Authenticate windows users accessing os x client using open directory?

Similar Messages

• Windows users - "Access Account" gets disabled by server every night?!?

  I have an OS X Server 10.4.7 on a new Mac Pro in our office. All of my windows users connect to a basic Windows fileshare using the server's IP, then I map the network drives, so they should auto connect. I connect the users, verify the connection, log out, log back in, the drives re-connect like normal. However, TWICE now, I verify that thye all work, then the next morning (or over the weekend), it's like the OS X Server disabled everyone's accounts, except mine (i'm an adminstrator account). Nobody can get to their shares, and all the "Access Account" checkboxes on all my users are unchecked.
  I have Open Directory set as an OD Master, with default policies.
  Under Windows I have it set as a PDC (I'll migrate my old domain accounts once I have the server working, unless this is my whole problem)
  I disabled the file share of "users", but I can't see why that would be my problem. It works until overnight, seemingly.
  Ideas?

  System.log has thousands of these:
  Sep 18 07:47:32 Genesis1 kernel [0]: (11997: ps) ftp: failed on 0:
  asl.log has a bunch of these:
  [Time 2006.09.18 17.29.48 UTC] [Facility daemon] [Sender DirectoryService] [PID 63] [Message Failed Authentication return is being delayed due to over five recent auth failures for username: anish.] [Level 1] [ UID -2] [GID -2] [Host Genesis1]
  The only thing I've set up on any machine is network drive connections, and I manually entered names and passwords. Not sure if XP is doing anything else on its own.
  - Bill

• Authenticate windows users via ACS

  Hi,
  Expert insight required for Cisco ACS, Is it possible to authentication windows user via ACS & apply ACL policies over network devices.
  I would appreciate valued inputs.
  Regards,

  Yes, it's possible to authenticate windows users via ACS and push DACL via radius.
  Seems you are looking for DACL. Here is a document that can help you to understand the same
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a9eddc.shtml#user
  Let me know if you need any further help.
  Jatin Katyal
  - Do rate helpful posts -

• Problem in accessing application server file using open dataset

  Hi All,
  I am trying to access application server file using open dataset command, its working fine for normal path which imention. But when i am giving path of XI server file, its not working. How to access XI server file using open dataset. Please let me know.
  Thanks in advance.
  Regards,
  Vishal

  Hi Vishal,
  You need to verify if the location where you are trying to save the file is in the same server of SAP. In case that the location is in other server you need to map that directy into the same server of SAP.
  You need to point always to a location in the same server of SAP, in order that the open dataset could work.
  Regards,
  Eric

• Use Open Directory on Mac OS X Server for Airport authentication?

  Is it possible to set up an Airport Extreme network so that only people with user names and passwords in the Open Directory on my Mac OS X Server can access it?
  I'm picturing a scenario where users would be prompted for the same user name and password they use for other network services when they attempt to join the wireless network.
  Our Airport Extreme access point is connected to the second Ethernet port on an original-model XServe that's running Mac OS X Server 10.3.9 (soon to be upgraded to 10.4.x).

  Is it possible to set up an Airport Extreme network
  so that only people with user names and passwords in
  the Open Directory on my Mac OS X Server can access
  it?
  I'm picturing a scenario where users would be
  prompted for the same user name and password they use
  for other network services when they attempt to join
  the wireless network.
  Our Airport Extreme access point is connected to the
  second Ethernet port on an original-model XServe
  that's running Mac OS X Server 10.3.9 (soon to be
  upgraded to 10.4.x).
  What you seem to be describing, is WPA2/Enterprise level security. This would require you to run some type of Radius Server on your XServe, and you would simply duplicate the name & password they use on the XServe on the Radius Server. BTW, this is considered one of the most secure methods of running a wireless network in the corporate world.
  You will however, have to research Radius & it's requirements, as I have not yet implemented that on my own system. HTH.
  Regards,
  Albert
  G4 QuickSilver01 OWC 1.47Ghz CPU 1.5GB RAM 740GB HDD   Mac OS X (10.4.3)   17" Aluminum PowerBook G4 1.33Ghz CPU 1.5GB RAM 80GB HD

• Move user files and preferences to new open directory log in

  I have a machine that I have been using for a few months. I log in to the machine as an admin user. We just put in a new MAC OS X server and are going to be using Open Directory and probably Mobility on the users.
  Is it possible to move or duplicate current state (preferences, passwords, bookmarks, email, etc.) of my computer to a new Open Directory log in on the same computer. If i can what is going to be the easiest way.
  Both the sever and my machine are 10.5.6.

  If you're logged into the old drive, select GO from the FInder menu while holding the option key down. Select Library from the submenu. This is your Home Library.
  The Mail folder will contain all accounts, mailboxes, and account preferences.
  The Mail application preferences will be stored in the Preference folder.
  For "what files you need" , that depends on what you're trying to accomplish. What are you trying to do?

• How do you bind Vista / XP clients to Open Directory?

  I have an OSX Server OD Master set up in 10.5.6.
  My OSX Clients can bind to it just fine using Directory Utility.
  How do you bind Vista / XP clients to Open Directory masters?
  Thanks

  @ jakelh:
  Make sure Kerberos is working on your server. Without it, PC logins will probably fail at least for Vista clients. Otherwise you'd have to downgrade a client-side setting on the Vista clients,
  http://www.builderau.com.au/blogs/codemonkeybusiness/viewblogpost.htm?p=33927074 6
  DNS is critical here, but Vista can have a problem with things that are correctly configured.
  IE: Vista defaults to a TCP/IP setting that can make it incompatible with existing network hardware
  http://www.tech-recipes.com/rx/1744/vistatcp_cannot_communicate_primary_dnsserve

• Using Open Directory as a Shared Address Book?

  Is there an elegant way to use Open Directory as a means of creating 'contacts' and their standard information without creating user account on OS X Server?

  Have a look here:
  http://www.addressbookserver.com/j2anywhere/index.jsp

• 10.7.5 client shows open directory server not responding

  Hello,
  I am just starting to learn to use OS X Server.  I have created an Open Directory Master and want to connect my various Mac's around the home to.  My iMac is currently running 10.7.5 client and have tried to add the server as a Network Account Server  - re: below, but it shows it is not responding.
  As I am a real novice, have I missed something and how do I get this to work?
  Thanks,
  Nick

  You are likely having issues because you are not using DNS correctly.  The name "CowShed.local" is a bonjour name.  In order to properly use Open Directory you need DNS set up internally.  The reason is that the Kerberos component of Open Directory is very dependent on DNS.
  Generally, I would discourage the use of bogus top level domain.  However, since you say this is for home use, you can likely get away with the use of one (mac.leedern.int, mac.leederm.private, etc).  However, if you do, then you will not be able to use hosted services (mail, calendar, contacts, etc) transparently between the home and external networks (names will not route).
  If you own a domain name, you can use it internally and setup your DNS on the server.  Then distribute the servers's LAN IP address to all clients as the first DNS server.  This way, all your client devices can resolve the server's host name while on the LAN.
  Your journey starts at DNS.
  R-
  Apple Consultants Network
  Apple Professional Services
  Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

• Windows Users Accessing Public Folder

  I would like to know the way to allow Windows users to access only the Public folder on my mac.
  When I try to access folders from Windows I go to My Network Places and click on the icon representing my Mac then I'm prompted for a password; as I have only my account on the Mac I have to put my user ID and password, thus allowing access to all my folders - not only Public.
  I know that Mac users can access Public, but how to allow the Windows camp to do that?
  17' PowerBook G4 Mac OS X (10.4.4)

  SharePoints is a great tool to allow access to peripheral drives, volumes, and the like. But you shouldn't have to use it to access the Public folder via a PC as you can a Mac. That is a very big question on the boards that has yet to be answered.
  Apple says it happens. If so, what's the secret to accessing the Public folder via a PC.
  Any information will be greatly appreciated.

• ACS 4.2 failure to authenticate windows users

  Hi all , we have a bit of a problem which we cannot seem to resolve.
  The ACS can authenticate people using local database , it can also authenticate a single user (using windows database) if you are fast after the service is restarted , however after a few secounds, it fails to authenticate any users , the error we are seeing on the logs appear as authentication failure type : internal error. Also on the log files, the authentication request from the user does not appear in the correct group, it is thrown into the default group.
  Any ideas on where we should look to the problem?

  Hi,
  Its running on windows 2003 server, is running as the system account.
  Auth.log details below on a failed authentication
  AUTH 04/09/2009 17:02:13 A 5789 3000 0x69 Worker 0 waiting for work
  AUTH 04/09/2009 17:02:13 A 5789 1400 0x6 Worker 3 waiting for work
  AUTH 04/09/2009 17:02:13 A 5789 0368 0x4 Worker 1 waiting for work
  AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 0
  AUTH 04/09/2009 17:02:23 A 5821 3000 0x69 Worker 0 established conn 166 with 127.0.0.1:1879
  AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 1
  AUTH 04/09/2009 17:02:23 A 5821 0368 0x4 Worker 1 established conn 167 with 127.0.0.1:1881
  AUTH 04/09/2009 17:02:23 E 6028 3888 0x0 AllocateThread returned 3
  AUTH 04/09/2009 17:02:23 A 5821 1400 0x6 Worker 3 established conn 168 with 127.0.0.1:1883
  AUTH 04/09/2009 17:02:24 A 5853 0236 0x51 Worker 4 error/timeout, forcing API disconnect of connection 165.
  AUTH 04/09/2009 17:02:24 A 5887 0236 0x51 Worker 4 closing conn 165 endpoint. Handled 2 messages.
  AUTH 04/09/2009 17:02:24 A 5789 0236 0x51 Worker 4 waiting for work
  AUTH 04/09/2009 17:02:30 E 2100 4080 0x6d External DB [NTAuthenDLL.dll]: Windows authentication FAILED (error 1783L)

• CF Admin login fails (invalid pw) for Windows User other than the one used to install CF 10

  I installed CF 10 on a server running Windows Server 2008 R2 Standard having logged into the server as a Windows user in the administrator group.  I set up CF 10 Administrator to use a single password (the default).  I can log into CF Admin when authenticating to the server with the same Windows credentials used when installing CF 10 but if I log into the server as another Windows user in the administrator group I cannot log into CF Admin; I get an Invalid Password error.  I thought the whole point of the single password was so that anyone who can log into the server could log into CF Admin.  It works like that for my CF 8 and CF 9 machines.

  It is a new design, based on security issues that arose in previous ColdFusion versions. See, for example, Charlie Arehart's blog for more details.

• Let users access personal folder when using webdav on iPad

  Hi,
  I am setting up Lion server so users on an Active Directory network can access webdav folders from iPads.
  I have got this working fine when accessing a shared multi user folder.
  I want users to also be able to access their own personal folders, with no one else being able to access the folder.
  I can share the Users folder but this will give each user access to other users folders how can I fix this?
  Thanks

  I am still waiting for an answer.    If you don't know the answer, but know who to ask or where to look to find an answer, I'd really appreciate it.

• Use Open Directory for intranet web acces

  Is it possible to tap in to Open Directory user information from other services than those build into the server? And that way use the Open Directory authentication for our own home-made service?
  We plan to setup an intranet on our OS X 10.6 server. We're still not sure whether to use one of the popular Open Source cms/portal platforms such as Drupal or maybe even WordPress.
  1. I would like to use the users accounts in our Open Directory to authenticate to the intranet. Is that possible in any way?
  2. Or does anyone know of a way to modify e.g. the build in blog function and integrate that with another system such as Drupal or WordPress?
  I'm guessing there are blocks of code in the blog that handle user authentication. And if I keep them where they are on the server and include them in other Drupal files, it may be possible? Is the build in blog build on an open source system like some of the other services on Mac OS X server? A system I can read about anywhere?
  +Note: The build in blog or wiki service does not match our needs for an intranet. We need to customize it a lot to make i suit our needs.+
  3. Plan B could be to export our 100 users and passwords from Open Directory and import them in the intranet system. But as far as I know it's impossible to export the passwords. Right?
  +New users would then have to be added to both Open Directory and the separate intranet system in the future. That would be okay for working but not perfect Plan B.+

  ryanowich wrote:
  Is it possible to tap in to Open Directory user information from other services than those build into the server?
  Yes.
  And that way use the Open Directory authentication for our own home-made service?
  Sure. I have HP OpenVMS systems that are authenticating to Mac OS X Server boxes. LDAP has a callable interface for applications written in most any active programming language, and many packages already have LDAP support.
  We plan to setup an intranet on our OS X 10.6 server. We're still not sure whether to use one of the popular Open Source cms/portal platforms such as Drupal or maybe even WordPress.
  You need to narrow your requirements and your ideas somewhat, and work toward a list of features.
  I have some discussions posted of what I went through when I ended up picking Drupal.
  1. I would like to use the users accounts in our Open Directory to authenticate to the intranet. Is that possible in any way?
  Network servers (Apache, DHCP, etc) can authenticate to LDAP, but (once granted access via DHCP and RADIUS, or analogous) clients don't usually further authenticate.
  Within Drupal, the [Drupal|http://drupal.org] module [ldapauth|http://drupal.org/node/118092] would be worth a test. That's an available connection into LDAP. (Haven't prototyped that module, though.)
  2. Or does anyone know of a way to modify e.g. the build in blog function and integrate that with another system such as Drupal or WordPress?
  You're apparently not familiar with Drupal. You might want to learn more about it, and particularly its extensibility. Drupal can be connected to some refrigerators, if you were inclined to do so.
  I'm guessing there are blocks of code in the blog that handle user authentication. And if I keep them where they are on the server and include them in other Drupal files, it may be possible? Is the build in blog build on an open source system like some of the other services on Mac OS X server? A system I can read about anywhere?
  Including random blocks of code isn't a strategy for success. Understanding the basics of how the pieces fit together tends to be a better strategy. For Drupal, there's always the [Drupal documentation|http://drupal.org/documentation], or the available books on the CMS. Or you can call in somebody that's done this stuff.
  +Note: The build in blog or wiki service does not match our needs for an intranet. We need to customize it a lot to make i suit our needs.+
  The built-in services are limited, yes. I've been running Drupal on Mac OS X Server for years now.
  3. Plan B could be to export our 100 users and passwords from Open Directory and import them in the intranet system. But as far as I know it's impossible to export the passwords. Right?
  I would sincerely hope you don't get the passwords out of your authentication system. That would be bad. Cleartext passwords are bad news. You don't want that ability.
  +New users would then have to be added to both Open Directory and the separate intranet system in the future. That would be okay for working but not perfect Plan B.+
  That would be a hassle.
  And I've tested with Wordpress on Mac OS X Server, but haven't deployed it in production. I'll leave discussions of its features and capabilities to others. That written, you might try the [Wordpress web site|http://Wordpress.org], as I'd expect there would be discussions of LDAP there.
  I'd suggest determining your requirements, otherwise you're going to flail around given the numbers of options an alternatives here. If you have your requirements, then you have a framework to pick your tools. [Here is what I looked at when I picked Drupal|http://labs.hoffmanlabs.com/node/100].

• Blue screen after logout when using Open Directory-bound computers

  I'm having a weird problem with the Open Directory-bound computers that I'm managing. I recently deployed it to a lab of 30 computers (after doing initial testing with 1 computer), and I'm having one problem in particular:
  Sometimes, when a user logs out of one of these OD-bound computers, the login window fails to appear. The user is logged out, the desktop for that user disappears (being replaced with the standard blue desktop), but the login window doesn't appear.
  What's strange is that Remote Desktop says these computers are at the login window, and I can manipulate them via Remote Desktop as if nothing is wrong (I can restart, shut down, etc.). But I can't do anything at the computer locally with the keyboard or mouse -- if I try to bring up the shutdown dialog with Control-Power (which works sometimes in these situations), it doesn't work.
  This doesn't happen all the time or with the same computers. But it happens often enough that it's a bit of an annoyance -- I usually just restart them from Remote Desktop to get the login window to appear. (The other problem is that sometimes I'm not around to fix it, and so if people come in when I'm not around, they have to force shutdown the computer using the power button and then start it back up to get to the login window.)
  I've also noticed that some of the computers have been taking a lot longer to login, which seems to suggest that the computers are trying to access the server or something, but the server is always up and is usually very reliable (with a few exceptions here and there).
  Any ideas?
  G4 eMacs   Mac OS X (10.4.8)  

  We are having the same problem with our lab of about 30 eMacs. All are computers bound to and managed by the server. Have you found any solutions yet.
  Anybody?