Dynamic Local User

Hi,
I have ZfD 3.2 working with a Dynamic Local User (DLU) setup to remove the
Windows XP logon screen and to control student access to the workstation.
The DLU is a member of the Windows group "Users"
I have a full install of Office 2000 Pro (excluding Outlook). The problem I
have is that when a student logs in and starts WORD they are asked to supply
the Office 2000 CD to complete the installation, "The feature you want is
not installed..."
This fails as a "User" does not have rights to install programs. If I make
the DLU a member of "Administrators" then the Install will finish but the
same thing happens when the student logs in again. In any case I need to
have students only members of the "Users" group.
How can I stop this happening?
Ian

Ian,
It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
- You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses: http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/

Similar Messages

Dynamic Local User Issue

When i look at snapins thru consoleone i can see that Zenwork 7.0.1 snapin is installaed.
I have Novell Client 4.91 SP5 and Zenwork Client 7.0.173.91015 installed on the clients running WinXP Pro SP3.
There is different of failures that happens..
Senario 1:
I install a Latitude D610 with a WinXP Pro SP3 original CD, from scratch. I only install the drivers for the LAN-card to get access to the network. I do not update windows updates etc.
I install the Novell Client 4.91 SP5, after that i install Zenwork Client 7.0.173.91015. And apply some registry settings to make the novell client to use the "tab-function" and hide advanced settings etc..
I have my eDir user "ADMIN1" with the policy package with settings to Dynamic Local User set to create a local user with name Admin, but im not using volatile user. So the local windows user Admin will be saved when logged out.
I login once with my Admin1 user, it creates the local profile Admin from Default User (with the help of Zenworks, and the policy Dynamic Local User?). I restart the computer and login again, and the local profile Admin craches and create a new one from Default User but this local user profile is namned Admin.Computername.
Ive tested this with atleast four other computers (different hardware) so it cant be a driver issue.
Ive looked thru the local logs, and i cant find anything about any problem with reading the NTUSER.DAT as could be a problem to load the local profile.
I even tested this senario when i update all windows updates etc, with two different version of the zenworks client and so on. ive been testning this for like 100 times now atleast. and same failure is happening. Ive even tested this in a virtual environment (vmware workstation).
Senari 2:
Like the problem descried above, in some cases it loss the connection or something with the zenwork server side and the zenwork client on the client computer... Since it does not attempt to use the settings from Dynamic Local User, becuase i got the windows login window, and i have to login to an already existing windows local account (with otherwords i cant login to the Admin-profile since i dont know the login information to this account since its created by zenworks / dynamic local user settings, and from the settings there you cant set a password, just the name and role of the windows accout that should be created)..
And after a while i try again, and then the settings from Dynamic Local User passes by and log into the, (let me say) Zenworks created local user profile (set by Dynamic Local User settings).
I wanna mention that all computers thats old, no reinstallation.. I can login to without problem, without any crashes of the Windows Local Profile.
Ive succeded once without any Windows Local profile crash, rebooted this computer over and over again, and no failure. If you succed twice, it seems like its fine. But then i reinstalled this computer, just like i did to make it success. But this time it failed on the second try, and got a crashed profile....
Its kinda old hardware to the server where i have my Zenworks, could that be the case? Could it be some timeouts?
The concults i use to fix some problems in our environment updated zenworks from the serverside just before christmans.. Could it be any problems with some windows patch etc?
Any help would be appreciated!
// Jokohanho

> installed on the clients running WinXP Pro SP3.
<snip>
> I restart the computer and login again, and the local
> profile Admin craches and create a new one from Default User but this
> local user profile is namned Admin.Computername.
I only know of one XP SP3 issue that could cause this, but it involves a pw
change and RP:
"When you try to log on to a Windows XP SP3-based computer by using a
roaming profile, the roaming profile cannot load."
http://support.microsoft.com/kb/958058
Regards
Rolf Lidvall
Swedish Radio (Ltd)

IPTV Content Manager and Novell 6 Zenworks Dynamic Local User

We are running Cisco IPTV viewer 3.2.24 along with Windows 2000 Professional on Dell260 workstations. We run Novell, version 6 with Zenworks 4 and Dynamic Local User to create a new user on the workstation. Every time a new user is created we have to add the tcp/ip address for the Content Manager. Is there a way to retain the address of the Content Manager for any user that is created on the local workstation so that we don't have to enter the address each time a new user sign-on to the workstation?

Unfortunately, it seems, there is no work-around for this problem in 3.2 version of the IPTV Viewer. The Content Manager address is stored in the registry setting in HKEY_USERS.
The behavior is different for viewer 3.4 where the CM address is stored in HKEY_LOCAL_MACHINE and is common to all users.
Solution is -
a. Upgrade to IPTV 3.4 or 3.5 Viewer
or
b. Use the Web-based Program Guide
You could also try playing around with setup.ini/iptv.ini {GuideServer= and GuideServerPort= } settings to see if there is any luck to hard-code this information while installing the software.
More information is available at http://www.cisco.com/univercd/cc/td/doc/product/webscale/iptv/iptv32/admin_gd/chap4.htm

Windows 8.1 Dynamic Local User?

Greetings
I am running Zenworks 11.3
I have 4 windows 8.1 desktops that I am testing the latest Novell Client and Zenworks Agent.
Everything works great, I am able to authenticate with novell and zenworks creates the local user account on the desktop. The problem is.... Microsoft's Windows 8.1 does the "splash screen" for about 3 minutes while it "installs the applications" for the Windows 8 metro stuff. This happens for *Every* user that tries to login to that workstation. Once they login once they are fine, but... i can't have the kids wait 3 minutes while Windows 8 does the needfull....
Is there anyway to prevent this? Can I have my students Authenticate with Novell as a unique student... but then utilize a generic "Student" profile that is already on the Device? that way they don't need to wait 3 minutes?
I can install DeepFreeze which will reset the settings everytime they logout... so the next person gets a clean Student profile..... but something has to happen about the delay....
Any suggestions?
I am willing to pay^H^H donate money to somebody to help me out with all of this if required!
Thanks!
John

Yes, you can configured the DLU policy to use a Specific Account.
Make sure to enable "DLU Caching", otherwise it will be volatile.
You can also try and tweak your Default User Profile, so that it is
based on a profile that has already run that process.
You may want to ask in the MS Forums if there is a way to turn that off
for new users, but don't reference DLU or ZENworks as they will not know
about that.
On 7/30/2014 9:06 PM, johnatoswayo wrote:
>
> Greetings
>
> I am running Zenworks 11.3
>
> I have 4 windows 8.1 desktops that I am testing the latest Novell Client
> and Zenworks Agent.
>
> Everything works great, I am able to authenticate with novell and
> zenworks creates the local user account on the desktop. The problem
> is.... Microsoft's Windows 8.1 does the "splash screen" for about 3
> minutes while it "installs the applications" for the Windows 8 metro
> stuff. This happens for *Every* user that tries to login to that
> workstation. Once they login once they are fine, but... i can't
> have the kids wait 3 minutes while Windows 8 does the needfull....
>
> Is there anyway to prevent this? Can I have my students Authenticate
> with Novell as a unique student... but then utilize a generic "Student"
> profile that is already on the Device? that way they don't need to wait
> 3 minutes?
>
> I can install DeepFreeze which will reset the settings everytime they
> logout... so the next person gets a clean Student profile..... but
> something has to happen about the delay....
>
> Any suggestions?
> I am willing to pay^H^H donate money to somebody to help me out with all
> of this if required!
> Thanks!
> John
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Technical Support Engineer
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.

DLU with Windows 7 x64 & Existing local user

Hi, I have a strange bug. I have a Windows 7 x64 Enterprise SP1 that I'm trying to configure a volatile user on it. I have also configured my Windows 7 to do an auto logon with a local Windows account which is "Usager". I also modified the registry to disable CASA.The auto logon work perfectly and CASA doesn't appear either. So I have configure my DLU with the "Use the credential specified below (Always volatile)", the "Use user source password and the "Manage existing user account (if any)" options. Finally, I add to the registry the "AllowDLUWithoutNovellClient" registry key under "HKEY_LOCAL_MACHINE\\SOFTWARE\\Novell\\Authenticat ion" since I dont have the Novell client install on the computer. Now each time I log off and logon again I can see that the volatile user never applies. Why does the DLU never delete the "Usager" profile? What am I missing here? We are running here 11 SP2.
Thanks in advance for the help!

Shaun, after rechecking everything I made some little progress. I'm now able to make it work but not always! I just can't find a pattern to the why it works now and not later on. Sometimes I just reboot and that's it. Other time I can reboot the computers 10 times in a row it just won't work. Is there something in the logs on the workstation that I could use to make sense here?!
Note: I'm following the guide lines in the pdf "zen11_cm_policies.pdf" on page 30 in section "3.2.3 Implementing the Dynamic Local User Policy Without the Novell Client".
Thanks again for the help!

Dynamic locale switching

Hi,
I need to implement dynamic locale switching in my application i.e. the user
is allowed to change the application display language in runtime.
Is there a mechanism in JavaFX to automatically achieve this goal?
I know that I can use e.g. 2d array where every row may be a different language
and each row item could be a translated text and bind the array items to the UI elements.
I have also tried something like:
java.util.Locale.setDefault(newLocale);
StringLocalizer.associate("myapp.Main";, "myapp");but that does not refresh all texts on screen until I update them manually after switching language:
label.text = ##"Text in a label"Is there a way to refresh all visible texts after switching locale?
Thanks,
Dariusz Gadomski

Does each customer mean each user, or are there many users for each customer?

2) doableIn general you can use a TopLink DatabaseSession for each user/customer. You can use the same TopLink Project but can use a different login for each session you create.

If you have many users for each customer, you could potentially use a different TopLink ServerSession for each customer and allow the users to benifit from connection pooling and caching.

If you are using JPA, there is no easy way to do this currently. You could create the ServerSession yourself and then wrap it yourself with the TopLink EnitityManager implementation. You could use the same TopLink Project from your JPA persistent unit ServerSession and use a different login in your new ServerSession. If each customer has only one user then you could use a connection pool with only 1 connection.

1) a bad idea
This is probably not a good idea. You avoid being able to share resources such as connection pools across your customers, and cannot share data. But it depends on how many customers you have and how distinct they are. Having each customer run on different databases allows you to have a different machine and application server for each customer, which you may need depending on how each customer scales. If you end up having a different server for each customer, then you could just have a single persistence unit in your application and change the persistence.xml or data-source when you deploy a new customer server.

---
James Sutherland

What happens to my local user data? -newbie question sorry

Hi All,
Firstly apologies if this seems a dumb question, I've scoured the forums but I require something that fits my specific situation.
I've had a (my first) MacBook for about 9 months, built up a fairly healthy local user, setup just how I like it, MobileMe, iTunes, Chrome, iPhoto library, lots of other apps, etc etc and so forth.
I'm setting up a Mac Mini Server, and was wondering what I can do to join the new server, but take all my settings/downloads/iTunes etc with me... I don't want it all stored on the server, but I come from a Micro$oft Windows background. With MS, when you add a PC to a domain, login with the appropriate user account, you have a fresh profile, no settings, no files, no customisations etc etc is this also the case when I hit that Join Network Account server button on my Mac? Will I get a blank fresh account on my Macbook?
I'm guessing this must happen quite often as people start their way into Apple technology and build up a nice healthy local account before branching further into the Apple world...

The two laptops I use everyday have access to all the servers via my network account. It is set so that my user account is listed as having "no home" So I log into the laptop with my local user account with a UID of 501 but access all the network services via the go menu and my network account of the same name but with a UID of 1034.
For all other users in the company, if they are on a laptop, I use network accounts. The machines are managed to ask if the user wants to create a mobile account when they login. For permanently assigned laptop users, the answer is yes. This puts their home on the laptop and ties them to that machine. I use mobile account syncing to make sure their critical data is copied to the server for backup.
By having the machine ask to create the mobile account, users can answer no and login to their network home. The use of the laptop may be needed temporarily if a regular workstation is down.
Once in a while I will need to convert a local account to a network account. While a bit more laborious that setting it up correctly at the beginning, it can be done.
But I never let any user account have the UID of 501. I would set that up as the local admin account I use for installing updates and performing other maintenance. If needed, I would back up the user data and erase and re-install the OS.

SSO for application systems with local users?

Hi all, I'm new to Oracle Identity Management. My company is going to implement SSO for inhouse applications. However, some applications have their own local users (e.g. admin, guest, etc.) who have to login to the application system through the same interface. We put all organization users in an Oracle enterprise Directory server, which is the authentication backend of the Access Manager. After implementing webgate, such local users can't get authenticated. I'd like to know if it's possible to configure particular users/applications to bypass SSO and use local authentication? Thanks.
Rgds
/ST wong

Possible solution is to create a new entry point for local users. Create two proxies one for actual user entry and another for local user. You can restrict n/w access to proxy with local login so that only few hosts based on your requirement who needs to access system with local accounts. This way you will have two web sites for single application.

[SOLVED]How to send email to a local user?

I have installed Mutt, msmtp, procmail and I can send and receive emails to/from remote hosts and I'd like to send email locally also (to the recipients on the same machine as the sender).
When I try to send email to a local user from the root account -
echo "Test message" | mail -s "Test subject" localuser
then I get an error that connection to the port 25 is refused. Because the /etc/msmtprc file contains the 'localhost' as the default account's host, and on the local host I don't have a mail server listening on 25 port running.
When I try to send email from a non-root account which has in /$HOME/.msmtprc file a real email account on a remote server, then of course there is an error that the domain for the email address 'localuser' is not recognized.
How can sending email to local users be enabled?
Last edited by nbd (2014-09-30 22:33:37)

If I understand correctly, postfix it's a constantly running daemon. Seems to be an overhead for delivering only from time to time sent messages.
ewaller wrote:
> Out of the box, sendmail should be safe, but I think you have to enable local mail.
Currently I have msmtp-mta installed, which is described as having sendmail functionality. If I install sendmail - will it be possible to send local email without running email daemons?

How to use different (not local) user for NTLM auth in Authenticator?

Hi All,
I use custom authenticator to provide user / passwords to connect to .NET Web Services. I overloaded function getPasswordAuthentication() that returns right user / password combination for the requested URL. It all works perfectly for many kinds of HTTP connections: basic, ntlm, ntlm-v2, through proxy, ssl, etc.
My problem is that during NTLM authentication from Windows computers JVM uses credentials of the currently logged in domain user instead of calling Authenticator to get other user / password provided by the user. In case when local user credentials fail to authenticate, JVM calls my Authenticator but in case authentication is successful it does uses local domain user and never calls my Authenticator. The issue is when this local domain user does not have enough permissions but authenticated correctly there is no way to supply JVM with another user to begin with.
What can I do to force JVM to ignore local domain user and to use Authenticator to collect credentials during NTLM authentication requested by the server in case the software runs on a Windows box with currently logged in domain user?
I am looking for the answer for a long time already but found only questions and suggestions to switch server from NTLM authentication which is not an option for me. From the developer's view it has to be pretty simple change for Sun to do in Java networking API. Is there any way to escalate it to Sun support? Maybe there is some property in some JRE patch level that allows to do this?
Thank you very much!
Mark

Thank you for the reply. I have kind of an opposite problem. I can perfectly connect from Linux computers to Microsoft IIS servers using NTLM or even NTLMv2 authentication. My problem is connecting from Windows client computer joined to the same domain as IIS server with the domain user logged in to this computer. In this case this user account will be used in any HTTP connections I initiate to this IIS server instead of the one that I want to supply in my custom Authenticator.
I have graphical interactive application that connects to IIS Server. When user runs it and connects to IIS server I want to prompt for the user/password regardless whether JRE may correctly authenticate using current user account credentials. The current user may not have enough permissions in IIS application so I want to use different user to login to IIS application.
Thank you anyway,
Mark

How to Move Local Users to Network Domain Users

Before you follow these instructions...... I'm a rank amateur so I'd check to see if the smart kids have corrected my errors or improved on the method in the replies below
The reason for the post is I have good and established local user accounts on all the computers and moving them to domain controlled accounts is the one topic I could not find a script to follow that worked for my low level of knowledge of OS X.
Let me first explain my setup and needs. I'm replacing a Windows Home Server (WHS) with the Mac Mini Server. My goal was to have the Mac Mini as the server holding all our photos, data, etc. and running a user account to run the family iTunes account to feed the Apple TV and be the backup / sync point for a family sized set of iPod Touches, iPads and iPhones. I want to be able to log into each mac and have the same information setting, links, etc........ basically walk around the house, find any mac shaped device not used by someone else, log in and carry on where I was before - with the MacBook Air having a portable account so it can come travelling with us.
The key hardware is...
Mac Mini Server running Snow Leopard 10.6.8
Apple TV
2 x iMac Running Lion 10.7.1 [upgraded from 10.6.8]
MacBook Air running Lion 10.7.1 [upgraded from 10.6.8]
Normal stuff like wifi, hubs and a router doing the DHCP (and for me reserving IP addresses based on the 'MAC Address' to save me having to manually configure all the IP addresses)
Key Resources I used as I learnt how to do this; to level set you all, I'm a relative newcomer to OS X having had a Windows life with Linux for fun, so i'm not a mac or IT specialist but like to play around.
Apple's podcast series 'Apple Quick Tour of Leopard Server' - this is great, it informed me and kept me motivated through all the bah moments, all 33 episodes and it's in the iTunes store as a podcast.
The book 'Mac OS X Snow Leopard Server For Dummies' - I bought this about half way through the whole process and wish i'd bought it earlier, my reccomendation would be get the Kindle version so you can search it for advice.
The excellent information on DNS from Hoffman Labs http://labs.hoffmanlabs.com/node/1436
The video 'Setting up a primary DNS zone.....' from Lynda.com on youtube http://www.youtube.com/watch?v=OOEgQY9oFK4
The Series of PDF document on Snow Leopard Server from Apple http://support.apple.com/manuals#mac%20os%20x%20server%20v10.6
And finally this excellent post from Joe Ferrante which was the core of what I used http://joeferrante.net/how-to-migrate-local-user-account-to-network-user-account -with-networked-home-folder-on-snow-leopard-server/
Right off we go....
Setting up the Server [this took me 6 goes to get it right as I learnt a little each time].
So i'm not going to go through this step by step because it in the 'dummies' book and the videos from Apple above and those will be better than anything I write but here's my details/advice.
I split the primary disc into 2 partitions using disk utility so I could reformat the operating system without moving my data.
100GB for the OS X system
400GB for user data
Install OS X from the DVD, press the buttons based on your desires but stop at the bit about naming you computer titled Network Names
READ UP ON DNS - this one of the reason I had so many goes as it was the 1st time i've set up a server like this using DNS and guessing didn't get me there.
If you don't have one buy a domain name for your network it make it much easier in the long run & is $10 well spent
The name needs to be [the computer name].[your domain name].[com or net or org, etc]
So if you want you computer to be called fred and you bought or have the domain location.com enter fred.location.com in the primary DNS name box
This shoud automatically put fred in the computer name box.
Follow along with the set up guide to finish
After you have finished the set up test the DNS with NSLOOKUP in a terminal window
nslookup fred.location.com in my example and you should get the IP
Add your servers IP address to the list of DNS servers in network preferences on the client mac.
Bind [link] the client computers to the server in Accounts on the client computer - I used the 'dummies' book for this but there's lots of data on the web.
Clean up the user profile on the client to reduce the size of the Home folder as much as possible or the data transfer is loooooooonnnnng - i also connect the iMac on a cable rather than wifi to speed it up.
Read Joe's post http://joeferrante.net/how-to-migrate-local-user-account-to-network-user-account -with-networked-home-folder-on-snow-leopard-server/ and follow along.useful info I learnt somewhere - to get the paths to the folders correct in the terminal window go to the folder in Finder and then drag it to the terminal window and let go - this will put the correct link in the instruction.
You now need to be on a terminal window on your server, with a finder window open and logged into the client as the user you are moving
THE CLIENT COMPUTER NEEDS TO BE LOGGED OUT or logged in as a different user than the one you're trying to move.
so when you're at the right point - type sudo cp -R then hit the space bar, drag the existing user folder onto the finder window, add the /* and hit space then find the users folder on the server and drag that onto the terminal window to complete the instruction.
Hit enter and wait a while assuming it starts ok - i used network traffic on the Activity Monitor utility to check if it was working.
If you got this far and it all worked - login to the profle you moved on any computer linked to the server or the server but not the original client computer to see if it worked and all your setting and data are intact and then delete the profile off the original client if it was ok [archiving the home directory took ages for me].
As you can probably guess most of this was good learning for me and it worked successfully for me in the end, moving all my history, saved password, etc, etc without any problems.
Hope this helps other in the same situation & feel free to expand or correct this if I've missed anything.
Ed

Hi,
I was unable to access the Joe Ferrante information (it appears to now requrie a password and was not able to determine how a username and password were assigned) Would you happen to have a copy of the post that you refer to above?
I am still at the early stages of this process but am hoping that the steps you refer to are going to get me where I want to be. Your stated end goal is where I hope to get to.
Thanks,
Sean

Migrate a Local User Account to a Network Account Shell Script

http://support.apple.com/kb/HT5338?viewlocale=en_US&locale=en_US
If you are looking for an easy way to migrate local users to network users without losing data, then try this script.
Follow steps 1-10 in the support link above before running this script.
1) Open /Applications/Utilities/Terminal.App
2) Type vi myscriptname.sh
3) type "i" to edit the document
4) Copy and paste the following text in the terminal window
#!/bin/bash
echo "Go to http://support.apple.com/kb/HT5338?viewlocale=en_US&locale=en_US"
echo "Complete steps 1-10 before continuing"
echo -n "Enter 'USER' and press enter:"
read USER
echo -n "Enter 'SERVER' and press enter:"
read SERVER
sudo scp -Epr /Users/$USER root@$SERVER:/Users/
sudo mv -f /Users/$USER /Users/$USER.old
ssh root@$SERVER sudo chown -R $USER:staff /Users/$USER
5) hit (ESC) then colon : and type wq! and hit return to save the document
6) In Terminal type: chmod +x myscriptname.sh
7) in Finder, Right Click or Control+Click myscriptname.sh and select open with
8) Select "Show All Applications" and Navigate to /Applications/Utilities/terminal.App
9) in Finder, Right Click or Control+Click myscriptname.sh and select get info / Open with and click "Change All" to open all .sh files in Terminal
10) Double Click myscriptname.sh
11) For USER enter the name of the network account
12) For SERVER enter your server name (server.example.com)
13) Enter the Admin Pass for the Local Machine, Then the Server, Then the server again
14) The user folder will be renamed to user.old (bob.old)
15) When you login as the network user account OS X Server Will copy your data to the local machine with Portable home directories
16) Once you verify all the info is there you can delete the user.old folder from the /Users/ folder (bob.old)

replace sudo scp -epr with sudo rsync -auvth if you do not want to waste space copying hardlinks

Domain users and local users can't login to reporting service web environment

Hello,
We installed reporting services at one of our customers but aren't able to use domain users to login. We've tried to login with a domain user, a local user but both aren't working. We set the proper permissions for the users on the reports folders.
We can only login with the buildin/administrator account on the local url: http://servername/reports
How can we allow login with domain users on other report manager url's?

Below link may be helpful,
http://social.msdn.microsoft.com/Forums/sqlserver/en-US/623da309-21fa-42a8-905f-1424144a347d/setting-up-a-user-in-ssrs?forum=sqlreportingservices
Regards, RSingh

How to get a list of Local Users who has not logged in for 3 months or around 90 days

hi
i found this thread to pull out a list of local users
Retrieve all local user accounts information on remote computers (PowerShell)
however, i need to filter out users who has not logged in for 3 months or around 90 days, how can i do further filtering?
i understand dsquery has an -inactive <xweeks> , however i am doing it for local accounts

$ErrorActionPreference = "silentlycontinue"
$([ADSI]"WinNT://$env:COMPUTERNAME").Children | where {$_.SchemaClassName -eq 'user' -and $_.lastLogin -gt (Get-Date).AddDays(-90)} | ft name,lastlogin
using the sample from the link extendend with the 90 days criteria, the erroraction preference surpresses the errors you get for accounts with no lastlogon value (guest being a typical one)

COREid Federation Error: A local user session could not be created for the

Hi,
I installed two instances of COREid Federation in my machine. Also installed SiteMinder and LDAP. Source Domain of COREid (8101) uses LDAP as IdMBridge and Destination Domain (9101) uses SiteMinder as IdMBridge. I am trying to access the resource protected by the SiteMinder from the source domain using the URL which is constructed using the pattern given in the PDF:
http://mymachine.domain.com:8101/shareid/saml/ObSAMLTransferService?DOMAIN=DestinationDomain&method=POST&TARGET=http://mymachine.domain.com:8887/Source/Source.html
Assertions are generated and I can see the assertion in the Source domain and transferred to the Destination Domain.
I get the following error in the Destination Domain Shareid Log file:
ERROR - [http10113-Processor3] - RECEIVER: ERROR: A local user session could not be created for the assertion
Please help me to solve this issue?
Note: The Web agent runs on the web server instance 8887.
SiteMinder is able to protect the resource when accessed.

Typically that error occurs when the destinations access management system can't find the user based on the SAML attribute. Check to make sure that the attribute that you are matching on matches exactly.

Dynamic Local User

Similar Messages

Maybe you are looking for