Ivman doesn't respect user/group at boot

In IvmConfigBase.xml, I have specified a user/group pair. These credentials are used to mount media once the system has booted, but (when using checkOnInit) media which is already inserted or plugged in at boot time does not inherit this configuration (root user and root group are used to mount the media).
I am also seeing some dbus errors at boot time, but AFAIK this is unrelated and has been discussed elsewhere on this forum....

I looked into this a bit further. Apparently, the dbus-related error messages have been taken care of by the latest dbus update. Also, although hal was mounting my removable devices at boot time, it appears that even after having disabled this behaviour, ivman cannot mount them as the user and group set in IvmConfigBase.xml (user ivman and group plugdev). I think ivman switches credentials when it forks to the background, which is too late, the code triggered by setting the checkOnInit option to true being run before... please correct me if I'm wrong.

Similar Messages

Migration Assistant doesn't respect User Templates

Hi everyone,
I work doing Information Technology support for a small (of about 30-40 people) communications department. We just ordered about 9 computers, and they all came with Lion.
Some people that I work with are very change-phobic, and I've created a default user template that respects what they've been doing for a long time and includes what I need to do my job. The main things I've changed include reversing the natural scroll direction (I know, I know, I like it myself, but like I said, some people I work with are incredibly change-phobic) remote login settings, showing the Library folder, and including default login software (such as new backup software we've decided to deploy at the same time as new computer deployments).
I've found that creating new users on the system respects the user template:
(found at /System/Library/User\ Template/English.lproj/Library/Preferences/).
But when I migrate users (either choosing to migrate settings, or not migrate settings), it doesn't matter, as the OS defaults back to not including the new login software and reverting scroll direction.
I can't hold off much longer in deploying these computers, but I know that I'll immediatly get a lot of requests about how to put settings back to the way they were.
Is there a way to have Migration Assistant respect the default user template (when not migrating settings)?
Best,
Allen

Hi John,
While your link was certainly informative, it isn't really addressing my problem, though I appreciate your response.
I don't know if this may interest you, but you can force the Setup Assistant to run without reinstalling Lion. Just boot into single user mode (command+s), then remove this file:
rm /var/db/.AppleSetupDone
You see, your mac, upon every boot, checks to see if that file is present. Its not really even a file that holds any information (its just a file named .AppleSetupDone). If the file is not present, your computer will run the "first-run wizard," or Setup Assistant.
It's also a trick you can use if you don't have an administrative account on a computer.
Anyway, I'm still hoping I can get answers about why migration assistant refuses to respect the defaults I've set at:
/System/Library/User\ Template/English.lproj/Library/Preferences/
Best, and thanks again,
Allen

I have a Mac Pro using Lion, with a SSD for system. Restored drive from backup. Now logon password doesn't work. Account password still works. Changing password in user group preferences no longer works to change logon password.

I have a Mac Pro using Lion, with SSD for system drive. Drive stopped booting, but otherwise appeared healthy. Restored from system backup. Now drive seems to work properly, BUT my logon password no longer works. Password OK for account; can access system preferences, and change user password there BUT logon still refuses to accept password. No luck changing password for that account after adding new administrator account and logging on from that account. Suggestions? Thanks.

If you redirect Accounts to another location (not on the Boot Drive) you need to direct them back there again after a restore.
SystemPreferences > Accounts/User&Groups > ...
... Unlock the lock, then hold down Control as you click on an Account to get access to the Advanced Options pane.

HT4798 I have forgotten my password for mountain os. I have followed the instructions about going to "User group" and enetering my apple ID. It doesn't work. Can anyone help me? Thank you.

I have forgotten my password for mountain os. I have followed the instructions about going to "User group" and enetering my apple ID. It doesn't work. Can anyone help me? Thank you.

Welcome to the Apple Support Communities
https://discussions.apple.com/docs/DOC-4101

WLS 8.1.5 console doesn't show ActiveDirectory (or custom) Users/Groups

We currently have numerous apps running on a weblogic 8.1.4 portal domain. I am attempting to replicate this domain on 8.1.5. There are four authenticators on our old domain: a DefaultAuthenticator, an ActiveDirectoryAuthenticator, and two Custom Authenticators (based on the sample database authenticator), with JAAS flags set to OPTIONAL for all. Everything was working properly under sp4, including user/group/membership listings in console and authentication. Under sp5, while simple authentication seems to work with all providers, the user/group/membership listings in weblogic console have bad HTML (empty rows under any default authenticator users/groups). The active directory settings were migrated wholesale and I verified that authentication works against this provider. Just no usernames or groupnames. I tested with just ActiveDirectory and DefaultAuthenticator, DefaultIdentityAsserter.

I was able to debug a bit more using our custom authenticators. I have verified that the user and group lists are being requested and returned properly when you click on Manage Users or Manage Groups in weblogic 8.1.5 console. It just seems like somewhere in the console there is a problem and the HTML output is garbled. Here is a sample of my debug text, the method names and classes should be immediately familiar from the sample authenticator:

getUserLoginNamesMatching(*,50) 
loginNames=[BF, DAD, NA, OTN, P1Adm1, P1User1, P2Adm1, P2User1, S, ab, admtest, gw, jb, joeschmo, kw, mf, mh, pa, rn, rt, super, test1, wf] 
Success: listUsers(userNameWildcard = *, maximumToReturn = 2147483647) = Cursor0 
Success: haveCurrent(Cursor = Cursor0) = true 
Success: getCurrentName(Cursor = Cursor0) = BF 
Success: advance(Cursor = Cursor0) 
Success: haveCurrent(Cursor = Cursor0) = true 
Success: getCurrentName(Cursor = Cursor0) = DAD 
Success: advance(Cursor = Cursor0) 
Success: close(Cursor = Cursor0) 
getExistingUser(BF) 
user=new UserEntry( BF, BF , BF, [PDA, ADM], com.otn.mobilelynx2.security.providers.authentication.UserGroupDatabase@7f5e61 ) 
Success: getUserDescription(user = BF) = BF 
getExistingUser(DAD) 
Success: haveCurrent(Cursor = Cursor0) = false 
Success: close(Cursor = Cursor0) 
getExistingUser(BF) 
user=new UserEntry( BF, BF , BF, [PDA, ADM], com.otn.mobilelynx2.security.providers.authentication.UserGroupDatabase@7f5e61 ) 
Success: getUserDescription(user = BF) = BF 
getExistingUser(DAD) 
user=new UserEntry( DAD, Dummy Alcanto Demoer, LYNX, [PDA], com.otn.mobilelynx2.security.providers.authentication.UserGroupDatabase@7f5e61 ) 
Success: getUserDescription(user = DAD) = Dummy Alcanto Demoer 
getExistingUser(NA) 
user=new UserEntry( NA, Nancy Aarons, 1234, [PDA, ADM], com.otn.mobilelynx2.security.providers.authentication.UserGroupDatabase@7f5e61 ) 
Success: getUserDescription(user = NA) = Nancy Aarons 
---- weblogic console output sp4, Manage Users ----
User Description Provider 
portaladmin Admin for portal domain DefaultAuthenticator 
weblogic This user is the default administrator. DefaultAuthenticator 
yahooadmin Admin for yahoo content DefaultAuthenticator 
john John Smith DefaultAuthenticator 
qamean ActiveDirectoryAuthenticator 
qamin ActiveDirectoryAuthenticator 
---- weblogic console output sp5, Manage Users ----
User Description Provider 
portaladmin Admin for portal domain DefaultAuthenticator
weblogic This user is the default administrator. DefaultAuthenticator 
yahooadmin Admin for yahoo content DefaultAuthenticator 
--- html for above (with weird empty rows) ---
<FORM NAME=FilterUsers METHOD=POST ACTION=>Filter By:Â <INPUT TYPE=text NAME=filter SIZE=10>Â <INPUT CLASS='buttons' TYPE=submit VALUE=Filter></FORM>Displayed 68 of 357 Total, use filter to narrow your search results.<table border='1' cellpadding='4' cellspacing='0' height='20'><tr bgcolor='#b8cece'><th>User</th><th>Description</th><th>Provider</th><th>Â </th></tr><tr bgcolor='#FFFFFF'><td>portaladmin</td><td>Admin for portal domain</td><td>DefaultAuthenticator</td><td><img border='0' src='http://localhost:7001/console/images/delete.gif' title='Delete'/></td></tr><tr bgcolor='#FFFFFF'><td>weblogic</td><td>This user is the default administrator.</td><td>DefaultAuthenticator</td><td><img border='0' src='http://localhost:7001/console/images/delete.gif' title='Delete'/></td></tr><tr bgcolor='#FFFFFF'><td>yahooadmin</td><td>Admin for yahoo content</td><td>DefaultAuthenticator</td><td><img border='0' src='http://localhost:7001/console/images/delete.gif' title='Delete'/></td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr></table>
Message was edited by:
srhutch444

i have reinstalled solaris and the problem continues.
Under Solaris Management Console groups and users doesn't run ok. Editing an user i can't see groups and editing groups i can't see its users...very very extrange.
A bug?
I don't know what is happening :(

Can I get the members of Domain Users group (AD specific) with JNDI?

Hi All,
I've found these forums very helpful and full of great information, I've been able to retrieve all members of groups that I search for (from the information on this forum), and get the member's attributes such as email addresses through that.
The question I have is, is there a way to query the Domain Users group, since it's a special group in Active Directory, and retrieve the members of it? So far I have been unsuccessful. Here's a query I found that works on .Net:
(|(&({ClassFilter})(memberOf={GroupDistinguishedName}))(distinguishedName={G
roupDistinguishedName}))
I haven't been able to get it to work with JNDI however. Can anyone point me in the right direction?
thanks,
Matt

It's not so much that the Domain Users is a special group, it's more that because by default, all users have their Primary Group set to Domain Users, that it appears to behave differently.
So the query that you're trying to execute via JNDI, would be something like:String searchFilter = "(&(objectClass=user)(memberOf=CN=Domain Users,CN=Users,DC=Antipodes,DC=Com))";And of course if everything has been left to defaults, it doesn't return any results.
Similarly if you look at the member attribute of Domain Users, it will be empty.
Assuming the defaults, and every user's Primary Group is set to Domain Users, the following query would return all the user's whose primary group is Domain Users:String searchFilter = "(&(objectClass=user)(PrimaryGroupID=513))";Note that 513 is the Relative ID (RID) for Domain Users.
Now if you set a user's Primary Group to be something other than Domain Users, then the Domain Users group would now have a value
for it's member attribute and conversely the respective user would now have Domain Users as one of the values of their memberOf attribute.
So then your query would be something like:
String searchFilter = "(&(objectClass=User)(|(memberOf=CN=Domain Users,CN=Users,DC=Antipodes,DC=Com)(PrimaryGroupID=513))){code}
I guess the fundamental question, is why do you need to determine whuch users are members of Domain Users ?
If this is for usie in an application, where the user has authenticated and you are using group membership to make authorisation decisions, perhaps the constructed tokenGroups attribute may be more useful as it contains the Security Identifiers (SID) for all the groups the user is a member of ?

Welcome to the new Oracle User Group Community

Welcome to the new Oracle User Group Community. Whether you landed here via the redirect from the previous community site - IOUC.org - or navigated here directly, welcome. This new platform brings new community features to enhance the way you connect with user group peers and with Oracle, as well as make it easier for you to find information through a more intuitive interface. We invite you to provide your feedback on the new site. Log in using your OTN Forum credentials and join the discussion here. If you do not yet have OTN Forum log in credentials, navigate to http://community.oracle.com/community, click on the "Register" link in the upper right corner of the page and create your account.
We look forward to hearing from you.

Hi Kashif,
Glad you like the new Community. Communication among user group leaders works a little differently on this site than on the previous site. Rather than having communication focus around e-mail distribution lists, communication now is focused within the site itself. The intent is that this will provide users the one place to come for information, rather than having to sort through lots of e-mail threads. That doesn't mean that e-mail is completely out of the picture though. Users can opt-in to receive e-mail notifications when an individual piece of content is changed, or when content is posted to a space. Look for the "Receive email notifications" link under "Actions" to start receiving notices. To stop receiving notices, go back to the same content/space and click "Stop email notifications".
Your Relationship Manager will be talking with you and the other leaders in your region over the next few days and weeks regarding how you and your group of leaders want to communicate.
Best regards,
Oracle User Group Team

OIM 9.1.0.2 - User group permission

Hi experts,
IHAC that need to configure some user groups in order to perform just specifics activities. We have configured the user groups but with no sucess.
1) Group that should see/track all the opened requests.
Given all request permission. (The requests don´t appear)
2) Group that should disable Resource from user thru User Detail -> Resource Profile.
Given all resource objects permission. (Error message: No permission)
3) Group that create/manage Attestation.
Given all attestation permission. (The attestation is created, but it doesn´t appear to delegated user)
Any tip on how to set the correct permission?
Brgs,

Hi,
I was looking for the same questions! One of them I could make it to work...
About quetion #3, some steps:
1. Create a group with name, lets say: AttestationManagers
2. Give the following permissions:
Attestation Requests
Attestation Process Tasks
Attestation Data
Attestation Process Definitions
Attestation Process Administrator
3. Make the users responsable of attestation process part of group: AttestationManagers
4. Create an attestation process and in the last field: Process Owner, put AttestationManagers
5. Click: "Run Now"
6. This attestation should appear to the user responsable of it.
You can find an explanation about the attestation process in the following link: http://download.oracle.com/docs/cd/E14049_01/doc.9101/e14057/attestation.htm#insertedID1 and about the Process Owner, the point 15.1.1 in the above link.
I hope it helps!
Regards.

Problems with user group

Hi, i created a new user group with some administrative rights:
Access Administration
Advanced Document Submission
Create Communities
Create Community Infrastructure
Create Folders
Create Portlets
Edit Own Profile
Then, i created a user and added to this group.
When i login with the user i created, the Administration Tab doesn't appear.
Somebody can help me please.
IT'S URGENT !!!!
Thanks

I thought access administration was all that was required. Did you get it resolved. Usually these things clear themselves up with time.

Report links by user group

hi, is it possible to set the "report links" per user group
for example, the report links are Download, Refresh for user group Sales.
the report links are Download, Refresh and Modify for user group Sales Admin.
Just wanna know whether this can be done.
thanks!

If "Sales" doesn't have the Answers privilege, then the "Modfiy" link won't be rendered even if specified for the request. So you can just keep it in and all users having access to Answers will see it. Read-only users (i.e. no Answers) won't.
Cheers,
C.

SAP Query, user groups, revoking 'change' rights

Hi,
I have a problem regarding SAP Queries and revoking the change rights. This is what I have done:
1. Created the new user group in SQ03
2. Created the new InfoSet (SQ02), assigned it to the above UG (SQ03)
3. Created the new user, assigned it to the UG in SQ03 and removed the Change checkbox (revoke change rights)
4. Logged on as the new user
5. Started SQ01, switched user group to the new one
6. Created the new SAP query based on the new InfoSet, run the query
As I understand the principles of user groups and queries, I wasn't supposed to be allowed to do the step 6 as the new user, as it was revoked the change rights. Why wasn't I stopped?
I searched for reply in previous posts - everybody agrees on principles, but I didn't find explanation on why it doesn't work.
Thanks in advance!
KR,
Igor

The table AQGDBBN seems to display a mapping of User Group with use rindeed but the results are less than the actual assignment. And the mapping does not have the Z query usergroups that have users assigned in SQ03.
Anything that I may be missing?
Thanks,
Kashif

Is there a way in 10.8 Profile Manager to assign certain users the sole right of adding/removing users to user groups?

Hello,
I want to assign certain network users the ability to login via browser to the profile manager for 10.8.x server and add/remove other users from user groups. Think teachers managing their class rosters, if the class was a group and the users their students. I do not want any other admin funtionality beyond that for them.
Suggestions?

Well thank you for being so polite. Yes, on looking on my 10.8 server, I have the same thing. How annoying. I have no idea how to answer your question. If the management abilities are no longer in Workgroup Manager then there's a change that the server doesn't pay any attention to the settings, so manually changing settings in LDAP won't have any effect either.
At least I can verify that it's not just you who gets that result. I wonder what happened and how we're meant to do this now.

Built-In Users-group is suddenly gone on folder security tab.

Dear forum-members,
I have got a problem with folder-permissions (acl) on a Windows 2003 Server with Terminal Services (Citrix).
The application "Sybase" is installed on the D-drive (disk). A thrid party application needs Sybase to communicate through the sql.ini with the database. All terminal server users needs read permissions on the Sybase install directory to
use the sql.ini.
Normally every new folder on a server has the Builtin Administrators-group and System account "Full-Control" permissions and the Builtin Users-group had "Read en List" permissions. Now on the Sybase folder only the Builtin Administrators-group
en System account are at the security tab, but
not the Builtin Users-group.
When I manually set the Builtin Users-group with read permissions it okay, but after a while the Builtin Users-group is gone/deleted/removed. There is no signal that a person, proces or action removes the permissions for the Builtin Users-group. I set
Auditing on the folder, but with no result. I know for sure there is no GPO (Group Policy) that removes this group.
For now I have a dirty solution to run a scheduled task every 10 minutes that run xcalcs to set the permissions. A tried a GPO to set the permissions, after a reboot the group policy doesn't apply (only after a gpupdate /force).
Does some one of you has another proper/nice solution to force the read permissions on the Sybase folder for the Builtin Users-group?
Thanks in advance.
Greetings, Sidney

Hi Shaon,
Thank you for your reply.
The 'third party app' is APP-V sequenced and not in production yet, so only some test users are using the app.
I did a test today to use Domain Users instead of Builtin Users, but the same problem. After a reboot only the Builtin Administrators and SYSTEM has permission on the Sybase installation folder and Domain Users (& Builtin Users) were automatically
removed again.
We have 6 terminal (citrix) servers and all of them has the same problem, so it's not server related.
Could it be an issue with the way how Sybase is packaged (it's a silence install through our deployment application)?
Before I do the next test: Will it help to force the rights (replace permissons) from the upper folder to the sub-folder(s)? (force the inheritance)
Greetings, Sidney

How to set user/group in BIEE11G by the information stored in DB

Hi everyone,
I'm using OBIEE11.1.1.6,
I'd like to ask are there any way to achive this requirment:
I have stored user/group information in DB,the format as follow:
ID USER GROUP
1 A G1
2 B G2
so can we obtain the information from DB,then we set these information into BIEE security?
i.e we can access BIEE by the USER stored in DB. and the GROUP can be used in BIEE security.
thank you in advance!

Hi,
I am able to open the below link.
http://www.varanasisaichand.com/2011/09/external-table-authenticationorder-of.html
Follow the steps:
Order of Authentication:
The Oracle BI Server populates session variables using the initialization blocks in the desired order that are specified by the dependency rules defined in the initialization blocks.
If the server finds the session variable USER, it performs authentication against an LDAP server or an external database table, depending on the configuration of the initialization block with which the USER variable is associated.
Authentication against the identity store configured in Oracle WebLogic Server Administration Console occurs first, and if that fails, then initialization block authentication occurs.
If you configure your external table authentication as in OBIEE 10g when the session variable USER is associated to the initialization block and LDAP server fails to get the respective user then the user's will authenticate(Identify store) over database(table).
Dont forgot to create Catalog group as we do normally in 10g
In 11g Analytics - Administration- Security - Manage Catalog groups -- (+) to add new groups and set permissions to the catalog folders w.r.t groups/users.
Please refer this link you will get more information
http://www.orastudy.com/oradoc/selfstu/fusion/bi.1111/e10543/legacy.htm
Award points it is useful.
Thanks,
satya
Edited by: Satya Ranki Reddy on May 3, 2012 12:53 PM

System Prefs Users&Groups crash on unlock

Hi there, my Mac pro 2,1 running 10.7.5 has a few issues. One of them is that the System prefs Users&Groups crashes on unlocking the padlock. After I entered the password (I'm the admin) System Prefs crash. I have no problems accessing the other system prefs and unlocking them. Any ideas on how to fix this? Thanks!

Wow! Solved it. Still not sure what caused it but reading upon other threads I did a test changing the user icon and booted in safe mode. No problems in safe mode and after booting in normal mode I could unlock Users&Groups again. It also solved an issue where the Dock would crash upon contextual menu and iTunes that would crash on launch but would work after relaunch. I've had this iTunes problem for months, even after upgrading to iTunes 11.

Ivman doesn't respect user/group at boot

Similar Messages

Maybe you are looking for