Leopard/AD integration- Managed preferences in OD questions

Similar Messages

• 10.5 Client refuses to authenticate Kerberos or obey managed preferences

  I am sure this has come up time and again, but a search in the forums has not come back with a work around.
  I am running Tiger Server 10.4.11 as an OD master serving up portable accounts in a mixed Tiger and Leopard Client Environment. I just did a Leopard upgrades on two MacBooks that were previously bound to the OD server when running Tiger.
  Upon completing the upgrades I have found two things:
  1) Local and network users working on the laptops are no longer being challenged for a kerberos ticket to authenticate to network shares served up by the 10.4 server
  2) Managed preferences for users as well as the clients are no longer being obeyed by the Leopard upgraded clients.
  Everything works as it should on my Tiger Clients connecting to the server.
  I have flushed the kerberos plists and rebound the Leopard clients to no effect, except to see some managed preferences on the login screen that somehow were honored in the upgrade be rolled back to factory defaults.
  I know that Apple has made a lot of changes in Leopard, but is there any known work around to get Leopard to pull kerberos tickets from the server and obey managed preferences? I am not yet ready to make the upgrade to Leopard server with a stable server environment already in place.
  Seems to me there should be some sort of workaround.
  Help!
  TIA,
  Art
  Message was edited by: MacWay

  Turns out it was a time synch issue. I discovered this without any help from the forums.

• Data Integrity Manager & Synchronize Objects

  Hi there,
  I have 2 questions regading data integrity and synchronization. If any of you can help me out, I would really appreciate it.
  1) Synchronize Objects (R3AS4): Is this only used to sync the customizing objects or can it be used to sync master data objects as well? When I run this transaction, I get the message tat "Synchronization Ware not activated". Do any of you know how to activate this?
  2) Data Integrity Manager: How do I choose betweeen a header level comparison and detail comparison. When I try to run it , nothing seems to happen, and I just get the message "0 objects are equal" and "0 objects are not equal" when I run it. I am just using the DIMA wizard to start the comparison. Do any of you have the "Data Integrity Manager Cookbook"? If so, can you please send ot to me?
  Thanks in advance
  Max

  Hello Max,
  Here are the steps that I just did in my system:
  - transaction SDIMA
  - New DIMa Instance wizard
  - name = customer / object = customer
  - RFC destination = <R/3> / filter mode = All filter / flag to start compare on wizard completion
  - no filter settings
  - complete
  So the compare start as soon as the wizard is finished.
  You can see the status of the job in the right of the screen. (it takes some time for BP). When the status is green, the job is finished.
  Maybe you will have the message "0 objects are equal, 0 objects are not equal" but you should also have just above a message like "421 object(s) exist in both systems".
  I don't think that the fact that you are not sending BP back to R/3 is a problem to use DIMA.
  Hope this will help you.
  Regards,
  Frédéric

• Publish client print queues as managed preferences?

  Hello,
  I followed the documentation from Papercut NG on Mac printing, section Publishing the printer via Workgroup Manager to get the defined print queues for my client machines published as managed preferences.
  I set up the print queues on the server. On the client, I configured the server print queues using the local Administrator account and printed successfully a few test pages. I then logged in with an Open Directory account with admin privileges. I then open Workgroup Manager, select a Computer Group, click Preferences, select Printing. I enable Manage Always, but the list of Available Printers remains empty, contrary to what the screenshot tells me from the referred article.
  Environment:
  + Snow Leopard Server 10.6.1 on a MacMini.
  + Snow Leopard 10.6.1 on a MacPro.
  Am I missing something?
  Ringo

  Hello,
  I followed the documentation from Papercut NG on Mac printing, section Publishing the printer via Workgroup Manager to get the defined print queues for my client machines published as managed preferences.
  I set up the print queues on the server. On the client, I configured the server print queues using the local Administrator account and printed successfully a few test pages. I then logged in with an Open Directory account with admin privileges. I then open Workgroup Manager, select a Computer Group, click Preferences, select Printing. I enable Manage Always, but the list of Available Printers remains empty, contrary to what the screenshot tells me from the referred article.
  Environment:
  + Snow Leopard Server 10.6.1 on a MacMini.
  + Snow Leopard 10.6.1 on a MacPro.
  Am I missing something?
  Ringo

• Troubleshooting Managed Preferences

  I've been playing around with managed preferences on my test server. I've set up things like managed printing and preferences for the mouse and iChat.
  This all works like a charm on my test server, however it doesn't on my production server. So I'm pretty sure the setting on my test server are correct, I'm just not curtain about interfering factors.
  Now I've been looking around a lot and what I cannot find is a document about the inner workings of managed preferences. I know it's nothing more than a bunch of plist files that get pushed to the clients, but for some reason there is more magic at work in the background.
  So if anyone has some information or documentation about how managed preferences work. What kind of check are used to make sure the settings need to be applied (I read something about the MAC address in inspector for instance)? So if anybody some useful information regarding this subject I would be grateful.

  No, I'm sorry mate, but I never had one of my questions answered here. When I do make some progress you can count on it I will post it here.

• Time machine sharepoint and managed preferences

  I have added a share point as a time machine backup destination, and it shows up with Bonjour users. But I am setting up some machines with managed preferences, and I add the time machine volume in the time machine managed preferences pane, and supply the whole network path (afp://server.com/TimeMachine).
  The settings are added to the managed machine, but it can't mount the backup destination. Gives me error "The backup disk is not available".
  This error doesn't show when the disk is manually chosen in Time Machine preferences on non-managed computers.
  Any ideas?

  it sounds like you are using an OS X server. I suggest you post in the Snow leopard server forum
  http://discussions.apple.com/category.jspa?categoryID=264
  and please fill in your profile to indicate what hardware and software you are running.

• Managed Preferences for network proxy overides location

  Hi
  We set the network proxy via network preferences. Unfortunately the settings seem to overrides the location. When a user takes a laptop home it will still attempt to use the proxy even though the "Home" location that we setup in the network does not have a proxy set.
  Is this the normal behavior?
  Tim

  timlegge wrote:
  Hi
  We set the network proxy via network preferences. Unfortunately the settings seem to overrides the location. When a user takes a laptop home it will still attempt to use the proxy even though the "Home" location that we setup in the network does not have a proxy set.
  Is this the normal behavior?
  Tim
  I had a quick look at the Managed Preferences options for proxies in Workgroup Manager under Snow Leopard Server.
  It does not show any reference to locations in this, so my guess is that when you use this option it will either apply to the currently active location on a client, or it will apply to all locations defined on the client. Neither possibility would be desirable for you.
  If you have not already, you could try using the "Auto Proxy Discovery" option, which was introduced with Snow Leopard (and is not available in earlier versions). This is not the same thing as "Automatic Proxy Configuration".
  I have not seen any official documentation from Apple, but my guess is that "Auto Proxy Discovery" may use WPAD (Web Proxy Auto Discovery) and if so is suitable for your needs and would answer a feature request I sent to Apple in the past. Your client computers would use either DHCP or the local DNS to 'find' the proxy server. When out of the office they would not get this information or would get someone else's different proxy server and hence still be able to use the Internet.
  Note: If "Auto Proxy Discovery" does use WPAD, then you will need to set up your DHCP and/or DNS servers appropriately. You will also still need a webserver to serve up the PAC file. WPAD uses DHCP option code 252, and thanks again to one of my previous feature requests, Apple's DHCP server does allow you to add extra DHCP option codes. (This has to be done by manually editing /etc/bootpd.plist)

• Managed Preferences Issues

  I'm working with a lab of old eMacs with 10.4.11 installed. They say their local Student accounts are currently managed by the Mac OS X Workgroup Manager application. I've checked our OS X servers, though, and they don't appear to be listed anywhere in their Workgroup Managers.
  This wouldn't be a problem, except some of the computers are refusing to let me override the management settings. System Preferences just freezes up whenever I try to change them. Even if I disconnect them from the network, they still give the same error & freezes. On top of that, the few computers I've managed to override the managed preferences might be having their managed preferences changed by... something.
  I have 2 questions:
  1. How can I learn where an account's Managed Preferences are coming from?
  2. How do I unlock/remove trouble Managed Preferences?

  Hello Jeff
  Simply as a reminder but In 10.4 and earlier that particular application was known as Directory Access. Perhaps OP does not realise this and is looking for something else?
  I could be wrong but it seems to me OP is saying WorkGroup Manager is installed locally on each of the affected client workstations. In which case this will be locally applied MCX using the appropriate tools in WGM. This is something that's perfectly feasible and possible. I do it all the time in smaller (less than 10) OD environments when there's no need/budget for OSX Server.
  If this is indeed the case then launch WorkGroup Manager on each workstation, dismiss the initial connection window - click Cancel - click on the Server Menu and select View Directories. You should then be looking at the local node with users listed. Authenticate as the local administrator and inspect what MCX has been applied to each local user. It's been a while but I'm not sure if you could apply MCX to local groups using this method? Depending on how this was set up you'd probably have to do this for each local account on each workstation in turn?
  Additionally cached information for MCX may either be in/Library/Managed Preferences as well as the NetInfo Database. The NetInfo Utility can be found /Application/Utilities - the same place where you'll find Directory Access. Authenticate using the local admin and select the config container and delete anything to do with mcx that's listed. Alternatively you could use the command line utility "nicl" - similar to "dscl" - to achieve the same result. Restart afterwards into safe mode and on login empty the trash and restart again. You'd have to do this for each workstation in turn. If you have ARD available you could use this instead if you want to save yourself some leg-work?
  Hopefully this will get things back on track?
  Tony

• Managed Preferences (Allowed Apps) Are Not working?

  I am having a problem with a Computer List managed preferences not working..I am selecting Always manage, allow only these apps and the clients do not read all the permissions properly. IE: Allow Firefox and log in and it will not allow Firefox. It's hit or miss. Safari works when told to allow, other apps also work. It just seems that some apps do not listen to the management. If I go back to WGM, Turn off Always, log back in on the client, and Firefox and everything else works. Server 10.5.4, Client 10.5.4
  BTW, Where is the Managed Clients sub catagory in the Leopard Server Discussions?
  Thanks for the help!

  We are using Computer Groups as we have found it to be far easier to manage machines instead of users. As far as apps go, we don't use the "Applications pane" we use the "Folders" pane and approve them that way. The documentation states that this is designed for both an application bundle or Application folders. It works in that if there is any Daemons withing the bundle or folder, it also approves these all in one shot.

• Managed Preferences (Allowed Apps) Are Not working? -Repost

  Repost from Advanced Topics:
  I am having a problem with a Computer List managed preferences not working..I am selecting Always manage, allow only these apps and the clients do not read all the permissions properly. IE: Allow Firefox and log in and it will not allow Firefox. It's hit or miss. Safari works when told to allow, other apps also work. It just seems that some apps do not listen to the management. If I go back to WGM, Turn off Always, log back in on the client, and Firefox and everything else works. Server 10.5.4, Client 10.5.4
  BTW, Where is the Managed Clients sub catagory in the Leopard Server Discussions?
  Thanks for the help!

  I ended up calling Apple about this one...Treat Applications as Folders when adding them as approved applications.

• Bad managed preferences that won't go away

  On one client machine, a deleted /Library/Managed Preferences/ folder keeps coming back, with incorrect user preferences, although:
  - I have unbound, rebound and unbound the machine from the server;
  - The machine is currently unbound;
  - I have repeatedly deleted the /Library/Managed Preferences/ folder
  - I have deleted every mxc or managed plist from the user's preferences folder
  - I have deleted the ~/Library/Preferences/com.apple.mcx.manifests/ folder
  What am I missing?
  SL server and client.

  It sounds like you have some managed preferences setup in Workgroup manager. Are you using a network user account?
  Remember managed preferences can be defined by user, user group, computer or computer group.
  The best way to check your preferences is to look at all those options that apply to the user and / or computer you are having problems with. Open workgroup manager and select the user, group, computer or computer group and then click on "Preferences" up the top. If there are any preferences that have been defined for that record then it should be indicated by an icon that looks like the mouse cursor with a greyish circle in the background. Clear any unwanted preferences and try again.
  The ~/Library/Managed Preferences/ folder will regenerate itself when you login. This is why deleting this doesn't do anything.
  If this doesn't solve your problem, can you please be more specific about what preferences that you are having problems with. What is or isn't happening that you do or don't want to happen?
  Hope that helps.

• Unable to see Desktop Integration Manager Responsibility in 12.0.6

  Hello All,
  I cannot see the BNE Destop integration Manager Responsibility in Oracle EBD Suite 12.0.6
  Please help me, how to add this responsibility in R12.0.6.
  Thanks
  Regards
  Sagb

  Hi;
  Please check below which could be helpful on your issue:
  How To Access Define Parameter Using Desktop Integration Manager [ID 1325820.1]
  NOTE:1363280.1 - GL Budget and GL Journal and FA Addition Integrators Error in Desktop Integration Manager
  Regard
  Helios

• Creating LOVs with "Desktop Integration Manager" in EBS 12.1.x

  After some struggling getting the "Desktop Integration Manager" to work (due to some obscure hard-coded security checks) I was able to create an Upload Integrator. The next step is now to add some LOVs on the upload spreadsheet.
  I managed to create a Gender Popup LOV using a table (e.g. FND_LOOKUP_VALUES). Here is how to do that:
  Desktop Integration Manager => Manage Components
  Navigate to your attribute (your interface column) and click Update. Enter the following:
  Val Type      = Table
  Id          = LOOKUP_CODE
  Meaning     = MEANING
  Desc          = DESCRIPTION
  Val. Entity     = FND_LOOKUP_VALUES
  Where clause     = lookup_type = 'IGW_SUBJECT_TYPE' and enabled_flag = 'Y' and meaning <> 'Unknown or not reported' and sysdate between start_date_active and nvl(end_date_active, hr_general.end_of_time)
  Lov Type      = Pop List
  Type your custom Header in the ‘Prompt above’ field if required.
  So far so good. However, I am not able to create a simple date picker or a Java validation. Somehow you need to create (or choose) a ‘Component’ with the ‘Manage Components’ function. But exactly how do you set the Component & Attribute up to make this work? For the date picker I chose:
  Validation Type = Java
  Component Name = Date Picker for From Date
  LOV Type = Blank
  I get a Popup Date Picker in my sheet now, however when I select a date is does not return it to the spreadsheet.
  Can someone provide some screenshots how to create a date picker and/or a Java validation using seeded or custom Components?
  I have read the documentation in the Desktop Integration Framework Developer's Guide Release 12.1 (December 2009) but that didn’t get me much further as there are no examples at all.
  Thx
  Jeroen

  Hi, with 'hard coded security check' I meant that some parts of the "Desktop Integration Manager" only work if you have responsibility "Application Developer" attached to your User.
  You can change a 'seeded' integrator with:
  update BNE_INTEGRATORS_B
  set
  created_by = <your user id>
  ,last_updated_by = <your user id>
  ,display_flag = 'Y'
  ,source = 'C'
  where integrator_code = <your code>
  ;

• "Application not supported" but only in Managed Preferences

  Using  Server 10.9.1  and OSX 10.9.1.
  If I open the client computer locally and go to Applications, I can launch the application.
  However if I log in as a networked user with managed preferences, the application is greyed out and I get the "You can't open the application because it is not supported on this type of Mac".
  there are no other copies of the aplication on the server.  I have

  Posting got cut off.. sorry.
  There is only one copy of the application on both the Server and the Client.
  Any ideas?
  Thanks
  Mitch

• Manage integrators with "Desktop Integration Manager"

  Hi,
  I am trying to get to the Desktop Integration Manager menu as described in the Desktop Integration Framework Developer's Guide Release 12.1 (on page 17 / 2-1):
  To manage integrators:
  1. Navigate to the Integrators page from the Oracle E-Business Suite Navigator by
  choosing either Desktop Integration Manager: Manage Integrators or a custom
  responsibility and menu path specified by your system administrator.
  However "Desktop Integration Manager" is not a responsibility I can find in our 12.1.2 environment.
  Does anyone has a clue where to find it?
  thx
  Jeroen

  Hi,
  Please make sure you have (Patch 9055234 - DIF: NEW RESPONSIBILITY AND FUNCTION FOR DESKTOP INTEGRATION MANAGER) applied.
  Please see these docs for details (search for the patch number).
  List of Patches in Web Applications Desktop Integrator (Web ADI) for Releases 11i and 12 [ID 726989.1]
  Oracle Web Applications Desktop Integrator Release Notes, Release 12.1.2 [ID 950876.1]
  Thanks,
  Hussein