Home folders for AD authenticated users

Similar Messages

• How can I set the default home page for all new users in Firefox 4

  I'm trying to deploy FF 4.0rc1 in a corporate environment but I can't find a way to set the default home page or any other settings for that matter.
  Is there a way to set the default home page for all new users and lock it so that the users can't change home page?
  Best regards
  Jonas

  In Firefox 4 the template folder for new profiles (C:\Program Files\Mozilla Firefox\defaults\profile\
  ) doesn't exist. You can create that \defaults\profile\ folder and place a file user.js in it with the prefs that you want to initialize.
  See:
  *http://www-archive.mozilla.org/catalog/end-user/customizing/briefprefs.html
  You can also use a mozilla.cfg file to set the default value for prefs.<br />
  See: http://kb.mozillazine.org/Locking_preferences
  defaultPref(); // set new default value
  pref(); // set pref, but allow changes
  lockPref(); // lock pref, disallow changes

• Reporting Services through ISA server for All Authenticated Users

  Hello colleagues.
  I have MS SQL 2012 server with Reporting Services and it work via link:
  https://reports2.domain.com/reports
  In LAN all work fine, but I want publish this resource via ISA for All Authenticated Users.
  When in publish rule I configure (in Condition) "All users" - all work fine, but when I configure "All Authenticated Users" - I have trouble on web form on
  https://reports2.domain.com/reports/Pages/Report.aspx?ItemPat...  - scripts not work, because it run how "anonymous" (I see on ISA logging) and ISA block scripts.
  I can't use "All Users", because it's not secure.
  Maybe somebody publish Reporting Services through ISA server for All Authenticated Users?
  OR maybe - how on Reporting Services configure Negotiate authenticated for scripts?

  Hi Alexander,
  All users or applications who request access to report server content or operations must be authenticated using the authentication type configured on the report server before access is allowed. The AuthenticationType named RSWindowsNegotiate is supported
  by Reporting Services. To configure Windows Authentication on the Report Server, please see:
  http://msdn.microsoft.com/en-us/library/cc281253(v=sql.110).aspx
  Besides, we can publish report server via ISA server. Please note that you should use a new web port number with a new listener which shouldn’t be used by other web site for report server. Reference:
  http://social.technet.microsoft.com/Forums/forefront/en-US/1cc68996-1ce6-4d88-a30d-2bfd13fba06e/how-to-publish-ssrs-2008-through-isa-2006?forum=Forefrontedgegeneral
  Hope this helps.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support
  Katherine thanks for answer.
  Report Server service started as Domain account.
  I have in RSReportServer.config this:
  <Authentication>
  <AuthenticationTypes>
  <RSWindowsNegotiate />
  </AuthenticationTypes>
  <RSWindowsExtendedProtectionLevel>Allow</RSWindowsExtendedProtectionLevel>
  <RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
  <EnableAuthPersistence>true</EnableAuthPersistence>
  </Authentication>
  In web.config I have this:
  <authentication mode="Windows" />
      <identity impersonate="true" />
  I can go (from Internet through ISA) to
  https://reports2.domain.com/reports  and LogOn Authentication is work, but scripts not work, because it run how "anonymous" (I see this on ISA logging) and ISA block scripts.
  Do you know where in Reporting Services configure run scripts with Negotiate authentication?

• Networked Home Folders for Linux users

  Is this possible in OS X server? I can't find any mention of it anywhere.
  We recently acquired a group of animators who work in linux and would like their home folders remoted. i would also like to get them sucked into the same OD user structure to avoid multiple logins and such.
  Is this possible and does anyone know of any resources to help?

  All is possible with openLDAP (i.e. OD)!
  So you want linux people to authenticate against OD, and have their home folders hosted by a Mac (or a linux box?)
  I can tell you how I set up my Fedora 8 machine to authenticate against OD:
  1. run authconfig utility as root and select LDAP as a source of authentication info. Since OD uses Kerberos you also want to select the Kerberos option.
  2. enter all your OD info (ip, base to search, TLS or not etc).
  authconfig should update /etc/nsswitch.conf to look to ldap for name services and it should give you a working /etc/ldap.conf and /etc/openldap/ldap.conf. You may need to make some changes by hand.
  restart xserver (logout or reboot) and it should just work.
  If your home folders are on the linux box you will need to set an NFS option so that OS X will properly mount your NFS export.
  1. make sure linux machine has "insecure" option in its /etc/exports file and is exporting to samesubnet as your Macs.
  2.
  .... actually just follow these direction:
  http://www.oreilly.com/pub/a/mac/2007/06/27/discover-the-power-of-open-directory -part-2.html

• Network home folders owned by (unknown) user.

  I am seeing something strange happening and i will try and describe it as best as i can.
  This is happening in a middle school with about 750 users, 150 emacs(10.3.9) and 1 xserve(10.4.?).
  I am not sure if this is a capacity issue but it seems to happen when there are lots of users trying to log into the computers. There are several different work groups the students can choose from when they log in and at any one time there may be 60 to 100 users logged in with network home folders and 1 or 2 other auto mounting share points.
  Occasionally a few users will not be able to log in. A closer look will show that they are able to get passed the login screen and choose a workgroup and actually log into a desktop environment but they are not able to access their home folder. If you try and access anything in their home folder you will get an error msg informing you that you do not have sufficient access privilages. Of course the documents folder that normally sits on the dock is displayed as a question mark, and trying to launch any application will fail as it cant access the prefs file stored in the users library folder in their network home folder.
  There are a couple different scenarios i have observed when looking at the permission information on the home folders.
  Scenario one: when i look at the permissions on the home folder using get info tool, the owner is a completely different user. Doing an ls -sl from the command line shows the same information.
  Scenario two: when i look at the permissions on the home folder using the get info tool the owner is (unknown). Doing an ls -al from the command line will show the owner as being a number. I assume this is a uid number, and the number is usually a uid that does not show up in workgroup managers current list of users, and i assume this is why the get info tool reports the owner as being (unknown).
  I can fix the home folder by using a chown -r but dont know why this is happening to begin with.
  Does anyone have any ideas or suggestions.
  I have done some research on google but have not come up with anything concrete.
  Help
  Mark
  SD34

  This is not a definitive answer, but you are certainly pushing the capabilities of a single XServe. As best I understand it, the XServe is really meant to be part of a deployment of OS X server in an environment such as yours. You should really have at least one replica server for authentication purposes and a separate device, such as an XServe RAID, or at least another server to house network home folders. You should at least consider getting another box, even a dual G5 or Mac pro, make it a replica, and split the home dirs between the new box and the XServe. Think about it. You have a lot of users authenticating a buncg of shares and at the same time a bunch of users zipping all sorts of big and little dats files (like office or appleworks files) as well as all the web browser chache files and whatever other cache files are flying around. That's an awful lot for the XServe's network connection, nevermind the read/writes on the HD.
  So honestly, it would be really tough to tell if there;s just a bottleneck causing issues, or some other software/configuration error with that much traffic to a single server.
  And this is in no way meant to be a lecture - I learned a lot by trying a similar feat on my network

• Can't create an alias for User home folder for a second user

  Please help:
  I can't make an alias of a User home folder of a second user. I can successfully make an alias of a home folder of the first user. The computer says the folder is in use and to wait for some activity to complete, or that I don't have enough privileges. There are no activities happening and both accounts are administrator level. Is this a behavior of OS 10.5.6? I created alias for the two users before, but had unrelated problems and wiped the drive, re-installed 10.5.6 and now I can't do it.
  Much thanks and aloha - Rocky

  hi Petar,
  Wish it was that simple where i can just change the ID to ACT but unfortunately alot of our users like to hardcode there currentview and changing the scenario dimensions would take a big effort and alot of support work.  We had changed one of the dimension members before and we got phone calls asking why the report doesn't work for weeks.  Do you know if the NW version of BPC has that capability?
  Thanks,
  Elmer

• View procedures, functions for OS authenticated user

  Hello,
  Using JDeveloper 9.0.3.3 on HPUX 11i.
  User 'oroot' is a OS authenticated user. Using the JDBC url in the connection wizard I was able to login to the database with a /. The URL is shown below: "jdbc:oracle:oci8:/@".
  Now, if I expand the "Procedures", "Functions", Packages", "Tables" etc. under this connection tree, nothing is listed, but from sqlplus I could see all these informations for user 'oroot'.
  For a Database authenticated user it works fine.
  -murali

  Hi,
  Are you saying what are the roles/privileges required for this user to access cubes in global AW?
  The user must have read permission to the workspace and user should have OLAP_USER role as a default role assigned.
  If accessing through Discoverer for OLAP(D4O) then D4OPUB role should also be given.
  What is the front end tool u r using to create reports?
  Thanks
  Brijesh

• Password aging for externally authenticated user

  Hello All:
  How can we implement the password aging of externally authenticated user.
  Thanks
  San~

  If the user is externally authenticated, then the password expiry should be external. E.g for the unix account.
  "When you choose external authentication for a user, the user account is maintained by Oracle, but password administration and user authentication is performed by an external service. This external service can be the operating system or a network service, such as Oracle Net.
  With external authentication, your database relies on the underlying operating system or network authentication service to restrict access to database accounts. A database password is not used for this type of login. If your operating system or network service permits, you can have it authenticate users. If you do so, set the initialization parameter OS_AUTHENT_PREFIX, and use this prefix in Oracle user names. The OS_AUTHENT_PREFIX parameter defines a prefix that Oracle adds to the beginning of every user's operating system account name. Oracle compares the prefixed user name with the Oracle user names in the database when a user attempts to connect."

• How do I create Local Network Home Folders for Users from an Active Directory binding?

  My situation is this... I run an iMac lab at my school.  I have a server set up to manage the network user accounts in the lab.  Currently, I can sucessfully create Local Network Users and log in to them from any of the iMacs.  My school has an Active Directory set up for all the students on campus.  What I'd like to be able to do is configure the server to allow the students to use their user names and passwords from their school accounts to log in to the iMacs and have it automatically build a network user folder on the server for them to use during the lab. 
  So far, I have been able to configure access for the Active Directory accounts to use the services on the server, mainly File Sharing, but I cannot figure out how to allow them to log into a user account on the client's machines using their same Active Directory credentials.  I have even attempted to allow the user accounts to create mobile accounts, but that's not working out either.  Entering indivual network user accounts into the server for every student every semester will be a nightmare.  I'm sure there's a way to do it automatically using the exisitng Active Directory structure.
  The live server is running 10.8.5 Server still, but I've also got a clone running OS X Server in case it matters.  Please help!

  ok reinstalled everything dns seems to be working have done sudo changeip -checkhostname and it says that both names match but then i started open directory and can't seem to get Kerberos started, i've tried changing it to stand alone then back again but it does nothing. I'm wondering why this would happen? i've tried adding a kerberos record but it doesn't do it just does nothing so i don't know what i'm doing wrong. I wondered if it might be a problem with the two network cards and dns as on ethernet one it is getting the dns name xserve.xxxx.ac.uk (which matches what the college server wants to call us) but on ethernet 2 gets xserve-2.local because it tells me that it already exists on ethernet one and renames it to this. I need to set up NAT so have ethernet coming in on port one and out again on port two. I wonder if my dns is backwards as its got the 192. address the NAT uses but its linked to the ethernet port one dns maybe this is the problem. would this cause open directory not to start kerberos?

• Hiding prices for not authenticated users in Web Channel Web Shop

  Hi Experts,
  I have a requirement for hiding prices for all users who are not logged. The prices only will be shown once the users are authenticated into the system (Portal). Any ideas...?
  Best Regards
  David C

  Hi Hamendra,
  Thank you so much for all information... I already downloaded the guide but I could not find any information about getting status from users logged..... How to know if a user is logged or not into the system...?? We got WCEM 1.0 and I found a Post for WCEM 3.0 Early logon http://scn.sap.com/community/crm/web-channel/blog?start=15 for some excluded pages they used this tag for encapsulate content on JSP:
  <c:if test="#{wec:isEarlyLogonShopAndUserNotLoggedIn() == false}">
       <YOUR CONTENT/>
  </c:if>
  Do you think it might work...? Don't know if Early Logon is available for WCEM 1.0... I am still searching and testing...
  Best Regards
  David Cortés

• ACS SNMP OID for active authenticated user

  Hi, anyone know the OID or MIB name for Active TACACS and Radius authentication? like to use some NMS tool to pull out this information for monitoring.

  I could test it , but in the meantime you could try by using acs web services
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/sdk/mrvapis.html

• How do I get the JAAS Subject for an authenticated user?

  Hi
  I searched through the site, but didn't find anything useful.
  I came across many instances of using the javax.security.auth.login.LoginContext
  to get the Subject, but am not sure how to get a handle for it, after the login process is completed and the usre is authenticated.
  RG.

  WLS has a static method for returning the javax.security.auth.Subject :
  http://e-docs.bea.com/wls/docs81/javadocs/weblogic/security/Security.html#getCurrentSubject()

• How do I best integrate existing laptops for a new server?  Can I use the existing home folders on the laptops and make them into Network Users?

  How do I best integrate existing laptops for a new server?  Can I use the existing home folders on the laptops and make them into Network Users?

  Yes it will work.  I've done it for a few users in my small office.  As with anything, there are quirks that you may or may not experience.  Most quirks are app-related, due to app developers hard-coding absolute paths into their apps for things like temp files (Photoshop).  Strategies for resolving these sorts of quirks can be found via google.  You would probably have seen these quirks already when using server-based home folders for your kids.  If you haven't noticed them, then you're probably fine.
  The tech note you cited should be fine.  It doesn't explicitly say so, but you'll need to enable ssh on your server, at least temporarily, so you can upload your home folder to the server using scp, rsync, etc.  Don't try to copy the files up to the server via Finder.
  Once all your files are transferred to the server and in the right place, make sure to chown them on the server, so they are owned by the userID you created for yourself on the server.
  As with anything this involved, make a good backup of your laptop first.
  Note I have one user that isn't too happy with the responsiveness of the periodic mobile home syncing.  She has about a decade of e-mail in her home folder, probably 50 to 100 emails per day, many with attachments.  Mobile home syncing takes a long time to check and sync this huge tree of itty-bitty files, eevn with server-side file tracking turned on.  The other users are happy.
  The nice thing about mobile home syncing is that when a user "graduates" to an age where they've earned their own laptop, you can change them from a server home user to a mobile home user, with a minimum of fuss.  Also, if you lose or break a laptop, you can add a new replacement laptop to your network, and pull-down a replica of the home folder from the server, with almost no downtime.

• Giving ad users mac home folders

  Hi Discussions,
  I'm going in to set up home folders for AD users tomorrow. I've been reading up on it but have a couple of questions. I'll be setting up the "holy trinity" AD for user authentication, several OSX servers for home folders and another OSX server for managed preferences.
  Tech article 107943 says to:
  On the AFP Server serving the home directories, bind the server to the AD domain, and set up the share point and user homes.
  Do they have to be Automounts? This article and Joel Rennich's AD/OD Integration doesn't mention Automounts. Any opinions on that?
  Tech article 107943 also mentions:
  In Active Directory, edit the user's profile to set up her home folder so that it is mapped to an unused drive letter, with the path set to:
  \serversharepointhomedirectory
  I am not at all familiar with that setting. Does anyone have a screen shot or step by step instructions?
  Thanks!
  -- jmca

  Hi Jmca, I'm not sure about the answer to the first question but the second one should be on the AD domain controller select the user you want to edit and select properties, and it's on the profile tab under Home Folder. THe syntax I'd say is a bit misleading as in my experience it should be \\server\sharepoint\homedirectory
  My 2 cents
  Cheers

• 10.6 server on w2k AD domain, trouble making new user home folders

  i recently starting working as a public school which has over 800 macs, both intel and ppc, laptops and desktops. there are also 300 windows machines as well. my job is to create the new user accounts for the students and staff as well as perform routine maintenance on the computers/servers. there are 3 xserves (intel) running 10.6.8 and 3 windows boxes running 2000 server. (i know thats old but it was top of the line when the building was build in 2002) the windows machines perform the user authentication via active directory and the xserves house the home folders stored on an xserve raid. the problem i am having it that i cannot create the new home folders for the incoming students on the xserve. the accounts are created in AD with no problems, and everything points to where it should be. however, when i try to manually create them (either by createhomedir in terminal, or by a script one of the previous system admins made) nothing happens. both active directory and open directory are up and running and all the servers seem to be talking to each other. on a side note, if i deleted an existing home folder and than ran the terminal command, it creates it perfectly. in one last attempt i re-bound all the mac servers to the AD and now it wont even let me re-create an existing home folder. anyone have any thoughts or ideas?? i have about a month left to get this fixed and all the computers imaged with the new config. i'd rather not have to re-build the AD domain but if it comes down to it, i may not have any choice.

  sorry i havent posted back sooner. i tried server cleanup and it did seem to fix other minor issues with the server, and it mapped the correct path to the user home folders. but it won't let me fix the permissions. when a student logs in to a client machine their home folder window opens up and all the folders are there but it won't let you open them stating that "you do not have the correct permissions" i ran fix permissions in server cleanup a few times, but it didnt fix the situation. also, i noticed that when i tell SC to look at the active directory domain, i get an error window and it stops loading users after the C's (alphabetical by last name) could this be because the AD domain is windows 2000 server? i just got 2 win2003 server machines freed up that i could migrate the AD domain to. that might fix some issues.