How do i create a single sign on environment from scratch?

setting up a single mac mini 10.6.6 server in a small law firm and want to create a sso environment from scratch. i have currently got everything working fine as an open directory master, but every reference to sso that i can find, talks about joining an existing sso environment, or joining ad, creating a triangle, but never a stand alone od master to create the sso. am i missing something, or is it not possible or practical to do in such a small office with just a few users?
thanks for any help understanding this.

i appreciate your input Rikakiah, although i am glad i don't have to pronounce your alias out loud
anyway, that's starting to sound like something i might want to try, because so much of what i want to do is not really working the way i'm doing it. it had crossed my mind, but wasn't sure i was going to avoid problems by using network home folders instead of mobile accounts. at this point, i have only one of the four workstations bound to the server, which was purchased as a mac mini snow leopard server with the dual internal drives, and was set up as a mirrored raid with the 2 internal 500 gig drives.
i am seeing what seems to me like some odd behavior with network accounts working with the log in screen (all the users show up in the log in screen properly as network accounts, but only one account, the one that matches exactly the local account user name and password and allows log in) and auto mounting group shares are not seeming to work at all. what seems odd, is that management of the local account seems to be working great, and has merged management with the local account. the user still has all their existing documents and settings, but i can see that the things like the control panels i locked them out of are grayed out. so to be try to be clear here, i have 4 network accounts set up in wgm, and on the log in screen, i see 3 network accounts with the typical network user icon, and what looks like the original account with the original icon. i can only log in using that account, but when i get in there, it's managed ok. i expected to see the original local account and 4 network accounts, but evidently using the same user name on the server as the local account caused this. when i try to log in with one of the other network accounts, the login screen shakes it head no.
for the record, from another post talking about network log in issues, on the local system, setting System Preferences>Accounts>Login Options>Allow network users to log in at login window>Options>Only these network users: can mess this up, but my settings there are fine, since i had never messed with that. it says "allow all network users" or something like that.
here's what i am trying to get to: auto mounting group shares and single sign on for afp group folders and ichat, and as you said to allow the users to move around from workstation to workstation as needed. as you know, there's a myriad of settings to make this all happen. i don't see how anyone can help me fix the 2 things that aren't working, unless i give a long winded explanation of what my settings in workgroup manager and server admin are, so here goes…
i have dns and open directory running fine, a static map of ip addresses so that i can do authenticated directory binding, which seems great so far. in wgm, i have under preferences / computer list the one computer i have bound - computername$ and under window checked always, heading - directory status, list of users, show local users, network users, computer administrators, and other. under options checked always, enable fast user switching, computer administrators may refresh or disable management, and start screen saver after 5 minutes. under access checked always, clicked the gear button once which caused network users - allow - * to appear in the access control list, local only users may log in, local only users use available workgroup settings, and combine available workgroup settings. scripts and items have never checked.
then for workgroup folders to auto mount, i have set afp auto mounts for each of my 2 groups, partner admin and support staff in server admin / afp. under accounts / groups / support staff / group folder, the support staff auto mount is selected, and the user i am working with is obviously a member of that group under the members tab. finally, under preferences / groups / support staff / items, always and add group is checked and the support staff volume shows up in the list. authenticate selected share point with user's login name and password is grayed out and not checked, and merge with user's items is grayed out and checked. i'm not sure what i am missing to get auto mounting group folders here. btw, the user can for sure log into the group folder with the same user name password that she logs into the workstation with, if she does so manually under the go / connect to server menu.
oh, and ichat seems to work as expected. she gets sso there! sweet!
if i do end up trying to go for network home folders, (i would like to see auto mounting group folders working first, before i try) i found something that looks like a no-brainer to add to the mix…
http://tools.mconserv.net/NHR.html
thanks everyone for your interest in helping me deploy this server.

Similar Messages

  • How do I create a single image using PSE12 from multiple originals where each original is still separate?

    How do I create a single image using PSE12 from multiple originals in which the originals are still separate (i.e. side by side or arranged in a square)? I could do this in PSE2, but can't find how to get PSE12 to do it.
    Grecophile55

    In PSE2 there was a single photo-merge. I browsed all my images and I could then click and drag each to its new position before saving. There doesn’t seem to be a similar facility in PSE12.

  • How can I create a single order from multiple quotations?

    How can I create a single order from multiple quotations that I have created by the transaction VA21 ?
    Thanks in advance for the answers.

    hi
    Go to transaction: /nva01
    Enter order type : ZOR
    Sale org :xxxx
    Dist.channel:xx
    Division :xx
    Press enter
    Click on “Sale document” and select Create with reference
    Then enter 1st quotation number & click on “COPY” or “Selection list”. Then click on “Copy “.Then all line items which belong to quoation1 copy to order.
    Then,
    Click on “Sale document” and select Create with reference
    Then enter 2nd quotation number & click on “COPY” or “Selection list”. Then click on “Copy “.Then all line items which belong to quoation2 copy to order.
    Then,
    Click on “Sale document” and select Create with reference
    Then enter 3rd quotation number & click on “COPY” or “Selection list”. Then click on “Copy “.Then all line items which belong to quoation3 copy to order.
    Now save the sale document.
    Kindly give reward points
    Edited by: WISH on Mar 19, 2008 2:25 PM

  • How do I create a single PDF Portfolio from an Outlook 2011 email with multiple non-pdf attachments?

    How do I create a single PDF Portfolio from an Outlook 2011 email with multiple non-pdf attachments?
    Email has 3 attachments--some are not pdf. I'd like all three converted into pdf files along with the email itself, and all appear in the email's pdf portfolio.

    I would also like an answer to this question. 
    I am trying to convert an Outlook email to a PDF, then all attachment are appended to the PDF as pages instead of attachments. 

  • How do i create a single instance of a class inside a servlet ?

    how do i create a single instance of a class inside a servlet ?
    public void doGet(HttpServletRequest request,HttpServletResponseresponse) throws ServletException, IOException {
    // call a class here. this class should create only single instance, //though we know servlet are multithreaded. if, at any time 10 user comes //and access this servlet still there would one and only one instance of //that class.
    How do i make my class ? class is supposed to write some info to text file.

    i have a class MyClass. this class creates a thread.
    i just want to run MyClass only once in my servlet. i am afriad, if there are 10 users access this servlet ,then 10 Myclass instance wouldbe created. i just want to avoid this. i want to make only one instance of this class.
    How do i do ?
    they have this code in the link you provided.
    public class SingletonObject
      private SingletonObject()
        // no code req'd
      public static SingletonObject getSingletonObject()
        if (ref == null)
            // it's ok, we can call this constructor
            ref = new SingletonObject();          
        return ref;
      public Object clone()
         throws CloneNotSupportedException
        throw new CloneNotSupportedException();
        // that'll teach 'em
      private static SingletonObject ref;
    }i see, they are using clone !, i dont need this. do i ? shouldi delete that method ?
    where do i put my thread's run method in this snippet ?

  • How can I create a master PDX that pulls from multiple other PDXs?

    I process aviation maintenance manuals, with the individual manuals having their own PDX. How can I create a master PDX that pulls from the individual PDXs?
    I have access to myriad versions of Windows and Acrobat so there's that...

    I’ve got 100s of manuals each with their own PDX. I’ve been asked to create a master PDX that in effect combines all of the individual PDXs into a single (cross-manufacturer, cross-fleet, cross-manual-type) searchable PDX that can be easily updated.

  • How can i configure firefox single sign-on for urls on citrix environment to affect all users

    Hello,
    i tried to configure single sign-on on firefox, which is published on our citrix environment and i tried to setup it as per this article "http://support.citrix.com/article/ctx120598" this method and it only applies for a single user, is there any way of doing the config to apply for any user which is loged via citrix session...?
    Thank you,
    Manoj.

    you can use a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values for all users and profile folders.
    Place a local-settings.js file in the defaults\pref folder where also the channel-prefs.js file is located to specify using mozilla.cfg.
    pref("general.config.filename", "mozilla.cfg");
    pref("general.config.obscure_value", 0);
    These functions can be used in the mozilla.cfg file:
    defaultPref(); // set new default value
    pref(); // set pref, allow changes in current session
    lockPref(); // lock pref, disallow changes
    See:
    *http://kb.mozillazine.org/Locking_preferences
    *http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/

  • How can I create a function of sound volue from time using AudioQueueBufferRef??

    I have a question how can I analyze class AudioQueueBufferRef, for creating a function of sound volue from time?? Here is what I get . there is AudioQueueBufferRef fillBuf = audioQueueBuffer[fillBufferIndex]; volume height is 2000 elements from SInt16* coreAudioBuffer = (SInt16*)fillBuf->mAudioData. so function looks like H(t*i)=coreAudioBuffer[i] where t = 1/sampleRate = 1/22050 but here is a problem. my program gets sound and uses a class AudioStreamer for this. AudioStreamer has 3000 lines when I play music from Free Internet Radio - SHOUTcast Radio - Thousands of Free Online Radio Stations. internet radio - my problem is as follows either I dont know where 85 % of sound information is or I dont know how I can analyze class AudioQueueBufferRef
    Here is the code where I analyze Buffer.
    {@synchronized(self)
    if ([self isFinishing] || stream == 0)
    return;
    inuse[fillBufferIndex] = true; // set in use flag
    buffersUsed++;
    // enqueue buffer
    AudioQueueBufferRef fillBuf = audioQueueBuffer[fillBufferIndex];
    fillBuf->mAudioDataByteSize = bytesFilled;
    // ======>in this place I analyze Buffer
    if (packetsFilled)
    err = AudioQueueEnqueueBuffer(audioQueue, fillBuf, packetsFilled, packetDescs);
    else
    err = AudioQueueEnqueueBuffer(audioQueue, fillBuf, 0, NULL);
    when bitRate = 24 buffer has the following options int size=(fillBuf->mAudioDataByteSize) == 2000 double sampleRate=asbd.mSampleRate == 22050 numberOfChannels = asbd.mChannelsPerFrame == 1 it turns out that duration of play buffer float bufferTime =(size/numberOfChannels)/sampleRate == 0.1 number of buffers per second float numBuffersInOneSeconds == 1,5 duration of play all buffers per one second numBuffersInOneSeconds * time == 0.15 so it is 15 % of all information
    as a result If buffer comes at 0.0 seconds he lasts up to 0.1 seconds.farther in my function there is no volume. second buffer comes in 0.7 seconds and lasts up to 0.8 seconds. but in reality the sound doesnt breaks. Maybe I'm doing something wrong .please tell me.
    just for comparison
    when bitRate = 32 buffer has the following options int size=(fillBuf->mAudioDataByteSize) == 2000 double sampleRate=asbd.mSampleRate == 22050 numberOfChannels = asbd.mChannelsPerFrame == 1 it turns out that duration of play buffer float bufferTime =(size/numberOfChannels)/sampleRate == 0.1 number of buffers per second float numBuffersInOneSeconds == 2 duration of play all buffers per one second numBuffersInOneSeconds * time == 0.2 so it is 20 % of all information
    when bitRate = 32 buffer has the following options int size=(fillBuf->mAudioDataByteSize) == 1660 double sampleRate=asbd.mSampleRate == 44100 numberOfChannels = asbd.mChannelsPerFrame == 2 it turns out that duration of play buffer float bufferTime =(size/numberOfChannels)/sampleRate == 0.02 number of buffers per second float numBuffersInOneSeconds == 10 duration of play all buffers per one second numBuffersInOneSeconds * time == 0.2 so it is 20 % of all information

    You cannot write custom commands for expressions.
    That being said, there are a couple of options:
    Create a subsequence with a single step. Use a parameter of the sequence as "function parameter".
    Create a custom step type including a substep module which implements the function. Add an edit substep to enable the user of the steptype to gracefully change the parameter.
    Store the variable parameter in a local/file global variable and modify the value in each step. This will, at least, keep the "function" the same for every step.
    Norbert

  • How can I create a array with all files from a directory

    How can I create a array of files or varchar with all files from a directory?

    I thought the example could be improved upon. I've posted a solution on my blog that doesn't require writing the directory list to a table. It simply returns it as a nested table of files as a SQL datatype. You can find it here:
    http://maclochlainn.wordpress.com/2008/06/05/how-you-can-read-an-external-directory-list-from-sql/

  • How to create a bootable OEL5.8 .iso from scratch?

    Are there any instructions available about how to create a bootable .iso file, for installing OEL5.8, from scratch?
    We need to build a system which is a customised version of OEL5.8; we want to add some extra RPMs and remove others. We have an older build system which does this based on OEL5.5, but the way it has been built makes this hard to upgrade. We'd like to try starting from OEL5.8 again.
    One possibility would be to download the initial OEL5.8 .iso; mount this as a loop-back filesystem; adjust some RPMs and config; then re-create an .iso from this file. However, this doesn't allow us to update the kernel very easily. We'd prefer an approach which starts from a set of RPMs (perhaps including modified kernel RPMs) and builds the .iso from scratch.
    Many thanks for any pointers.
    Edited by: user11244224 on Mar 5, 2013 7:16 AM

    You cannot simply edit an .iso image file because the iso9660 filesystem is read-only. And even if you create your own iso image from scratch, with a bootable code, any package you add will not be part of the initial installation, unless you recreate the appropriate software repository database and anaconda installer. Sounds like overkill to me for what you are describing.
    Why would you want to go through the endeavor to adjust the Oracle Linux distribution DVD for the purpose of creating a customized system? Why not using Kickstart instead, or a simply create a post-installation script to modify the installation to your needs?

  • How can I create and design a page UI from blank page in jdev10g?

    Hi.
    How can I implement a page from scratch page?
    I can create a master-detail page as the OBE site.
    But I'm not sure how to create page using component pallets, instead drag data-control model to page.
    It means I should design UI with component pallets,
    How can I do?
    Thanks.
    Edited by: user10615931 on 2009-8-18 上午4:13

    Thanks.
    It is helpful to me.
    What I want to do is use component pallets and add action to the component for creating a page instead using executeWithParam operation and drag view object from datacontrol to create page.
    How can I do?
    Thanks

  • How do you create or change excel spreadsheet downloaded from windows

    how do you create or change excel spreadsheet on macbook pro?

    Hi meadcm,
    You would need to have Excel installed on your Mac....
    You can get Office for Mac, which has Excel as a part of the package from Microsoft:
    http://www.microsoft.com/mac/buy
    Cheers,
    GB

  • How do I create a transparent watermark for video from a white background logo in AI CC?

    If I have a .PNG logo with a white background, how do I create a transparent watermark to use in video and photo content using Illustrator CC? Whenever I import the logo, it opens a new window without a transparent background. Thank you!

    It's fairly easy if you know Ai. (Image trace is okay, but I'd recommend making your own (the right way), then use any Adobe pro video app to composite on your video, no need to export, just use the .Ai file)
    But an easier way might be to use the .png by itself if it carries an alpha channel.
    After Effects, PremierePro, and possibly AME will let you do this.
    QT7 will also allow you to do it.
    You could create a logo in Draw, then send it to Illustrator or Photoshop (it carries an alpha channel - bonus!)

  • How do I create a slide show in iPhoto from an iCloud photo stream

    ow do I create a slide show in iPhoto from an iCloud photo stream?

    Do you mean from a Shared Stream or My Photo Stream?
    In iPhoto on your iPhone, iPad you create slideshow projects by selecting photos and then sharing them as a new slideshow. http://help.apple.com/iphoto/iphone/2.0/?handbuch#blnkbc26e276
    You can publish your slideshow in iCloud:  http://support.apple.com/kb/PH2333
    In iPhoto on your Mac you can make an instant slideshow by selecting the photos in the photo stream and pressing the slideshow button, see: http://support.apple.com/kb/PH2333

  • Create shared library on external drive from scratch

    I have seen many posts about creating shared iTunes libraries on external drives with many different configurations, but mostly with pre-existing libraries. My question is creating the library from scratch. The purpose is obviously to share songs among several computers AND only have one copy of a song as to not take up unnecessary disk space on several computers.
    All of our songs are on an external USB hard-drive attached to Airport Xtreme. Every song is in album folder, and every album folder is in an artist folder (very organized). All the artist folders (with their album and then song contents) are in a root folder called "Songs" on the external hard-drive.
    We have upgraded our three Macs (iMac, MBP and MacMini) to Leopard and deleted all iTunes folders on each local hard drive (there was nothing in them anyway). We now want to create ONE iTunes folder on the hard drive so that each computer can access it. What are the steps? Here is what I "think" I've learned here on the postings with my questions:
    1) First I opened iTunes on my first, main computer (iMac) and went into "Preferences" to change the iTunes music folder to [Ext HD]:iTunes:iTunes Music. The option, "Copy to music folder..." is deselected. (This will also be done on the other computers).
    2) Now what to do? I could just move all of my song artist folders with their album subfolders and music files inside them, into the "iTunes Music" folder. But then what do I click to get iTunes to see all the songs and put them in its database? The other option is click "Add to Library" - but then don't I have to select all the individual songs? (I actually tried the latter method and it kept crashing). Can I just move all the folders into [Ext HD}:iTunes:iTunes Music folder and click something to get it to create its database based on all the music files that are now in its subfolders?
    3) Next step. I have seen many people write that they then create an "Alias" and put the Alias in their "Music" folder on their LOCAL, computer's hard drive. Could someone now explicitly, step-by-step, describe how this is done? I assume I go to the external hard drive. Am I creating an alias of the entire "iTunes" folder, or of the "iTunes Music" subfolder, or of the library file??? Please answer this specifically.
    So now I have "XXX alias" that I copy to my local, computer's hard drive and put it on my desktop. I take out the "....alias" word, and drag it to my local "Music" folder. It asks me to replace the existing folder/file, and I say yes. Correct? And then I do this on all three computers, correct?
    4) Finally, after I've done all of this, I still have the following functionality questions -
    4a) When we now add to the library, either from a CD or online purchase, ONE copy of the music should go in the "iTunes Music" folder on the external drive, correct?
    4b) This system means that all three computers MUST have the same iTunes library, playlists, etc, correct? The downside of this system is that you cannot personalize libraries for each computer and just share the actual music files, correct? (If so, is there another process [steps 1-4 above] that results in a more customizable system where *ONLY ONE COPY* of the actual song file is shared?)
    Sorry for the length of the message, and the questions. Truly I have read all the postings but was unable to map out my plan before I go and creating, finally, this one set of music that we can share. In advance, thank you all for your help.

    I was afraid you'd say that, because I'm a long time Mac guy and I don't have the perfect answer. Have you ever messed with remote desktop? That'd seem to give her full access and control, something I personally wouldn't do, although it may work for you.
    Another thought came to me that might work: copy over the complete library to her machine, and then when you do another major shoot, create a new catalog, edit, etc.and then import as catalog to you main one while sending her the new one.
    I am sure there are more elegant solutions, but these are a couple of ways.

Maybe you are looking for

  • Sorting in Message Mapping

    Hi, My interface (JDBC to File) from source side I am having 3 fields and from target side I am having 2 fields. Thing is that if third field (Unbranded Material Number) having some value then we have to create new record from target side with plant

  • Help finding missing person in Blue Mountains Sydney

    You may have sen this on the news but a person is missing in the blue mountains who we are desperately trying to find. I am hoping somebody can help us understand the capabilities better of the iphone in regards to this situation. He left his hotel a

  • Displays and tablets

    firstly - apologies if I offend anyone by not asking a specific Apple monitor question - I chose to ask this question here as I find these forums to be the most helpful i have a smallish (a5) wacom tablet, it worked beautifully with an Electron Blue

  • Pricing date in condition type

    Hi All, I just wanted to know what is use of "pricing date" + '' quantity conversion" field in condition type. How and what is the functionality of this field. Thanks in advance. Cheers!

  • HT1918 Change of Email address

    All I want to do is to correct my Email address. This has been changed by a new Internet Service Provider. I AM NOT trying to set up an iTunes account, which I do not want. I hope someone can help, otherwise I will simply forget the whole thing. At 8