Migration Users with MD5 Passwords to Directory Server 6.1 on Solaris 10

Hi,
We are currently in a requirement of migrating some users to a application database to inside LDAP. Currently Application maintained the passwords in the MD5 hash form. Typical 32 digit Hex value - 41da76f0fc3ec62a6939e634bfb6a342
Is there a way we can migrate these Users password to directory Server as-is so that they don't end up facing the prospect of resetting post migration.
I have done some of the initial ground work but seems to be missing other critical info if at all it's possible.
I believe it's possible to have CRYPT password policy (which directory server uses from underlying OS) as one of the plug-ins to configure in a way that underlying CRYPT utility starts to process/provide/support MD5 hashes. I got it to work, my using the below command on DSEE instance:
dsconf set-plugin-prop -p 389 CRYPT argument:'$md5$'
But for some reasons the MD5 hash (Sun MD5 library) provides does not match with the original hash value. It's 22 char long (as I have not specified any salt length) so I am assuming it's Base64 encoded. I have a perl script which converts the original 32-digit hex values to a base64 encoded representation (which I have also verified with other open source tools)
Is there a way I can tweak CRYPT utility or something so that it understands typical standard MD5 hashes. (Confused between Sun MD5 and BSD (Linux) MD5 - none of them seems to match standard MD5 generated value).
Any leads on this would be really helpful ?

Just to reclarify or throw more information:
a password - cleartext value - testuser1 has 32-digit HEX value as - 41da76f0fc3ec62a6939e634bfb6a342
Same password when converted to Base64 pattern becomes - Qdp28Pw+xippOeY0v7ajQg==
But when I use pwdhash utility in DSE after configuring CRYPT to use MD5 hashes it becomes -
{crypt}$md5$$LiB/H70zXr3xfQPoXVuUQ1
I used below command :
pwdhash -D /opt/SUNWdsee/dsee6/ds6/slapd-oha-dev -s CRYPT testuser1
Actual hash value of pwdhash is -LiB/H70zXr3xfQPoXVuUQ1 with rest of the prefix is to meet RFC standard and salt and algo name separator.
I am wondering if Sun MD5 default uses any salt even when I haven't used or DS does it. Or if any other MD5 option is there which can be used.
Thanks,
Gaurav

Similar Messages

How to migrate Apex users with existing passwords.

Hi Guys,
Our apex env finally getting a upgrade from 3.1.1 to 4.1.1 (I know, it's been overdue for years)
Some of our apps use 'Application Express' authentication, and have few hundreds users in Apex (and users belong to diff user groups).
The issue is, the 4.1.1 env is set up on a brand new server and DB, we want to migrate these users with their existing passwords from the 3.1.1 env.
I tried exporting the workspace, and the users are exported as below,
 begin
 wwv_flow_fnd_user_api.create_fnd_user (
 p_user_id => '10592934818556549584',
 p_user_name => 'TEST',
 p_first_name => 'a',
 p_last_name => 'b',
 p_description => '',
 p_email_address=> '[email protected]',
 p_web_password => 'E92903DEAD135E6E86BD6B64544D2BD9',
 p_web_password_format => 'HEX_ENCODED_DIGEST_V2',
 p_group_ids => '10592435401495787816:',
 p_developer_privs=> '',
 p_default_schema=> 'TEST',
 p_account_locked=> 'N',
 p_account_expiry=> to_date('201212040000','YYYYMMDDHH24MI'),
 p_failed_access_attempts=> 0,
 p_change_password_on_first_use=> 'Y',
 p_first_password_use_occurred=> 'N',
 p_allow_access_to_schemas => '');
 end;
when I run this in 4.1.1 I had to modify it to the new format as below,
also changed the p_group_ids to new user group but kept the password the same
 begin
 wwv_flow_fnd_user_api.create_fnd_user (
 p_user_id => '',
 p_user_name => 'TEST',
 p_first_name => 'a',
 p_last_name => 'b',
 p_description => '',
 p_email_address=> '[email protected]',
 p_web_password => 'E92903DEAD135E6E86BD6B64544D2BD9',
 p_web_password_format => 'HEX_ENCODED_DIGEST_V2',
 p_group_ids => '1399416797653068:',
 p_developer_privs=> '',
 p_default_schema=> 'TEST',
 p_account_locked=> 'N',
 p_account_expiry=> to_date('201209041006','YYYYMMDDHH24MI'),
 p_failed_access_attempts=> 0,
 p_change_password_on_first_use=> 'Y',
 p_first_password_use_occurred=> 'N',
p_allow_app_building_yn=> 'N',
p_allow_sql_workshop_yn=> 'N',
p_allow_websheet_dev_yn=> 'N',
p_allow_team_development_yn=> 'N',
p_allow_access_to_schemas => '');
 end;
the result was that the user is created fine, but the password is not valid.
Anyone knows how to export apex users with existing password to a new server?
Thanks.
Edited by: Danny on 3/12/2012 20:51

Hi,
Not sure why you say
when I run this in 4.1.1 I had to modify it to the new format as below, If you just run the workspace export sql it should create the Workspace, Groups and Users
The signature of the procedure is below. See the highlighted lines.
procedure create_fnd_user (-- Description:
-- This procedure allows for programatic and bulk creation of users.
-- Example:
-- From sqlplus logged in as the privileged flows user, first
-- ensure that the security group id is set properly, then create
-- your users.
 -- begin wwv_flow_security.g_security_group_id := 20; end;
-- begin
-- for i in 1..10 loop
-- wwv_flow_fnd_user_api.create_fnd_user(
-- p_user_name => 'USER_'||i,
-- p_email_address => 'user_'||i||'@mycompany.com',
-- p_web_password => 'user_'||i) ;
-- end loop;
-- commit;
-- end;
-- Arguments:
-- p_user_id numeric primary key of user
-- p_user_name the username the user uses to login
-- p_first_name informational only
-- p_last_name informational only
 -- p_web_password the unencrypted password for the new user
-- p_group_ids A colon delimited list of group IDs from the table wwv_flow_fnd_user_groups
-- p_developer_privs A colon delmited list of developer privs, privs include:
-- ADMIN:BROWSE:CREATE:DATA_LOADER:DB_MONITOR:EDIT:HELP:MONITOR:SQL:USER_MANAGER
-- p_default_schema A valid oracle schema that is the default schema for use in browsing and
-- creating flows
-- p_allow_access_to_schemas A colon delimited list of oracle schemas that the user is allowed to
-- parse as. If null the user can parse as any schema available to the company.
-- This does not provide privilege it only resticts privilege, so listing a schema
-- does not provide the privilege to parse as a schema, it only restricts that user
-- to that list of schemas.
-- p_attributes_XX These attributes allow you to store arbitary information about a given user.
-- They are for use by flow developers who want to extend user information.
 -- p_web_password_format Identifies the format of the web password.
-- The range of values is CLEAR_TEXT, HEX_ENCODED_DIGEST, DIGEST 
-- p_person_type "E" marks the user as external
-->
Note there is no HEX_ENCODED_DIGEST, DIGEST_V2 listed. It may work, but not obvious from the signature.
Cheers,

OVD - Integration with Sun Java system Directory Server

Hi All,
I have the following iusse, i'm trying to configure OVD 11.1.1.3 with Sun Java System Directory Server adapter for enterprise user security but when I import Oracle ldif schema file (iPlanetSchema.ldif) I have the following error:
add attributetypes:
+( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckSyntax' EQUALITY integerMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )+
modifying entry cn=schema
ldap_modify: Type or value exists
ldap_modify: additional info: attribute type pwdCheckSyntax: Does not match the OID "1.3.6.1.4.1.42.2.27.8.1.5". Another attribute type is already using the name or OID.
In the default Sun DS schema there is attribute with the same OID:
+../config/schema/00ds6pwp.ldif:+
attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' DESC 'Level of required quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-DS-USE 'internal' SINGLE-VALUE X-ORIGIN 'Password Policy for LDAP Directories Internet Draft' )
Is it possible?
I'm reading the following document:
http://download.oracle.com/docs/cd/E12839_01/oid.1111/e10046/adv_integrate.htm#CACIIIEG
Thanks in advance,
Zaic

Thank you very much. The name of the file is actually C:\WINDOWS\system32\productregistry.
I renamed that to productregistry BACKUP and I can now install the LDAP. Man, I should have posted this a week and a half ago when I first started having this issue. It would have prevented a few forehead dents from banging my head on the keyboard.
thanks again

Need MBAM 2.5 Helpdesk and selfservice sites to open for authenticated users with no password prompt

I Need MBAM 2.5 Helpdesk and self service sites to open for authenticated users with no password prompt. I just cant seem to get this to work. The account used in the application pool has its SPN registered and delegation set. I can use that account to login
to the sites but am prompted for a password. That said anyone I add into the helpdesk users group cannot negotiate the sites. Only the account I have set in the application pool can. I want domain authenticated users that have been added to the MBAM Help Desk
Users group to negotiate the site with NO password challenge at all.
tconners

This generally means that your SPN is not set up correctly. Let's say the web server you installed the SSP on is lance.contoso.com and your app pool creds are corp\lance. You should set an SPN similar to setspn -s http/lance.contoso.com
corp\lance. In your browser, you should now be able to access the SSP without prompts. However, if you still get prompted, generally that means that your local intranet zone in IE does not have an entry for *.contoso.com. Since you are entering
an FQDN in your browser, IE interprets the "." to mean "on the internet" which breaks Kerberos authentication. By adding *.contoso.com to your local intranet zone, you are telling it that lance.contoso.com is on the intranet, so use
Kerberos.
I can confirm, that I have exact configuration and I always get the password promt for the very first time. We have 2 server (1xIIS and 1xSQL) infrastructure in production with SPN set like it should and I get the password prompt.

Add a posixaccount user in posixgroup in sun directory server using java

Hi
Anybody now how to add posixaccount user in posixgroup in sun directory server using java code.
I am able to add normal directory server user in ldap group in java.
But i am getting any luck to add posixaccount user in posixgroup.
I know we can set uid value in memberuid attribute but how to add through java program.
Anybody can paste code for that.
Thanks.

To CRabel,
My company have restriction on using the open sources product/code, but i will take a look on netscape ldap sdk as a reference~
To raghu1978 ,
i find a product call Directory Editor 1 2005Q1, I hope it is useful.
thz all~

Creating 50 users with SAME password

All
I need to create 50 Trainning users with SAME password.
Does SAP allows to do it ? SU10 does not let me know
enter the password ?
Is there any report that I can use ?
How can use SCAT trasaction to do this ?
Please advise.
Thanks
From
PT.

Hi Pranav,
Yes SAP allow you but for security reason its not recomended.
But you can't give the password same like the username, SAP will not allow your to give password that contain userid.
You can use SCAT to create the 50 user.
First you recard the transcation first
Than change the value with parameter (type &parameter_name)
and than you can create a excel file that contain the 50 user.
and use SCAT to run it.
Please read:
http://help.sap.com/saphelp_47x200/helpdata/en/f4/3f9ef659a711d1bc84080009b4534c/content.htm
or
http://help.sap.com/saphelp_47x200/helpdata/en/fd/f10538d6cb1e3be10000009b38f8cf/frameset.htm
Regards,
Fendi Suyanto

LDAP authentication with MD5 passwords

Hi,
in one of our Linux servers we have MD5 passwords stored in /etc/shadow. We want to implement pam_ldap on that machine, and move passwords to an LDAP database.
I know it is to be done with {crypt} storage scheme.
This works with DS 5.2 running on a Linux box, but under Solaris 8 I couldn't get it working. I know that Solaris 8 doesn't support MD5 passwords in its crypt(3) function, and I suppose Directory Server uses that. Somewhere I read that, however crypt() in Solaris 9 does support MD5.
Can you confirm that after upgrading to Solaris 9, authentication with MD5-hashed passwords will be possible? Has anyone tried it?
Thanks in advance,
Kristof

Thanks you for your reply.
Our openldap version is openldap-2.3.39
And all passwords are encrypted with : Base 64 encoded md5
Below is a sample password:
{md5}2FeO34RYzgb7xbt2pYxcpA==Thanks again for any help..

Solaris 10 openldap authentication with md5 passwords

Hello to everyone,
We are trying to enable ldap authentication with pam_ldap and md5 passwords on a Solaris 10 system to an openldap server. If passwords are stored using crypt, everything works correctly. But if the password in openldap is in md5, then authentication fails.
We have installed openldap client along with pam_ldap and nss_ldap from padl (http://www.padl.com/pam_ldap.html)
The error messages when trying to 'su -' to the ldap user are:
Jun 1 18:35:23 servername su: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:35:23 servername su: [ID 810491 auth.crit] 'su ldapuser' failed for mike on /dev/pts/4and for ssh:
Jun 1 18:35:54 servername sshd[14197]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:35:54 servername sshd[14191]: [ID 800047 auth.error] error: PAM: Authentication failed for ldapuser from pc7395.sa.example.int
Jun 1 18:36:00 servername sshd[14224]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:36:00 servername sshd[14191]: [ID 800047 auth.error] error: PAM: Authentication failed for ldapuser from pc7395.sa.example.int
Jun 1 18:36:02 servername sshd[14278]: [ID 800047 auth.info] Accepted publickey for scponly from 10.24.4.52 port 35390 ssh2
Jun 1 18:36:04 servername sshd[14270]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:36:04 servername sshd[14191]: [ID 800047 auth.error] error: PAM: Authentication failed for ldapuser from pc7395.sa.example.int
Jun 1 18:36:04 servername sshd[14191]: [ID 800047 auth.info] Failed keyboard-interactive/pam for ldapuser from 192.168.1.25 port 41075 ssh2
Jun 1 18:36:08 servername sshd[14191]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:36:08 servername sshd[14191]: [ID 800047 auth.info] Failed password for ldapuser from 192.168.1.25 port 41075 ssh2
Jun 1 18:36:12 servername sshd[14191]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:36:12 servername sshd[14191]: [ID 800047 auth.info] Failed password for ldapuser from 192.168.1.25 port 41075 ssh2
Jun 1 18:36:17 servername sshd[14191]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:36:17 servername sshd[14191]: [ID 800047 auth.info] Failed password for ldapuser from 192.168.1.25 port 41075 ssh2Below are the configuration files (pam.conf, nsswitch.conf, ldap.conf) and anything else that I imagine could help (comments of the files have been removed).
Please feel free to ask for any other configuration file:
*/etc/pam.conf*
login   auth requisite        pam_authtok_get.so.1
login   auth required         pam_dhkeys.so.1
login   auth required         pam_unix_cred.so.1
login   auth required         pam_dial_auth.so.1
login   auth sufficient       pam_unix_auth.so.1 server_policy debug
login   auth required           /usr/lib/security/pam_ldap.so.1 debug
rlogin auth sufficient       pam_rhosts_auth.so.1
rlogin auth requisite        pam_authtok_get.so.1
rlogin auth required         pam_dhkeys.so.1
rlogin auth required         pam_unix_cred.so.1
rlogin auth required          pam_unix_auth.so.1 use_first_pass
rsh    auth sufficient       pam_rhosts_auth.so.1
rsh    auth required         pam_unix_cred.so.1
rsh    auth required         pam_unix_auth.so.1
ppp     auth requisite        pam_authtok_get.so.1
ppp     auth required         pam_dhkeys.so.1
ppp     auth required         pam_dial_auth.so.1
ppp     auth sufficient       pam_unix_auth.so.1 server_policy
other   auth sufficient         /usr/lib/security/pam_ldap.so.1 debug
other   auth required           pam_unix_auth.so.1 use_first_pass debug
passwd auth sufficient          pam_passwd_auth.so.1 server_policy
passwd auth required           /usr/lib/security/pam_ldap.so.1 debug
cron    account required      pam_unix_account.so.1
other   account requisite     pam_roles.so.1
other   account sufficient       pam_unix_account.so.1 server_policy
other   account required        /usr/lib/security/pam_ldap.so.1 debug
other   session required      pam_unix_session.so.1
other   password required     pam_dhkeys.so.1
other   password requisite    pam_authtok_get.so.1
other   password requisite    pam_authtok_check.so.1
other   password required     pam_authtok_store.so.1 server_policy*/etc/ldap.conf*
base ou=users,ou=Example,dc=staff,dc=example
ldap_version 3
scope sub
pam_groupdn [email protected],ou=groups,ou=Example,dc=staff,dc=example
pam_member_attribute memberUid
nss_map_attribute uid displayName
nss_map_attribute cn sn
pam_password_prohibit_message Please visit https://changepass.exapmle.int/ to change your password.
uri ldap://ldapserver01/
ssl no
bind_timelimit 1
bind_policy soft
timelimit 10
nss_reconnect_tries 3
host klnsds01
nss_base_group         ou=system_groups,ou=Example,dc=staff,dc=example?sub
pam_password md5*/etc/nsswitch.conf*
passwd:     files ldap
group:      files ldap
hosts:      files dns
ipnodes:   files dns
networks:   files
protocols: files
rpc:        files
ethers:     files
netmasks:   files
bootparams: files
publickey: files
netgroup:   files
automount: files
aliases:    files
services:   files
printers:       user files
auth_attr: files
prof_attr: files
project:    files
tnrhtp:     files
tnrhdb:     files*/etc/security/policy.conf*
AUTHS_GRANTED=solaris.device.cdrw
PROFS_GRANTED=Basic Solaris User
CRYPT_ALGORITHMS_DEPRECATE=__unix__
LOCK_AFTER_RETRIES=YES
CRYPT_ALGORITHMS_ALLOW=1,2a,md5
CRYPT_DEFAULT=1Thanks in advance for any response...!!

Thanks you for your reply.
Our openldap version is openldap-2.3.39
And all passwords are encrypted with : Base 64 encoded md5
Below is a sample password:
{md5}2FeO34RYzgb7xbt2pYxcpA==Thanks again for any help..

Site Login Behavior For SharePoint Foundation 2013 Users With Expired Passwords?

What are the most user-friendly ways of getting external users with expired AD passwords back into the SharePoint site with a new working password?
We already send automated email notifications to users reminding them to change their soon-to-expire passwords. However, sometimes they miss seeing the email notifications before the password expires (such as after returning from vacation or just carelessness
and lack of attention to email messages) or they see the warning messages and forget to act on it.
When this happens and they try to log into the SharePoint site from the Internet, their login fails without telling the user the reason they can't log in is because their password expired. So, they end up confused and call the help desk to get their
password reset.
Is there a way to set up SharePoint Foundation 2013 login in a similar way to the OWA login so that, when a user with a correct but expired password tries to log in, it gives them a prompt to set a new password right there rather than just an error indicating
their login failed for unknown reasons or password is "incorrect?"

It could be done. You get a different event log entry for an expired login attempt than for a wrong password, 4625 events denote a login failure and an error ID of 23 denotes a logon failure.
A naff, but simple, approach would be to create a tool that checks your server logon event log for 4625 entries and then emails that user, or the help desk, or security, that they're trying to get onto your system with expired credentials.
For a more polished experience you've got a lot more work and bluntly it's going to be impractical for you. You'd have to re-write sections of the SharePoint authentication process or intercept the process, both are risky and not a good idea to try.
There's a really interesting paper here that might be of interest, it won't help you in your current situation but it might shed more light on the overall authentication/authorisation process.
http://www.sans.org/reading-room/whitepapers/forensics/windows-logon-forensics-34132

Change the User ID running the SunOne Directory Server 6.3 on Windows 2003

Hi Experts,
I have an install of SunOne Directory Server Enterprise edition 6.3 running on Windows 2003 server. It was installed using the Zip distribution and is running as a user ID in the Active Directory the server is part of. We are trying to change the user ID to a service account (not the current ID which belongs to a person), so that the Sun DS can run as a service within Windows 2003 server. Need help in doing this without having to re-install the Directory server. Has anyone done this and is it possible to do?

Thank you very much for the insights and the responses sharmy28.
Appreciate it very much.
All I had to do was change the setting in this file only:
Open the file dsee6/cacao_2/etc/cacao/instances/default/private/cacao.properties and change the below line with new id...
# Define username and groupname for cacao process
process.username=sunadmin
process.groupname=sungroup
As this is Windows 2003 and the installs are all default values, I had to reboot the server for the change to take effect.
The file dsee6/cacao_2/usr/lib/cacao/lib/tools/scripts/globals.cfg does not exist. However the same file exists under the perl directory as globals.pl and the settings you specified are present there. In our case these were commented out and so I left them as is.
Thanks once again for your responses which helped me solve the issue we had.
Thanks.

Connect DB - SYS user with wrong password

Hi All,
A strange thing I have noticed with SYS user since Oracle 9i(never worked on earlier versions) is that I can connect to the SYS user as SYSDBA with wrong password as well! Please guide how to prevent this...
(I have searched for a solution online but was unable to find any :( )
SQL> CONN SYS/AAA@TEST AS SYSDBA
Connected.
SQL> DISC
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> CONN SYS/BBB@TEST AS SYSDBA
Connected.
SQL>
SQL> DISC
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production*009*

There is nothing wrong and nothing should be, IMO, prevented.
When you log in to the server as an user in the dba group (Unix) or the ora_dba group (Windows), you are a power user and O/S authentication applies to you, and you don't need a password.
Logging in as owner of the software (oracle) all the time, what many DBAs do, is a bad idea anyway, as you can remove anyufile on O/S level.
Strategies to prevent this:
- make sure your account isn't in the groups I mentioned
or
- disable O/S authentication by editiing sqlnet.ora
Both procedures are documented.
Finally please note anyone who has root access can get around this easily.
Sybrand Bakker
Senior Oracle DBA

Cannot migrate users print queues to new print server

I am needing to move the print queues on users computers to a new print server that I have set up by I am not able to do so. I have over 200 users at the office. I am thinking it is a problem getting to run it on the clients, but not sure where it is failing...
To start... I have moved the print queues from Server 2003 to Server 2008 R2. The machines are both 64 bit. I was able to export the drivers and the print queues to the new server using the print migrate tool. The names of the printers are the same on both...
The names of the print servers are different. I added a print queue to a test client and was able to print to it without a problem mapped to the new server, so that's not the problem.
What I can't do is use the script (see below) to remap the clients to the new server. I have tried and configured the script as a user log on script, configured a group policy and placed my test user in the OU. Rebooted the machine, logged
on with the test account but the print queues stay the same. I have even tried to run the script locally but still no joy... it runs but the queues stay the same. I used RSOP and see that the script is being applied... I am running Windows 7 Professional.
I really need to get this resolved as the server is being decommissioned within the month.
Option Explicit
Dim from_sv, to_sv, PrinterPath, PrinterName, DefaultPrinterName, DefaultPrinter
Dim DefaultPrinterServer, SetDefault, key
Dim spoint, Loop_Counter, scomma
Dim WshNet, WshShell
Dim WS_Printers
DefaultPrinterName = ""
spoint = 0
scomma = 0
SetDefault = 0
set WshShell = CreateObject("WScript.shell")
from_sv = "\\srvprint_1" 'This should be the name of the old server.
to_sv = "\\srvprint_2" 'This should be the name of your new server.
'Just incase their are no printers and therefor no defauld printer set
' this will prevent the script form erroring out.
On Error Resume Next
key = "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Device"
DefaultPrinter = LCase(WshShell.RegRead (key))
If Err.Number <> 0 Then
 DefaultPrinterName = ""
else
'If the registry read was successful then parse out the printer name so we can
' compare it with each printer later and reset the correct default printer
' if one of them matches this one read from the registry.
spoint = instr(3,DefaultPrinter,"\")+1
DefaultPrinterServer = left(DefaultPrinter,spoint-2)
 if lcase(DefaultPrinterServer) = from_sv then
 DefaultPrinterName = mid(DefaultPrinter,spoint,len(DefaultPrinter)-spoint+1)
 scomma = instr(DefaultPrinterName,",")
 DefaultPrinterName = left(DefaultPrinterName,scomma -1)
 end if
end if
Set WshNet = CreateObject("WScript.Network")
Set WS_Printers = WshNet.EnumPrinterConnections
'You have to step by 2 because only the even numbers will be the print queue's
' server and share name. The odd numbers are the printer names.
For Loop_Counter = 0 To WS_Printers.Count - 1 Step 2
 'Remember the + 1 is to get the full path ie..
\\your_server\your_printer.
 PrinterPath = lcase(WS_Printers(Loop_Counter + 1))
 'We only want to work with the network printers that are mapped to the original
 ' server, so we check for "\\Your_server".
 if lcase(LEFT(PrinterPath,len(from_sv))) = from_sv then
 'Now we need to parse the PrinterPath to get rhe Printer Name.
 spoint = instr(3,PrinterPath,"\")+1
 PrinterName = mid(PrinterPath,spoint,len(PrinterPath)-spoint+1)
 'Now remove the old printer connection.
 WshNet.RemovePrinterConnection from_sv+"\"+PrinterName
 'and then create the new connection.
 'Do not create c6100
 if lcase(PrinterName) <> "c6100" then
 WshNet.AddWindowsPrinterConnection to_sv+"\"+PrinterName
 'If this printer matches the default printer that we got from the registry then
 ' set it to be the default printer.
 if DefaultPrinterName = PrinterName then
 WshNet.SetDefaultPrinter to_sv+"\"+PrinterName
 end if
 end if
 end if
Next
Set WS_Printers = Nothing
Set WshNet = Nothing
Set WshShell = Nothing

Hi,
àI added a print
queue to a test client and was able to print to it without a problem mapped to the new server, so that's not the problem.
àWhat I can't
do is use the script (see below) to remap the clients to the new server.
Based on your description, I understand that you have moved print queues to new print server via print migrate
tool successfully. However, when use this script (Remap Printer Connections) to re-map Printer Connections, the script seems to not be ran as expected. Meanwhile,
I noticed that you had ran the script locally. Did you find any error when ran this script?
On current situation, this issue seems to be more related to this Remap Printer Connections script. I suggest
that you would post it in
Official Scripting Guys Forum. I believe we will get a better assistance there.
If anything I misunderstand or any update, please don’t hesitate to let me know.
Best regards,
Justin Gu

Mac user prompted for password for Mac server shares at every login

I have a client that uses Mac machines. The server is also Mac server.
The machines are not in a domain/realm, so each machine has its own user database including the server.
The user connects to a share on the server, where she is set up with the same user name and password as on her local Mac for convenience.
When you connect to the share the first time, you are prompted to provide the credentials, and you can select to save this password in Keychain. We selected YES, remember this password in my Keychain.
However, at every login, she has to provide credentials to connect to the share again.
Any ideas why keychain is not remembering this login so that she can re-connect to the share (it is set as a Login Item) seamlessly?
Thank you,
Sandra

Unix shortnames can be viewed/set on the client computers by opening system preferences, going to users & groups, Right-Clicking on a user, and opening the "Advanced Options..." pane. In the field that says "Account Name:" is the UNIX shortname that the system assigned o that user when their account was originally created.
DO NOT CHANGE THE USER'S SHORTNAME HERE. All kinds of bad things will happen. Once it is established (as your original post suggests), you don't want to change it.
What you can do is on your server, in the users & groups sharing preferences, establish server accounts for your users that have identical shortnames to the ones they already have assigned on their individual macs.

Migration from iplanet webserver to Sun Directory Server

Hi,
I have Oracle Iplanet WebServer Enterprise edition V6.0 SP2 in my dev environment. I would want to migrate the system to Sun Java System Directory Server V6.0. I have looked up the migration guide for Sun DS V6.0. But i could not find any reference to Iplanet WebServers.
Can anybody please let me know the migration procedure for migrating from Iplanet Server to Sun Directory server.
Any help would be appreicated
Thank you
Nowfal

Please ignore this question since we have dropped the plan to migrate, instead set a new DS instance from the beginning

Ldap client with directory server 6.0 on solaris 9 systems

I have a directory server 6.0 running on a solaris 9 system. I have set up idsconfig, vlvindex and certificate database on the server side. The client ldap I am trying to set up is also solaris 9 system. I have set the certificate database on this ldap client using the Resource Kit certutil and import the server certificate to client certificate database. It seems the TLS secure connection did work between LDAP server and client. (I use the Resource Kit ldapsearch command to test it) I use 'ldapclient -v init ...' command using 'profileName=tlsprofile' to initialize the LDAP client and the information returned from that command said LDAP client configed sucsessfully. But when I run ldapaddent command to import /etc/passwd. I got error:
Passwd container does not exist.
The ldapaddent command I ran like this:
ldapaddent -v -f <passwd file> -D "cn=Directory Manager" passwd
Then I tried to use 'ldapclient -v manual ....' command to set up LDAP client. That command finishes succefully. But I still can not import /etc/passwd using ldapaddent with same error.
What is wrong with my set-up?
Thanks,
--xinhuan

I looked into the /var/adm/messages, and I have the following error:
ldap_cachemgr[1640]: [ID 605618 daemon.error] libldap: CERT_VerifyCertName: cert server name 'directory server' does not match 'hostname.mycompany.com': SSL connection denied
It seems I have problem with SSL certificate set-up. I did generate the server side 'hostname.mycompany.com' certificate then use the Resource Kit certutil import that certificate to the client side. Is that right way to do?
Thanks,
--xinhuan

Migration Users with MD5 Passwords to Directory Server 6.1 on Solaris 10

Similar Messages

Maybe you are looking for