Authentication from Win-Domain for all OU s.

Similar Messages

• 802.1x using authentication from NT Domain Controller instead of Radius

  I would like to know if it's possible to configure 802.1x using authentication from NT Domain Controller, instead of using Radius or Tacacs.

  It is possible to use MS AD, generic LDAP, Novell NDS for authentication, it's fairly common.
  The issue is "How do get the device to talk to the authentication source ... (AD, DC, NDS, LDAP)?"
  The answer is RADIUS.
  You can configure RADIUS to pull authentication from a variety of source (depending on the RADIUS - many/most can use any of the LDAP-based systems).
  So, yes, certainly you can use the Microsoft AD, but you need RADIUS to connect the two systems (the 802.1x device and the AD server).
  If cost is the issue, try freeRADIUS (www.freeradius.org) - it's fully featured (can use LDAP, AD, NDS, Certificates, etc), it's free, and configuration is much easier than it looks ....
  Good Luck
  Scott

• Remove Collapse/expand icons from the tray for all user except administrato

  Hi,
  My requirement is to remove the expand/collapse icons from the overview page for all the user but administrator can have those available.
  I have set the show tray property to NO , this has made the complete tray invisible for all including the administartor as well.
  I want the only icons to be inviisble and not for administrator.
  Please provide your valuable inputs.
  Thanks
  Pooja

  Hi
  The best practice in Portal is to create 2 different design, one for users, one for administrators. I mean design : Desktop, Framework Page, Theme ...and so on.
  This allows you to manage two ways of displaying or not informations, for sure user view should be different of administrator view.
  And you also in your case you should have tow different "overview" iViews, one for users one for administrators.
  The "show tray" property should be yes (otherwise you won't see anyting ), but the property "Show Expand/Collapse icon in tray" to NO.
  I hope it will help
  Best regards
  johann

• Create material from reference material for all org.levels

  Hi,
  i want to create a material from a reference material with all MARA, MAKT, MARC, MBEW, MARD, MARM, MVKE, MLAN, MLGN and MLGT content for all organizational levels of the reference material.
  For instance, my reference material has 200 MARC entries. All these entries should also be created for the new material.
  Transaction MM01 will copy from reference but only for 1 organizational level. To create 200 plants manually with MM01 is not an option.
  I have to develop a copy from reference transaction, where i select the new material number, the reference material number and the required tables (MARA, MAKT, etc)
  I can read the current tablevalues and insert new entries into the required SAP standard tables, but that is not nice.
  Is there another option to do the job ?
  I know there are bapi's, but these are related to one org.level. For 200 plants, i have to execute 200 bapi to get the data from the reference material and another 200 bapi's to create the new material.
  with kind regards,
  Hans

  Hi Goutam,
  You can use the BAPI BAPI_MATERIAL_SAVEDATA, which will create/update the material. You can pass the reference material in the filed BAPI_MARA-PL_REF_MAT. And you can pass reference material for all view like this.

• Block all websites apart from the homepage for all users. Citrix environment with Server 2003.

  Citrix Xenapp 5 and Windows server 2003 environment. We want to force Firefox to kiosk mode with a pre-set homepage for all users. I also want to lock this to only one website. I have managed to set up the kiosk mode with R-Kiosk addon and Mozilla.cfg file. I am trying to use BlockSites to block all internet sites and only allow the one site with the whitelist option. I can get the addon to install for all users, but can’t get the default settings across. I have tried to add this with the Mozilla.cfg file, but it looks like this addon is getting it’s settings from the profile folder. If I set the preferences for the addon in Mozilla,cfg file, it actually picks it up but it doesn’t apply it to the addon for some reason. Does anyone have any other ideas on how I can lock this down to the one site?

  I am not entirely sure how to do this, but the enterprise community would be a good place to ask. They have a email group you can ask on this page: [https://www.mozilla.org/en-US/firefox/organizations/faq/]

• How can I set up SSL login authentication on one domain for multiple domains

  Our site currently runs in 22 countries with 22 different
  country domains:
  www.mysite.com
  www.mysite.co.uk
  www.mysite.fr
  etc
  We want to use SSL on our login pages but realise that the
  cost of certification for every domain is expensive. One solution
  would be to channel all login activity to a single domain, eg:
  www.mysite.com/login.cfm?site=fr which would then redirect to
  www.mysite.fr – this is how Google do it
  But, currently we are using encrypted cookies for login
  authentication so we would have the problem of having to transfer
  the cookie info across domains securely. Is there any way of going
  about this?
  Any other suggestions would be great, too. We do plan to move
  to session management for logins but this is a longer term project
  so we are hoping to sort out the SSL prior to that.

  Can you not pass the values you need as URL parameters?
  Encrypt them befor you send them and then decrypt them on the new
  domain. Then add them to whatever place you need (cookie, session,
  etc.)?

• How do I keep my wife's IPhone from alerting her for all of MY appointments?

  Both IPhones and my MacBook Pro are sync'd to the same ICloud/ITunes account.
  My plan:  Use 3 separate calendars to organize our appointments - one for her, one for me, and one joint calendar.
  I keep trying to unselect my calendar on her phone to keep my appontments from alerting her.
  I guess the ICloud keep reselecting that calendar on her phone.  We both receive all alerts.
  Is there a way to have ICloud only sync certain calendars with certain IPhones?  Or is it an all-or-nothing deal?  That would be so dissapointing.

  An icloud account is really designed for one user.  Unless you want all your devices to be identical (same emails, contacts, calendars, photos in the stream, etc.) your wife should have her own account so she can keep emails, etc. as hers, not yours also.
  With calendars, you can make some "sharable" so two user can share events, the other calendars are personal, for each user.  Log into icloud.com, go to the calendar page, click small icon next to a listed calandar (click the Calendar button first if there is one) and select sharable.
  As for itunes account - you can both share the same account for sharing music, apps etc. without having to re-buy them.

• Authenticating to Windows Domain for Printing

  From my PowerBook, I'm trying to print to a printer in a Windows domain. I know how to connect and stuff, that is not the issue.
  The issue is, when I first connected, it prompted me for my domain, domain ID & password. I entered the info and put a check mark in save password to keychain. But my fingers were too fast for my brain. I realized that I had made a typo but had pressed Enter already. And so, I can't print to that printer because it always denies my login.
  I can't find where to edit my login info. I looked in the Keychain Access app but could not find the entry in there. Do you know how I can get the login box back to fix my login info?
  Ron

  I'm not sure what exactly fixed the problem.
  Last night, I disconnected the printer from my pc and connected it to an external print server box that I borrowed. I was able to connect and print from my PowerBook.
  I then reconnected the printer back to the pc (LPT1) and re-shared it. This time, in reconnecting the PowerBook to the printer, the login dialogue box reappeared and so my problem is fixed.
  I would guess that the deletion of the initial share and re-sharing the printer forced the login box to come back. However, I'm not 100% percent sure.
  Ron

• Block payroll data from cost center for all users except HR team

  Hello Expect,
  Could any body please advise me  how can I restrict some HR data  in cost center view from FICO,CRM,SRM and other team,
  Now when other team see cost centers it display all data booked there but my client want to restrict some HR data from them
  In my project there are 151 roles that can display cost center dat including HR data,
  Now my requirment is how can I restrict only HR data belongs to a cost center
  I mean to say they should be able to see all cost center data exept a cost center containing HR data.
  Please advise how to get solution
  Thanks and Regards

  Hi,
  in  T.code PFCG do to the role of the appropriate usr to whom u want restrict cost center.
  Hope this helps.
  Reagrds
  S.Ravi

• Prevent Container.setCursor from influencing cursor for all components

  Hi
  As you might know, "setting the cursor of a Container causes that cursor to be displayed within all of the container's subcomponents, except for those that have a non-null cursor" (Component.setCursor javadoc)
  Anyone has an idea how to prevent this?
  except going thru the component hierarchy and setting the comps' cursor to default ...
  Thanks
  Eyal

  Anyone has an idea how to prevent this?
  except going thru the component hierarchy and setting
  the comps' cursor to default ...I had a similar problem... Unfortunately, there is no other way,
  Miso

• Using multiple email accounts, smtp from provider, sender's address is the same for all email accounts

  Ok
  I'm sure this is an issue for many of us, but I cant find a solution for this on the net.
  So I had set up multiple email accounts. My main account is gmail, but I'm using several others. The smtp server had to be the same which was from my ISP for all email accounts (apart from gmail which has it's own).
  Now, when I send email from these accounts, the sender's address will always be ***@virginmedia.co.uk. Obviously, since thats what the smtp is for.
  But what if I want to send emails from these accounts and want to be the sender accordingly? like ***@yahoo.com or ***@freemail.com etc...
  Is there a way to get around these? If they dont have their own smtp servers? Or they can only be used to send emails through their web-based email page?
  Hope it makes sense, sorry for my crap english.
  Thanks
  Daniel

  Can you tell us which is the mail account ( hotmail, gmail or any personal)
  If I help you with any inquire, thank you for click kudos in my post.
  If your issue has been solved, please mark the post was solved.

• Clients authenticating to wrong Domain Controllers

  In our domain we have 28 sites and each site have its own Domain Controllers and we have one data center where we have 3 DCs.
  Domain Controllers run DNS role as well and DNS replication is active directory integrated.
  For all clients local DC is configured  as primary DNS and DataCenter DCs configured as secondary DNS.
  Problem is, most of the times, client machines are not gettings authentication from local domain controller, most of the times authentication happnes from other location domain controller or data center DCs.
  I have done the below troubleshooting steps;
  DNS - verified in the DHCP and ensured that local domain controller (DNS) server configured as promary DNS server and data center DCs as secondary
  SRV Records- verified and looks fine
  Subnets - Verifed and found its configured according to the sites in AD
  I can confirm the information in SRV records and AD subnet information is accurate.
  Please help me resolving the issue
  Mahesh

  Problem is, most of the times, client machines are not gettings authentication from local domain controller, most of the times authentication happnes from other location domain controller or data center DCs.
  This is usually caused due to one of the following:
  AD Sites and subnets are not configured properly: DCs not moved to the correct sites, missing subnets, subnets linked to wrong sites .... Here, netlogon.log on each DC will help you to have more information about this: http://support.microsoft.com/kb/109626
  Security filtering: If traffic to local DCs is filtered, client computers will not able to query them and will try to query other DCs. You can use PortQryUI to make sure that all needed ports for authentication are opened: http://technet.microsoft.com/en-us/library/dd772723%28v=ws.10%29.aspx
  Wrong DNS records which may cause wrong DNS resolution - Here clients may be redirected to DCs you don't like them to be contacted
  For AD sites and subnets, make sure that:
  You created an AD site per physical location you have DCs in them
  You created all usued subnets (Be careful about subnetting and supernetting) and link to their correct sites - Each subnet will be linked to AD sites containing DCs you would like them to be contacted
  For Filtering, use PortQryUI for checks and you can use event logs for more information.
  For the DNS system, you can proceed like that to be sure that all DCs were registered correctly and that DNS resolution will be fine:
  Make sure that all DCs has one IP address in use and only one NIC card enabled (Other NICs should be disabled)
  Make sure that public DNS servers are set as forwarders and not in IP settings
  Choose a healthy DC / DNS server and make all DCs point to it as primary DNS server. You can make other DNS servers point to their private IP address as secondary one
  Make sure that needed ports for AD replication are opened in both direction: http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
  Once done, run ipconfig /registerdns and restart netlogon on each DC you have. Like that, all DCs will update their records on the chosen DNS server and the changes will be replicated to other DC / DNS servers using AD replication. Of couse,
  it will be better to remove manually all obsolete / unused DNS records.
  This
  posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   
  Microsoft Student Partner 2010 / 2011
  Microsoft Certified Professional
  Microsoft Certified Systems Administrator: Security
  Microsoft Certified Systems Engineer: Security
  Microsoft Certified Technology Specialist: Windows Server 2008 Active
  Directory, Configuration
  Microsoft Certified Technology Specialist: Windows Server 2008 Network
  Infrastructure, Configuration
  Microsoft Certified Technology Specialist: Windows Server 2008 Applications
  Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows 7, Configuring
  Microsoft
  Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
  Microsoft Certified IT Professional: Enterprise Administrator
  Microsoft Certified IT Professional: Server Administrator
  Microsoft Certified Trainer

• Time Sync from Child domain to Parent doamin

  Now the time in our child domain is fast 2 Mins than parent domain, how to sync the time by what command ?

  Hi,
  By default, the PDC Emulator of the Forest Root Domain is considered as the best time source in an Active Directory forest. Other domain controllers
  in the Forest Root Domain use it for time synchronization while domain controllers in child domains use the PDC Emulator or any domain controller from parent domain for time synchronization. Member servers and Workstation use domain controllers in their domain
  for time synchronization. With this hierarchy, we can maintain a reliable time synchronization system that allows avoiding Kerberos failure issues in an Active Directory domain. This configuration is by default in an Active Directory forest and does not need
  to be changed.
  As mentioned by SH.Hashemi, we can run command
  w32tm\resync to resynchronize the clock as soon as possible, disregarding all accumulated error statistics.
  Regarding time synchronization in active directory, the following articles can be referred to for more information.
  Time Synchronization in Active Directory Forests
  https://social.technet.microsoft.com/wiki/contents/articles/18573.time-synchronization-in-active-directory-forests.aspx
  How the Windows Time Service Works
  http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx
  W32tm
  http://technet.microsoft.com/en-us/library/bb491016.aspx
  Best regards,
  Frank Shen

• Retrieving user detail, group name for all users

  Hi,
  How can I retrieve User name, email, authentication, user group name
  for all users using SDK.
  It is possible to create this report in webi or CR?
  Thank you for reply,
  Gregor

  Use the following code to retrieve this information:
  IInfoObjects users = oInfoStore.query("select * from ci_systemobjects where si_kind='user'");
  for (int i=0; i<users.size(); i++)
           IUser user = (IUser)users.get(i);
           // user.getTitle(); for user name
           // user.getFullName(); for user's full name
           //  user.getEmailAddress(); for user's email address
           //  for authentication type:
           IUserAliases alises = user.getAliases();
           for(int j=0; j<aliases.size();j++)
                     IUserAlias alias = alises.get(j);
                     // alias.getAuthentication() for authentication associated with this alias, since same user can have more than 1 authentication. e.g. Enterprise and Ldap.
           // for user group memberships:
           java.util.Set groups = user.getGroups();        
           // the groups Set object will contain SI_ID of all the user groups that this uses is member of. You need to query by the SI_ID of the usergroup to get the group names.
  //  e.g.
  //    oInfoStore.query("select si_id, si_name from ci_systemobjects where si_kind='usergroup' and si_id in (a,b,c....)");
  where a,b,c are the SI_IDs of the usergroups.
  To create a report based on the above fetched data, there are several methods such as:
  you can use Java resultset where in you create the report structure in designer and push the data at runtime using java result set objects. Another way is to push this info in Excel or Access and design your report based on that excel\access.

• Performance on Select Single&Write  AND Select*(For All Entries)&Read&Write

  Hi Experts,
  I got a code review problem & we are in a argument.
  I need the best performance code out of this two codes. I have tested this both on 5 & 1000 & 3000 & 100,000 & 180,000 records.
  But still, I just need a second opinion of experts.
  TYPES : BEGIN OF ty_account,
          saknr   TYPE   skat-saknr,
          END OF ty_account.
  DATA : g_txt50      TYPE skat-txt50.
  DATA : g_it_skat    TYPE TABLE OF skat,       g_wa_skat    LIKE LINE OF g_it_skat.
  DATA : g_it_account TYPE TABLE OF ty_account, g_wa_account LIKE LINE OF g_it_account.
  Code 1.
  SELECT saknr INTO TABLE g_it_account FROM skat.
  LOOP AT g_it_account INTO g_wa_account.
    SELECT SINGLE txt50 INTO g_txt50 FROM skat
      WHERE spras = 'E'
        AND ktopl = 'XXXX'
        AND saknr = g_wa_account-saknr.
    WRITE :/ g_wa_account-saknr, g_txt50.
    CLEAR : g_wa_account, g_txt50.
  ENDLOOP.
  Code 2.
  SELECT saknr INTO TABLE g_it_account FROM skat.
  SELECT * INTO TABLE g_it_skat FROM skat
    FOR ALL ENTRIES IN g_it_account
        WHERE spras = 'E'
          AND ktopl = 'XXXX'
          AND saknr = g_it_account-saknr.
  LOOP AT g_it_account INTO g_wa_account.
    READ TABLE g_it_skat INTO g_wa_skat WITH KEY saknr = g_wa_account-saknr.
    WRITE :/ g_wa_account-saknr, g_wa_skat-txt50.
    CLEAR : g_wa_account, g_wa_skat.
  ENDLOOP.
  Thanks & Regards,
  Dileep .C

  Hi Dilip.
  from you both the code I have found that you are selecting 2 diffrent fields.
  In Code 1.
  you are selecting SAKNR and then for these SAKNR you are selecting TXT50 from the same table.
  and in Code 2 you are selecting all the fields from SAKT table for all the values of SAKNR.
  I don't know whats your requirement.
  Better you declare a select option on screen and then fetch required fields from SAKT table for the values entered on screen for SAKNR.
  you only need TXT50 and SAKNR fields.
  so declare two types one for SAKNR and another for TXT50.
  Points to be remember.
  1. while using for all entries always check the for all entries table should not be blank.
  2. you will have to fetch all the key fields in table while applying for all entries,
      you can compare key fields with a constant which is greater than initial value.
  3. while reading the table sort the table by the field on which you are going to read it.
  try this:
  TYPES : BEGIN OF ty_account,
  saknr TYPE skat-saknr,
  END OF ty_account.
  TYPES : begin of T_txt50,
        saknr type saknr,
        txt50 type txt50,
  end of t_txt50.
  DATA: i_account type table of t_account,
        w_account type t_account,
        i_txt50 type table t_txt50,
        w_txt50 type t_txt50.
  select SAKNR from SKAT into table i_account.
  if sy-subrc = 0.
  sort i_account by saknr.
  select saknr txt50 from SKAT into table i_txt50
  for all entries in i_account
  where SAKNR = i_account-SAKNR
  here mention al the primary keys and compare them with their constants.
  endif.     
  Note; here you need to take care that, you will have to fetch all the key fields in table i_txt50.
  and compare those fields with there constants which should be greater than initial values.
  they should be in proper sequence.
  now for writing.
  loop at i_account into w_account.
  clear w_txt50.
  sort i_txt50 by saknr.
  read table i_txt50 into w_txt50 with key SAKNR = w_account-saknr
  if sy-subrc = 0.
  write: w_txt50-saknr, w-txt50-txt50.
  clear w_txt50, w_account.
  endif.
  endloop.
  Hope it wil clear your doubts.
  Thanks
  Lalit