How to handle local user in SSO?

Similar Messages

• How to Move Local Users to Network Domain Users

  Before you follow these instructions...... I'm a rank amateur so I'd check to see if the smart kids have corrected my errors or improved on the method in the replies below
  The reason for the post is I have good and established local user accounts on all the computers and moving them to domain controlled accounts is the one topic I could not find a script to follow that worked for my low level of knowledge of OS X.
  Let me first explain my setup and needs. I'm replacing a Windows Home Server (WHS) with the Mac Mini Server. My goal was to have the Mac Mini as the server holding all our photos, data, etc. and running a user account to run the family iTunes account to feed the Apple TV and be the backup / sync point for a family sized set of iPod Touches, iPads and iPhones. I want to be able to log into each mac and have the same information setting, links, etc........ basically walk around the house, find any mac shaped device not used by someone else, log in and carry on where I was before -  with the MacBook Air having a portable account so it can come travelling with us.
  The key hardware is...
  Mac Mini Server running Snow Leopard 10.6.8
  Apple TV
  2 x iMac Running Lion 10.7.1 [upgraded from 10.6.8]
  MacBook Air running Lion 10.7.1 [upgraded from 10.6.8]
  Normal stuff like wifi, hubs and a router doing the DHCP (and for me reserving IP addresses based on the 'MAC Address' to save me having to manually configure all the IP addresses)
  Key Resources I used as I learnt how to do this; to level set you all, I'm a relative newcomer to OS X having had a Windows life with Linux for fun, so i'm not a mac or IT specialist but like to play around.
  Apple's podcast series 'Apple Quick Tour of Leopard Server'  - this is great, it informed me and kept me motivated through all the bah moments, all 33 episodes and it's in the iTunes store as a podcast.
  The book 'Mac OS X Snow Leopard Server For Dummies' - I bought this about half way through the whole process and wish i'd bought it earlier, my reccomendation would be get the Kindle version so you can search it for advice.
  The excellent information on DNS from Hoffman Labs http://labs.hoffmanlabs.com/node/1436
  The video 'Setting up a primary DNS zone.....' from Lynda.com on youtube  http://www.youtube.com/watch?v=OOEgQY9oFK4
  The Series of PDF document on Snow Leopard Server from Apple http://support.apple.com/manuals#mac%20os%20x%20server%20v10.6
  And finally this excellent post from Joe Ferrante which was the core of what I used http://joeferrante.net/how-to-migrate-local-user-account-to-network-user-account -with-networked-home-folder-on-snow-leopard-server/
  Right off we go....
  Setting up the Server [this took me 6 goes to get it right as I learnt a little each time].
  So i'm not going to go through this step by step because it in the 'dummies' book and the videos from Apple above and those will be better than anything I write but here's my details/advice.
  I split the primary disc into 2 partitions using disk utility so I could reformat the operating system without moving my data.
  100GB for the OS X system
  400GB for user data
  Install OS X from the DVD, press the buttons based on your desires but stop at the bit about naming you computer titled Network Names
  READ UP ON DNS  - this one of the reason I had so many goes as it was the 1st time i've set up a server like this using DNS and guessing didn't get me there.
  If you don't have one buy a domain name for your network it make it much easier in the long run & is $10 well spent
  The name needs to be [the computer name].[your domain name].[com or net or org, etc]
  So if you want you computer to be called fred and you bought or have the domain location.com enter fred.location.com in the primary DNS name box
  This shoud automatically put fred in the computer name box.
  Follow along with the set up guide to finish
  After you have finished the set up test the DNS with NSLOOKUP in a terminal window
  nslookup fred.location.com    in my example and you should get the IP
  Add your servers IP address to the list of DNS servers in network preferences on the client mac.
  Bind [link] the client computers to the server in Accounts on the client computer - I used the 'dummies' book for this but there's lots of data on the web.
  Clean up the user profile on the client to reduce the size of the Home folder as much as possible or the data transfer is loooooooonnnnng - i also connect the iMac on a cable rather than wifi to speed it up.
  Read Joe's post http://joeferrante.net/how-to-migrate-local-user-account-to-network-user-account -with-networked-home-folder-on-snow-leopard-server/ and follow along.useful info I learnt somewhere - to get the paths to the folders correct in the terminal window go to the folder in Finder and then drag it to the terminal window and let go - this will put the correct link in the instruction.
  You now need to be on a terminal window on your server, with a finder window open and logged into the client as the user you are moving
  THE CLIENT COMPUTER NEEDS TO BE LOGGED OUT or logged in as a different user than the one you're trying to move.
  so when you're at the right point - type sudo cp -R then hit the space bar, drag the existing user folder onto the finder window, add the /* and hit space then find the users folder on the server and drag that onto the terminal window to complete the instruction.
  Hit enter and wait a while assuming it starts ok - i used network traffic on the Activity Monitor utility to check if it was working.
  If you got this far and it all worked - login to the profle you moved on any computer linked to the server or the server but not the original client computer to see if it worked and all your setting and data are intact and then delete the profile off the original client if it was ok [archiving the home directory took ages for me].
  As you can probably guess most of this was good learning for me and it worked successfully for me in the end, moving all my history, saved password, etc, etc without any problems.
  Hope this helps other in the same situation & feel free to expand or correct this if I've missed anything.
  Ed

  Hi,
  I was unable to access the Joe Ferrante information (it appears to now requrie a password and was not able to determine how a username and password were assigned)  Would you happen to have a copy of the post that you refer to above?
  I am still at the early stages of this process but am hoping that the steps you refer to are going to get me where I want to be.  Your stated end goal is where I hope to get to.
  Thanks,
  Sean

• HOW TO CREATE LOCAL USER PROFILE

  SIR,
     OS            -    WINDOWS SERVER 2008 R2
     SYSTEM    -    IBM  MACHINE X3400 SERIES
      1. HOW TO CREATE A USER IN WINDOWS SERVER 2008 R2  WITHOUT ACTIVE DIRECTORY 
      2.  AFTER CREATE USER IN WINDOWS SERVER 2008 R2 BUT USER PROFILE NOT CREATE .

  Hi,
  >>1. HOW TO CREATE A USER IN WINDOWS SERVER 2008 R2  WITHOUT ACTIVE DIRECTORY 
  >>2.  AFTER CREATE USER IN WINDOWS SERVER 2008 R2 BUT USER PROFILE NOT CREATE
  Creating an user account on the computer doesn't create a profile for that user. The profile is created the first time the user interactively logs on at the computer. After the user logs onto the computer for the first time, the user's local profile
  will be created in a folder with the name of the user under the systemroot/Users folder.
  Best regards,
  Frank Shen

• How to handle local bank charges while our customer payment in USD

  Hi All Expert,
  How we handle customer payment with local bank charges rm5 at incoming payment?
  Examples :
  Customer invoice in USD 1000, while payment USD1000 by bank transfer with local bank will charges rm5 for each transaction.
  May i know how does the B1 handle this bank charges in local currency?

  Hello Eric,
  I presume that the bank charge will not be paid by the customer. In this case, the actual Invoice of USD 1000 is considered fully paid.
  I think the only way to proceed is to create a manual journal entry to Debit the Bank Charges and Credit the Bank Account. Or you can take it up when you post other bank reconciliation items at month end.
  Hope this helps.
  Regards,
  Lorna

• How to let SAP user use SSO to access Application in DMZ?

  Hi All,
  Our J2EE application is running on a system in DMZ which can not be connected with LDAP. So I am wondering if it's possible to let SAP user use SSO to access our application.
  After talking with my colleague I think the only way is to import SSO public key to our WebAS and create user in UME and then assign user to the corresponding public key, but anybody know where to download SSP verification file or is it allowed to download and import into another system at all?
  Regards,
  Bin

  Hi,
  Take a look at this example, it uses property nodes to select tha
  active plot and then changes the color of that plot.
  If you want to make the number of plots dynamic you could use a for
  loop and an array of color boxes.
  I hope this helps.
  Regards,
  Juan Carlos
  N.I.
  Attachments:
  Changing_plot_color.vi ‏38 KB

• How to remove one user from SSO in ESS

  Hello Team,
  We  have configured ESS with sso and working fine but onw user wants to remove his user id from sso as he shares his pc with others too. Please let me know can this be done and how?
  Best Regards,
  Tushar.

  Hi Tushar ,
  what raghavendra suggested is correct.
  if user wants to share with PC to some other person . He need not to login to portal . without having ESS role how he access ESS applications .  except logging to portal he can share with PC to others .
  and ESS point of view 1 to 1 mapping , no user mapping .
  Surekha.

• How Make TS local User Profile After Install Windows 7 without Domain

  Hi,
  I make TS to install Windows 7 Is success But after finish install i cannot login
  If something need to add TS user local profile after install Windows 7 Without Join the Domain And make the user Administrator LocalGroup
  Thank for Help

  Let's start with the fact that you are missing a key element in your task sequence. You need to have the step
  Setup Windows and ConfigMgr to perform the transition from Windows PE to the new operating system. This task sequence step is a required part of any operating system deployment. It installs the Configuration Manager client into the new operating
  system and prepares for the task sequence to continue execution in the new operating system. See also for more information:
  http://technet.microsoft.com/en-us/library/hh846237.aspx#BKMK_SetupWindowsandConfigMgr
  About your screenshots:
  With the first screenshot you not enabling the local administrator. Is that what you want?
  With the second screenshot your only creating a user account and not adding it to the local administrators group. That would need an additional action like this
  cmd.exe /c net localgroup /add administrators User01.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Is how UIInput handles local values a large framework bug?

  UIInput in both 1.1 and 1.2 stores the local value in a member variable. This seems like a large bug to me. JSF seems to be designed after more of a flyweight pattern.
  Take for example UIData. For each row in the data model, the componets are re-rendered. This means that each component represents as many values as there are rows. Therefore, only one value per component makes UIData bugged.
  This bug is evident when submitting a UICommand as immediate on a page with a dataTable. All the UIInput componets lose their values when the page is re-rendered.
  How this could work:
  Instead of a local Object to hold the value, the member value should be a Map<String, Object>. The key of this Map would be the client ID of the component. The value, would obviously be the component's local value (submitted value).
  The "corrected" code could look like:
  private Map<String, Boolean> valid = new HashMap<String, Boolean>();
  private Map<String, Object> localValues = new HashMap<String, Object>();
  public boolean isValid() {
  return valid.get(this.getClientId(FacesContext.getInstance()));
  public void isValid(boolean valid) {
  return valid.put(this.getClientId(FacesContext.getInstance()), valid);
  ... (repeat similar methods for the local value and if the local value is set)...If all components were built this way, then tree, table and other 'complex' controls would finally behave "correctly".
  Without this, I can't see how UIData will ever be fully usable with validators and using the immediate flag.

  you may try these:
  1. Add one more logic (define as boolean variable), then OR this variable with the original Boolean switch you used in subvi, then main vi can change the new added variable which is defined as local or global variable.
  2. Change the subvi while loop as state machine, or use other Synchronization techniques like notifier

• How to manage local user home folders?

  We are using Mac OS X 10.6.8 in a classroom. Hard drive has two partitions, one for OS and apps, the other for student's files. Computers are bind to the Active Directory. Unfortunately, local home folders are on the boot parition. Over a time when apps FCP and Avid are frequently used, the boot partition gets filled with files and finally it's full. With zero kb available, users cannot even login anymore. Manually deleting files by admin is cumbersome and time-consuming task.
  I'm looking for a way to keep /Users folder clean. Putting user's home folders to server is not an option, because of latency issues etc. Unfortunately the local home folder is the default saving place when user issues the Save As command. I've tried to tinker with the User Template to lock the Documents folder but apps like Microsoft Word and Final Cut Pro go crazy when they cannot save there.
  Forwarding /Users to other partition does not solve the problem, it just moves the problem to another place.
  Logout Hook to automatically purging the files could be an solution, but there's always one hapless soul who saves his or hers files to wrong place and loses them. Or maybe a script which looks at the modfication date and deletes old files.
  Any ideas?

  You need to set the scratch disks in FCP and Avid to fix the problem.
  Files coming from word etc, will be so minor that it'll take forever to fill up the HD with that kind of stuff.
  If you wanted to move the whole home folder to another place on the system, you need to do so using OS X server.  It's called Augmenting Active Directory User Records.
  If you don't have an OS X Server, you may be able to change the Users Home directory on each individual computer, but it's going to be pretty cumbersome.  Do so in the Accounts pane in the System Preferences.
  Once you've changed the User Home folder location, you need to copy the users home folder using rsync in the terminal.
  Like this:
  rsync -av /Users/*username* /Volumes/*drivename*/*homefolderlocation*/
  HTH
  -Graham

• How can I use PowerShell 3.0 cmdlets or script to list all the local groups and local users of a server?

  Using PowerShell 3.0 (And if possible the CIM, not WMI cmdlet), how can I script with | out-file C:\<filename>.txt or .csv option to list all local user accounts & local groups
  on remote computers? 
  Thank You!

  I don't recall PowerShell V3 introducing anything new to handle local users and groups. You need to use PowerShell V1 methods, using the [ADSI] accelerator and the WinNT: provider. The scripts linked above show this. No need to use WMI (which would probably
  be slower).
  Here is a script I've used to enumerate all local groups and their members:
  $Computer
  = "MyServer"
  $Computer =
  [ADSI]"WinNT://$Computer"
  $Groups =
  $Computer.psbase.Children | Where {$_.psbase.schemaClassName
  -eq "group"}
  ForEach ($Group
  In $Groups)
      "Group: "
  + $Group.Name
      $Members
  = @($Group.psbase.Invoke("Members"))
      ForEach ($Member
  In $Members)
          $Class
  = $Member.GetType().InvokeMember("Class",
  'GetProperty', $Null,
  $Member, $Null)
          $Name
  = $Member.GetType().InvokeMember("Name",
  'GetProperty', $Null,
  $Member, $Null)
          "-- Member: $Name ($Class)"
  A similar script to enumerate all local users would be:
  $Computer
  = "MyServer"
  $Computer =
  [ADSI]"WinNT://$Computer"
  $Users =
  $Computer.psbase.Children | Where {$_.psbase.schemaClassName
  -eq "user"}
  ForEach ($User
  In $Users)
      "User: "
  + $User.Name
  Richard Mueller - MVP Directory Services

• How to reset local admin user password in

  Dear members,
  i want to reset local admin account(not administrator built-in), let say i have user adminlocal and member in administrator group. my question, how to reset this user via GPO in domain, because i have more than 5000 workstation in my environment. and how to
  generate summary of all workstation which are password reset.
  i've tried from this link,
  http://community.spiceworks.com/how_to/show/1966-how-to-change-local-user-or-admin-passwords-on-remote-computers
  using PSTools sysinternal from microsoft, but while i execute one PC on domain for sample using this script, they showing access denied
  anyone in this forum can help me to resolve this problem?.

  Dear,
  you can use Powershell to do this.
  I've found a script in the script center which can do this.
  http://gallery.technet.microsoft.com/scriptcenter/66a5b38f-cdf1-4126-aa0c-be65e16dd650/view/Discussions#content
  Set-Password -computer 'server' -user 'Administratorlocal' 
  You can create a loop in powershell to check all your servers which you've posted in a .txt file for example.
  $strcomputers = Get-Content c:\servers.txt
  foreach ($strcomputer in $strcomputers)
  $admin=[adsi]("WinNT://" + $strComputer + "/administratorlocal, user")
  $admin.psbase.invoke("SetPassword", "Whatever1")

• SSO for application systems with local users?

  Hi all,  I'm new to Oracle Identity Management.  My company is going to implement SSO for inhouse applications.  However, some applications have their own local users (e.g. admin, guest, etc.) who have to login to the application system through the same interface.  We put all organization users in an Oracle enterprise Directory server, which is the authentication backend of the Access Manager.   After implementing webgate, such local users can't get authenticated.  I'd like to know if it's possible to configure particular users/applications to bypass SSO and use local authentication?     Thanks.
  Rgds
  /ST wong

  Possible solution is to create a new entry point for local users. Create two proxies one for actual user entry and another for local user. You can restrict n/w access to proxy with local login so that only few hosts based on your requirement who needs to access system with local accounts. This way you will have two web sites for single application.

• How i get user info from ldap using java after authenticating user with SSO

  Hi
  I have one jsp/bean application as a partner application with SSO.
  It works fine.
  Now i need to get other attributes of user from LDAP who has logged into the application through SSO.
  using SSO java APIs i only get username, userDN, subscriber info.
  To get user's other attribute i have to user LDAP APIs for that i have to create on Directory Context, for the same i need userpassword.
  so here i my question, how do i get user password after he has logged in thro SSO.
  regards..
  and thanking u in advance
  samir

  Valentina,
  there's no way to get the password value from the directory (it's one way). Of course you can get the hashed (MD4,MD5,SHA-1) base64 encoded value (i.e. the value you see in OiD) but not the 'password'.
  --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• [SOLVED]How to send email to a local user?

  I have installed Mutt, msmtp, procmail and I can send and receive emails to/from remote hosts and I'd like to send email locally also (to the recipients on the same machine as the sender).
  When I try to send email to a local user from the root account -
  echo "Test message" | mail -s "Test subject" localuser
  then I get an error that connection to the port 25 is refused. Because the /etc/msmtprc file contains the 'localhost' as the default account's host, and on the local host I don't have a mail server listening on 25 port running.
  When I try to send email from a non-root account which has in /$HOME/.msmtprc file a real email account on a remote server, then of course there is an error that the domain for the email address 'localuser' is not recognized.
  How can sending email to local users be enabled?
  Last edited by nbd (2014-09-30 22:33:37)

  If I understand correctly, postfix it's a constantly running daemon. Seems to be an overhead for delivering only from time to time sent messages.
  ewaller wrote:
  > Out of the box, sendmail should be safe, but I think you have to enable local mail.
  Currently I have msmtp-mta installed, which is described as having sendmail functionality. If I install sendmail - will it be possible to send local email without running email daemons?

• How to get a list of Local Users who has not logged in for 3 months or around 90 days

  hi
  i found this thread to pull out a list of local users
  Retrieve all local user accounts information on remote computers (PowerShell)
  however, i need to filter out users who has not logged in for 3 months or around 90 days, how can i do further filtering?
  i understand dsquery has an -inactive <xweeks> , however i am doing it for local accounts

  $ErrorActionPreference = "silentlycontinue"
  $([ADSI]"WinNT://$env:COMPUTERNAME").Children | where {$_.SchemaClassName -eq 'user' -and $_.lastLogin -gt (Get-Date).AddDays(-90)} | ft name,lastlogin
  using the sample from the link extendend with the 90 days criteria, the erroraction preference surpresses the errors you get for accounts with no lastlogon value (guest being a typical one)