Limit directory access in GWEB server

Similar Messages

• Can't login to local NON-admin accounts-Directory Access set to server

  I have a strange problem on a set of laptops that I cannot resolve and am hoping someone can help me.
  Here is the issue:
  I have a set of building laptops (PowerPC, OSX.4.11) that seemingly will not "search locally" in the authentication process. The logins seem to work fine for NETWORK logins to our Open Directory Master xserve, but these machines will not login to any LOCAL non-admin accounts. The local root and local admin account logins do, however, work fine. ?? The remainder of the building computers (Intel iMacs OSX.4.11) appear to have the exact same settings and login fine both locally and via the network home directories.
  I have tried the following:
  Deleted DirectoryService preferences folder (MacintoshHD-->Library-->Preferences->DirectoryService)
  Deleted the mcx cache in Directory Access
  Tried adding a new non-admin user to test (still will not login)
  Removed and re-created LDAP configuration (all set to custom)
  Tried setting the LDAP to the automatic settings ("Add DHCP-supplied LDAP servers to automatic search policies")
  Disabled all network connectivity (turned off Airport and disconnected the ethernet cable), still cannot login to local accounts
  Tried to bind in LDAP configuration (when I did bind the machine, it would no longer authenticate to the network authentication server, so I did an "unbind" and restarted and it went back to performing the network logins, but still will not login to local non-admin accounts).
  Reset passwords in System Prefs and also re-typed them in NetInfo Manager
  Deleted login keychains
  Deleted mcx.plist
  Reinstalled the OS from disk and local logins worked TEMPORARILY--UNTIL I set the LDAP directory access to authenticate to our server (which I also need for the network logins to work),then, the issue started again.
  *Same results with both ethernet and wireless connectivity enabled.
  *Note: I also manage these local accounts via WGM (installed on the local machine) and even tried disabling that and still no luck.
  Please help...I have spent hours and hours trying to find a solution and nothing seems to work! What am I missing??

  Mostly just a bump...
  How about that .local extension, or trailing / ?

• How can we access the file/directory system in the server

  Hi friends,
  I have made a text editor attached with an audio player for my project.
  Both text editor and audio player are implemented in applet and put in to a
  jsp page using jsp:plugin. Text editor and player are separate applets running
  in the same page and from same server.A client who is using this editor may
  want to save the edited text files to the server as well as hear audio files from
  directories in the server.
  My question is how can we access the file/directory system in the server
  like we do in the local machine.When the user cliks save or openfromserver button
  in the editor, folder/files in the server must be displayed as we do with FileChooser.
  I am using Apache Tomcat 5,wiindows 2000 server, jdk1.5.
  manu

  You can't access it directly. But your applet can make net connections to the server, and the server can provide that kind of functionality. Generally this is easiest by making HTTP connections and having the server provide the functionality via the web server. (So in your case, JSPs or servlets on the server would list/deliver/create/modify/delete files, and the applets would invoke those JSPs and servlets.

• Asa 5505, the outside cant access to a server in the inside

  hi, i have an Asa 5505, a pc in the outside with the ip 10.1.1.6 cant access to a server in the inside 192.168.1.4, pls help...
  this is my conf:
  ASA Version 8.0(4)
  hostname ciscoasa
  domain-name default.domain.invalid
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
  nameif inside
  security-level 0
  ip address 192.168.1.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 10.1.1.2 255.255.255.0
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  boot system disk0:/asa804-k8.bin
  ftp mode passive
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  access-list 100 extended permit tcp any host 10.1.1.3 eq www
  pager lines 24
  logging enable
  logging asdm debugging
  mtu inside 1500
  <--- More --->
  mtu outside 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-613.bin
  no asdm history enable
  arp timeout 14400
  nat-control
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) 10.1.1.3 192.168.1.4 netmask 255.255.255.255
  access-group 100 in interface outside
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  <--- More --->
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 192.168.1.2-192.168.1.254 inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
  message-length maximum 512
  policy-map global_policy
  class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  <--- More --->
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:14e7b74fabc386613ae646b915f60e9e
  : end
  ciscoasa#

  Andres
  The security level for your inside interface should be 100 ie.
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  After changing that can you
  1) ping the outside interface of the ASA from the pc or ping the PC from the ASA
  2) I'm assuming you are trying to connect to 10.1.1.3 when you attempt the connection ?
  Jon

• Open Directory access from outside of network / internet

  Hello all,
  Got a question I'd love to get some help on, I have some users who are outside of my network and I'd like them to connect into the open directory on our leopard server so they can use the Shared iCal calendars, addresses, etc.
  So my questions are A) Is it possible to connect in from outside the network and get access to the directory without having to have a seperate user account and use our VPN every time you want to connect? - if not is this the only way to do it (would you have to connect via the Mac VPN and then connect to the directory?)
  B) is it possible to do this "seamlessly" so that you don't have to change any settings, login details each time you switch between your local user from outside the network and your directory access. (so basically if you are in iCal if you have internet access it will connect you to the directory, without you doing anything extra?)
  Hope that makes sense, I can't seem to find the answers I need in the manuals, if I knew how this was meant to work I could probably have a fair go at figuring out how to actually do it (firewall changes etc)
  Thanks in advance for the help
  Martin

  So my questions are A) Is it possible to connect in from outside the network and get access to the directory without having to have a seperate user account and use our VPN every time you want to connect? - if not is this the only way to do it (would you have to connect via the Mac VPN and then connect to the directory?)
  If your OD server is visible from the internet -- i.e., it has a public address -- then you can do this without the VPN. However, it's not advisable to have a server exposed in that fashion.
  You would be better off doing this through the VPN:
  - Remote user connects to internet at hotel, for example.
  - Remote user initiates VPN connection.
  - Remote user now has access to iCal server and directory information.
  Explain to the users that this information is private to the company, and private company resources are only available through the VPN. Allowing access without the VPN would be similar to the company posting its Employee roster and meeting calendars on the face of the building where any person (or competitor) could see them.
  B) is it possible to do this "seamlessly" so that you don't have to change any settings, login details each time you switch between your local user from outside the network and your directory access. (so basically if you are in iCal if you have internet access it will connect you to the directory, without you doing anything extra?)
  It's just one extra step: Connect to VPN. You're still the same local user on the computer.
  If you're talking about laptop users needing directory access to authenticate when logging into their computers, well...That sounds like a whole other situation.
  Hopefully this helps.
  Bryan Vines

• Accessing MS Sql Server with Java classes - problem connecting to socket

  I found an example at this location which uses java classes to connected to MS Sql Server.
  http://search400.techtarget.com/tip/1,289483,sid3_gci1065992,00.html
  --bummer - it is a login location - so I will include the article
  Anyway, the example is using Websphere, but I am still on Jbuilder (will get wsad soon). So I planted the classes from the example in
  C:\Borland\JBuilder\jkd1.4\jre\lib\ext\...the classes
  Then I copied the code from the example to my jpx project and got an error that it could not connect to the socket. The only thing I changed in the code was the connection string:
  --original string from example:
  Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://1433", "");
  I was getting an error with the 2 argument version of DriverManager - and the second argument here was empty (properties argument). Here was my connection string:
  Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://Myserver:1433;User=sa;Password=");
  I am only using the 1 argument version of DriverManager. Note that the password=" is blank because my RnD workstation is standalone - no one accesses the sql server except me - so no password. I also left out the last semicolon I noticed. Any suggestions appreciated how I could fix this.
  Thanks
  source of article:
  http://search400.techtarget.com/tip/1,289483,sid3_gci1065992,00.html
  iSeries 400 Tips:
  TIPS & NEWSLETTERS TOPICS SUBMIT A TIP HALL OF FAME
  Search for: in All Tips All search400 Full TargetSearch with Google
  PROGRAMMER
  Sample code: Accessing MS SQL Server database from the iSeries
  Eitan Rosenberg
  09 Mar 2005
  Rating: --- (out of 5)
  Nowadays with the help of Java the iSeries can be integrated with other databases quite easy. This tip shows you how. The code included here uses the free Microsoft driver that can be downloaded from here. (SQL Server 2000 Driver for JDBC Service Pack 3)
  If your SQL server does not include the Northwind Sample Database you can find it here.
  http://www.microsoft.com/downloads/details.aspx?familyid=07287b11-0502-461a-b138-2aa54bfdc03a&displaylang=en
  The download contains the following files:
  msbase.jar
  mssqlserver.jar
  msutil.jar
  Those files needs to be copied to the iSeries directories (/home/r_eitan/ExternalJARs).
  Here's the directory structure (on the iSeries) for this sample:
  /home/r_eitan/ExternalJARs - Microsoft files (msbase.jar,mssqlserver.jar,msutil.jar)
  /home/r_eitan/JdbcTest02 - My code (Main.java,Main.class)
  The Java code
  import java.sql.*;
  import java.io.*;
  class Main {
  * Connect to Microsoft SQL server and download file northWind.products as tab
  * seperated file. (products.txt)
  public static void main(String args[]) {
  try {
  PrintStream outPut = new PrintStream(new BufferedOutputStream(new FileOutputStream("products.txt")));
  Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver");
  //Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://1433", "");
  Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://Myserver:1433;User=sa;Password=");
  System.out.println("Connection Done");
  connection.setCatalog("northWind");
  String sqlCmdString = "select * from products";
  Statement statement = connection.createStatement();
  ResultSet resultSet = statement.executeQuery(sqlCmdString);
  ResultSetMetaData resultSetMetaData = resultSet.getMetaData();
  int columnCount = resultSetMetaData.getColumnCount();
  // Iterate throught the rows in resultSet and
  // output the columns for each row.
  while (resultSet.next()) {
  for (int index = 1; index <=columnCount; ++index)
  String value;
  switch(resultSetMetaData.getColumnType(index))
  case 2 :
  case 3 :
  value = resultSet.getString(index);
  break;
  default :
  value = """ + resultSet.getString(index) + """;
  break;
  outPut.print(value + (index < columnCount ? "t" : ""));
  outPut.println();
  outPut.close();
  resultSet.close();
  connection.close();
  System.out.println("Done");
  catch (SQLException exception)
  exception.printStackTrace();
  catch (Exception exception)
  exception.printStackTrace();
  --------------------------------------------------------------------------------------------------

  My guess is that the server's host name isn't right. It necessarily (or even usually) the "windows name" of the computer. Try with the numeric IP address instead (type "ipconfig" to see it).
  First aid check list for "connection refused":
  - Check host name in connect string.
  - Check port number in connect string.
  - Try numeric IP address of server host in connect string, in case name server is hosed.
  - Are there any firewalls between client and server blocking the port.
  - Check that the db server is running.
  - Check that the db server is listening to the port. On the server, try: "telnet localhost the-port-number". Or "netstat -an", there should be a listening entry for the port.
  - Try "telnet serverhost the-port-number" from the client, to see if firewalls are blocking it.
  - If "telnet" fails: try it with the numeric ip address.
  - If "telnet" fails: does it fail immediately or after an obvious timeout? How long is the timeout?
  - Does the server respond to "ping serverhost" or "telnet serverhost" or "ssh serverhost"?

• LDAP support limited. How to configure Address Book / Directory Access?

  I complained to a sysadmin that my LDAP searches were returning very limited information (just surname and e-mail). He replied,
  "...[Address Book] can't be configured to query specific attributes, it can't be configured to show specific attributes except for the small set they have elected to permit, ... it doesn't even show cn/commonName which is a compulsory field in the inetOrgPerson schema or ou/organizationalUnitName which is the standard way of distinguishing components of an organization..."
  Directory Access seems to offer facilities for requesting specific attributes. I tried mapping them to Address Book fields, but with no improvement in the search results. Any tips?

  Here is some info I found on manually configuring and mapping schemas.
  Configuring LDAP Searches and Mappings
  Using Directory Access, you can edit the mappings, search bases, and search scopes that specify how Mac OS X finds specific data items in an LDAP directory. You can edit these settings separately for each LDAP directory configuration listed in Directory Access. Each LDAP directory configuration specifies how Mac OS X accesses data in an LDAPv3 or LDAPv2 directory.
  You can edit the mapping of each Mac OS X record type to one or more LDAP object classes.
  For each record type, you can also edit the mapping of Mac OS X data types, or attributes, to LDAP attributes.
  You can edit the LDAP search base and search scope that determine where Mac OS X looks for a particular Mac OS X record type in an LDAP directory.
  IMPORTANT: When mapping Mac OS X user attributes to a read/write LDAP directory domain (an LDAP domain that is not read-only), the LDAP attribute mapped to RealName must not be the same as the first attribute in a list of LDAP attributes mapped to RecordName. For example, the cn attribute must not be the first attribute mapped to RecordName if cn is also mapped to RealName.
  For detailed specifications of Mac OS X record types and attributes, refer to "Mac OS X Server Open Directory Administration for Version 10.4 or Later" (available at www.apple.com/server/documentation/).
  In Directory Access, click Services.
  If the lock icon is locked, click it and type the name and password of an administrator.
  Select LDAPv3 in the list of services, then click Configure.
  If the list of server configurations is hidden, click Show Options.
  Select a server configuration in the list, then click Edit.
  Click Search & Mappings.
  Select the mappings that you want to use as a starting point, if any.
  Click the "Access this LDAPv3 server using" pop-up menu and choose a mapping template to use its mappings as a starting point or choose Custom to begin with no predefined mappings.
  Add record types and change their search bases as needed.
  To add record types, click the Add button below the Record Types and Attributes list. In the sheet that appears, select Record Types, select one or more record types from the list, and then click OK.
  To change the search base and search scope of a record type, select it in the Record Types and Attributes List. Then edit the "Search base" field. Select "all subtrees" to set the search scope to include the entire LDAP directory's hierarchy from the search base down. Select "first level only" to set the search scope to include only the search base and one level below it in the LDAP directory's hierarchy.
  To remove a record type, select it in the Record Types and Attributes List and click Delete.
  To add a mapping for a record type, select the record type in the Record Types and Attributes List. Then click the Add button below "Map to __ items in list" and enter the name of an object class from the LDAP directory. To add another LDAP object class, you can press Return and enter the name of the object class. Specify whether to use all or any of the listed LDAP object classes by using the pop-up menu above the list.
  To change a mapping for a record type, select the record type in the Record Types and Attributes List. Then double-click the LDAP object class that you want to change in the "Map to __ items in list" and edit it. Specify whether to use all or any of the listed LDAP object classes by using the pop-up menu above the list.
  To remove a mapping for a record type, select the record type in the Record Types and Attributes List. Then click the LDAP object class that you want to remove from the "Map to __ items in list" and click the Delete button below "Map to __ items in list."
  Add attributes and change their mappings as needed.
  To add attributes to a record type, select the record type in the Record Types and Attributes List. Then click the Add button below the Record Types and Attributes list. In the sheet that appears, select Attribute Types, select one or more attribute types, and then click OK.
  To add a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then click the Add button below "Map to __ items in list" and enter the name of an attribute from the LDAP directory. To add another LDAP attribute, you can press Return and enter the name of the attribute.
  To change a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then double-click the item that you want to change in the "Map to __ items in list" and edit the item name.
  To remove a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then click the item that you want to remove from the "Map to __ items in list" and click the Delete button below "Map to __ items in list."
  To change the order of attributes displayed in the list on the right, drag the attributes up or down in the list.
  Click Save Template if you want to save your mappings as a template.
  Templates saved in the default location are listed in pop-up menus of LDAP mapping templates the next time the current user opens Directory Access. The default location for saved templates is in the current user's home folder at this path:
  ~/Library/Application Support/Directory Access/LDAPv3/Templates
  Click Write to Server if you want to store the mappings in the LDAP directory so that it can supply them automatically to its clients.
  You must enter a search base to store the mappings, a distinguished name of an administrator (for example, uid=diradmin,cn=users,dc=ods,dc=example,dc=com), and a password. If you are writing mappings to an Open Directory LDAP server, the correct search base is "cn=config, suffix" (where suffix is the server's search base suffix, such as "dc=ods,dc=example,dc=com").
  The LDAP directory supplies its mappings to Mac OS X clients whose custom search policy includes a connection that's configured to get mappings from the LDAP server. The LDAP directory also supplies its mappings to all Mac OS X clients that have an automatic search policy. For instructions, see Configuring Access to an LDAP Directory and Setting Up Search Policies.

• Directory Access and Permissions

  Hi,
  I work at a company that's having a problem setting up the new macs (Core 2 Duo iMac 24") our marketing department just ordered.
  The rest of our network uses windows, so we have active directory logins for everyone. We've setup the Directory Access on the new iMacs so that marketing users log in using their AD username and pw. The local user account that 10.4 generates is set to be a local admin, but the users are just normal users in AD.
  The problem we're having is with setting permissions for some Apps that require changes from the default settings. When I go to set permissions in the Info pane of a folder or app, I open the pull down menu for 'Owner' and go to 'Other...' at the bottom to grab the user from AD (because the user is not available in the top portion where local users can normally be selected). This is where the problem occurs. This opens up the "User Listing" box, which contains a long list of AD usernames, but does not have any AD usernames that were created less than 10 months ago. I checked with my Network Admin, and virtually no settings in terms of creating AD users have changed in the last two years.
  I don't know if this is a problem with settings on the AD side or the Mac side, but here's the Mac settings in Directory Access:
  +Services: AD is checked+
  +Authentication: Custom path selected, our domain is in the list+
  +Contacts: Same as Authentication+
  +Under AD:+
  +Forest and Domain are correct, computer is bound correctly.+
  +User Experience:+
  +Create mobile account is not selected.+
  +Force local home directory on startup is selected.+
  +Use UNC path from AD... is selected, smb: is selected as Network protocol.+
  +Default user shell is selected as '/bin/bash'+
  +Mappings: Nothing selected.+
  Administrative:
  +Prefer this domain server is checked and correct for our network+
  +Allow administration by is checked, domain admins and enterprise admins+
  +Allow authentication from any domain in the forest is selected+
  Is there anything in these settings that might cause the problem described above, or is the problem something else entirely, maybe on the AD side?
  I'm also wondering if anyone knows how to find out where Directory Access is grabbing this list of users from. Perhaps our Network Admin can find out what the problem is given that info.
  Thanks,
  Gabe
  Message was edited by: Gabe Stein

  I have exactly the same problem and ProtectHome wasn't the solution. "sudo minidlnad" works fine -- TV shows root and /home/blah/blah is accessible. However, I'm not able to make the daemon run as root. Just for testing purposes, I've made all the settings as loose as possible, but TV stills shows minidlna as username and the folder is not available (systemctl status reveals permission denied).
  minidlna.service:
  [Unit]
  Description=minidlna server
  After=network.target
  [Service]
  Type=simple
  User=root
  Group=root
  ExecStart=/usr/bin/minidlnad -S
  ProtectSystem=off
  ProtectHome=off
  PrivateDevices=on
  NoNewPrivileges=off
  [Install]
  WantedBy=multi-user.target
  minidlna.conf:
  user=root
  media_dir=/home/blah/blah
  What am I missing here? No possibility to run minidlna as root after the last update any more?
  Edit:
  Never mind. During all this testing I had forgotten "User=minidlna" to /etc/systemd/system/minidlna.service.d/override.conf. Daemon as root works after removing that line.
  Last edited by riivo (2015-03-19 14:38:18)

• [SOLVED] mount.nfs4: access denied by server

  Hi folks. I seem to be having a bit of a problem getting nfs4 to work. I am trying to mount a share from alpha (my fileserver) onto charlie (my workstation). Both of these are new Arch systems and I haven't had any nfs working yet, although I have with other distros on the same hardware.
  Fileserver (alpha) config:
  # /etc/exports
  /files 192.164.1.0/24(rw,sync,fsid=0,no_subtree_check)
  # /etc/hosts.allow
  sshd: 192.168.1.0/255.255.255.0
  nfsd: 192.168.1.0/255.255.255.0
  rpcbind: 192.168.1.0/255.255.255.0
  mountd: 192.168.1.0/255.255.255.0
  idmapd: 192.168.1.0/255.255.255.0
  statd: 192.168.1.0/255.255.255.0
  [General]
  Verbosity = 3
  Pipefs-Directory = /var/lib/nfs/rpc_pipefs
  Domain = localdomain
  [Mapping]
  Nobody-User = nobody
  Nobody-Group = nobody
  [Translation]
  Method = nsswitch
  # /etc/fstab: static file system information
  # <file system> <dir> <type> <options> <dump> <pass>
  none /dev/pts devpts defaults 0 0
  none /dev/shm tmpfs defaults 0 0
  #/dev/cdrom /media/cd auto ro,user,noauto,unhide 0 0
  #/dev/dvd /media/dvd auto ro,user,noauto,unhide 0 0
  #/dev/fd0 /media/fl auto user,noauto 0 0
  /dev/sda1 /boot ext3 defaults 0 1
  /dev/sda2 swap swap defaults 0 0
  /dev/sda5 / ext3 defaults 0 1
  /dev/sda6 /var ext3 defaults 0 1
  /dev/sda7 /home ext3 defaults 0 1
  /dev/sda8 /files ext3 defaults 0 1
  rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 0 0
  nfsd /proc/fs/nfsd nfsd rw,nodev,noexec,nosuid 0 0
  DAEMONS=(syslog-ng network netfs rpcbind nfs-common nfs-server hal @alsa @crond @openntpd @sshd)
  [root@alpha ~]# df
  Filesystem 1K-blocks Used Available Use% Mounted on
  /dev/sda5 19228276 879492 17372036 5% /
  none 507792 140 507652 1% /dev
  none 507792 0 507792 0% /dev/shm
  /dev/sda1 93307 15887 72603 18% /boot
  /dev/sda6 19228276 372632 17878896 3% /var
  /dev/sda7 19228276 176224 18075304 1% /home
  /dev/sda8 902688436 204872 856629640 1% /files
  [root@alpha ~]#
  Workstation (charlie) config:
  # /etc/fstab: static file system information
  # <file system> <dir> <type> <options> <dump> <pass>
  none /dev/pts devpts defaults 0 0
  none /dev/shm tmpfs defaults 0 0
  #/dev/cdrom /media/cd auto ro,user,noauto,unhide 0 0
  #/dev/dvd /media/dvd auto ro,user,noauto,unhide 0 0
  #/dev/fd0 /media/fl auto user,noauto 0 0
  UUID=437982b2-5c84-4f53-954d-cf43f8b4e707 / ext3 defaults 0 1
  UUID=97d79d76-357a-4f4e-8513-f181bff6af62 /boot ext3 defaults 0 1
  UUID=d8525095-9b97-4439-932f-8f4e0236cce1 /home ext3 defaults 0 1
  UUID=ffba933b-af93-407c-b1b8-69d1cc5be146 swap swap defaults 0 0
  rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 0 0
  alpha:/ /files nfs4 defaults 0 0
  [General]
  Verbosity = 3
  Pipefs-Directory = /var/lib/nfs/rpc_pipefs
  Domain = localdomain
  [Mapping]
  Nobody-User = nobody
  Nobody-Group = nobody
  [Translation]
  Method = nsswitch
  DAEMONS=(syslog-ng network crond alsa hal fam rpcbind nfs-common netfs)
  [root@charlie ~]# mount -a
  mount.nfs4: access denied by server while mounting alpha:/
  [root@charlie ~]#
  This happens even after both systems are rebooted. Can anyone spot what I am missing?
  Thanks for looking.
  Last edited by dgregory46 (2009-10-21 01:04:09)

  Now I really feel stupid. A little proofreading would have saved me a big headache. In /etc/exports I was exporting to 192.164.1.0/24 while my network is the more standard 192.168.1.0/24.
  It works fine now, although I did take phaul's suggestion and added my main share "inside" the nfs4 root.

• Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access

  Event properties – Event 91, Level Error, Event ID 91, Date and time 5/10/2012 11:29:48AM, Service CertificationAuthority
  General: 
  Could not connect to the Active Directory.
  Active Directory Certificate Services will retry when processing requires Active Directory access.
  We have a Windows 2008 Server Enterprise with AD . I would like to enable the service  "Certificate Services"  that
  allow me to enable radius to authenticate users wireless with the active directory.

  Hi, 
  Can you please check this forum or someone from Microsoft, as we have post here dating back from October that are not being answered.
  Everything for us is exactly the same as szucsati and Racom
  NMNM, 
  Please give us an answer on this as the link provided is absolutely useless.
  Thank you.

• Directory access solution - please recommend.

  In regards to the site
  http://www.myhappypeople.com
  I need a simple directory access solution (that hopefully
  doesn't let people bookmark an accessed page and go back to it
  without logging in again). All I want is for a client to click one
  link, which prompts a login/password screen, and based on their
  input directs them to a directory/page they are allowed to view.
  The DW 8 manual doesn't seem to really tell me how to do
  anything but rather sends me in circles on the elements I need
  (databases, page with forms, etc).
  I've looked into some free CGI scripts, that don't seem to be
  easy to update/maintain.
  Can anyone offer a suggestion. It's the last thing I need to
  figure out to complete this site.

  Well, there's two ways of doing this: server level and app
  level.
  You can setup users in IIS and Apache and this will cause the
  server to automatically prompt for login. However, this requires
  access to the user database on the server and usually admin access
  to set file permissions.
  The way I prefer to handle it (and I'm not a security expert,
  btw) it with a session cookie and an authenication script. I make a
  file that checks to see if the session cookie for auth is set. If
  not, it sends the user to a login page. I then include this file at
  the top of every page I want to protect.
  The login is then just a form that posts to a page the
  verifies the password and sets the cookie. Now, this technique
  isn't foolproof. If you're not using HTTPS, then you are sending
  the password in clear text and it could be grabbed by a hacker.
  But, for light security, it works pretty well and is easy to
  deploy.
  <?php
  #fire up the session and see if user is logged in.
  session_start();
  if(isset($_SESSION["LOGGED_IN"]) &&
  $_SESSION["LOGGED_IN"] == "TRUE"){
  # Do something if needed. I connect to databases here.
  }else{
  #Redirect non-logged in request
  header("location: /admin/login.php");
  }

• Get directory structure on CF Server

  Hi,
  Is there any possibility to view the directory structure of
  the CF Server using CF Tags?
  E.g. When you are creating a MS Access datasource, it allows
  you to Browse to the required directory on the CF Server.
  Would be grateful if you could please explain to me how this
  can be done using CF.
  Thanks and regards,
  Yogesh Mahadnac

  Hi Prasanth,
  Indeed I had used cfdirectory tag to list the directories
  well before posting this thread.
  The only thing is that I can't get the cftree to display a
  windws-explorer tree-like structure where I will also give the
  users the possibility to create a folder etc.
  Any ideas?
  Thanks and regards,
  Yogesh

• OEL 6.3 - mount.nfs: access denied by server

  Hi,
  I am trying to mount an NFS directory on a server running OEL 6.3, pointing to another OEL 6.3 server. I get the following error:
  [oracle@csdowmsdb503 etc]$ mount 192.x.x.x:/home/oracle/m501/m501_f /home/oracle/m501_f/
  mount.nfs: access denied by server while mounting 192.x.x.x:/home/oracle/m501/m501_f
  The UIDs and GIDs on each server match. If we use "nfsvers=3" it work, so it seems to be something specific to vers 4. We would like to not use the vers 3 workaround.
  Thanks!

  Hi,
  When I added "- v" I realized it is actually erroring out on vers=4 and defaulting to vers=3 instead. The error it shows is now "No such file or directory."
  [oracle@xxx503 m501_g]$ sudo mount -v -t nfs xxx.xxx.xxx.35:/home/oracle/m501/m501_g /home/oracle/m501_g/
  mount.nfs: timeout set for Fri Nov 9 10:46:27 2012
  mount.nfs: trying text-based options 'vers=4,addr=xxx.xxx.xxx.35,clientaddr=xxx.xxx.xxx.37'
  mount.nfs: mount(2): No such file or directory
  mount.nfs: trying text-based options 'addr=xxx.xxx.xxx.35'
  mount.nfs: prog 100003, trying vers=3, prot=6
  mount.nfs: trying xxx.xxx.xxx.35 prog 100003 vers 3 prot TCP port 2049
  mount.nfs: prog 100005, trying vers=3, prot=17
  mount.nfs: trying xxx.xxx.xxx.35 prog 100005 vers 3 prot UDP port 37692
  xxx.xxx.xxx.35:/home/oracle/m501/m501_g on /home/oracle/m501_g type nfs (rw)

• Error: "Cannot access the web server" with BlazeDS Turnkey

  Help! I'm new to Flex and BlazeDS and Eclipse.  I was trying to setup a Flex Project using a BlazeDS/Tomcat server running from Eclipse on Windows XP per the example in flexbandit.com/archives/55#comment-269 and in (www.infoq.com/articles/blazeds-intro).   I am NOT using the Eclipse Flex plug-in.  I'm using Flex Builder for the Flex code.
  Here's what I've done:
  I installed BlazeDS and tested http://localhost:8400 - That worked.
  I setup Tomcat in Eclipse.  -  That seemed to work.
  I created a Dynamic Web Project in Eclipse - That seemed to work.
  I created the bare-bones BlazeDS Configuration under the Eclipse project and then created a basic HelloWorld java class.
  I added the destination in the “remoting-config.xml” file found in the c:/projects/workspace/ReportGenTool/WebContent/WEB-INF/flex” directory:
  <destination id="HelloWorld">   <properties>  <source>HelloWorld</source> </properties> </destination>
  When I started the application server by clicking on the server's green play button in Eclipse and then tried to open localhost:8400/ReportGenTool, I got the 404 error : The requested source (/ReportGenTool/) is not available which according to the instructions is fine.
  Next I created a Flex Project, but when I try to validate the new Flex project configuration, it gives me an error "Cannot access the web server. The server may not be running, or the web root folder or root URL may be invalid."
  When I validated the server was running after setting up the BlazeDs Turnkey, I saw the BlazeDS page.
  Now when I bring up http://localhost:8400 I get:
        Directory Listing for /
        Apache Tomcat/6.0.14
  My eclipse project is named ReportGenTool and I've overwritten the WebContent directory with the META-INF and WEB-INF directories from the BlazeDS installation (C:\blazeds\tomcat\webapps\blazeds).  According to Eclipse the server is running.
  My Flex project is named ReportGenTool and is located in another directory away from the Eclipse project directory.
       My root folder is: C:\Projects\workspace\ReportGenTool\WebContent
       Root URL: is http://localhost:8400/ReportGenTool/
       Context root is: /ReportGenTool/
  Any idea what might be wrong? What didn't I configure that needs to be configured?
  Thanks in advance.

  This is not working because your router has a direct to your web server that is not through the outside interface which is needed for nat to occur, for this to work you need to setup a loopback interface as nat outside and policy route traffic to there for your server traffic
  Bu if your server is internal why do you need nat at all? Can you not use bind with views that might be simpler
  M
  Sent from Cisco Technical Support iPad App

• Requests Limit in Access

  Does anyone know if the amount of requests Access can handle at one time is 10 or not? Since Thurs., our web site has been crashing a lot and we think it might be from the amount of traffic we're getting and Access can't keep up, or that Access is limited to only 10 requests at a time. Is there a way to change this limit?
       We have 3 Access databases we're using with Cold Fusion. We're thinking that all the requests are adding up and Access just can't handle everything at once. Everyone within our company uses 2 of the databases and the 3rd one is our web site. Search engines seem to keep making requests to our web site all day long. When you add up all these requests, it's probably over 10 for sure at a time.
         Has anyone experienced this before? We've been told to switch over to SQL instead of Access. Hopefully this would solve everything and the server wouldn't crash anymore.
  When I created my last database called, ECO Register, I remember creating it in Access 2007 and I saved it as .accdb extension, but I could not get connected to it in the Cold Fusion Administrator, so I made it .mdb instead. If our Access databases were the newer version, could that maybe handle more requests at one time? Or do we have to install a newer driver for Access on Cold Fusion to handle more requests? I did see in the Adminstrator page there is a Microsoft Access driver type and a Microsoft Access with Unicode driver type option. What are the differences? I see that we have an SQL driver type in the Administrator page. Do we have to do a lot of set up to make that work? Or do I just connect my Access database to that SQL driver and then update the pages to use SQL?
        If anyone could help me out, that would be great. Thanks.
  Andy

  We've been told to switch over to SQL instead of Access.
  You should. Microsoft itself says Access is not designed for server use.  Web applications are multi threaded. So when you incorportate a desktop application (which is not designed to handle concurrent users) weird things can start to happen. You should upgrade to SQL Server which is designed for use on servers. Not to mention it is much more powerful.
  Or do I just connect my Access database to that SQL driver and then update the pages to use SQL?
  No, you need to migrate your Access database to SQL Server first. If you do a search there are plenty of Access to SQL Server migration guides.
  Message was edited by: -==cfSearching==-