Integration of OIM 9 with Active Directory of Windows 2k8
I have installed the required connector .
I dont know what are the steps for integration of OIM with AD.
My aim is to create domain users from OIM.
Please help me with the steps .
Thanks
Read the connector guide completely. Everything is written in that. See the connector pach under documentation folder.
Similar Messages
-
Problems with Active Directory and Windows 2003
Hello,
I'm using Mac OS X Server 10.4.9 with Active Directory bound to a Windows 2003 Active Directory Domain. I can bind successfully to the domain using the graphical interface. Then in Samba I can access shared directories using Windows users. However, after some time somehow there are problems and Windows users aren't authenticated anymore on the Mac. I've looked at the firewall and there are no denied packets from the Mac. There are two servers in the domain, all clocks are synchronized and domain information is up to date. When I unbind the Mac, I can see the machine account being deleted on both domain servers and created too on both machines when I bind to the domain.
Problems occur when I try login in using ssh or samba do I think this is a problem with the AD module.
I turned on debugging messages on DirectoryServices:
sudo killall -USR1 DirectoryService
When in Windows, using the Administrator user I try:
net use \\10.0.0.1 /user:domain\Administrator
Where 10.0.0.1 is the Mac.
In the Mac I get from
tail -f /Library/Logs/DirectoryService/DirectoryService.debug.log |grep ADPlug
2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:37 CDT - ADPlugin: Searching domain domain.com.mx for User administrator
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:37 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:37 CDT - ADPlugin: Adding Search for Attribute displayName containing DOMAIN\administrator
2007-06-27 10:48:37 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=DOMAIN\\administrator)), limit 1
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:37 CDT - ADPlugin: Searching domain domain.com.mx for User administrator
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:37 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:37 CDT - ADPlugin: Adding Search for Attribute displayName containing domain\administrator
2007-06-27 10:48:37 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=domain\\administrator)), limit 1
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:37 CDT - ADPlugin: Searching domain domain.com.mx for User ADMINISTRATOR
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:37 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:37 CDT - ADPlugin: Adding Search for Attribute displayName containing domain\administrator
2007-06-27 10:48:37 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=DOMAIN\\ADMINISTRATOR)), limit 1
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:37 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:37 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:37 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:37 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=administrator)), limit 1
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:37 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=ADMINISTRATOR)(sAMAccountName=ADMINISTRATOR)(dis playName=ADMINISTRATOR)(mail=ADMINISTRATOR)(userPrincipalName=ADMINISTRATOR)(use rPrincipalName=ADMINISTRATOR@*)))
2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=ADMINISTRATOR)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=administrator)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=ADMINISTRATOR)(sAMAccountName=ADMINISTRATOR)(dis playName=ADMINISTRATOR)(mail=ADMINISTRATOR)(userPrincipalName=ADMINISTRATOR)(use rPrincipalName=ADMINISTRATOR@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=ADMINISTRATOR)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Searching domain domain.com.mx for User administrator
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing DOMAIN\administrator
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=DOMAIN\\administrator)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Searching domain domain.com.mx for User administrator
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing domain\administrator
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=domain\\administrator)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Searching domain domain.com.mx for User ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing DOMAIN\ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=DOMAIN\\ADMINISTRATOR)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=administrator)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=ADMINISTRATOR)(sAMAccountName=ADMINISTRATOR)(dis playName=ADMINISTRATOR)(mail=ADMINISTRATOR)(userPrincipalName=ADMINISTRATOR)(use rPrincipalName=ADMINISTRATOR@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=ADMINISTRATOR)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=administrator)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=ADMINISTRATOR)(sAMAccountName=ADMINISTRATOR)(dis playName=ADMINISTRATOR)(mail=ADMINISTRATOR)(userPrincipalName=ADMINISTRATOR)(use rPrincipalName=ADMINISTRATOR@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=ADMINISTRATOR)), limit 1
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
2007-06-27 10:48:38 CDT - ADPlugin: Calling OpenDirNode
2007-06-27 10:48:38 CDT - ADPlugin: Opening Specific Node domain.com.mx
2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:38 CDT - ADPlugin: 16833877 - Calling GetRecordList Routine
2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:38 CDT - ADPlugin: 16833877 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:38 CDT - ADPlugin: Calling CloseDirNode
2007-06-27 10:48:42 CDT - ADPlugin: Calling OpenDirNode
2007-06-27 10:48:43 CDT - ADPlugin: Opening Specific Node domain.com.mx
2007-06-27 10:48:43 CDT - ADPlugin: Calling GetRecordList
2007-06-27 10:48:43 CDT - ADPlugin: 16833881 - Calling GetRecordList Routine
2007-06-27 10:48:43 CDT - ADPlugin: Search Records called in ADSWrapper
2007-06-27 10:48:43 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-06-27 10:48:43 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
2007-06-27 10:48:43 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:43 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-06-27 10:48:43 CDT - ADPlugin: Returning 0 Results
2007-06-27 10:48:43 CDT - ADPlugin: 16833881 - Put 0 records in Buffer for RecordList
2007-06-27 10:48:43 CDT - ADPlugin: Calling CloseDirNode
I really don't know what to do. The Windows Event log shows no messages. The link used to work and there have been no changes in the domain servers.
The key line seems to be:
2007-06-27 10:48:43 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
But I don't know what that ADSEngine.mm is.
XServe G5 Mac OS X (10.4.9)Hello.
Thanks for your reply.
I tried the net use with a drive letter with and without the /user switch. When I use a domain user domain\user1 I can't connect. When I use a user local to the XServe it works.
When I use
net use x: \\10.0.0.1\share /user:domain\user1
I get prompted for a password, but it doesn't work.
I checked the firewall and all packets to or from the mac are accepted, no denied or dropped packages.
I already went through the MS document on fw ports. Before I opened to Kerberos ports the binding failed. No the binding work OK.
Some users who were authenticated yesterday still can access files using the Windows domain accounts. It's new users trying to connect those who have problems.
This is what the Samba log.smbd log shows:
[2007/07/04 14:58:45, 2] /SourceCache/samba/samba-100.7/samba/source/smbd/sesssetup.c:setupnew_vcsession(662)
setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
[2007/07/04 14:58:45, 2] /SourceCache/samba/samba-100.7/samba/source/smbd/sesssetup.c:setupnew_vcsession(662)
setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
[2007/07/04 14:58:46, 0] /SourceCache/samba/samba-100.7/samba/source/auth/authutil.c:make_server_infoinfo3(1138)
makeserver_infoinfo3: pdbinitsam failed!
[2007/07/04 14:58:46, 0] pdbods.c:odssamgetsampwnam(2329)
odssam_getsampwnam: [0]getsam_recordattributes dsRecTypeStandard:Users no account for 'user1'!
[2007/07/04 14:58:46, 2] /SourceCache/samba/samba-100.7/samba/source/auth/auth.c:checkntlmpassword(367)
checkntlmpassword: Authentication for user [user1] -> [user1] FAILED with error NTSTATUS_NO_SUCHUSER
This is what the DS log shows:
2007-07-04 14:58:46 CDT - ADPlugin: 16892201 - Calling GetRecordList Routine
2007-07-04 14:58:46 CDT - ADPlugin: Search Records called in ADSWrapper
2007-07-04 14:58:46 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
2007-07-04 14:58:46 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=user1)(sAMAccountName=user1)(displayName=user1)( mail=user1)(userPrincipalName=user1)(userPrincipalName=user1@*)))
2007-07-04 14:58:46 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-07-04 14:58:46 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
2007-07-04 14:58:46 CDT - ADPlugin: Returning 0 Results
2007-07-04 14:58:46 CDT - ADPlugin: 16892201 - Put 0 records in Buffer for RecordList
XServe G5 Mac OS X (10.4.9) -
OIM Integration with Active Directory Federation Services (ADFS)
Hello friends
I have a question about the integration of Oracle Identity Manager with Active Directory which is federated with another external directory for ADFS. My question is:
What considerations should be to contemplate if I have an active directory federated environment when carrying out the integration with Identity Manager?
I use version 9.1.0.2 of Oracle Identity Manager with Microsoft Active Directory Connector User Management 9.1.1.7
Thanks for the support.First consideration is that the OIM's target ADFS - in the federated scenario, will that participate as a Service provider or identity provider. I would think identity provider.
Next consideration: What all attributes are required to be played in the SAML assertion to the other end-point? All these attributes must be present and should be provisioned to the AD in this case.
So, OIM should be set up (UDF etc) to provision all those attributes needed in the SAML.
Next consideration: What all scenario to support? IdP initiated or SP initiated? If SP initiated, then process will hv to be defined if a user id does not exist in the AD of the OIM target. Will the request be failed or a in-time provisioning should happen.
Hope this helps. -
Error running Organization Lookup Recon in OIM 11g R2 with Active Directory
Hi all,
I have an implementation of OIM 11g R2, with an Active Directory 11.1.1.5.0 connecting to an instance of Active Directory on Windows Server 2008. I am trying to run the "Active Directory Organization Lookup Reconciliation" scheduled task, but the job fails with this error:
oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=ActiveDirectory.Connector bundleVersion=1.1.0.6380 connectorName=Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector ) not found
This is the full stack trace from the oim_domain.log file:
oracle.iam.connectors.icfcommon.exceptions.IntegrationException: Connector ConnectorKey( bundleName=ActiveDirectory.Connector bundleVersion=1.1.0.6380 connectorName=Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector ) not found
at oracle.iam.connectors.icfcommon.ConnectorFactory.createConnectorFacade(ConnectorFactory.java:176)
at oracle.iam.connectors.icfcommon.recon.AbstractReconTask.init(AbstractReconTask.java:115)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:382)
at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:135)
at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:116)
at sun.reflect.GeneratedMethodAccessor739.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:266)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:75)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
The Connector Server is installed on the AD instance, and the key has been set, and used appropriately in the Active Directory Connector Server IT Resource in OIM.
Any advice on how to resolve this error or on any possible causes would be much appreciated, thank you.From the installation media, copy and extract contents of the bundle/ActiveDirectory.Connector-1.1.0.6380.zip file to the CONNECTOR_SERVER_HOME directory
Refer http://docs.oracle.com/cd/E22999_01/doc.111/e20347/deploy.htm#CHDDJGIG -
Single Signon and Integration with Active Directory
Hi,
We have a requirement to integrate Active Directory with SAP and implement Single Signon solution. Our Active Directory is running on Windows 2003 and we are having systems 4.7 , ECC6.0 which run on Linux OS in our landscape.
Can anyone of you help me by answering following questions
1. Is there any need of any third party solution(tool) to integrate Active Directory and SAP and activate single signon?
2.Is there any difference in integration from SAP 4.7 and ECC6.0 of SAP on Linux OS with Active Directory ?
3. If possible please share any documents or links on above issue.
Suitable answers will be rewarded with points. Thanks in advance for your help
Regards
Murali> Thank you very much for providing me the link. But the document on link seem to be in German. Can you please let me know how to get English version of this document.
I'm sorry, you'd have to ask Realtech for that document in English.
Basically you can follow
http://osdir.com/ml/encryption.kerberos.general/2004-11/msg00007.html
Markus -
Beginners guide to integration with Active Directory?
Hi (complete beginner to this, but a quick learner)
I don't know where to start with regards to getting the Macs on our network connecting like the PCs. Currently we have about 100 Macs on 10.4.x that are bound to the AD using Directory Access - users can log in, but that's about as far as integration goes. Their home folders do not "map" to the corresponding folders on the Macs, and we (as administrators) have no control over the Mac network users like we would have the local Mac users.
I've been asked to look into this issue, and along with creating new modular 10.5.x system builds for all our Macs (different hardware, different software needs, different physical locations), I need to know what the next steps are. I have no experience of using Mac OS X Server or Active Directory. Besides telling me to ask the IT department to hire a Mac professional, what should I be looking into next?
So far, this is how I think the process goes:
1) Ensure I have solid modular system builds ready to go for the different macs/different classrooms.
2) Get an Xserve for IT.
3) Have Open Directory integrate with Active Directory, so that the same access controls/permissions are applied to the Mac users as they are the Windows users (including Finder access controls, Application controls, folder mapping etc) - *this is where I need guidance*.
4) Push out the system builds to the Macs on the network
5) Connect the Macs using Open Directory...
6) ...
As you can see, my knowledge kind of peters out towards the end there; is this a realistic undertaking for me (a classroom technician who happens to use Macs - NOT trained in any of this) and the Mac-phobic IT department (who would prefer switching all of our workstations to PC)? Are we going to have to bite the bullet and get some expensive consultants in?pisto_grih wrote:
Hi (complete beginner to this, but a quick learner)
I don't know where to start with regards to getting the Macs on our network connecting like the PCs. Currently we have about 100 Macs on 10.4.x that are bound to the AD using Directory Access - users can log in, but that's about as far as integration goes. Their home folders do not "map" to the corresponding folders on the Macs, and we (as administrators) have no control over the Mac network users like we would have the local Mac users.
And that is about as far as the Apple plugin will take you. In order to do more you need to either extend schema (very scary), look at third party products like Centrify (very expensive), or look at getting an OS X Server and implementing the "magic triangle" in which OS X attributes are managed in OD while users, groups, and password are managed by AD.
I've been asked to look into this issue, and along with creating new modular 10.5.x system builds for all our Macs (different hardware, different software needs, different physical locations), I need to know what the next steps are. I have no experience of using Mac OS X Server or Active Directory. Besides telling me to ask the IT department to hire a Mac professional, what should I be looking into next?
If you go the route of OS X Server and MCX settings, make life easy on yourself and build one common build. Then limit app access based on your groups. That way you can simplify the number of images you maintain down to one (provided you have appropriate licensing).
So far, this is how I think the process goes:
1) Ensure I have solid modular system builds ready to go for the different macs/different classrooms.
See above. But if you need to, look at InstaDMG
2) Get an Xserve for IT.
Yep. But if you are only doing MCX you might want to look for a cheeper alternative. The Xserve can offer some nice additions, including software update server and Netinstall server among others.
3) Have Open Directory integrate with Active Directory, so that the same access controls/permissions are applied to the Mac users as they are the Windows users (including Finder access controls, Application controls, folder mapping etc) - *this is where I need guidance*.
Yep. You are on the money.
4) Push out the system builds to the Macs on the network
Push huh. Look at Radmind. Then take a summer off to learn it. Then become god.
5) Connect the Macs using Open Directory...
Actually, connect the macs to both AD and OD. This will allow authentication and instantiating through AD and management through OD. Works very well.
6) ...
As you can see, my knowledge kind of peters out towards the end there; is this a realistic undertaking for me (a classroom technician who happens to use Macs - NOT trained in any of this) and the Mac-phobic IT department (who would prefer switching all of our workstations to PC)? Are we going to have to bite the bullet and get some expensive consultants in?
It is learnable especially with the summer and available hardware. However, supporting the consulting industry is always nice http://consultants.apple.com
Hope this helps -
ACS 4.2.0.124 Appliance with Active Directory with windows 2008
we have a solutions of 802.1x with Cisco ACS appliance wich is working fine, the soluction include two ACS appliance version 4.2.0.124, 02 remote Agent wich is setting up on windows 2003. The remote agent is integrated with Active Directory windows 2003. The computers have windows XP with service pack 2 and service pack 3, all computers do machine authentication and then user authentication. My customer in thinking in migrate the Active Directory windows 2003 to windows 2008. My question is ¿there wil be some problem with Active Directory 2008 with the current soluctión of ACS and 802.1x solution ? or I will have to do aditional task.
MarcoHi,
You can find the suported Windows Server versions on the online documentation:
ACS 4.2: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/windows/install.html#wp1041376.
ACS 4.2.1: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/Installation_Guide/windows/install.html#wp1041376.
So, i would suggest you to double-check carefuly the Release and Service Pack of the new 2008 Servers and also the OS bit version to make sure you migrate to Win2008 but continue on a supported scenario.
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
Integrating OEDQ with Active Directory - Disabling SSL
Hi fellows,
I've just installed OEDQ (latest release) on a Unix machine (deployed on WebLogic Server 10.3.6) but I've a couple of concerns:
SSL Communication --> is it mandatory? I mean, I've tried to expose the dndirector admin page through an OHS Apache Web server. I'm able to access the admin page in plain mode but whenever I try to access a specific functionality (dashboard, user management, server configuration, etc) I'm being redirected to https://<web-server-hostname>:<wls-server-ssl-port>/dndirector, so this is not what I'm expecting. What's wrong? By the way, If SSL is mandatory, is there a way to expose the console via apache (avoiding any redirection)?
OEDQ with Active Directory --> the following documentation -- Integrating OEDQ with Active Directory -- covers just the Single Sign-on configuration (on both Windows/Unix os). What about a simple configuration pointing to an external ldap? The documentation reports the following statement:
It is also possible to configure OEDQ to work with different directory servers for user authentication and user identification. For information on alternative configurations, "see "Contact Us"
So, how can I achieve that?
Any pointers?
Thanks in advance,
MarcoHi Marco
Was out of the office a bit - apologies for the delay.
It looks like you removed these lines from the configuration:
cdpad.auth
= ldap
cdpad.auth.bindmethod
= digest-md5
cdpad.auth.binddn
= search: sAMAccountName
If these are not present, the user name is combined with @cdpsede.cassaddpp.it and used to login into AD. Depending on how user names are setup, this may or may not work.
If you replace the lines above, then the user account is searched for against the AD UserPrincipalName or the sAMAccountName attributes. The value of the latter attributre is then used as the login attempt.
So for example, if you enter the user name if marco.bonadonna, EDQ would search for an AD entry with userPrincipalName = [email protected] or with sAMAccountName = marco.bonadonna and then it would use the value of the sAMAccountName attribute to connect to AD (using digest-md5 for encryption) along with the password.
If you use
cdpad.auth.binddn = search: dn
then EDQ will use the full distiinguished name (DN) of the entry in the bind attempt.
It is sometimes easier to test connections using a LDAP browser - Apache Directory Studio (see http://directory.apache.org/studio/) is one I use. You can then check user name and password combination outside EDQ.
You can also get additional server logging on LDAP interactions in EDQ by adding the line:
userauth.level = all
to the logging.properties file in the EDQ config directory. Then where will be lots of diagnostics in the EDQ main0,log file.
By the way, there is some documentation for this in the on-line help for EDQ.
Richard -
Tighter Integration with Active Directory User Groups
I just wrapped up a Jabber deployment with IM&P 9.1(1) and J4W clients 9.1(3).
The customer asked me if it is on Cisco's roadmap to allow groups in Active Directory to be pulled into the Jabber client. The primary business case is to allow those in IT to send out IM blasts to the corporation or certain departments.
Obviously, this would require a significant amount of development and a much tighter integration with Active Directory, but I need to ask anyway.
Has something like this been identified and placed on any roadmap?
Thanks,
Matthew BerryUnfortunately this kind of questions cannot be addressed here, roadmap questions need to go thru official channels for an answer.
You need to reach your SE/AM for this question.
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk -
10.6 home directory mounting with active directory and open directory integration
Hi guys i am having some issues in my new mac environment. I have a windows network with an server 2008 active directory. I have just recentlly created a "magic triangle" setup with active directory and open directory. When my users login via windows their home folders mount perfect. When any user logs in to any iMac in the building it does not work. They login perfectly fine, but their home folders do not mount. When i try mounting them manually with smb, i get a prompt for credentials. I am thinking this is my issue, my Single sign on with kerbos is working but for some reason is not logging in correctly. If i type in my credentials with my domain first then my name it works.
For example DOMAIN\jsmith works, but the way i think the mac and active directory is doing it now is just jsmith without the DOMAIN.
I feel like this is the problem with the home folders not mounting.
Can anyone provide some help with this?
Thanks,
DaniHi dani190,
are you using the fully qualified domain name of the network server? ie if your server is bob. and your domain is domain.company.com. then the FQDNS would typically be bob.domain.company.com or bob.company.com.
If the FQDNS works, then have you checked in the AD to make sure the path to the network home folder uses the FQDNS?
For the contact search path, did you put the AD at the top the list? (in directory utility)
Did you set the WINS work group on your client computer to your domain?
ie:Apple Menu, System Preferences, Network, Active Network Port (ethernet and or airport) , Advanced Button, WINS Tab, set workgroup to the name of your domain. ie domain.company.com and or company.com -
Best way to integrating mac os x client with Active Directory
Hi hello
What is the best way to integrating mac os x client with Active Directory ? i have one Lion Server
For the Mac client i want Mac use Active Directory for authentification and Lion Server for manage preference.
Tell me in lion server the magic triangle is it good for what i want do ??If you have a need now and that need will remain serviceable long enough to justifying the investment, then go with Lion Server and do the Magic Triangle. This is nothing more than Binding OS X Server to your AD domain and kerberizing services. Then bind your workstations to AD first, then OD. Make sure you download Server Admin Tools for Lion. This gives access to Workgroup Manager. That is were you will manage your OS X Settings.
If you are managing more than 50 Macs that need a lot of continued management, then look at JAMF. -
Autheticating useing Cisco ACS 4.2 integrated with Active Directory 2003
How do i check that users are Autheticated useing Cisco ACS 4.2 integrated with Active Directory 2003, any one help me in this thanks
You can't actually see the user's membership from ACS. All you can do, create group-mapping under external database >> group mapping section. This would give you an option to map external (AD) group with an Internal group.The group memberrship need to be modified under Active Directory.
Once user is succussfully authenticated and learned as a dynamic user in ACS user setup database, it would be mapped with an ACS internal group based on group mapping we did.
Let me know if you have any doubts.
Regards,
Jatin -
Cisco ACS 4.2 integration with Active Directory
Hello,
I´m new in the administration of ACS, we have recently implemented on server ACS version 4.2
for manager all users authorization for our Network.
We are in one environement which have an Active Directory, group and users.
Now, i´m just able to creat a new user in ACS and work with on the Client SWITCH, what i need to do, is to integrate my ACS 4.2 with Active Directory.
for work with the user and Group that a register in my AD.
Someon can help me please?You can't actually see the user's membership from ACS. All you can do, create group-mapping under external database >> group mapping section. This would give you an option to map external (AD) group with an Internal group.The group memberrship need to be modified under Active Directory.
Once user is succussfully authenticated and learned as a dynamic user in ACS user setup database, it would be mapped with an ACS internal group based on group mapping we did.
Let me know if you have any doubts.
Regards,
Jatin -
IChat integration with Active Directory
Hi all,
I'm trying to setup iChat on Mavericks to work with Active Directory. The iChat server is bound to AD, all the users are able to log in to the iChat server locally. The messages service is enabled and rights to the Messages service are granted to some users and groups. However, when I try to login with a Jabber account, I get "login ID or password is incorrect". The username and password are correct. I'm using the same [email protected] syntax for the username as the one I'm using to login to the iChat server directly. I tried with and without Kerberos v5 authentication, I tried with and without SSL and everything else I was able to think of. I have the OpenDirectory there enabled, although I don't really use it. I'm trying from the local network and from the internet (all the ports needed for iChat are forwarded to the server). Still no luck.
Any help on my issue would be very much appreciated.
Thanks!Hello everyone,
I ran into the same situation as described above.
Unfortunately there seems to be no answers on the thread from my research, so I left with no hope at all.
Please help and give me some advices.
Thank you in advance!
Sincerely,
Anton Todorov -
Can't log in to Profile Manager or My Devices with Active Directory logins
I have an OSX Lion 10.7.4 Server set up with Profile Manager and it is joined to AD.
I am able to see AD groups in the Profile Manager groups section.
I can also see and add AD users and groups using the server app.
I have enabled the "Can Enable Remote Management" check box for Domain Users through Profile Manager. I have also added Domain Admins to the Workgroup group in the Server app. I'm not sure that I want or need either of these options, but they were suggestions to try.
I am not able to log on to the Profile Manager or My Devices pages with AD logins.
I found these directions about nested groups in Workgroup Manager http://krypted.com/iphone/integrating-mac-os-x-lion-servers-profile-manager-with -active-directory/ but I don't have a com.apple.access_devicemanagement local group or any groups like are shown in the picture.
Any ideas what I'm missing?
Cheers,
IanI found the two pieces I was missing:
1) Install the Lion Server Admin Tools
Launch the Server Admin App
Click on the server name in the left pane
Click on the Access button in the upper part of the window
Click on Profile Manager
Either manually add specific groups to the list or if you're feeling brave choose the "Allow all users and groups" radio button
2) Run the command line steps on this page to change the authentication to plain text to support AD authentication:
http://support.apple.com/kb/HT4837
Voila!
Maybe you are looking for
-
IPod touch 2G does not appear on iTunes or My Computer or Finder
i have an iPod stuck on recovery mode and doesn't get recognized by the iTunes and i can't see it on Finder either but it gets charged ... i tried to use it on a PC windows 7 and the pc doesn't even beep when i connect the usb.... i use the most upda
-
My mom bought me the student version of Flash Pro CS5.5 a few years ago, but I am not taking five classes any more so I don't qualify anymore. Am I still allowed to use it?
-
ITunes 11.1 (Update) - no apology, no keep-informed action - is that normal?
My podcast collection has become unmanageable and Apple just keeps mum? no Hot News RSS with an APOLOGY, no keep informed about progress, plan of remedial action, nothing? All I have been told from the Support side is that they'll be fixing mobile ga
-
Solaris 8 | LDAP Server | ERROR MESSAGES
Hi All, We are using Solaris 8 LDAP server for authentication. When I look into the /var/log/messages file, I am getting the following error messages. Jan 31 17:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh fro
-
What is going on with universal updater?!!!!!!
hey i cant figure this out please anyone, i just got this ipod and im new to it... i was trying to update it because the little folder with a ! mark came up and thats what the troubleshooter said to do.. so i downloaded the universal updater and when