Force logout a managed user?
Hi all
I'm running an OD server with 10 clients connected (all 10.4.6, clients and server). Users, groups and computers are managed, and simultaneous login is disabled for all users.
My question: How can I (forcibly) log a user out? You know, as you can disconnect a user who is connected to an AFP share...
Right now I was trying to log in on one of the managed clients, and it keeps telling me that I'm already logged in on another one, but I'm definitely not. Something must be hanging somewhere, but where?
TIA, Tina
Yes, and the user is nowhere to be found. Nowhere on
the OD server and nowhere on the fileserver where his
home resides. I know about the disconnect option for
AFP/filesharing connections, but what about users
logged in to a client by authenticating against an OD
server?
Tina
If you're running Remote Destop you can logout clients from the "Manage" menu with "Log Out Current User...".
You can also ssh to the client and issue this command:
sudo ps -aux | grep loginwindow
it will return the PID for the loginwindow.app process.
Then issue the command:
sudo kill -9 xxx
where xxx is the PID of the loginwindow.app process.
Similar Messages
-
How to force logout of portal user
Hi all,
we're currently facing trouble with portal users being "locked" in the portal. They are not locked in the ume sense, but when trying to logon they are only able to see navigation framework, and no content. The only content we're using in the portal is MSS/ESS, so the content we're trying to load is from R/3.
My idea is to manually log out the user in trubble from the portal.
Now; I can see see active http_sessions using the telnet Administrator session, but I can't find a way to force logout a user. Can anyone please tell me how to?
We're using Portal SP11, and ESS/MSS SP7.
I'm thankful for all input! Points will be handed out of course.
Kind regards,
Andreashi,
Try this code.This might help you.
IPortalComponentRequest request=(IPortalComponentRequest) this.getRequest();
IAuthentication Authen = UMFactory.getAuthenticator();
HttpServletRequest req = request.getServletRequest();
HttpServletResponse res = request.getServletResponse(true);
//logoff user from Portal
Authen.forceLogoffUser(req, res,"");
The third argument is a string which is the redirection URL.
Regards,
Srinath -
Hello,
I'm trying to do a forced logout for specific users from the convergence webmail.
Om the mailstore machines I'm running "imsconnutil -k -u <user_login>". The command succeeds, but there is no forced logout.
https://wikis.oracle.com/display/CommSuite/imsconnutil
What is the correct way to force a logout for a convergence user?
The ENS daemon is enabled.There is a MOS knowledge article about this:
How To Get A Specific User Logged Off Or Disconnected From Convergence (Doc ID 1421725.1)
https://support.oracle.com/rs?type=doc&id=1421725.1
It is not as simple as using the imsconnutil -k command for IMAP.
There is also an enhancement request:
BUG 17529404 - Provide build-in possibility to disconnect a user
Please open an support request to be added to that ER 17529404. -
How can HelpDesk manage users in multiple Organizations in OIM R2
Hi All,
I looking to satisfy a requirement for OIM 11g R2 where a helpdesk administrator can only manage users that belong to a particular institution. However, there are approximately 50% of users that belong to more than one institution, where helpdesk staff from each institution should be able to manage the user. Customer is currently
doing this in Waveset by assigning users to orgs dynamically through rules which allows multiple virtual orgs. OIM unfortunately has no way to assign a user to multiple orgs, making OOTB authorization management very difficult.
How can a administrators from different org manage same User. If that user belongs to different org?
How to achieve this in OIM R2?
Thanks
AkshatHi Adr,
I know the OIM Authorization is around the Organization, and a user can present in only one org in OIM.
I wanted to know, can we force the authorization based on Department/Institutions rather than Org. I am thinking in reagards of OES Authorization policies.
OIM unfortunately has no way to assign a user to multiple orgs, making OOTB authorization management slightly difficult.
I am looking to determine the best approach to accommodate this requirement. Due to the high number of users that reside within multiple institutions, leveraging organizations will not work. Asa far i know OES APM should be able to accommodate this, but could not find any solid guidance in the Oracle training or Oracle by Example documentation.
Any thoughts?
-Ak -
Error when trying to Manage 'User Profile Service Application'
Hello,
I'm recently facing an issue two issues
1. User Profile Service Application: when I goto manage user profile service application I get an error windows and when I look into the logs following is the error with given correlation id "ef9fb09c-ae28-1072-b404-c887d61ed915"
08/21/2014 09:07:27.53 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Logging Correlation Data xmnv Medium Name=Request (GET:http://gcdwinamzanl002:8081/_layouts/15/ManageUserProfileServiceApplication.aspx?ApplicationID=9826b245%2D1d65%2D408f%2Db252%2D058b3809225f) ef9fb09c-ae28-1072-b404-c887d61ed915
08/21/2014 09:07:27.75 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
General 6t8h High [Forced due to logging gap, cached @ 08/21/2014 09:07:27.50, Original
Level: Verbose] {0} ef9fb09c-ae28-1072-b404-c887d61ed915
08/21/2014 09:07:27.75 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Database 8acb High [Forced due to logging gap, Original Level: VerboseEx] Reverting to process
identity ef9fb09c-ae28-1072-b404-c887d61ed915
08/21/2014 09:07:27.75 w3wp.exe (0x2BB8) 0x2448 Web Content Management
Publishing Cache f6s5 Medium ObjectCache size is set to 100 megs. ef9fb09c-ae28-1072-b404-c887d61ed915
08/21/2014 09:07:27.75 w3wp.exe (0x2BB8) 0x2448 Web Content Management
Publishing 8zug Medium PublishingHttpModule.Init() calling AppDomainUnloadListener.Register() ef9fb09c-ae28-1072-b404-c887d61ed915
08/21/2014 09:07:27.75 w3wp.exe (0x2BB8) 0x2448 Web Content Management
Publishing 8x0a Medium AppDomainUnloadListener.RegisterSelf() entered lock(this=38386177) ef9fb09c-ae28-1072-b404-c887d61ed915
08/21/2014 09:07:27.75 w3wp.exe (0x2BB8) 0x2448 Web Content Management
Publishing 8x0b Medium AppDomainUnloadListener.RegisterSelf() about to call HostingEnvironment.RegisterObject(this=38386177) ef9fb09c-ae28-1072-b404-c887d61ed915
08/21/2014 09:07:27.82 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Asp Runtime aj1kp High [Forced due to logging gap, Original Level: Verbose] SPRequestModule.PreSendRequestHeaders ef9fb09c-ae28-1072-b404-c887d61ed915
08/21/2014 09:07:27.88 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
General 6t8h High [Forced due to logging gap, cached @ 08/21/2014 09:07:27.83, Original
Level: Verbose] {0} ef9fb09c-ae28-1072-b404-c887d61ed915
08/21/2014 09:07:27.88 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Database 8acb High [Forced due to logging gap, Original Level: VerboseEx] Reverting to process
identity ef9fb09c-ae28-1072-b404-c887d61ed915
08/21/2014 09:07:27.91 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://gcdwinamzanl002:8081/_layouts/15/ManageUserProfileServiceApplication.aspx?ApplicationID=9826b245%2D1d65%2D408f%2Db252%2D058b3809225f)).
Execution Time=427.452048 ef9fb09c-ae28-1072-b404-c887d61ed915
08/21/2014 09:07:27.98 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Monitoring nasq Medium Entering monitored scope (Request (GET:http://gcdwinamzanl002:8081/_layouts/15/ManageUserProfileServiceApplication.aspx?ApplicationID=9826b245%2D1d65%2D408f%2Db252%2D058b3809225f)).
Parent No
08/21/2014 09:07:27.98 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Logging Correlation Data xmnv Medium Name=Request (GET:http://gcdwinamzanl002:8081/_layouts/15/ManageUserProfileServiceApplication.aspx?ApplicationID=9826b245%2D1d65%2D408f%2Db252%2D058b3809225f) ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:28.35 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
General 6t8h High [Forced due to logging gap, cached @ 08/21/2014 09:07:27.98, Original
Level: Verbose] {0} ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:28.35 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Authentication Authorization agb9s Medium Non-OAuth request. IsAuthenticated=True, UserIdentityName=, ClaimsCount=0 ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:28.39 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Monitoring b4ly High Leaving Monitored Scope (PostAuthenticateRequestHandler). Execution Time=27.712976 ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:28.49 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Monitoring nass High [Forced due to logging gap, cached @ 08/21/2014 09:07:28.39, Original Level: Verbose]
____{0}={1} ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:28.49 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Asp Runtime aj1kr High [Forced due to logging gap, Original Level: Verbose] SPRequestModule.PostAuthorizeRequestHandler ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:28.68 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Monitoring b4ly High Leaving Monitored Scope (PublishingHttpModule: PostAuthorizeRequestHandler). Execution
Time=178.76496 ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:28.85 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Asp Runtime aj1km High [Forced due to logging gap, cached @ 08/21/2014 09:07:28.72, Original Level: Verbose]
SPRequestModule.PostResolveRequestCacheHandler ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:28.85 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Asp Runtime aj1kn High [Forced due to logging gap, Original Level: Verbose] SPRequestModule.AcquireRequestStateHandler ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:28.88 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Logging Correlation Data xmnv Medium Site=/ ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:28.94 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Database ahjqp High [Forced due to logging gap, cached @ 08/21/2014 09:07:28.90, Original
Level: Verbose] SQL connection time: 0.050592 ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:28.94 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Database 8acb High [Forced due to logging gap, Original Level: VerboseEx] Reverting to process
identity ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.22 OWSTIMER.EXE (0x0968) 0x3744 SharePoint Foundation Monitoring
aeh57 Medium Sql Ring buffer status eventsPerSec = ,processingTime=0,totalEventsProcessed=0,eventCount=0,droppedCount=0,memoryUsed=0
08/21/2014 09:07:29.53 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Database ahjqp High [Forced due to logging gap, cached @ 08/21/2014 09:07:28.95, Original
Level: Verbose] SQL connection time: 0.027536 ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.53 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
General 6t8b High [Forced due to logging gap, Original Level: Verbose] Looking up {0}
site {1} in the farm {2} ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.59 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology umbj High [Forced due to logging gap, cached @ 08/21/2014 09:07:29.54, Original
Level: Verbose] Deserializing the type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.59 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology ahg9p High [Forced due to logging gap, Original Level: Verbose] Completed deserializing
the type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.65 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology ahg9p High [Forced due to logging gap, cached @ 08/21/2014 09:07:29.64, Original
Level: Verbose] Completed deserializing the type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.65 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology umbj High [Forced due to logging gap, Original Level: Verbose] Deserializing the
type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.71 w3wp.exe (0x2BB8) 0x2448
0x6FB700D ahg9p High [Forced due to logging gap, cached @ 08/21/2014 09:07:29.68, Original Level:
Verbose] Completed deserializing the type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.71 w3wp.exe (0x2BB8) 0x2448 Access Services
Administration ackn7 High [Forced due to logging gap, Original Level: Verbose] Tried to obtain setting {0} from Conversion Service
Application, but it didn't exist. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.80 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology umbj High [Forced due to logging gap, cached @ 08/21/2014 09:07:29.76, Original
Level: Verbose] Deserializing the type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.80 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology ahg9p High [Forced due to logging gap, Original Level: Verbose] Completed deserializing
the type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.86 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology ahg9p High [Forced due to logging gap, cached @ 08/21/2014 09:07:29.85, Original
Level: Verbose] Completed deserializing the type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.86 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology umbj High [Forced due to logging gap, Original Level: Verbose] Deserializing the
type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.91 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology ahg9p High [Forced due to logging gap, Original Level: Verbose] Completed deserializing
the type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.96 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology umbj High [Forced due to logging gap, cached @ 08/21/2014 09:07:29.91, Original
Level: Verbose] Deserializing the type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:29.96 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology ahg9p High [Forced due to logging gap, Original Level: Verbose] Completed deserializing
the type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:30.06 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology umbj High [Forced due to logging gap, cached @ 08/21/2014 09:07:30.01, Original
Level: Verbose] Deserializing the type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:30.06 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology ahg9p High [Forced due to logging gap, Original Level: Verbose] Completed deserializing
the type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:30.12 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology ahg9p High [Forced due to logging gap, cached @ 08/21/2014 09:07:30.11, Original
Level: Verbose] Completed deserializing the type named {0} and with id {1}. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:30.12 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Configuration a16e High SPAce PrincipalName found account renamed to NULL SID. Using new name. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:30.12 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Configuration a16e High SPAce PrincipalName found account renamed to NULL SID. Using new name. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:30.14 w3wp.exe (0x2BB8) 0x2448 SharePoint Server
General ahjnd Medium Constructed a new async cache named Profile Property Cache ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:30.15 w3wp.exe (0x2BB8) 0x2448 SharePoint Portal Server User
Profiles ajk4d Medium UserProfileProperty_WCFLogging::Begin ProfilePropertyServiceClient.ExecuteOnChannel ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:30.15 w3wp.exe (0x2BB8) 0x2448 SharePoint Portal Server User
Profiles ajk35 Medium MossClientBase_WCFLogging::Begin MossClientBase.ExecuteOnChannel ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:30.18 w3wp.exe (0x2BB8) 0x2448 SharePoint Portal Server User
Profiles ajk36 Medium MossClientBase_WCFLogging:: MossClientBase.ExecuteOnChannel - Executing codeblock on channel ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:31.27 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Claims Authentication aeax6 High [Forced due to logging gap, Original Level: Verbose] SPSecurityContext: The SecurityTokenServiceBehavior is attached to the AsymmetricTrustChannel. ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:31.94 w3wp.exe (0x2BB8) 0x2448 SharePoint Foundation
Topology aeayb Medium SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas'
Channel: 'Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:3c1f10be-67f6-4335-9245-0af94c65f814' ef9fb09c-fe46-1072-b404-c5bccdc9dc59
08/21/2014 09:07:34.09 NodeRunnerContent1-ac7a63c6-80a (0x1A00) 0x32DC Search Search Platform Services
ajhlg Medium NerioCluster : Got valid (Primary) lease until 2014-08-21T09:10:11.0915676Z/0 for net.tcp://gcdwinamzanl002/C62BA9/AdminComponent1/Services/InvokerService
08/21/2014 09:07:34.29 OWSTIMER.EXE (0x0968) 0x3744 SharePoint Foundation Monitoring
aeh57 Medium Sql Ring buffer status eventsPerSec = ,processingTime=0,totalEventsProcessed=0,eventCount=0,droppedCount=0,memoryUsed=0
08/21/2014 09:07:35.72 w3wp.exe (0x0C0C) 0x18F0 SharePoint Foundation
Unified Logging Service b8fx High ULS Init Completed (w3wp.exe, onetnative.dll)
08/21/2014 09:07:35.86 w3wp.exe (0x0C0C) 0x18F0 SharePoint Foundation
Topology 2myf Medium Disabling the configuration filesystem and memory caches.
Abhishek MadanHi Abhishek,
According to your description, my understanding is that the User Profile Synchronization service stuck on ‘Starting’ or ‘Stopping’.
Please check whether you installed SQL 2012 Native Client (Pre-requisites) on SharePoint server. If yes, download and install SQL 2008 R2 Native Client from the below location:
http://download.microsoft.com/download/9/1/3/9138773A-505D-43E2-AC08-9A77E1E0490B/1033/x64/sqlncli.msi
From the SharePoint server ->control panel -> add/Remove programs , please confirm that the SQL 2008 Native Client is listed.
Make sure that the farm account is a member of the Administrators group on the server on which you are trying to start the User Profile Synchronization service, then restart the SharePoint Timer Service.
Set the FIM services to "Local System" before starting the service.
There is a troubleshooting for User Profile Synchronization Service start issues, please have a look at:
http://technet.microsoft.com/en-us/library/gg750257(v=office.14).aspx
Here are some similar posts for you to take a look at:
http://www.codeproject.com/Articles/358855/user-profile-synchronization-service-not-starting
http://www.sharepointdiary.com/2012/09/user-profile-synchronization-service-stuck-at-starting.html#ixzz2aX7Wz4GQ
Best Regards,
Wendy
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Wendy Li
TechNet Community Support -
Managed users with Active Directory?
Hi guys
I was wondering if any of you can help me out. I'm looking to get a OS X Server 10.4 to act as a managed user server, with all the pros of Open Directory (ie Finder restrictions etc) and user home directories on the Xserve's HD, but to authenticate through a Windows 2003 Active Directory Server.
I have been reading a number of sites and there seams to be two ways to do it.
1) Bind the Xserve and the client Macs to the Active Directory and then on the PC server specify the home folders as a share point on the Xserve. Ie \\Xserve\Users\Tom
This way the Xserve is basically a file server.
2) And I'm cutting this story short because I've only briefly read this one. But you can set the Xserve as an Open Directory master, some how import the users and then remove the directory master roll.
I really need to be able to have the usernames and passwords live from the Windows Server due to passwords being changed every 30 days blah blah blah so I guess point 2 is out of the question.
To be honest a yay or nay to the above would be a good start, could obviously save a lot of wasted time, but if anyone can recommend me a website or a pdf that will walk me through it.
I've managed to get my laptop to authenticate to AD but cant get the home directories to work. Every time I log in with a user account it creates it locally on my HD. I do not have "Force local home directory" checked. I guess I need to configure LDAP to the AD server as well? I gave it a go an managed to get Address Book pulling users and emails from the AD sever. I then preformed a lookupd lookup on a user bob and found that the home directory was set to /Users/bob even though on my AD server I've set it to \\Xserve\Users\bob is this something I'm doing wrong with LDAP? If thats all it is I'll be able to get point 1 above working and it will all be good.
I hope I've made this clear enough for someone to be able to help me.
Thanks in advance for any help you might be able to give me.
Tom
1.25GHz PowerBook G4 Mac OS X (10.4.4)With an OD master you could manage your clients at the group and computer list level.
So when you setup the user's profile in AD, you mapped a network drive and provided the UNC path \\Xserver\Users\bob. You did bind the OD Master with the name Xserve? Also, by default it will use smb to connect, which you can change to afp instead in the AD plugin. smb will not create the home folder for you. You could try to create the home folder yourself in advance. (sudo createhomedir -a may do the trick)
For troubleshooting purposes, you could create a share on the AD server and adjust the user's profile to point to it instead of the OD Master. Try and login and see what you get. -
Manage user certificates with UE-V?
Is it possible to manage user certificates with UE-V? I wish to store/manage Personal Certificates with UE-V but can't seem to find information about how to achieve this. Are Roaming Profiles still needed to have user certificates follow users
or can this be hacked into UE-V. I tried to create a template which handles the HKCU and User AppData paths which store Certificates but have not been able to get this to work.
Windows 7/Windows 8 Server 2008R2/Server2012
Any insight would be appreciated.
Thanks,
Mark RingoHi Mark
Certificates are currently not supported with UE-V 1.0 / 1.0 SP1. Just saving HKCU keys and the RSA / System Certificate files in APPDATA does not work any more since Windows Vista. You have to use a logon / logoff script which does the trick via Microsoft
CryptoAPI (Export / Import).
I have included exampled with Powershell below.
Cheers
Michael
ExportCert.ps1
# Scriptname: ExportCert.ps1
# Author: Michael Rüefli
# Purpose: Export certificates local certificate store (Machine or User) to a PKCS12 file format
# Version: 1.0.1
# Fixed Issues / Changes:
# V 1.0.1 / Fixed Export where no filter has been specified. Changed the autogenerated password strenght
function ConvertToSid([STRING]$NtAccount)
$result = (New-Object system.security.principal.NtAccount($NTaccount)).translate([system.security.principal.securityidentifier])
return $result.value
#Get the Arguments
$exportpath = $args[0]
$certstore = $args[1]
$issuer_filter = $args[2]
#Check the Args
If ($args.count -lt 2)
Write-host "Too less arguments! Usage: ExportCert.ps1 <exportpath> <certstore> [<filter> optional>" -ForegroundColor red
write-host "Example: Powershell.exe ExportCert.ps1 H:\Certs CurrentUser DC=LOC" -ForegroundColor blue
exit
#Error Handler
Trap [Exception]{continue}
#Check Exportpath, if not there create it
If ((Test-Path -Path $exportpath) -ne $True)
New-Item -Path $exportpath -ItemType Directory
#Get certificates in store
If ($issuer_filter)
$HKCUCerts = (dir cert:\$certstore\My | ? { $_.Issuer -notmatch $issuer_filter})
Else
$HKCUCerts = (dir cert:\$certstore\My)
#process each certificate
Foreach ($cert in $HKCUCerts)
$friendlyname = $cert.FriendlyName
$type = [System.Security.Cryptography.X509Certificates.X509ContentType]::pfx
$username = $env:USERNAME
$sid = ConvertToSid $username
$pass = 'Letmein$$Cert2012'
$pass_secure = ConvertTo-SecureString -AsPlainText $pass -Force
$bytes = $cert.export($type, $pass)
[System.IO.File]::WriteAllBytes("$exportpath\$friendlyname.pfx", $bytes)
ImportCert.ps1
# Scriptname: ImportCert.ps1
# Author: Michael Rüefli
# Purpose: Import PKCS12 certificates from a file share into local certificate store (Machine or User)
# Version: 1.0
# Fixed Issues / Changes:
# V 1.0.1 / Changed the autogenerated password strenght
function ConvertToSid([STRING]$NtAccount)
$result = (New-Object system.security.principal.NtAccount($NTaccount)).translate([system.security.principal.securityidentifier])
return $result.value
#Get the Arguments
$importpath = $args[0]
$certstore = $args[1]
#Check the Args
If ($args.count -lt 2)
write-host "Too less arguments! Usage: ImportCert.ps1 <importpath> <certstore>" -ForegroundColor red
write-host "Example: Powershell.exe ImportCert.ps1 H:\Certs CurrentUser" -ForegroundColor blue
exit
#Error Handler
Trap [Exception]{continue}
function Import-PfxCertificate
param([String]$certPath,[String]$certRootStore,[String]$certStore,$pfxPass = $null,[String]$KeySet)
#Error Handler
Trap [Exception]{continue}
if ($args[0] -eq "-h")
Write-Host "usage: Import-509Certificate <Filename>,<certstore>,<cert root>,<keyset> `n `
Valid certstores: LocalMachine,CurrentUser `n `
Valid cert root: My,AuthRoot,TrustedPublisher `n `
Valid Keysets: MachineKeySet,UserKeySet"
break
write-host "Importing Certificate: $certPath"
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
if ($pfxPass -eq $null) {$pfxPass = read-host "Enter the pfx password" -assecurestring}
$pfx.import($certPath,$pfxPass,"MachineKeySet,Exportable,PersistKeySet")
$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)
$store.open("MaxAllowed")
$store.add($pfx)
$store.close()
$username = $env:USERNAME
$certs = Get-ChildItem $importpath -Filter "*.pfx"
Foreach ($item in $certs)
$item
$friendlypath = $item.FullName
$friendlyname = ($item.Name).replace(".pfx","")
$sid = ConvertToSid $username
"$friendlyname-$username"
$pass = 'Letmein$$Cert2012'
$pass_secure = ConvertTo-SecureString -AsPlainText $pass -Force
Import-PfxCertificate "$friendlypath" "$certstore" "My" $pass_secure -
Looking for a tutorial/design-pattern for Manage User and Permissions.
Hello,
I wonder if anyone knows a good tutorial/blog with reference to security - howto Manage Users and Permissions.
In my application I have GROUPS and each group has access to different RECORDS and CASES.
Example:
Groups: Alfa, Beta, Gamma
Record: R1, R2, R3...
Case: C100, C200, C300
Group Alfa can view: R1, R2 and C300
Group Beta can view: R1, R3, C200, C100, C300,
Group Gamma can view: R3
My question is this: what should be the best way (design-pattern?) to force a policy to securing the Records/Cases?
What should every case/record implemented to verify that a user (part of a group) has the right to access the entity.
Thank You!Sorry if this one is too basic for you but as I do not know your level of experience try:
http://www.adobe.com/devnet/dreamweaver/articles/first_dynamic_site_pt3_print.html
HTH
There are also many other tutorials on:
http://www.adobe.com/devnet/dreamweaver/application_development.html -
Can non Managed users be iCal server users?
Currently we've had moderate to good success with our test runs or iCal server. One item I'm not in love with however, is that inorder for someone to have an iCal user account and set up iCal on their machine, I first have to enable and set up Open directory. The down side to this is that it then makes them a "Managed User" meaning that there password and login is defined by the server.
We'd like to be able to add people into the mix, without having them be a managed user, and especially without forcing their computer login password and iCal and or server password to be the same.
Thanks in advance for any tips on this,
Greg MontgomerySo having the machine bound to the server isn't such a problem, although if it can be done for some users sans that I'd be interested in learning how.
The bigger problem is that the users are forced to change their passwords/logins on their machine to match the password on the server.
For the most part that is OK, but we have a few users who have their own laptops, and don't like having us control their login.
Greg -
How can I use Windows IAS to validate WLC management users?
I am having a problem using my Windows IAS radius server to validate management users for my 2112 Wireless Lan Controller.
I have defined the radius server and it works ok with the policy for validating wireless clients but not for WLC management users.
The Remote access policy seems to be set up correctly as the event viewer on the server shows:-
Event Type: Information
Event Source: IAS
Event Category: None
Event ID: 1
Date: 09/02/2011
Time: 11:06:06
User: N/A
Computer: UK01DC07
Description:
User xxxxxx was granted access.
Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxx
NAS-IP-Address = 10.10.45.210
NAS-Identifier = UK03NM01
Client-Friendly-Name = UK03NM01
Client-IP-Address = 10.10.45.210
Calling-Station-Identifier = <not present>
NAS-Port-Type = <not present>
NAS-Port = <not present>
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = UK03NM01 - login
Authentication-Type = PAP
EAP-Type = <undetermined>
But, the WLC log shows:
*Feb 09 11:06:06.612: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed. User:xxxxxx. Service-Type is not present or it doesn't allow READ/WRITE permission..
The WLC just returns the login screen
Any thoughts?
Thanks in advance
RichardEvent viewer shows :
Event Type: Information
Event Source: IAS
Event Category: None
Event ID: 1
Date: 10/02/2011
Time: 08:49:39
User: N/A
Computer: UK01DC07
Description:
User xxxxxxxx was granted access.
Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx
NAS-IP-Address = 10.10.45.210
NAS-Identifier = UK03NM01
Client-Friendly-Name = UK03NM01
Client-IP-Address = 10.10.45.210
Calling-Station-Identifier =
NAS-Port-Type =
NAS-Port =
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Policy-Name = UK03NM01 - login
Authentication-Type = PAP
EAP-Type =
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....
and IAS log shows:
"UK01DC07","IAS",02/10/2011,08:49:39,1,"xxxxxxxx","TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,"UK03NM01","10.10.45.210",,0,"10.10.45.210","UK03NM01",,,,,,7,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"UK01DC07","IAS",02/10/2011,08:49:39,2,,"TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,,,,0,"10.10.45.210","UK03NM01",,,,,,2,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
It appears to me that IAS checks and passes the username/password as being valid but this response is ignored by the WLC
Richard -
Sap UM connector 9.1.2 trouble with "SAP User Management User Recon" task
Hello All,
i have a problem with Sap UM Connector version 9.1.2.
OIM version 11.1.1.5
Windows 2008 R2
Problem is:
Then accounts in Sap are created through direct provisioning feature of connector everything works ok (subsequent update or delete an account).
But if a user account is created in Sap using Sap GUI, scheduled task "SAP User Management User Recon" of connector doesn't create reconciliation event to link user.
Sometimes it does though, but for one user account created using Sap GUI in OIM created two reconciliation events, so corrsponding user in oim have two records for resource SAP.
In this reconciliation events, one have full set of attributes (Login, First Name, Last Name, E Mail, etc), another one - just these 3 attributes: IT Resource, User ID, Lock.
"SAP User Management Delete Recon" scheduled task works ok then user account has been deleted using Sap Gui.
How one can troubleshoot such behavior?
Can anyone advise please?resolved the issue by updating sap um connector to version 9.1.2.5
-
JES Access Manager User Creation for Messanger
Hi Everyone
I installed JES 2005 Q4 on Solaris 10 x86 with schema 2 and Access Manager 7. The Directory Tree is as follows:
Sol1.nucleussoftware.com:389
dc=nucleussoftware,dc=com (34 acis)
DSAME Users
Internet
People
Groups
Client Data
services
nucleussoftware.com
People
Groups
o=Netscape Root (3 acis)
cn=Schema (6 acis)
cn=monitor (5 acis)
cn=config (4 acis)
Organization DN when I ran "configutil" after running comm_dssetup.pl, was specified o=nucleussoftware,dc=nucleussoftware,dc=com
This is fresh installation and not any migration.
Now I create user from Access Manager, http://sol1.nucleussoftware.com/amserver
There are two organizations 1. Nucleussoftware and 2. Nucleussoftware->nucleussoftware.com
So I have two locations to create users in People.
When I create user from Access Manager and try to login into WebMail, I get Login Failed.
But when I open "startconsole" or "mpsconsole" and open Messaging Server Console and in new user's property, Account Attribute, I mark the check box, and now try to login into WebMail, I get error message, "Mailbox is on a different server".
I am missing one attribute that I used to get with schema 1 on iPlanet 5.2 for any user, Mail Server Address.
Please tell me the exact method of creating a user for Messaging.
Regards
Amit BistAccess Manager was never intended to create working mail users. The Delegated Admin package is provided as part of JES, and that's what it is for, to manage users and groups. There's both a web interface, and a command-line interface, "commadmin"
Or, you can examine the ldap entries for the automatically created accounts, and duplicate that. Messaging doesn't really care how the ldap entries get done, just so that they are done correctly. -
Manage users and privleges is missing in security tab in rep admin 9.5
hi not able to see Manage users and privleges in security tab in rep admin is manage users and privleges in infa 9.5 is shifted to admin console or is it available with both the tools admin console.
Thanks Neil - Problem solved and I´ve saved a couple of new Applescripts for checking and reset in case (and when) this happens again.
Lets hope Apple discover the reason for random changes to file flagging and apply to a future update.
Again, thanks for your quick response. -
I need to uninstall an old userscript installed through Greasemonkey. Usually I go via Tools-->Greasemonkey-->Manage User Scripts or right-click on the monkey icon on the bottom left and choose Manage User Scripts and get this large window where I can manage whatever userscripts I have on here, but now I only get the small Add-ons window with the monkey icon last in the row (after Plugins and Installation icons) and the white area below is completely empty (whereas for example under Extensions I can see and handle those). How do I do this/Why can't I get the 'usual' managing window to show??
I also have this problem and it just started in the last week or so. It seems to be dependent on my home network and the problem only exists with firefox. I have used chrome and IE8 with no issues. I can verify tomorrow that it only exists in my network but one thing I was able to test is that the problem exists even on my linux boot. I am totally dumbfounded with this problem and I can't find anything that will allow the gmail page to load. All other pages I have tried load fine, all be it a little slower than normal but they load. If anyone knows of a difference between firefox and all other browsers on how it goes through the router I would appreciate the info cause I don't know of any differences.
-
Customizing View in Manage User Profiles page in CA
Is there a way to add additional fields to the Manage User Profiles section in Central Administration? It is defaulted to Account Name, Preferred Name, and Email. I would like to add one of my custom columns front an center so that when I search for someone
I see that custom field up front.
Thanks,
BrandonIt is possible. Please refer to:
http://technet.microsoft.com/en-us/library/cc262327(v=office.14).aspx#create
Just like any other custom search property you could use for User profiles too:
http://blogs.technet.com/b/meamcs/archive/2010/12/23/using-a-custom-user-profile-property-for-people-search-results-scopes.aspx
If you are using Term sets:
http://www.sharepointsteve.com/2010/10/making-custom-user-profile-properties-searchable-in-sharepoint-2010/
Maybe you are looking for
-
How to make a live curve in photoshop.
Hi everyone, I just posted a video on youtube showing how to make a live curve. You can check it out here How to make a Live Curve in Photoshop - YouTube I'm very curious about your opinions:)
-
How do I get my music back on PC
One of my drives died, and had to be replaced. When this was done, my itunes library(about 2500 songs) was migrated on to cd discs (3). When I put discs into pc, individual artist files are displayed, and I have to open each file to view the music in
-
Google search drop list does not function in Firefox v.4.0
Google search drop down list when hilighted no longer goes into the google search box with Firefox V 4.0.
-
IPod Touch, Music, Video, and Photo icons on iPhone
Is there a way to show Music, Video, and Photo as their own icons instead of having one iPod icon?
-
How do I get audio to play in Firefox?
No matter how often I check the volume mixer and confirmed that it was indeed up, Firefox refuses to play audio on videos or music streaming. I updated Adobe Flash as well and nothing happened. I don't want to start downloading random stuff because I