Create a local domain
Hello,
Is it possible to make a domain like an active directory domain in Windows but in a OS X Mavericks server ?
Thanks
Yes.
It's called Open Directory and is based on LDAP.
Apple provides an online manual that should help you understand what it is and how to set it up here:
https://help.apple.com/serverapp/mac/4.0/#/apdD1F7D8CA-CF07-40CE-B2D4-8E3ACF4BCA 40
Just like Active Directory, Open Directory absolutely requires a correctly configured DNS Service. Once you've digested the available documentation and you've decided Open Directory is the way forward for you then purchase and download the Server.App from the App Store and once installed start with the DNS Service before moving onto anything else.
Bear in mind most features/services available in the Server.App will require or at the very least work better with Open Directory (and by implication DNS) running. Also bear in mind you don't need the DNS Service running on the Server.App itself if your network is already running and maintaining its own DNS servers. If OS X Server is going to be only server on your network then you must have the DNS Service configured/running on it. Unless you're using a really expensive firewall/router most firewall/routers do not have the facility to create and provide DNS Records.
Similar Messages
-
Create OD Kerberos record with Windows .local domain
I am in the process of setting up my open directory master that will be working in a golden triangle with our existing windows domain. Our windows FQDN ends with .local and all dns is running on this domain.
I am unable to create a kerberos record for the open directory because of the .local domain. The xserver thinks the FQDN is a Bonjour name and will not create the record.
If anyone has an Idea on how to work around this problem I would apreciate your help.
Thank youOD uses AD kerberos
-
Creating a new domain tree under the forest
Hi
I have one primary domain and one additional domain at moment so I want to create a new domain tree under the forest however during the configuration it gives me the below message ?
the last time I installed without tick marking "Create DNS Delegation" option I had a lot of issue in replication and in DNS between my forest domain and this new tree domain.
my main question would be:
1- how to resolve this ?
2- how to create a manual DNS delegation in Parent zone.?
please suggest ?Hi greeMann,
This is an expected behaviour and it can be ignored. The error message occurs because this is the first DNS server so there is not a DNS server available to create the delegation from.
If you are not concerned that people in other domains or on the Internet will not resolve DNS name queries for computer names in the local domain, you can disregard the message and click Yes.
Known Issues for Installing and Removing AD DS
http://technet.microsoft.com/en-us/library/cc754463(WS.10).aspx
Regards,
Rafic
If you found this post helpful, please give it a "Helpful" vote.
If it answered your question, remember to mark it as an "Answer".
This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing! -
.local domain and autodiscover issues
I want to preface this by saying I am a new administrator.
Our SSL cert recently expired, and since .local domains can no longer be on certs, were registered a CA cert with autodiscover.domain.com and mail.domain.com. This new cert was successfully applied, but whenever someones opens their e-mail they get a warning
about the name on the server not matching the cert. I
I'm pretty sure this is juts a few DNS records I need to update but I don't know which ones and really need some guidance.
Thanks for your time.So what you are saying is that his current DNS for company.com (which his internal users use for external access) needs to be duplicated internally, then modified to support his internal email access? I've set up many systems where internal DNS and
external DNS hosted the same name, and it is far from simple as "a new zone takes less than a minute to create". How do you handle internal access to external sites (which is currently working just fine with his external DNS)?
To answer your question, my recommendation is that his internal clients use AutoDiscover to gain their internal settings. Keep in mind that while the Exchange server may be in the .local domain, the SMTP domain they host is a .com domain. And since his servers
are in a domain, any domain-attached Outlook client will be able to access the mailbox successfully.
Just create a new DNS record pointing to the external host. Or get a new domain name that doesn't have external websites, then create a new DNS zone for that.
Alright, so with your recommendation - he updates his clients to use Autodiscover, which they are likely already using, to gain internal settings. And then what do you configure the internal URLs as?
For example - Autodiscover.
You set the AutoDiscoverServiceInternalURI to servername.domain.local -> he still gets a cert prompt every time he opens Outlook.
You set the AutoDiscoverServiceInternalURI to mail.domain.com to match the certificate -> Now ALL autodiscover requests from all clients are going out to the internet, then back into the Public VIP.
Same with EWS. And this is assuming he's using RPC/TCP rather than HTTP. So then he's either going to get prompts for cert every time he opens outlook and checks OOF or mailtips, or all internal clients are going to use the external VIP for Autodiscover
and EWS. -
Creating Iweb seperate domains for multiple sites DIDNT WORK
Hi! Any help would be much appreicaited!
I am creating mutiple websites in iWeb 09'. All 3 of my websites have been stored under 1 domain file on my mac. I have read numerous discussion boards stating the steps of how to seperate each of the created sites from the one domain file, into mutiple domain files. I followed the steps on this website :
http://lmsdiweb.wikispaces.com/Saving+Locally
I moved the Domain folder out of its original location into a new folder on my harddrive entitled "Sites". Then i made sub folders within that folder and duplicated the domain 3 times and placed each copy in those folders. then i double clicked on the domain for my 1st site, opened iWeb, and then deleted the other sites i did not want on this new "domain" file i created and hit saved. This is exactly what the website said to do to create the seperate domain files for each seperate site. It then said repeat for each site, deleting the sites that are not needed on that domain.
All of that being said, it didnt seem to work when i tried to open the 2nd copy of the domain. When iWeb opened after double clicking the 2nd domain copy, it did not open and show me all 3 sites as it should have, it opened to show me the one site that i just "saved" after deleting the other sites for the previous domain i was trying to create.
I'm afraid i posisbly lost my other 2 sites. I backed up my first initial "domain" file which had all 3 sites within it on my external hard drive, and when i double clicked on that to make sure my sites weren't lost forever, same thing happened and only my lastest site that i saved on the 1st attempt to seperate domain files is visable on my iWeb.
Did i loose everything i created in my other 2 sites? How do i get them back? What did i do wrong? Any help is much appreiciated as i have a feeling i might have made a serious mistake and need some help figuring this all out!
Thank you!
Also, I published all of my sites "to a folder" on my hard drive before doing this as well. Is there any way to take the published folder contents and put my site back on iweb for editing again?With three sites in a domain file here's how I would do it. Create 3 copies of your domain file and name them for the three website, i.e "website1.sites, website 2.sites, etc.
With the application discussed in the text below open website1.sites and delete website 2 and website 3 from it and save. Open website 2.sites and delete 1 and 3. Do the same for website 3.sites.
Then use the application mentioned below to open iWeb and select the website you want.
In Lion and Mountain Lion the Home/Library folder is now invisible. To make it permanently visible enter the following in the Terminal application window: chflags nohidden ~/Library and hit the Enter button - 10.7: Un-hide the User Library folder.
To open your domain file in Lion or Mountain Lion or to switch between multiple domain files Cyclosaurus has provided us with the following script that you can make into an Applescript application with Script Editor. Open Script Editor, copy and paste the script below into Script Editor's window and save as an application.
do shell script "/usr/bin/defaults write com.apple.iWeb iWebDefaultsDocumentPath -boolean no"delay 1
tell application "iWeb" to activate
You can download an already compiled version with this link: iWeb Switch Domain.
Just launch the application, find and select the domain file in your Home/Library/Application Support/iWeb folder that you want to open and it will open with iWeb. It modifies the iWeb preference file each time it's launched so one can switch between domain files.
WARNING: iWeb Switch Domain will overwrite an existing Domain.sites2 file if you select to create a new domain in the same folder. So rename your domain files once they've been created to something other than the default name.
NOTE: iWeb 2 is not compatible with Mt. Lion and has trouble saving to the hard drive. It's suggested you obtain iWeb 3
OT -
Connect LDAP service to local domain
Is there anyone who can tell me if it's possible to connect form the LDAP service to a local domain?
I have made a new local domain with some groups and users in the Domain management in LC ES admin module.
Now I want to retrieve those users to my prcess in workbench with the LDAP service, but I can't get it to connect to the new domain (it works fine when I connect to our company AD).
I have tried with Base DN: DC=NewDomain,DC=local and Search filter: cn=* but with no luck :-(
Is it possible to connect to the local domaim from the LDAP service if it is, what should the "Base DN" look like and what are the atributes to use in the search filter?
Thanks
SørenI think you are getting a few things mixed up.
When you create the users in a local domain, you're in fact creating them in the LiveCycle database. Not in a LDAP system. LiveCycle NEVER writes to an LDAP system. It only reads from it.
When LC integrates with an LDAP system (like when you create an enterprise domain in adminui), it connects to an external LDAP system and sychronizes with it. I also adds a copy of the users in its database.
The LDAP service does the same thing is the sense that it just connects to a external LDAP system to get a list of users.
If you want to query the users from the livecycle database you can use the User Lookup service (under Foundation) instead.
Jasmin -
Speed internet browsing via a local domain name server
Is it possible with leopard to create a local DNS to speed up browsing on the internet on Leopard? If so, how do you go about it?
Hi Uday,
I have eventually managed to install minisap - I installed MaxDB to answer your question.
I unchecked a checkbox that was asking for a FQDN and then the domain name server is no longer mandatory.
However, when trying to run webdynpro applications I now get a shortdump that shows a CX_FQDN exception. It says:
An exception occurred which is explained in detail below.
The exception, which is assigned to class 'CX_FQDN', was not caught and
therefore caused a runtime error.
The reason for the exception is:
Die URL enthält keine vollständige Domainangabe (john-pc statt
john-pc.).
I don't understand the German, but john-pc is my computer name and I was prompted during the installation to replace localhost in my host file with this.
The url of the webdynpro application includes this, for example:
http://john-pc:8000/sap/bc/webdynpro/sap/z_hello_world
Would you know how I now resolve this?
Many thanks,
John
Edited by: John Watt on Mar 15, 2009 7:01 AM -
Migrate existing users from local domains to Open Directory.
Here is the environment I'm working with:
Small local environment (8-10) users. Everyone is on their own laptop, everyone is authenticating to their local directories. Network files are stored on a server, with everyone using a single shared user ID to authenticate and access the files.
I have just installed a Xserve, and it is now serving DNS, DHCP, NTP, WWW. I want to setup Open Directory in Master mode, create user IDs for everyone, and then assign permissions to the shared files area.
The one part that I'm not sure how to approach is the local laptops. If user "John Doe" has a local ID "jdoe" that he has been using on his local laptop, how does he migrate over to being "jdoe" in the OD domain, while reatining his "local" home directory and files? The problem I think I'll have is that when I create "jdoe" on the domain, he will have a UID of (say) 10001, but his local UID is 501 (as is the UID of all the other employees since they are all the first user on each of their respective laptops.) so when he logs back into his laptop after it has been attached to the OD domain, I assume that the laptop will see "jdoe" from the OD domain as a new user and create a new home for him (with the UID:10001), so now John cannot see any of his old files and such.
Also, as a side question: I've worked with Windows ID before, and I know once you join a windows computer to a domain and then login to it, it creates a new user and caches the authentication info, so that when the laptop is not connected to the corporate network, the user can still login and work. Does Open Directory do the same on the laptops?
Thanks for any help.Retaining password is a manual process of asking the user what his or her password is and then creating it in OD.
As for migration of account, it is rather simple, provided the short name of the user remains consistent across directory systems. For example, if you have a user named Joe User and his short name is juser with a home folder in /Users/juser. And you create the same account in OD. You can do these few short actions.
1: Bind system to the domain
2: From the Admin account, and using Terminal from root, navigate to /var/db/dslocal/nodes/Default/users and find the plist file for the user (in our example, juser.plist).
3: Delete the file using rm
4: Restart the machine or restart Open Directory
5: Log in as the admin user and change ownership of the users home folder. Recall that when the user is in the local domain, the UID was likely 502, 503, etc (you do have a standard local admin at 501 right?) Now that the user is in OD, the UID will be 4 digits, something like 1027. So understanding that user attributes and user data are independent, you now have a folder in /Users titled juser and owned by uid 50x. You need to make it owned by juser from the OD domain. User this:
sudo chown -R juser /Users/juser
6: Log out of the admin account
7: Log in as the user after choosing Other at login window.
Assuming you have your OD account set up properly, you will likely be asked to confirm the caching of the users credentials. This will path you right back into the user's home folder and all will be right with the world.
This is simple and quick. If the shortnames are different, throw an mv into the mix to rename the home folder to match the domain shortname. If you have no local admin, then you will need to reset DSLocal and start again. -
(mac,jdeveloper 11g) can't create a default domain on weblogic - NEWBIE
hello,
I would like tu use jdeveloper so I created a generic project with the purpose of create a jsf page in it.
but I can't deploy it on the weblogic server as I can't create a default domain; here is the log for the error :
Log File: /Users/lolveley/.jdeveloper/system11.1.1.3.37.56.60/o.j2ee.adrs/CreateDefaultDomain.log
Label: JDEVADF_11.1.1.3.PS2_GENERIC_100408.2356.5660
Product Home: /Users/lolveley/Oracle/Middleware/jdeveloper/jdev/
Domain: /Users/lolveley/.jdeveloper/system11.1.1.3.37.56.60/DefaultDomain
"/Users/lolveley/Oracle/Middleware/oracle_common/common/bin/wlst.sh" "/Users/lolveley/.jdeveloper/system11.1.1.3.37.56.60/o.j2ee.adrs/CreateDefaultDomain.py"
Process started
wlst > CLASSPATH=/Users/lolveley/Oracle/Middleware/patch_wls1033/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/Users/lolveley/Oracle/Middleware/patch_jdev1111/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/tools.jar:/Users/lolveley/Oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/Users/lolveley/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar:/Users/lolveley/Oracle/Middleware/modules/features/weblogic.server.modules_10.3.3.0.jar:/Users/lolveley/Oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/Users/lolveley/Oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/Users/lolveley/Oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jrf_11.1.1/jrf-api.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/jrf-wlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.odl_11.1.1/ojdl.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.odl_11.1.1/ojdl2.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.dms_11.1.1/dms.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.dconfig-infra_11.1.1.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.fabriccommon_11.1.1/fabric-common.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.xdk_11.1.0/xmlparserv2.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.xdk_11.1.0/xml.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.wsm.common_11.1.1/wsm-pmlib.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.wsm.common_11.1.1/wsm-policy-core.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.wsm.common_11.1.1/wsm-secpol.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.wsm.common_11.1.1/wsm-dependencies.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.wsm.policies_11.1.1/wsm-seed-policies.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.webservices_11.1.1/orawsdl.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.webservices_11.1.1/mdds.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.webservices_11.1.1/ws_confmbeans.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/org.apache.commons.digester_1.8.jar:/Users/lolveley/Oracle/Middleware/oracle_common/../modules/javax.xml.bind_2.1.1.jar:/Users/lolveley/Oracle/Middleware/oracle_common/../modules/javax.activation_1.1.jar:/Users/lolveley/Oracle/Middleware/oracle_common/../modules/javax.xml.stream_1.1.1.0.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.http_client_11.1.1.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jmx_11.1.1/jmxframework.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jmx_11.1.1/jmxspi.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.dconfigbeans_11.1.1.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share.ca_11.1.1/adf-share-base.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share.ca_11.1.1/adf-share-ca.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adflogginghandler.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adfsharembean.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/commons-el.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/jsp-el-api.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/oracle-el.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/auditwlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/sslconfigwlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/oamap_help.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/ossoiap_help.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/jps-wlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.auditprovider_11.1.1/jps-wls-auditprovider.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jps_11.1.1/jps-manifest.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jps_11.1.1/jps-mbeans.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jps_11.1.1/jps-upgrade.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jps_11.1.1/jps-patching.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/lib/adf-share-mbeans-wlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/lib/mdswlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/auditwlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/jps-wlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/jrf-wlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/oamAuthnProvider.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/oamap_help.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/ossoiap.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/ossoiap_help.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/sslconfigwlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/wsm-wlst.jar
wlst >
wlst > PATH=/Users/lolveley/Oracle/Middleware/wlserver_10.3/server/bin:/Users/lolveley/Oracle/Middleware/modules/org.apache.ant_1.7.1/bin:/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/jre/bin:/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/bin:/usr/gnu/bin:/usr/local/bin:/bin:/usr/bin:.
wlst >
wlst > Your environment has been set.
wlst >
wlst > CLASSPATH=/Users/lolveley/Oracle/Middleware/patch_wls1033/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/Users/lolveley/Oracle/Middleware/patch_jdev1111/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/tools.jar:/Users/lolveley/Oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/Users/lolveley/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar:/Users/lolveley/Oracle/Middleware/modules/features/weblogic.server.modules_10.3.3.0.jar:/Users/lolveley/Oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/Users/lolveley/Oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/Users/lolveley/Oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jrf_11.1.1/jrf-api.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/jrf-wlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.odl_11.1.1/ojdl.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.odl_11.1.1/ojdl2.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.dms_11.1.1/dms.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.dconfig-infra_11.1.1.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.fabriccommon_11.1.1/fabric-common.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.xdk_11.1.0/xmlparserv2.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.xdk_11.1.0/xml.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.wsm.common_11.1.1/wsm-pmlib.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.wsm.common_11.1.1/wsm-policy-core.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.wsm.common_11.1.1/wsm-secpol.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.wsm.common_11.1.1/wsm-dependencies.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.wsm.policies_11.1.1/wsm-seed-policies.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.webservices_11.1.1/orawsdl.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.webservices_11.1.1/mdds.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.webservices_11.1.1/ws_confmbeans.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/org.apache.commons.digester_1.8.jar:/Users/lolveley/Oracle/Middleware/oracle_common/../modules/javax.xml.bind_2.1.1.jar:/Users/lolveley/Oracle/Middleware/oracle_common/../modules/javax.activation_1.1.jar:/Users/lolveley/Oracle/Middleware/oracle_common/../modules/javax.xml.stream_1.1.1.0.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.http_client_11.1.1.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jmx_11.1.1/jmxframework.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jmx_11.1.1/jmxspi.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.dconfigbeans_11.1.1.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share.ca_11.1.1/adf-share-base.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share.ca_11.1.1/adf-share-ca.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adflogginghandler.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adfsharembean.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/commons-el.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/jsp-el-api.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/oracle-el.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/auditwlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/sslconfigwlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/oamap_help.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/ossoiap_help.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/jps-wlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.auditprovider_11.1.1/jps-wls-auditprovider.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jps_11.1.1/jps-manifest.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jps_11.1.1/jps-mbeans.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jps_11.1.1/jps-upgrade.jar:/Users/lolveley/Oracle/Middleware/oracle_common/modules/oracle.jps_11.1.1/jps-patching.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/lib/adf-share-mbeans-wlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/lib/mdswlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/auditwlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/jps-wlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/jrf-wlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/oamAuthnProvider.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/oamap_help.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/ossoiap.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/ossoiap_help.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/sslconfigwlst.jar:/Users/lolveley/Oracle/Middleware/oracle_common/common/wlst/resources/wsm-wlst.jar:/Users/lolveley/Oracle/Middleware/utils/config/10.3/config-launch.jar::/Users/lolveley/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbynet.jar:/Users/lolveley/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbyclient.jar:/Users/lolveley/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbytools.jar::
wlst >
wlst > Initializing WebLogic Scripting Tool (WLST) ...
wlst >
wlst > Welcome to WebLogic Server Administration Scripting Shell
wlst >
wlst > Type help() for help on available commands
wlst >
wlst > Error: ADRS_DOMAIN_PASSWORD environment variable not set.
wlst >
wlst >
wlst > Exiting WebLogic Scripting Tool.
wlst >
Elapsed time: 5019 ms
could you help me please?
olivier.hey jan :
I have another issue : I would like to use in jdeveloper JSF and primefaces, which is a component library.
but if JSF works well, I can't install primefaces : I right-click on the properties of my project, add the primefaces jar in the libraries, and add a taglib (<%@ taglib uri="http://primefaces.prime.com.tr/ui" prefix="p" %>) in my JSF page.
but I have an arror while deploying the project.
and (is it a clue?) there is no completion of the "<p: ..." tags;
but there is a window in jdeveloper : http://www.imageshotel.org/images/lolveley/apturede769cran20101017a76813.png that I can't fill ; could you help me by telling me whatr to do?
please
olivier -
RDS - .local domain and external users. Best way to get rid of SSL warnings
I am evaluating MS RDS as a possible solution for a VDI implementation at the college I work for. When we setup our AD years ago we set it up as a .local domain. I am running into issues with the .local machine name on the connection broker for
external users. I know for internal domain systems we can setup the self signed .local cert as a trusted root cert to bypass the self signed untrusted warning but for the bulk of our users which will be using systems external to our domain they
will get the SSL warning about the self signed certificate when they try to connect to a remote app or a desktop.
Initially I thought if I setup a local AD CA that we could setup a trust relationship with the SSL cert. After further reading I believe that this would only work for systems internal to our domain and we would still have the issue with external devices.
The other option would be to tell our users to click the box to never display the warning message again and to go on or to add the self signed cert to their trusted list. Of course when ever you ask the user to do something there will be issues. We
have also found that in our testing that we can not seem to connect via the web portal with a macbook. We get an error that there is a problem with the trust relationship with the server after we login and click on an app or a desktop to connect. We
have been able to connect with iOS devices.
We could of course rename the .local domain to a .edu domain which would permit us to use our wildcard certificate but that is a major undertaking that we don't want to cross at the moment. I think I might have some up with a solution and wanted to
bounce the idea off of those on this forum.
If we setup a second domain on campus that is not a .local. Join the non internet facing RDS systems to this new domain that would have a SSL cert that was trusted and then setup a full trust relationship between the two domains such that users and
systems in one domain could communicate with the systems in the other domain would that remove the certificate warnings for external users?Hi AKlein,
Initially I thought if I setup a local AD CA that we could setup a trust relationship with the SSL cert. After further reading I believe that this would only work for systems internal to our domain and we would
still have the issue with external devices.
Just add the root CA certificate of the internal CA into Trusted Root Certification Authorities store on external clients manually (or through group policy if there is an external domain), then SSL certificate warning would be gone.
We could of course rename the .local domain to a .edu domain which would permit us to use our wildcard certificate but that is a major undertaking that we don't want to cross at the moment.
Yes, renaming domain is not recommended due to its complexity.
If we setup a second domain on campus that is not a .local. Join the non internet facing RDS systems to this new domain that would have a SSL cert that was trusted and then setup a full trust relationship between
the two domains such that users and systems in one domain could communicate with the systems in the other domain would that remove the certificate warnings for external users?
If you are setting up a new domain with two way trust, then root CA certificate of the internal CA still needs to be distributed manually (or through group policy). If you are setting up a child domain, then enterprise CA would be trusted within the same
forest.
As long as there are enough external users and devices to manage, an external private network exists and extra domain management tasks are acceptable, then setting up a new domain is a good choice since domain provides secure boundary.
Or, you could just create a new site from the other network location, which saves you from creating a new domain, new users and trust.
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] -
R/3 installation local/domain differences
Hi,
Client wanted to Implement ECC6 Landscape installation on Windows. My question is during installation which method recomenadable Local/Domain .
If it is local how the transport" \usr\sap\trans "directory would be shared from across dev,qa,and prod systems.
In Unix we can use NFS mounts .what about windows if i install local installation.
For domain installation they need to create a user with domain admin rights . also can create domian groups.
Which method recomenadable .Since client is fully secured , Also let me know what are the ports need to open to communicate between the systems (dev/qa/prod) and fronend users.
Thanks in advance,
kristeneHello Kristene,
Always install SAP in a Domain. You may want to talk to your Active Directory team regarding their domain structure to select the most appropriate domain if your customer is using a multi-domain architecture.
The ECC 6.0 installation guide and the Netweaver 2004s installation guides have a section on "How to install SAP if you do not have domain admin access". It is explained in detail. Basically you get your AD team to create the accounts prior to your installation.
I would recommend you AD team create a new container and delegate control of the container to the Basis team. You should create all your service accounts in this container.
If you want to determine which ports to open - you can look at the windows\system32\drivers\etc\services file. This applies only for ABAP based systems, not Java. If you ask you security team to open 3200-3600, 4800-4801 and 40080-49980 this usually will work.
Good luck
NPC -
R/3 Implmenetation Landscape Local/Domain Installation
Hi,
Client wanted to Implement ECC6 Landscape installation on Windows. My question is during installation which method recomenadable Local/Domain .
If it is local how the transport" \usr\sap\trans "directory would be shared from across dev,qa,and prod systems.
In Unix we can use NFS mounts .what about windows if i install local installation.
For domain installation they need to create a user with domain admin rights . also can create domian groups.
Which method recomenadable .Since client is fully secured , Also let me know what are the ports need to open to communicate between the systems (dev/qa/prod) and fronend users.
Thanks in advance,
kristenein a local installation method the system which has trans
directory , if you dev system contains usr/sap/trans then
DEVadm and sapserviceDEV has to created in all the systems
whith the same rights and password in all the systems.sap recommends to use domain -
Some local domain components could not be started.
Hello,
I've Installed ORACLE CM SDK on Windows XP,
When I try to start the local domain I get the following message.
Some local domain components could not be started.
In the log file ifsctl I getr the following
3/04/03 9:41 ifsctl:
3/04/03 9:41 ifsctl: HostController constructed
3/04/03 9:41 ifsctl: HostController disposed
3/04/03 9:41 ifsctl:
3/04/03 9:41 ifsctl:
3/04/03 9:41 ifsctl: HostController constructed
3/04/03 9:41 ifsctl: HostController disposed
3/04/03 9:41 ifsctl:
3/04/03 9:42 ifsctl:
3/04/03 9:42 ifsctl: HostController constructed
3/04/03 9:42 ifsctl: HostController disposed
3/04/03 9:42 ifsctl:
3/04/03 9:42 ifsctl:
3/04/03 9:42 ifsctl: HostController constructed
3/04/03 9:42 SocketRemoter: Initialized
3/04/03 9:42 ifsctl:
3/04/03 9:42 ifsctl: Domain ifs://server3c:1521:iasdb.SERVER3C.IRC:IFSDP
3/04/03 9:42 ifsctl:
3/04/03 9:42 ifsctl: server3c.irc HTTP Node
3/04/03 9:42 ifsctl: (runs locally; HTTP node managed by OC4J)
3/04/03 9:42 SocketRemoter: Find ifs_socket://server3c.irc:53143/IFS.DOMAIN.NODE.GuardianLocator
3/04/03 9:42 SocketRemoter: Constructed channel [email protected]:53143
3/04/03 9:42 SocketRemoter: Connected channel [email protected]:53143
3/04/03 9:42 SocketRemoter: Create stub [email protected]:53143:1049299042092
3/04/03 9:42 ifsctl: is launched
3/04/03 9:42 ifsctl:
3/04/03 9:42 ifsctl: server3c.irc Node
3/04/03 9:42 ifsctl: (runs locally)
3/04/03 9:42 SocketRemoter: Find ifs_socket://server3c.irc:53141/IFS.DOMAIN.NODE.GuardianLocator
3/04/03 9:42 SocketRemoter: Constructed channel [email protected]:53141
3/04/03 9:42 ifsctl: is stopped; launching
3/04/03 9:42 ifsctl: Unexpected exception: Error from external process: 7
3/04/03 9:42 ifsctl:
3/04/03 9:42 ifsctl: oracle.sysman.emSDK.common.emdComm.RemoteOperationException
oracle.sysman.emSDK.common.emdComm.RemoteOperationException: Error from external process: 7
at oracle.sysman.emd.command.OSCommandManager.runOSCommand(OSCommandManager.java:239)
at oracle.sysman.emd.main.EMDRuntime.runRemoteCommand(EMDRuntime.java:1334)
at oracle.sysman.emSDK.common.emdComm.EMDClient.remoteOperation(EMDClient.java:501)
at oracle.ifs.admin.web.monitor.EmdHostControllerForker$1.run(EmdHostControllerForker.java:126)
3/04/03 9:42 ifsctl: HostController disposed
3/04/03 9:42 ifsctl:
3/04/03 9:43 ifsctl:
3/04/03 9:43 ifsctl: HostController constructed
3/04/03 9:43 ifsctl: HostController disposed
3/04/03 9:43 ifsctl:
3/04/03 9:43 ifsctl:
3/04/03 9:43 ifsctl: HostController constructed
3/04/03 9:43 SocketRemoter: Initialized
3/04/03 9:43 ifsctl:
3/04/03 9:43 ifsctl: Domain ifs://server3c:1521:iasdb.SERVER3C.IRC:IFSDP
3/04/03 9:43 ifsctl:
3/04/03 9:43 ifsctl: server3c.irc HTTP Node
3/04/03 9:43 ifsctl: (runs locally; HTTP node managed by OC4J)
3/04/03 9:43 SocketRemoter: Find ifs_socket://server3c.irc:53143/IFS.DOMAIN.NODE.GuardianLocator
3/04/03 9:43 SocketRemoter: Constructed channel [email protected]:53143
3/04/03 9:43 SocketRemoter: Connected channel [email protected]:53143
3/04/03 9:43 SocketRemoter: Create stub [email protected]:53143:1049299042092
3/04/03 9:43 ifsctl: is launched
3/04/03 9:43 ifsctl:
3/04/03 9:43 ifsctl: server3c.irc Node
3/04/03 9:43 ifsctl: (runs locally)
3/04/03 9:43 SocketRemoter: Find ifs_socket://server3c.irc:53141/IFS.DOMAIN.NODE.GuardianLocator
3/04/03 9:43 SocketRemoter: Constructed channel [email protected]:53141
3/04/03 9:43 ifsctl: is stopped; launching
3/04/03 9:43 ifsctl: Unexpected exception: Error from external process: 6
3/04/03 9:43 ifsctl:
3/04/03 9:43 ifsctl: oracle.sysman.emSDK.common.emdComm.RemoteOperationException
oracle.sysman.emSDK.common.emdComm.RemoteOperationException: Error from external process: 6
at oracle.sysman.emd.command.OSCommandManager.runOSCommand(OSCommandManager.java:239)
at oracle.sysman.emd.main.EMDRuntime.runRemoteCommand(EMDRuntime.java:1334)
at oracle.sysman.emSDK.common.emdComm.EMDClient.remoteOperation(EMDClient.java:501)
at oracle.ifs.admin.web.monitor.EmdHostControllerForker$1.run(EmdHostControllerForker.java:126)
3/04/03 9:43 ifsctl: HostController disposed
3/04/03 9:43 ifsctl:
3/04/03 9:43 ifsctl:
3/04/03 9:43 ifsctl: HostController constructed
3/04/03 9:43 ifsctl: HostController disposed
3/04/03 9:43 ifsctl:
Could anyone help me please.
I think It is something to log on as batch, but I don't know.I am acutally having the same issue.
I made sure the user belongs to "Log on as Batch Job" policy and also an administrator.
However, on the credential page, It will not take any password. The errors are same as the ones provided above.
Does anyone know where this process is looking to get the user information?
Are there any other way of getting around this?
One info. that I must tell you is that on my computer, i have two user account with same login name, one belongs to domain, and one is local machine login.
When I installed Oracle9iAS, i used the domain username. Currently I was only able to add my local machine user name to the policy becue it will not recognize my domain name login. It produces an error from a window stating "Domain does not exists or can't be contacted"
With the above statement in mind, I would appriciate any help. Thank you very much in advance. -
Hi
I'm looking for a solution that I can't seem to find. I have an Exchange 2010 server running in a dot local domain (domainname.local), so my SSL certificate is installed using the servers external email DNS name. email.mycompany.com
I have followed the instructions to resolve this on the Exchange server, implemented the changes so autodiscovery sees the server as email.mycompany.com. This works great for my Outlook 2007 users. The downside is that none of my Outlook 2013
clients can access their email without the certificate error server name mismatch.
I know Outlook 2013 has tighter security but I need to get rid of these cert errors, any thoughts out there?Hi,
Since both your Outlook 2007 users and Outlook 2013 users are using Exchange 2010 with the same server configuration, it should be working in both Outlook client version.
Please restart your IIS service by running IISReset /noforce from a Command Prompt window in Exchange to have a try. In Outlook, please re-create a Outlook profile to check whether the issue persists.
Regards,
Winnie Liang
TechNet Community Support -
Embarrasing question about local domain. [SOLVED]
OK,
Every time I set a box up I name it blackbox, tanbox, lap1 etc. But when I get to the local domain I use "kitchen" . So All the computers in the house have "kitchen" as the local domain. My question is should it be kitchen.net, .org, .com or does it matter? Do I need to specify .net, .com etc or can I just leave it as blackbox.kitchen. [edit] Or do you guys just leave localdomain as ....localdomain ?
Is that clear?
Thanks,
McRae
ps I've tried to google this and search the forums but I cannot find an answer to this.No , *never* use in your LAN the ID (or domain name) of a registered public domain or a fictitious name it is a matter of time before it creates you trouble.
This explanation of using NAT will give you an idea of what I mean:
The effect is to hide multiple hosts behind a single public IP address. Notice it is the action of sending a packet from the LAN to a host on the Internet that creates a return translation entry. Until a host on the LAN initiates contact, it is invisible to the public Internet. It has no public IP address and traffic addressed to the gateway machine is not forwarded to the LAN since there is no reverse translation entry.
Now ... if the LAN has someone else public ID, there would be a conflict would it not? and where do the packet goes ... only God knows.
Hope this helps.
R
Maybe you are looking for
-
Outlook Move Emails to specific folder rule issues.
Hello, We have found fallowing issue in our Outlook/Exchange environment: If we setup rules in outlook 2010/2013 to move emails from specific sender to specific folder emails are moved to that folders but also they appear in a "Recover deleted Items"
-
I need help with my Mighty Mouse settings. Don't understand the settings. I can no longer open a document by double-clicking. I think I changed my setting someway when I was trying to correct or find my up and down scrolling. Please help.
-
Dynamic text element (Text Symbols)
Hi, How can we make text element dynamic? Ex: If I want a text "Consider date g_date" where g_date is populated from program. Can I pass g_text like <b>text-001 g_text</b>? Thanks.
-
How to assign another application to *.pdf file?
Hi, unfortunately, after upgrading firmware in my e72 I lost adobe reader 2,5 (now I have obsolete adobe reader 1.5). I found much better application designed for reading *.pdf file. Under x-plore I have changed assignment to this app, but I have no
-
SAP LSO 600 Stuctural Profiles
Hi, How do you restrict the catalog by org unit utilizing structural authorization? Can someone please explain how this can be accomplished? Basically I have a subset of users which I do not want to see part of the course catalog. Also there is a sub