/Active Directory/CXAD/All Domains" -create /Users/jholmes SMBHomeDrive
Password:
<main> attribute status: eDSInvalidRecordType
<dscl_cmd> DS Error: -14130 (eDSInvalidRecordType)
root#
The same error occurs when attempting to create a new user. Any ideas? Thanks in advance for any suggestions.In the end I could not find them; account info is ONLY stored locally in Open Directory when they have mobile accounts.
However, I found I could migrate their user directories in Terminal via ditto ( I connected the old macs via Firewire Target mode) , and when they log in all their stuff and settings are there.
the command is: ditto /Volumes/<old mac hard drive>/Users/<username> /Users/<username> -
Unable to login @ login window with Active Directory User
I successfully bound my test machine to Active Directory and can search using dscl and id. I can also su to my active directory user account an authenticate perfectly. All search bases are correct and everything else looks fine.
When I attempt to login from the login window as an AD user, the window shakes. Clicking under Mac OS X shows that "Network Accounts Available". Looks like the CLI tool "dirt" is now gone as well, although insecure it would possibly show something here.
Anyone else having issues after binding to AD? I bound using the Directory Utility gui... I have not tried using my leopard bind script yet.
Thanks,
KenI have pretty well the same problem. The machine was already bound to AD prior to upgrade. After could not login on with my account (jball). Can log on with other accounts from the same domain (we only have one AD domain). Can also su to jball in a terminal session. Can't access network resources with jball when I try to connect to a windows server through the finder, instantly comes up with bad username or password, doesn't even think about it.
I have removed any copies of the home folder under either /Users or /Domain as I have had problems with that before. Have repaired permissions and unbind and bind the machine to AD. Have been at this all day now and no closer. Get these error messages in console:
31/08/09 4:49:27 PM SecurityAgent[666] Could not get the user record for 'jball@domainname' from Directory Services
31/08/09 4:49:27 PM SecurityAgent[666] User info context values set for jball@domainname
31/08/09 4:49:27 PM SecurityAgent[666] unknown-user (jball@domainname) login attempt PASSED for auditing -
Issue with Active Directory User Target Recon
Hi ,
I am facing an issue with Active Directory User Target Recon
My environment is OIM 11g R2 with BP03 patch applied
AD Connector is activedirectory-11.1.1.5 with bundle patch 14190610 applied
In my Target there are around 28000 users out of which 14000 have AD account (includes Provisioned,Revoked,Disabled accounts)
When i am running Active Directory User Target Recon i am not putting any filter cleared the batch start and batch size parameters and ran the recon job .Job ran successfully but it stopped after processing around 3000 users only.
Retried the job two three times but every time it is stopping after processing some users but not processing all the users.
Checked the log file oimdiagnostic logs and Connector server logs cannot see any errors in it.
Checked the user profile of users processed can see AD account provisioned for users
My query is why this job is not processing allthe users.Please point if i am missing some thing .
thanks in advanceCheck the connector server load when you are running the recon. Last time I checked the connector, the way it was written is that it loads all the users from AD into the connector server memory and then sends them to OIM. So if the number was huge, then the connector server errored out and did not send data to OIM. We then did recon based on OUs to load/link all the users into OIM. Check the connector server system logs and check for memory usage etc.
-Bikash -
Dear all,
I am looking to setup the use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature. We SSO to the backened ABAP AS via an SAP NW Portal to which SPNEgo kerberos authentication is setup. Today we specify R3 user id/password to digitally approvae a lot release. The idea is to have users maintain one AD password and don't have to remember the R/3 password anymore and also our Security team to avoid password maintenance.
I know there are 3 options for digital signature and
System signature with authorization by user ID and password (We use this currently)
Digital User signature with verification - (We would like to use this with AD userid/password, so the system still ask the users their AD userid/password for the authentication when they try to "sign" a document.)
User signature without verification
Do you think there is a way to configure the system in order to ask and check the active directory userid/password instead of SAP R/3 password? Where can I found documentation about it ?
I have several different versions of AS ABAP starting from NW 7.02 to NW 7.31.
My active directory is based on Windows 2008.
Thanks in advance!!
DheeActually enabling Kerberos for SSO purposes and enabling Kerberos for digital signatures are two different topics although the latter is because of the former. I'm interested in the topic as well and I'm currently looking at different options. SAP provides a BAdI for the digital signature API which can be used for external authentication but they do not provide the solution to invoke Kerberos authentication based on username and password. SAP provides a semi solution with NWSSO 2.0 SP2 which works only on Windows with classic dynpros meaning SAP GUI for Windows is assumed. The solution is based on an ActiveX component which does the actual Kerberos authentication using the Secure Login Client which is part of the NWSSO suite. Extending that implementation to non-Windows and non-GUI applications would require some sort of web enabled service that could be used to authenticate the user with username and password. In case authentication is successful, a Kerberos token would be returned to SAP which would then be validated. All the required pieces are there since SAP has Kerberos support now in both stacks of the NetWeaver Application Server, some bits are still missing though which leaves customers looking at 3rd party or custom solutions.
-
Adobe Form that Creates Active Directory User Account
Hello all! Hopefully someone can help me with this. I am using Adobe LiveCycle Designer ES 8.2 to create a user account request form. I have the form created and now am working on a submit button that will email the form to the approving officials. Once its emailed to the approving officials I would like to have a button available in which the approval person can select resulting in the creation of an Active Directory user account. I need the fields in the form to populate cooresponding fields inside of Active Directory. Current AD structure is on Server 2003. Are there any ideas for how to accomplish this?
I don't know. However, you might get a better or faster answer in the LiveCycle forum that deals with Designer.
-
Cannot log into DTR with Active Directory User
Greetings,
I have set up and installed JDI correctly. I can log into /devinf, the cbs, cms and sld systems with no problem using both Administrator and my JDI.Administrator that I assigned to an Active Directory user. I can log into the DTR using a user from the database (i.e. Administrator), however, when trying to access the DTR with an Active Directory user, I get the following message:
500 Internal Server Error
SAP J2EE Engine/6.40
Application error occurred during the request procession.
Details: Error [javax.servlet.ServletException: Group found, but unique name "businessUnit.all.guests" is not unique!], with root cause [com.tssap.dtr.server.deltav.InternalServerException: Group found, but unique name "businessUnit.all.guests" is not unique!]. The ID of this error is
Exception id: [0012798F81680042000000090000165C0003FE9AA3C0B86B].
This group exists in multiple domainshowever, this has not caused us any issues to date with our portal and other pieces of SAP WASit's only this DTR error.
Any help is greatly appreciated.
Thanks,
MartyHi Marty,
In the document available at the link enclosed below, there is a part that explains how to configure DTR so that it always uses "Unique-IDs".
http://help.sap.com/saphelp_nw04/helpdata/en/20/f4a94076b63713e10000000a155106/frameset.htm
It is mentioned that this is valid for LDAP, but the information is applicable for Active Directory as well.
Regards,
Manohar -
Exporting Active directory users to excel with conditions
I'm trying to export AD users with selected fields out to a spreadsheet, with the condition that the employeeid field is greater than 99999. I found a VBScript elsewhere on this site that does everything i need, even filtering on the employeeid
field except that when it export to the spreadsheet the employeeid field comes back as if it's blank. But i know it's not as it will do the filtering correctly. Below is the script i've been using. As i said it will correctly list all users
with employeeid greated than 5 digits but it just won't export the actual employeeid field
Dim ObjWb
Dim ObjExcel
Dim x, zz
Set objRoot = GetObject("LDAP://RootDSE")
strDNC = objRoot.Get("DefaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNC) ' Bind to the top of the Domain using LDAP using ROotDSE
Call ExcelSetup("Sheet1") ' Sub to make Excel Document
x = 1
Call enummembers(objDomain)
Sub enumMembers(objDomain)
On Error Resume Next
Dim Secondary(20) ' Variable to store the Array of 2ndary email alias's
For Each objMember In objDomain ' go through the collection
if ObjMember.EmployeeID > 199999 Then 'if employee id greater than 199999 then add to spreadsheet (meaning physician)
x = x +1 ' counter used to increment the cells in Excel
' I set AD properties to variables so if needed you could do Null checks or add if/then's to this code
' this was done so the script could be modified easier.
SamAccountName = ObjMember.samAccountName
FirstName = objMember.GivenName
LastName = objMember.sn
EmployeeID = ojbMember.employeeID
EmailAddr = objMember.mail
Addr1 = objMember.streetAddress
Title = ObjMember.Title
Department = objMember.Department
' Write the values to Excel, using the X counter to increment the rows.
objwb.Cells(x, 1).Value = EmployeeID
objwb.Cells(x, 2).Value = SamAccountName
objwb.Cells(x, 3).Value = FirstName
objwb.Cells(x, 4).Value = LastName
objwb.Cells(x, 5).Value = EmailAddr
objwb.Cells(x, 6).Value = Addr1
objwb.Cells(x, 7).Value = Title
objwb.Cells(x, 8).Value = Department
' Write out the Array for the 2ndary email addresses.
For ll = 1 To 20
objwb.Cells(x,26+ll).Value = Secondary(ll)
Next
' Blank out Variables in case the next object doesn't have a value for the property
EmployeeID = "-"
SamAccountName = "-"
FirstName = "-"
LastName = "-"
EmailAddr = "-"
Addr1 = "-"
Title = "-"
Department = "-"
For ll = 1 To 20
Secondary(ll) = ""
Next
End If
' If the AD enumeration runs into an OU object, call the Sub again to itinerate
If objMember.Class = "organizationalUnit" or OBjMember.Class = "container" Then
enumMembers (objMember)
End If
Next
End Sub
Sub ExcelSetup(shtName) ' This sub creates an Excel worksheet and adds Column heads to the 1st row
Set objExcel = CreateObject("Excel.Application")
Set objwb = objExcel.Workbooks.Add
Set objwb = objExcel.ActiveWorkbook.Worksheets(shtName)
Objwb.Name = "Active Directory Users" ' name the sheet
objwb.Activate
objExcel.Visible = True
objwb.Cells(1, 1).Value = "EmployeeID"
objwb.Cells(1, 2).Value = "SAMAccountName"
objwb.Cells(1, 3).Value = "FirstName"
objwb.Cells(1, 4).Value = "LastName"
objwb.Cells(1, 5).Value = "Email"
objwb.Cells(1, 6).Value = "Addr1"
objwb.Cells(1, 7).Value = "Title"
objwb.Cells(1, 8).Value = "Department"
End Sub
MsgBox "User dump has completed.", 64, "AD Dump" ' show that script is completeHere is a test version
Set xl = CreateObject("Excel.Application")
xl.Visible = True
Set wb = xl.Workbooks.Add()
Set sheet = wb.Worksheets("sheet1")
sheet.Name = "Active Directory Users"
i = 1
With sheet
.Cells(i, 1).Value = "EmployeeID"
.Cells(i, 2).Value = "SAMAccountName"
.Cells(i, 3).Value = "FirstName"
.Cells(i, 4).Value = "LastName"
.Cells(i, 5).Value = "Email"
.Cells(i, 6).Value = "Addr1"
.Cells(i, 7).Value = "Title"
.Cells(i, 8).Value = "Department"
End With
Set users = GetADUsers()
While Not users.EOF
i = i + 1
With sheet
.Cells(i, 1).Value = users("employeeID")
.Cells(i, 2).Value = users("samAccountName")
.Cells(i, 3).Value = users("GivenName")
.Cells(i, 4).Value = users("sn")
.Cells(i, 5).Value = users("mail")
.Cells(i, 6).Value = users("streetAddress")
.Cells(i, 7).Value = users("Title")
.Cells(i, 8).Value = users("Department")
End With
users.MoveNext
Wend
Function GetADUsers()
Set rootDSE = GetObject("LDAP://RootDSE")
base = "<LDAP://" & rootDSE.Get("defaultNamingContext") & ">"
filt = "(&(objectClass=user)(objectCategory=Person))"
attr = "employeeid,SAMAccountName,mail,GivenName,sn,streetAddress,Title,Department"
scope = "subtree"
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADsDSOObject"
conn.Open "Active Directory Provider"
Set cmd = CreateObject("ADODB.Command")
Set cmd.ActiveConnection = conn
cmd.CommandText = base & ";" & filt & ";" & attr & ";" & scope
Set GetADUsers = cmd.Execute()
End Function
¯\_(ツ)_/¯ -
We recently upgraded from 10.6 server to 10.8 server and are having trouble with AFP shares and Active Directory. We have shares on each of our OS X servers that should be mountable by any Active Directory user at the site the server resides. In 10.6, this worked beautifully. Simply adding the appropriate AD groups with appropriate permissions to the ACL of the folder(s) being shared worked without a hitch. In 10.8 server, this is not working. Permissions are defined correctly (as far as I can tell), the server is bound to AD, but yet no AD user who should have access can mount the share. When attempting to mount the share on a 10.6 client, the user gets the short and simple "You entered an invalid username or password. Please try again." On a 10.7 client, the window shakes.
What confuses me even more is that no local users can mount the share as well. I try as our admin account, I receive the following error message on our 10.6 clients:
Actually, as I was forumulating this post, logging in as the server administrator account is now working...???!!!
This was the error message we were receiving on 10.7 clients before it magically started working:
In any case, authenticating as an AD user is still no go. Any ideas?I had something similar to this. In the name field put in DOMAIN\username rather than just the name.
-
How to import your MS Active Directory users in an Oracle table
Hello,
I first tried to get a Heterogenous Connection to my MS Active Directory to get information on my Active Directory users.
This doesn't work so I used an alternative solution:
How to import your MS Active Directory users in an Oracle table
- a Visual Basic script for export from Active Directory
- a table in my database
- a SQL*Loader Control-file
- a command-file to start the SQL*Loader
Now I can schedule the vsb-script and the command-file to get my information in an Oracle table. This works fine for me.
Just to share my scripts:
I made a Visual Basic script to make an export from my Active Directory to a CSV-file.
'Export_ActiveDir_users.vbs 26-10-2006
'Script to export info from MS Active Directory to a CSV-file
' Accountname, employeeid, Name, Function, Department etc.
' Richard de Boer - Wetterskip Fryslan, the Nethterlands
' samaccountname Logon Name / Account
' employeeid Employee ID
' name name
' displayname Display Name / Full Name
' sn Last Name
' description Description / Function
' department Department / Organisation
' physicaldeliveryofficename Office Location Wetterskip Fryslan
' streetaddress Street Address Harlingerstraatweg 113
' l City / Location Leeuwarden
' mail E-mail adress
' wwwhomepage Web Page Address
' distinguishedName Full unique name with cn, ou's, dc's
'Global variables
Dim oContainer
Dim OutPutFile
Dim FileSystem
'Initialize global variables
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set OutPutFile = FileSystem.CreateTextFile("ActiveDir_users.csv", True)
Set oContainer=GetObject("LDAP://OU=WFgebruikers,DC=Wetterskip,DC=Fryslan,DC=Local")
'Enumerate Container
EnumerateUsers oContainer
'Clean up
OutPutFile.Close
Set FileSystem = Nothing
Set oContainer = Nothing
WScript.Echo "Finished"
WScript.Quit(0)
Sub EnumerateUsers(oCont)
Dim oUser
For Each oUser In oCont
Select Case LCase(oUser.Class)
Case "user"
If Not IsEmpty(oUser.distinguishedName) Then
OutPutFile.WriteLine _
oUser.samaccountname & ";" & _
oUser.employeeid & ";" & _
oUser.Get ("name") & ";" & _
oUser.displayname & ";" & _
oUser.sn & ";" & _
oUser.description & ";" & _
oUser.department & ";" & _
oUser.physicaldeliveryofficename & ";" & _
oUser.streetaddress & ";" & _
oUser.l & ";" & _
oUser.mail & ";" & _
oUser.wwwhomepage & ";" & _
oUser.distinguishedName & ";"
End If
Case "organizationalunit", "container"
EnumerateUsers oUser
End Select
Next
End SubThis give's output like this:
rdeboer;2988;Richard de Boer;Richard de Boer;de Boer;Database Administrator;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Richard de Boer,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;
tbronkhorst;201;Tjitske Bronkhorst;Tjitske Bronkhorst;Bronkhorst;Configuratiebeheerder;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Tjitske Bronkhorst,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;I made a table in my Oracle database:
CREATE TABLE PG4WF.ACTD_USERS
samaccountname VARCHAR2(64)
, employeeid VARCHAR2(16)
, name VARCHAR2(64)
, displayname VARCHAR2(64)
, sn VARCHAR2(64)
, description VARCHAR2(100)
, department VARCHAR2(64)
, physicaldeliveryofficename VARCHAR2(64)
, streetaddress VARCHAR2(128)
, l VARCHAR2(64)
, mail VARCHAR2(100)
, wwwhomepage VARCHAR2(128)
, distinguishedName VARCHAR2(256)
)I made SQL*Loader Control-file:
LOAD DATA
INFILE 'ActiveDir_users.csv'
BADFILE 'ActiveDir_users.bad'
DISCARDFILE 'ActiveDir_users.dsc'
TRUNCATE
INTO TABLE PG4WF.ACTD_USERS
FIELDS TERMINATED BY ';'
( samaccountname
, employeeid
, name
, displayname
, sn
, description
, department
, physicaldeliveryofficename
, streetaddress
, l
, mail
, wwwhomepage
, distinguishedName
)I made a cmd-file to start SQL*Loader
: Import the Active Directory users in Oracle by SQL*Loader
D:\Oracle\ora92\bin\sqlldr userid=pg4wf/<password>@<database> control=sqlldr_ActiveDir_users.ctl log=sqlldr_ActiveDir_users.logI used this for a good list of active directory fields:
http://www.kouti.com/tables/userattributes.htm
Greetings,
Richard de BoerI have a table with about 50,000 records in my Oracle database and there is a date column which shows the date that each record get inserted to the table, for example 04-Aug-13.
Is there any way that I can find out what time each record has been inserted?
For example: 04-Aug-13 4:20:00 PM. (For my existing records not future ones)
First you need to clarify what you mean by 'the date that each record get inserted'. A row is not permanent and visible to other sessions until it has been COMMITTED and that commit may happen seconds, minutes, hours or even days AFTER a user actually creates the row and puts a date in your 'date column'.
Second - your date column, and ALL date columns, includes a time component. So just query your date column for the time.
The only way that time value will be incorrect is if you did something silly like TRUNC(myDate) when you inserted the value. That would use a time component of 00:00:00 and destroy the actual time. -
SMB access for Active Directory users
Hi there,
My server is an OD Master bound to AD for authentication and my institution's Kerberos realm.
When I try to share files from the server via SMB and connect as an Active Directory user I get the following error in the logs:
[2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parse_name(myserver$) failed (Configuration file does not specify default realm)
[2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
I've read something vague about having to Kerberize the SMB service seperately so I'm not sure if that's the problem.
My smb.conf file is as follows:
; Configuration file for the Samba software suite.
; ============================================================================
; For the format of this file and comprehensive descriptions of all the
; configuration option, please refer to the man page for smb.conf(5).
; The following configuration should suit most systems for basic usage and
; initial testing. It gives all clients access to their home directories and
; allows access to all printers specified in /etc/printcap.
; BEGIN required configuration
; Parameters inside the required configuration block should not be altered.
; They may be changed at any time by upgrades or other automated processes.
; Site-specific customizations will only be preserved if they are done
; outside this block. If you choose to make customizations, it is your
; own responsibility to verify that they work correctly with the supported
; configuration tools.
[global]
debug pid = yes
log level = 1
server string = Mac OS X
printcap name = cups
printing = cups
encrypt passwords = yes
use spnego = yes
passdb backend = odsam
idmap domains = default
idmap config default: default = yes
idmap config default: backend = odsam
idmap alloc backend = odsam
idmap negative cache time = 5
map to guest = Bad User
guest account = nobody
unix charset = UTF-8-MAC
display charset = UTF-8-MAC
dos charset = 437
vfs objects = darwinacl,darwin_streams
; Don't become a master browser unless absolutely necessary.
os level = 2
domain master = no
; For performance reasons, set the transmit buffer size
; to the maximum and enable sendfile support.
max xmit = 131072
use sendfile = yes
; The darwin_streams module gives us named streams support.
stream support = yes
ea support = yes
; Enable locking coherency with AFP.
darwin_streams:brlm = yes
; Core files are invariably disabled system-wide, but attempting to
; dump core will trigger a crash report, so we still want to try.
enable core files = yes
; Configure usershares for use by the synchronize-shares tool.
usershare max shares = 1000
usershare path = /var/samba/shares
usershare owner only = no
usershare allow guests = yes
usershare allow full config = yes
; Filter inaccessible shares from the browse list.
com.apple:filter shares by access = yes
; Check in with PAM to enforce SACL access policy.
obey pam restrictions = yes
; Don't be trying to enforce ACLs in userspace.
acl check permissions = no
; Make sure that we resolve unqualified names as NetBIOS before DNS.
name resolve order = lmhosts wins bcast host
; Pull in system-wide preference settings. These are managed by
; synchronize-preferences tool.
include = /var/db/smb.conf
[printers]
comment = All Printers
path = /tmp
printable = yes
guest ok = no
create mode = 0700
writeable = no
browseable = no
; Site-specific parameters can be added below this comment.
; END required configuration.
Any help would be much appreciated!!
Thanks.I am now having the same problem - a Windows server trying to access a file share on the Mac Server is presented with the same error message in the log files:
[2009/06/29 21:34:56, 2, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:setupnew_vcsession(1260)
setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parsename(vifile$) failed (Configuration file does not specify default realm)
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
Workgroup manager can read from Active Directory - seems to be jiving correctly - my server (SMB) is in Domain Member mode...
When I try to access system from \\UNC command, I am presented with username/password prompt and nothing works.
Not feeling the Mac OS X love tonight.
Bill
System is bound to active directory - green light in Directory Utility -
Best practice converting local laptop accounts to Mobile Accounts with PHD
Hi,
what is the best practice to convert local laptop users (with different UIDs than their network account) to mobile accounts? Especially when the local dir should not be synced in whole (just Documents, Library). Client and server are 10.5, network accounts are on NFS.
I tried creating the mobile account with a minimal network directory (Library etc. ) and then move the original folders into place, but this didn't work out (the sync info was overwritte somewhere ..)
ChristianI think your best bet is to copy the home folder off the laptop to the user share on the server. Then with WGM create the same user and the apply all permissions of the network user to the copied folder.
Once you have that create your settings for the PHD and then go to the laptop. There you will setup the laptop and bind it to the directory, have that user login (might want to do this on a lan, not airport) and then it will move all the data across to that laptop, and since the network user (same as the local) owns that folder everything should work. If the password is the same then OS X should fix the login and keychain password, so saved forms or email password would show up.
I did this same thing for 20 OS 10.4 client laptops. Took me a while to get all of this in place but will spare you the running around...
hope that helps -
Window Active Directory users cannot see home drive when logon to Macs
This problem just occurred, so that tells me either 10.4.9 has done it or a security update to Windows 2003 Server.
Looking for any tech saavy network guru to help.
Windows 2003 Server houses active directory. Users in the past were able to log on to a Macintosh computer and their home drive would appear on the desktop.
Now 'all of a sudden' any user that logs onto a Macintosh computer with an AD account does not see their home drive on the desktop.
Has anyone else had this problem? Any suggestions on how to resolve it? I haven't unbound the Mac from AD yet will try that tomorrow.
JTSFixed this...a corrupted keychain item that contained the users prior used network password was the culprit.
Once I delted the corrupted keychain, active directory users can log on a Mac and see their home directory on the desktop.
JTS
Maybe you are looking for
-
what should i do please someone help me, I live in UK so how much will it cost to get a screen replacement or will they just replace my phone? but its just my screen so yeah please help. its in a bag of rice and it works fine only the screen is not d
-
Adobe Photoshop Lightroom 64-bit has stopped working [Lightroom 5 Beta]
I was looking for a Lightroom 5 Beta forum but am unable to find one. Today, I downloaded and installed LR5 Beta on my new HP Envy 64-bit Windows 8 machine. After running an installation, I started the program. At first, it asked about opening a c
-
My MacBook was working with 2 screens but, when the secondary screen was disconnected, the main screen put in black and I can't fix it
-
I can't eliminate my iphoto trash of 12,000 pictures what do I do?
I can't eliminate my iphoto trash of 12,000 pictures what do I do?
-
SOA WebLogic Admin & SOA server Error
Hi , I installed Oracle SOA 11g on Windows 7 64-bit environment successfully some times back. Due to soem problems I tried to re-install, its got successfulluy. But, when I run AdminServer, Soa_Server both throwing an errors like as below. Pls update