Login: Read Only

Similar Messages

• Cannot Login to Read Only Domain Controller

  One of my Read Only Domain Controller Servers shut down unexpectedly due to a power outage and now I cannot login to it anymore. When the server powered on again, it came up with an error regarding on of the hard drives failing (RAID1)
  I get a message Access is Denied when I try to login with one of my domain admin accounts. As it is a RODC, there are no local accounts for me to use. The RODC is running on Windows Server 2008 R2. The server is also running as a DHCP/Print/File server for
  the office so these are not working as well.
  I checked my PDC and it is coming up with the following error in the event viewer
  Log Name: System
  Source: Security-Kerberos
  Event ID: 4
  Level: Error
  The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server rodc01$. The target name used was domain/rodc01.domain.local. This indicates that the target server failed to decrypt
  the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account
  used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the
  server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.local) is different from the client domain (domain.local), check if there are identically named server accounts in these
  two domains, or use the fully-qualified name to identify the server.
  I have tried to reset the computer password with netdom but I get the following error
  netdom resetpwd /server:rodc01 /userd:administrator /passwordd:*
  The machine account password for the local machine could not be reset.
  Logon Failure: The target account name is incorrect.
  The command failed to complete successfully.
  If I try to reset the password using the IP address instead, I get the following error
  netdom resetpwd /server:192.168.10.1 /userd:administrator /passwordd:*
  The machine account password for the local machine could not be reset.
  Access is denied.
  The command failed to complete successfully.
  I checked my AD and DNS and the rodc object  is present
  If I run repadmin /replsum on the PDC I get the message for the faulty RODC server
  Experienced the following operational errors trying to retrieve replication information:
          8341 – rodc01.domain.local
  Any advice is appreciated
  Thanks

  Logon to the server in Directory Services Restore Mode (DSRM) using the password you supplied during DCPROMO and verify that the Active Directory database isn't corrupted on the RODC - You will most likely see indications on this in the Directory
  Services log.
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• TG4MSQL ora-28500 error on RECOVER login in READ-ONLY mode

  We're connecting from a 10.2 dbase to SqlServer2000 via TG4MSQL. No upfront problem connecting but the Oracle .trc file shows below error:
  ORA-28500: connection from ORACLE to a non-Oracle system returned this message: [Transparent gateway for MSSQL][Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'RECOVER'. (SQL State: 00000; SQL Code: 18456)
  Below is the content of .ora file:
  HS_FDS_CONNECT_INFO=INETSQL3.ComPro
  HS_FDS_TRACE_LEVEL=OFF
  HS_FDS_TRANSACTION_MODEL=READ_ONLY
  We are using READ-ONLY mode so the RECOVER login was not defined on SqlServer.
  Anyone know why TG4MSQL is trying to open a connection as RECOVER? And is there a way to stop it?

  Pending transactions turned out to be the culprit. Below is info from our TAR that
  provides some detail on what RECOVER is doing.
  Oracle handles all transactions as if they were distributed transactions. He takes a very conservative approach on the assumption that you may want to update
  or insert later. This has been like this since Oracle version 6 and will never
  change. Hence all transactions get handled as a distributed transactions even though there are no simultaneous updates. A common remote transaction would involve reading from SQL Server and then taking that data an inserting into an Oracle database. In the event a transaction gets aborted for some reason RECO must rollback the transaction. SQL Server requires a valid username/password and hence uses the recovery username/password specified in the gateway init file. The default parameters for both are RECOVER , if they are omitted in the init.ora file for the gateway. Obviously these do not exist on SQL Server. Note that this recovery process is detected and processed by the Oracle kernel. READONLY mode only prevents inserts, updates or deletes to be issued to SQL Server and nothing else. The gateway has nothing to do with handling and monitoring transactions to SQLServer. In all likelyhood you have several in doubt transactions in the dba_2pc_pending view. As long as those entries remain RECO will continue to try and rollback these in doubt transactions and fail each time due to an invalid username/password. This will go on until you either manually remove them or give RECO a valid SQL Server username/password to use.
  OPTION 1
  ==========
  Code the follwing in your gateway init.ora file
  HS_FDS_RECOVERY_ACCOUNT=use the username specified in your db_link
  HS_FDS_RECOVERY_PWD=use the password specified in your db_link
  OPTION 2
  ==========
  Define a username with password RECOVER on the SQL Server database you are connecting to
  OPTION 3 (Manually removing in doubt transactions)
  ================
  Use dbms_transaction.purge_lost_db_entry(local_tran_id)
  STATUS should be in collecting
  Please see Metalink
  Note.126069.1 Ext/Pub Manually Resolving In-Doubt Transactions Different Scenarios
  for detailed information

• Problem:Member is Read only Mode after login with other user

  Dear,
  I am facing problem to enter the data in member. i.e Read only. but same member is fine with login with admin user.
  I also assign the security with write permission to user. but the only that member "X" is in read only mode..
  Is task list can effect on that??? as i am also using task list. Becoz when i add another member that is not member of that hirechiary its fine.
  I am working on hyperion version 11.1.2.1..
  Regards,
  AMSI

  Thanks, Problem has been solved myself becoz when i add new member in the form as this form is already part of Planning Unit Hierarchy , that's why the newly added member in the form can't be write only till up to when u add this member into Planning Unit Hierarchy.
  Regards,
  AMSI

• [SOLVED] read only filesystem prevents login

  Hi everyone.
  I have this problem after changing from initscript to systemd and adding an external ntfs-3g drive to /etc/fstab. when i log in i get this message and xfce4 doesnt start :
  -bash: /home/bb/.xlog : read-only file system
  ls -la /
       gives output  rwxr-xr-x   for /home
  i also tried
  #mount -o remount,rw /dev/sda4 /
      with no results.
  when i try to change /etc/fstab entries i get an error message saying that system is read-only...
  chmod and chown dont work either with the same error message
  how am i supposed to change something in a read-only system?
  Last edited by memax (2012-11-15 17:39:45)

  i ve not removed 'ro' from booting cmd and / is mounted with rw,relatime,data=ordered 0 1   in /etc/fstab  as options

• SQL Server 2005 replaced with SQL Server 2014 trying to connect front end Access as guest (read only ODBC)

  We have replaced a SQL Server 2005 with a SQL Server 2014 (new physical server.)  Have the new server set up to use SQL Server login OR Windows user login. Had old server connecting (for a particular DB) to front end Access (2010 or 2013) as guest for
  anyone logged into the Windows NT Network with a read only ODBC connection. Have the DB in the new server set to include guest as db_datareader (with only SELECT permission for the securables of each table and view being linked) but when any Windows user not
  specifically listed as a SQL DB user tries to use the front end they get an error of:
  Microsoft SQL Server Login
  Connection failed:
  SQL State: '28000'
  SQL Server Error: 18456
  [Microsoft][OCBC SQL Server Driver][SQL Server] Login failed for user {domain\user}.
  After closing that pop-up window a server login window appears. Of course, since the guest user is not specifically listed as a user in the DB that fails also. It seems like there should be a very simple solution to this, but I can't seem to find it. I want
  to allow anyone logged in on the Windows system (locally) to be able to open the MS Access file (on their work station machine) and run their own (read only; select) queries on the SQL Server database. Any suggestions?
  Thanks a billion in advance ----

  Thanks for the response Olaf. I have now spent weeks researching this. I realize that using the guest account in most situations is not advised. As mentioned, I have restricted the guest account to allow the db_datareader role only, and have explicitly denied
  all other roles, as well as allowing select only, and still have no access for the guest account.
  The suggested fix in the second link you provided, of using Windows groups is not plausible for my situation either. We are a scientific field research institution, with a few long term users and lots of users that may have Windows accounts for a few months,
  and then they are gone. It would be a nightmare for the network tech to try to keep a group account up to date, and we need to give access (read only, of course) to anyone logged into the system. Realize that the ONLY access of any kind to this database is
  thru MS Access ACCDB, using a (by default) read only OCDB connection.
  This type of access is used particularly because researchers need to be able to set up their own queries, and the MS Access query interface is particularly convenient for people who are not themselves SQL experts, yet are trying to get some very advanced
  levels of output. Putting the database online is not practical because then we are back to the need for a comprehensive query interface, and just picking up general subsets of the data online (from a basic web page search feature) would be out of the question,
  since the result set would involve hundreds of thousands if not millions of records.
  So - that said - what exactly would you suggest, assuming we don't have the funds to buy a whole new system, and have spent plenty of money with Microsoft's Enterprise level MS Office so that all work stations have MS Access, and Microsoft's SQL Server,
  as well as running our network on Microsoft's network software.

• Is there a way to create a "read only" inbox in mac mail?

  I am wondering if there is a way to set up a read only inbox...I would like to receive email from a specific address but block or not have the option to send from that address.

  Thanks! I was able to get to the sqlite prompt, but at that prompt I must not be copying/pasting correctly. Here is what I'm getting if you can correct me, perhaps I need to type it in differently? Thanks
  Last login: Tue Jun 10 14:04:28 on console
  Macintosh-3:~ ryanr$ sqlite3 ~/Library/Application\ Support/AddressBook/MailRecents-v4.abcdmr
  SQLite version 3.7.13 2012-07-17 17:46:21
  Enter ".help" for instructions
  Enter SQL statements terminated with a ";"
  sqlite> .mode csv
  sqlite> SELECT zfirstnamenormalized, zlastnamenormalized, zemailnormalized FROM zabcdmailrecent;
  sqlite>
  sqlite> .mode csv SELECT zfirstnamenormalized, zlastnamenormalized, zemailnormalized FROM zabcdmailrecent;
  Error: unknown command or invalid arguments:  "mode". Enter ".help" for help
  sqlite> .mode csv
  sqlite> SELECT zfirstnamenormalized, zlastnamenormalized, zemailnormalized FROM zabcdmailrecent;
  sqlite>

• How enable read only access for ACS server itself

  Hi,
  We would like to know whether its possible to create a read only access to the ACS server. Currenlty ACS server has a generic login with full admin rights.
  We need to create a login to couple of users to log into ACS to check the "Report and Activity" tab. Access to all other tabs should be disabled.
  We are using ACS4.0 verison. Please let me know whether its possible.
  Thanks
  Nachi

  Hi,alexchy8
  We can make use of 2 PowerShell commands to achieve this goal.
  Add-MailboxPermission and Add-MailboxFolderPermission.
  Execute the Add-MailboxPermission command to delegate the read permission at mailbox level.
  Execute the Add-MailboxFolderPermission command to delegate the required permissions on specific folders inside the mailbox.
  You can read the following article as reference:
  http://www.exchangedictionary.com/articles/assign-read-only-mailbox-permission-on-exchange-2010-2013-powershell
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
  or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best Regards.

• Read-only access (hide a portion of the config)

  Is there a way to alloww read-only access to only a portion of the config.  I have customers who are requesting read-only access, but i don't want them seeing portions of the config. 
  Any help or suggestions would be greatly appreciated.  Thanks

  If they have an enable level login they will be able to see the whole configuration (absent encrypted passwords assuming you're using service password-encryption).
  You can make logins more granular and prevent customers from having, say, the ability to execute arbitrary commands such as "show run". You could, for instance setup a given user to only be alllowed to execute "show interface status" etc. NX-OS has this ability pretty much 'baked-in'. For IOS-based systems, a bit more work is required.
  Here is a guide for how to do it if you use TACACS for AAA:
  https://supportforums.cisco.com/docs/DOC-15765
  If you're using local authentication, you can do similar things using either privilege levels or cli views:
  http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftprienh.html
  http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html
  http://www.networkworld.com/community/node/57553
  Hope this helps.

• How to assign read only access for a database to a single user?

  Hi All,
  I have created a login for one of the user , and i used deny view to deny that user access to any of the databases to be shown.Now, he cannot see any databases in the explorer window.
  My question is now i want to give this user permission ( read-only) to a single database. How can i do that? I have googled around and found some solutions but nothing is working.
  Can someone please help me with any suggestions.
  Thanks a lot for your time and suggestions in advance.
  Thanks

  Hi Bhanu,
  Thanks for your reply, I am not sure i got it. I have a user created with the name of 'msam_test' and if i login into management studio with this userid and password i dont see any databases showing up because i used the DENY View command to hide which is
  working fine.Now i just want to see only 1 database named 'suresh3_test' with a read only access to this database.
  I tried using your code in the below way
  USE [suresh3_test]
  CREATE USER [<msam_test>] FOR LOGIN [<msam_test>] WITH DEFAULT_SCHEMA=[dbo]
   exec SP_ADDROLEMEMBER 'DB_DATAREADER','<msam_test>'
  But i receive an error saying
  Msg 15007, Level 16, State 1, Line 3
  '<msam_test>' is not a valid login or you do not have permission.
  Msg 15410, Level 11, State 1, Procedure sp_addrolemember, Line 75
  User or role '<msam_test>' does not exist in this database.
  Can you please help me on this.
  Thanks

• Read only user in weblogic throwing error messages in logs

  Hi,
  We have a requirement to create a read only user with monitor access.
  our requirement is to monitor em console using moniotr user, i.e. this user will login to em console, monitor order flow from instances tab by entering order no. and dates, and logout from em console.
  we have done below steps to create monitor user,
  Admin Console->Security Realms >myrealm >Users and Groups-> new
  created user Monitor_User_1 and assigned group as Monitors.
  but whenever this user logs in or searches we are getting below error message:
  <Sep 15, 2013 7:25:21 PM EST> <Warning> <oracle.jps.admin> <BEA-000000> <Access denied. Required roles: Operator, Admin, executing subject: principals=[Monitor_User_1, Monitors]
  java.lang.SecurityException: Access denied. Required roles: Operator, Admin, executing subject: principals=[Monitor_User_1, Monitors]
  we even did below steps:
  With admin access login into EM Console. Select soa_infra, right click mouse -> Security -> Application Roles. On right side, click green arrow and see list of Roles shown. Select the role named SOAMonitors, click on this. And add a Monitor_User_1 to this.
  but we are still getting same error.
  Kindly let us know if we are missing something while creating monitor user and how to get rid of these messages.
  Please note that we are already in Production and our log files are filled with these messages.
  Thanks & Regards,
  Vivek Vishal

  moving this discussion to WebLogic Server - General thread.

• Problem with Read-only user being able to add and delete files and folders.

  The setup:
  Computer #1
  iMac (intel) running 10.5.5
  File sharing ON
  Sharing folder on external USB drive called 'iTunes' (but not the drive volume itself)
  Users:
  - Everyone = Read Only
  - Admin(me) = Read/write
  - UserA = Read Only (with account PW and username identical to local login for computer below)
  Computer #2
  UserA's iBook G4 running 10.4.11
  When I go to finder>network>iMac>connect it prompts me to login which I do and then select 'iTunes' folder which is visible and mounts successfully. I can see all files, access them all. Life seems great. Then I discover that I can also modify and delete files from the iBook, and create and delete directories.
  I'm new to networking and although I've setup and managed minimal networking tasks on PCs before, this is my first foray into the Mac networking world. Please help.
  What am I doing wrong? What haven't I set?
  Thanks in advance.

  Sorry, I should have clarified this in the first email.
  When I login from the iBook, I am logging in under a read-only user (not as myself, who is admin on the iMac). The user on the iBook has only been given read-only permissions on the iMac yet is able to add and delete files.
  This read-only login/PW however, is the admin account on the iBook, but that shouldn't allow this person to write on the iMac so far as I understand things...right?

• Shared Computer over Ethernet is creating read-only files and folders

  Hi,
  I have set up a ssecond mac connected to my G4 via ethernet connection. We are both using my mac as the main computter and both working from one folder on it. BUT when the second computer creates a folder or saves a job into this folder the permissions are set for them to 'read only'.
  How do you make it so whatever they create is all read and write.
  The second mac is logining is not as the administrator but as a normal user. I do not want them to have full access.

  Hello DH-Studio
  Hi, this is still causing me problems, is there another way?
  Sharepoints does work howerver the other way to do this that does not involve using UNIX commands is to run Server Software such as Mac OSX Server.
  The 10 User licenced version is affordable and it has an excellent GUI called the Workgroup Manager which can setup sharepoints, users & groups permissions very easily. It has many other benefits.
  Other than that their are UNIX commands such as umask. However I have no experience using umask and I understand it make global changes to your system. I would avoid using it.
  You also could setup a crontab rule that changes the permissions on the shared folder every minute. In your terminal use the following commands
  sudo nano /etc/crontab
  You will then see
  using your arrow key move the cursor down to area indicated in my example then enter the following information
  */1 <press tab twice> * <tab> * <tab> * <tab> * <tab> root <tab> chmod -R 777 /shared
  it should look like the following
  replace "/share" with the actual path to your sharedfolder
  Then close the file with "control +O", then "return" then "control X"
  Now any file that is saved to your share folder will be readwrite to everyone every minute. This is a clumsy method but it works.
  iBookG4 1.33ghz. 20inch iMacG5, 1.2ghz Mac Mini, ipod video, iSight   Mac OS X (10.4.3)   Linksys WRT54gs+1.05 Talisman Firmware, Telewest 10mb/384k

• / Filesystem is read only

  after installing and regular booting i get a lot of errors, basically stating, that the filesystem is read-only.
  after login in as root, nothing works (e.g. dhcpcd complains about the ro fs aswell).
  my fstab is clean, except some cd entries. there is NO swap or / given at all.
  i would fill it in myself, but it is, of course, read only aswell
  any suggestions?
  btw the root partition should be an ext3
  Last edited by nazarener (2009-02-08 08:00:40)

  Boot the install cd, mount /dev/sda3 under /mnt, and edit /mnt/etc/fstab.  If you just want a bootable system, put "/dev/sda3 / ext3 defaults 0 1" in fstab.  You may (or may not) want to switch to UUID notation afterward.

• [SOLVED]pacman -Sf zim makes arch read-only filesystem

  Hi,
  Last night I was trying to install zim, it looks like there were a couple packages which weren't properly installed before.  I googled the error I received and found somewhere on the forum the tip to use
  pacman -Sf package
  I ran the command and it installed some sort of new kernel, fstab, something with python, and zim of course.  While it was installing the packages I noticed it moved a couple files around and I'm not quite sure what it all did. anyway when I booted arch this morning it didn't quite make it to gdm, so I quickly booted into ubuntu, mounted my arch partition changed the inittab to boot to init 3.  I then noticed that it mounted the arch / as read-only, I looked around a bit seems like my /etc/fstab was moved to /etc/fstab.pacorig. Now before I start playing around and maybe break things more than they are, anyone have a tip about how to figure out everything that was changed?
  I also noticed that I could login as root without having to use a password which I don't like at all, which is a little scary.
  Last edited by whitethorn (2010-06-26 13:50:11)

  First things first; using the -f/--force flag with pacman is the absolute last resort, when everything else fails, and when you know exactly what you're doing. Using it just because you found a tip on the forum, and clearly without thinking about the potential consequences, is just asking for trouble - and you've got it.
  To fix: your pacman log will tall you what packages were installed, and also has a record of any install-time messages. Comb through that, and work out how to revert the major issues.
  [edit] overlap with loafer - he was faster because he used fewer words.