AD Users on other volumes?

Similar Messages

• Recreate nss trustees on other volume

  Hi all,
  I would like to move older files that my users had on the main nss volume on other volume.
  For this reason I have prepared a new nss volume with the same directory structure,
  and I would like that all directories on volume B (volume A is the main NSS volume)
  had the same trustees database. Is than easy like copy .trustee_database.xml
  and call ncpcon for resync trustees ?
  thank you so much!

  wow, I didnt know about DST!!!! I think that its just what I m looking for, because its totally transparent to the
  users and I didnt have any auxiliar scripts like my move-to-historic python script, searching for m-time old files.
  Im reading the documentation and I didnt find anything about this. DST is part of OES2, and it doesnt have
  any additional charge?
  thank you so much!
  Originally Posted by mrosen
  On 11.07.2013 17:06, antoniogutierrez wrote:
  >
  > Hi all,
  >
  > I would like to move older files that my users had on the main nss
  > volume on other volume.
  > For this reason I have prepared a new nss volume with the same
  > directory structure,
  > and I would like that all directories on volume B (volume A is the main
  > NSS volume)
  > had the same trustees database. Is than easy like copy
  > .trustee_database.xml
  > and call ncpcon for resync trustees ?
  Why not use DST?
  CU,
  Massimo Rosen
  Novell Knowledge Partner
  No emails please!
  Untitled Document

• Use a soft link to move /Users to another volume

  I'd like to move /Users to another volume, so that I can have the OS and applications on an SSD, without having to get an SSD of several terabytes.
  Users log in to a Mac Pro using Active Directory accounts. Consequently, they do not have accounts on the Mac, and I cannot use Mac user properties to move their home directories. Also, the set of users who can log in is limited only by the AD user base, which has tens of thousands of entries. Of course, I cannot change the AD schema. So it has to be a solution that happens automatically. If a new user logs, her home directory must be automatically created on a volume which is not the startup.
  I made a soft link from the startup volume to the new volume where I want the homes to go. This seems to work. After a restart, all the applications I tried had no problem following the soft link.
  Is there any danger here? Or is there some better solution? I tried, following a suggestion which apparently worked in older versions of the OS, to make an entry in /etc/fstab to mount the new disk as /Users. This did not work in Mavericks (my test machine). The new disk appeared in Disk Utility, but could not be mounted. Perhaps it would work on Mountain Lion, which is the machine where this change ultimately needs to be implemented.
  I will be obliged for any suggestions or warnings.

  Reading through the article you referenced, I noticed they talked about downsides to moving home directory.
  The issue about non-boot drives not being as protected as the boot drive.
  Specifically related to permissions. I'm not exactly sure what they mean. If you ignore permissions on the non-boot drive that means that others can browse any of those files?
  I'm assuming they mean you would have to change the permissions on the non-boot drive? But does that mean that only the original owner can change those permissions? Or can any user change permissions on a non-boot drive?
  How is this different from user files on the boot drive? Can't you change permissions on your home directory?
  I'm interested in moving my directory to the non-boot drive, so I'd like to understand the downsides. Especially anything related to user security.
  Thanks.

• Mail server automatically cc all email for user to other acct but group...

  Back on April 2007, David_X answered this question:
  How to have the mail server automatically cc all e-mail for user to other accounts, (gmail, hotmail, etc). Here is the old post that explains that:
  http://discussions.apple.com/thread.jspa?messageID=4357149&#4357149
  What I did not catch at the time was if you setup a Group, one of three ways, the cc step no longer works. There is a fourth way but it is not practical. Creating local groups on individual Macs.
  *Group method 1 per David_X:*
  Use edited group files on the server.
  The following sends to members of groups but does not show all recipients in the received message...
  In /etc/postfix/aliases, add...
  groupname: :include:/path/to/groupname.txt
  In a file called groupname.txt (using plaintext editor)...
  [email protected]
  [email protected]
  Reload aliases...
  sudo newaliases
  sudo postalias aliases
  sudo postfix reload
  Mail sent to [email protected] gets passed to amavisd once, before then being relayed out for each individual recipient.
  *Group method 2 per David_X:*
  Make a user, e.g., "accounts"
  In mail settings, select 'Forward' option and enter the group members' email addresses, comma separated e.g.,
  [email protected],[email protected]
  This gets a bit 'long' for lots of members.
  The email then gets sent to each of the people in this list.
  *Group method 3 that I just discovered:*
  Create a group in Workgroup Manager.
  Drag the users you want in it.
  Save.
  Test sending to that group.
  Best part, the group name shows up in Address Book if you have LDAP setup.
  So I have setup all three. If I send an email to any type of group, they work.
  The problem:
  If one of those members in the group also has a BCC setup to Gmail or any other outside email, they never get the e-mail copied out to the external account.
  Example:
  I send an email to [email protected]. He gets the email there and also a copy at his Gmail account.
  If I send an email to the Sales group that jsmith belongs to, he gets the email there but nothing at the Gmail account.
  It looks like the mail server processes the "aliases" file and skips the "Recipient_bcc" file that handles the forwards.
  Is there a way to have my cake and eat it too? David_X your thoughts also?
  Thanks everyone!

  Bump.
  Short version. Sales guy has a Gmail account he wants his e-mail copied to also.
  Send e-mail directly to his Xserve account, he gets it there and it gets sent on to his Gmail account.
  Send an e-mail to the sales Group that he is a member of, he gets it there but it never gets sent out to the Gmail account.
  Ideas?

• How to change sheduled jobs from one users to other user?

  Hi,
  I want to change shoulded jobs from one users to other user.
  Is there any way that we change job from one user to other user.
  apart procedure with sm37: single job selecting with copy option.
  Regards,
  Gianluca Vinco

  Hi,
  Please try the folloiwng for changing the User of a Scheduled job:
  1. Go to transaction SM37, select the 'Scheduled' Job by checking the check box and then use the menu path Job -
  > Change
  2. You may reach the Change Job xxx screen. Here, click on the Step button
  3. You may reach the Step List Overview screen
  4. Here select the step in the list and click on the Change icon to make the User change in the pop up Edit Step window
  I hope this helps you in your work.
  Best Regards
  Sitaraman

• New user account "other" and cant delete it

  hi everyone,
  i dont know what caused that but since yesterday i have that new user account "other".
  i tried to delete it with root-user but it isnt shown there, activate root-user and delete again after restart didnt work either.
  is some of the professionals here able to help me? i bad need an idea to fix that. Its on my macbook pro and also at my macpro, both with OS 10.6.8
  Only new software i installed was MindManger 9 Upgrade direct from MindJet.
  Thanks a lot ;-)

  Hi Atlan,
  in the forum of Livescribe it is stated as a known problem
  They are working on it.
  Also some suggestions from other user how to get rid of the account.
  I have not tried that as it seems you than delete also the Livescribe account and desktop.
  I just wait till an update from Livescribe comes out.
  To not show that other account you can change settings for login screen
  Just show field name and password.
  Now, I believe showing th eother account cannot do harm.
  It is not the root account. That's disabled as I have seen.
  The only question: Can Livescribe takeover your computer?
  And if so, hacking livescribe will possible mean that they can hack your system then?
  So, the only rigid solution is: delelete all Livescribe etc. , go to timemachie and set back your system.
  But only if I would know the other account can create problems I would take this major step.
  For now I wait and see
  So, lets see what Livescribe will do and at what speed!
  here the thread at Livescribe:
  https://www.livescribe.com/int/faq/support_forum.html#/forums/showthread.php?t=1 1253&page=2
  Regards,
  Ronald

• How do I hide my mailbox and mail contents from other users, leaving other functions of my iMac accessible?

  How do I hide my mailbox and mail contents from other users, leaving other functions of my iMac accessible?

  You don't have to shut down the computer to switch accounts. All you do is click the Apple symbol in the upper left and choose Log Out and that's it. You can also set up Faster User Switching by:
  1. Open System Preferences - Accounts
  2. Click Login Options
  3. Check the box called "Show fast user switching menu as" then choose from either icon, short name or name.
  Then when someone wants to switch users they can. The advantage of this method is if you are have a document open and don't want to close it the document will remain open. If the other user attempts to shut down the computer they can't until you have logged out thereby saving all your data.
  A very simple and elegant solution.

• Cannot see users on other nodes

  Calendar users cannot see the users on other nodes.What should I do?
  <P>
  You may not have configured your node-to-node connections. Use
  Connect Nodes or uninode -edit. Your fully qualified domain name for
  your network exceeds 16 characters. Shorten your domain name or setup
  a shorter alias.
  <P>
  Follow these instructions after you have shortened the domain name or
  created a shorter alias. These instructions are also available in the
  Release Notes. If the fully qualified domain name for your network
  exceeds 16 characters, it will be necessary to shorten the host name
  of all the servers in the Calendar Server.network . These instructions
  must be carefully followed to avoid causing problems with the network.
  Ensure that the procedure is applied to ALL nodes in the Calendar
  network.
  1) The following procedure should be carried out on each server in
  the Calendar network:
  a) Bring the Calendar services down.
  % unistop -y
  b) Run the unidbfix command in export mode.
  % unidbfix -export -n node-id
  This will create a remotenode.ini file for each node on the server.
  The file is located in the node's perm directory.
  Example:
  If you have two nodes on the server ROCK, node 1(in N1) and node
  (in N2), the files are:
  /users/unison/db/nodes/N1/perm/remotenode.ini
  /users/unison/db/nodes/N2/perm/remotenode.ini
  The remotenode.ini file will look something like this:
  [1]
  RN_NUMCONNECT = 2
  RN_SURNAME = "unison"
  RN_GIVENNAME = "unison"
  RN_ORGUNIT1 = "uni2"
  RN_ORGUNIT2 = "openmail"
  RN_ORGANIZATION = "ABC Corp"
  RN_ACCESSMETHOD = 2
  RN_SERVICENAME = "unieng"
  RN_HOSTNAME = "rock"
  [2]
  RN_NUMCONNECT = 2
  RN_SURNAME = "unison"
  RN_GIVENNAME = "unison"
  RN_ORGUNIT1 = "uni4"
  RN_ORGUNIT2 = "openmail"
  RN_ORGANIZATION = "ABC Corp"
  RN_ACCESSMETHOD = 2
  RN_SERVICENAME = "unieng"
  RN_HOSTNAME = "rock"
  2) Once you have run unidbfix in export mode on all the servers,
  proceed as follows:
  a) Compare the remotenode.ini files and verify that the
       entries are the same. In each file, you will note that
       an entry for the local node is not included.
  b) Edit one of the files (on any of the servers). This file
       will be referred to as the master file. Add the appropriate
       entries for the local node (copy the section from one of
       the other files). Modify the RN_HOSTNAME in each of
       the sections of the master file to shorten the name.
  c) Copy the master file in the perm directories of each node
       on all the servers.
  3) Once the master file is in the perm directory of all the nodes,
  proceed as follows on each server:
  a) Run the unidbfix command in the -import mode.
  % unidbfix -import -n node-id
  b) Edit the nodes.ini file on the hub server and make the
       same changes to the host names. You do not need to apply
       the changes.
  c) Edit the [UTL] section of the /users/unison/misc/unison.ini
       file and change the host name.
  d) Start up the services.
  % unistart

  If images are missing then check that you aren't blocking images from some domains.
  *Check the permissions for the domain in the current tab in "Tools > Page Info > Permissions"
  *Check the permissions for all sites on the about:permissions page, via the location bar
  *Check that images are enabled: Tools > Options > Content: [X] Load images automatically
  *Check the exceptions in "Tools > Options > Content: Load Images > Exceptions"
  *Check the "Tools > Page Info > Media" tab for blocked images (scroll through all the images with the cursor Down key).
  If an image in the list is grayed and there is a check-mark in the box "<i>Block Images from...</i>" then remove that mark to unblock the images from that domain.
  Make sure that you do not block third-party images permissions.default.images
  *http://kb.mozillazine.org/Images_or_animations_do_not_load
  There are also extensions (Tools > Add-ons > Extensions) and security software (firewall, anti-virus) that can block images.

• Create users for other clients from client 000

  Hello!
  I have the following question:
  What is the Tcode allows me to see all created users (perhaps wuth their password) in all clients from e.g. client 000?
  Is it possible to create new users for other clients from client 000?
  Thank you very much!
  regards
  Thom

  <b>SU10 User Mass Maintenance</b>
  SCUA Central User Administration
  SCUM Central User Administration
  SCUG Copy users
  SU01/SUCOMP User Maintenance/User company address maintenance
  SU01D User Display
  SCUL Central User Management Log

• LDAP authentication in AD (users from other trusted domain)

  Hi
  I have two domain: my - DOMAINA.LOCAL and other trusted - DOMAINB.LOCAL
  I use LDAP authentication in AD for authentication users (AnyConnect).
  Now, I need to authenticate few users from other trusted domain (DOMAINB.LOCAL).
  I do not want direct connect with the domain contoller in the trusted domain.
  My domain controller (DOMAINA.LOCAL), can authenticate users from other trusted domain (if I use username "DOMAINB\userindomainb"), if I try to connect by RDP client to some server (for example, to my domain controller).
  But if I try to test aaa-server authentication from ASA
  I get error.
  I think, I must use username like "DOMAINB\userindomainb" but this not work.
  Help me please.
  Thanks!
  My config:
  aaa-server ADA protocol ldap
  aaa-server ADA (inside) host 10.0.0.1
   ldap-base-dn dc=domaina, dc=local
   ldap-scope subtree
   ldap-naming-attribute sAMAccountName
   ldap-login-password *****
   ldap-login-dn cn=Cisco ASA, ou=ServiceAccounts, ou=Services, dc=domaina, dc=local
   server-type microsoft

  Hello!
  I see in console (debug LDAP):
  Request for [email protected] returned code (10) Referral
  Does ASA support authentication via LDAP referrals?
  I read old thread:
  https://supportforums.cisco.com/discussion/11132591/cisco-asa-and-ldap-authentification
  And see: CSCsj32153  Symptom:the ASA/PIX doesn't currently support LDAP Referall searches. 
  But I use:
  Cisco Adaptive Security Appliance Software Version 9.2(3)
  Device Manager Version 7.3(3)
  Compiled on Mon 15-Dec-14 05:10 PST by builders
  System image file is "disk0:/asa923-smp-k8.bin"
  Thanks!

• Copy some workbooks from one user to other

  Hi!
  How can I copy (not share) some workbooks from one user to other?
  The reason to do this is because we are renaming users to other naming pattern.
  Thanks!

  You would first need to share the workbooks you want to transfer ownership of to either the new user name, or a responsibility that the new user has (I am assuming this is an Oracle Applications EUL). The user signs on to Discoverer Plus with their new name. They open up the workbook(s) and then do a SAVE AS. That will save the workbook with them as the new owner. You would then need to sign on with the old owner's name and delete those old workbooks (after first backing them up) once you are sure everything is working okay. Yes, this is a yucky process. What we do is we use a "dummy" user name when we create/modify workbooks. That way the dummy user name is the owner of the workbooks. So it does not matter if a person leaves or if you change user naming conventions. If you have a lot of users creating workbooks, then a dummy user name may not work well. You could always submit an enhancement request to Oracle for a copy function. I expect you would get a lot of customers supporting such a request.
  John Dickey

• Users as other task owners are receiving 5 emails notification for the same task

  users as other task owners  are receiving 5 emails notification for the same task in Sharepoint 2010. I have tried to add a 5 minutes delay on the other task owners workflow with no luck.any suggestions? Thanks

  The Book confuses me. I still think assignment delay and leveling resources are the same. Here is the explanation from the book for the three concepts.
  " Project offers two types of delays:
  Leveling delay. This type of delay applies to tasks; it pushes out the start date for the task and all its resource assignments. It’s meant specifically for remov-ing resource overallocations. With the Leveling Delay field, you can remove
  all leveling delays by choosing Resource➝Level➝Clear Leveling.
  Assignment delay. This type of delay applies to a single assignment within a task. Suppose you have a security consultant coming in to help lock down your site. However, your employees have prep work to do before the consultant can get started.
  You can assign everyone to the same “Try hacking into office” task but delay the consultant’s assignment by 5 days. "
  After a couple of pages;
  " Leveling Resources
  In Project 2010, you can level the entire project, tasks you select, or a single resource. By leveling several tasks that are all vying for the resource, or alternatively, leveling only the most in-demand resources, you can focus on the problematic
  portions of your project. Project automatically chooses popular settings in the Resource Level-ing dialog box. In most situations, you might as well run Resource Leveling with these settings. You can undo the leveling if you don’t like the results, but you
  can get some clues from the initial results to help you determine the settings you need. Here’s how to level different parts of your project using the leveling settings cur-rently in place:
  Level a resource. Select the resource you want to level, and then choose Resource➝Level➝Level Resource"

• Org Tech Admin can add user from other org?

  We are currently on a trial run with CIAC, and I am testing User Management with a Organization Tech Admin account (OTA).
  To my suprise, when adding user and select "existing user", I can see every account currently on Cloud Portal, and even successfully add user from other organization to my orgnization.
  Is there anyway so that OTA can see only the users in their own organization?

  I've been able to remove the admin role from a site administrator with an OTA.
  I know there are issues when you log with an user then logout and relog with another user, CIAC considers that you are still the previous user (I've encountered the issue several times in portlets in the nsapi requests). I don't know if/how those issues are related, but I'd say that logout/login issue were an user has the same rights than the previous users should be fixed.
  Changing OTA rights will not change that particular issue.
  For the moment, what we've done is create our own servlet for requests to the sql DB, and our own roles for most services.
  Let's see what v4 has in store for us.

• Migrating users from other partitions

  I'm dealing with "Epic Stupid" in how Apple handles something in 10.4.
  My hard drive developed a few bad blocks. It's becoming unusable because apparently those bad blocks are directly under certain key files, because it's hard to do much without getting "stun locked" by the gorram beach ball.
  Anyway, my disk has a second partition on it which was unused. I went ahead and formatted that partition, wrote the partition with zeros (which I hope had the effect of flagging all bad blocks), and installed OS X 10.4.10 from the DVD's.
  Naturally the system comes up and treats me like I'm a completely new user of MacOS. It allows me to import users from other partitions -- but here's the problem. It wants to migrate the users, which would be great for preserving disk permissions - but then it wants to COPY ALL THEIR DATA. That's ridiculous. Their data is already on the other partition. I want to copy the identities but not all their data.
  How am I supposed to do that? Import the user identities and tie it back to the UID that's on the other partition so <user X> can access <user X>'s data?
  By the way, other than that, putting the boot OS on the new partition is working great. No beach balls unless I touch the other partition.

  Yeah I know Virtually all of my data is copied off already. I say "virtually" because the backup was piecemeal, and I'm
  a) not 100% sure I got everything and
  b) not looking forward to hand-reassembling my entire environment from scratch. I.E. I don't relish reloading all my songs into iTunes and resetting play counts to zero, having it forget which podcasts I've listened to, etc. etc.
  I would prefer if possible to get one "coherent" backup and it appears the problem partition is no longer reliably bootable.

• How do I allow access to non admin network users to disk volume?

  I would like to allow access to a specific volume (disk) on one of our networked macs (Mac1) to all users. I've set user accounts on Mac 1 for all network users. These users are "regular" users, not admin. They can access this disk (and all others on Mac1) if I log in as Admin set Users to Admin. If I do this, then users have access to ALL data on all disks. If I do not, leaving them as "regular" users, when they log in they only see public folders. How can I allow access to the one disk volume without making network users admin? I tried changing various settings for the volume in Finder Info (everone else=read/write; ignore permissions) with no luck.
  Thanks
  iMac, ibooks, G5, Tibook   Mac OS X (10.4.4)  

  Your observations are correct - by default, an "admin" user connecting over AFP can choose from available "volumes" (default) or "shares", whereas a non-admin user can only mount "shares".
  By default, the only "shares" on an OS X client machine are the users' "Public" folders, and unlike pre-OS X Macs, it isn't easy to configure your own share points. Apple's official statement is that users wanting this functionality should buy OS X Server.
  However, it is possible to create an arbitrary share point using 3rd party software called "SharePoints" (donationware). I have never used it, but it seems to be well regarded. Alternatively, you can do it manually following the instructions in this hint & comments (especially apw8's):
  http://www.macosxhints.com/article.php?story=20011108161839416
  Once the external drive (or folder on the external drive) is configured as a share point, it should be possible for non-admin users to select and mount it once they connect over AFP.