Problems with OSX ja Active Directory (urgent!)

Hello, I'm newbie Mac user and I have a problem with integrating OSX to our company MS Active Directory. This MacBook Pro is a only Apple here, so this is quite difficult...
So far I have made following things:
- I made "Bind" succesfull (it pings from others computers and I can see it from AD tools)
- to AD account I changed my profile to include home folder (\\Adserver\user.account$). When I log on to AD via PC, home folders etc. are done with Logon script (Logon.bat) and I can see those shared folder fine.
- then I rebooted my Mac and on logon screen there is option Other --> there I input my AD username and password. After that OSX log in normally.
- But on Dock there is no Home folder, there is only a big question mark (?) and it says "User X X network home folder" (or something like that). And there is nothing behind this ?-mark
- I have checked from Gerberos that I have a valid ticket to AD-server
I have also tried to map network folder (apple + K), but there will error message that "Server couldn't reach, because user name or password is wrong"
I have spend a couple of days to solve this problem, but nothing seems to solve it. Could someone please help me? I really need those shared folders (yes, there are at leat two I need from AD), because on those folder are documents that I need daily at my work.
thanks,
-zooropa
MacBook Pro Mac OS X (10.4.5)

My admin username of Mac is "firstnamesurname" and AD account is "firtsname.surname". So the "dot" is only difference. Is that enough?
I made binding with Mac admin account and after that I used "other" on login screen of OSX. As I wrote, I can login fine with AD username and password, but the problem is that I can't map home folders from Windows Server 2003.

Similar Messages

Canon 860 Series (Pixma) Printer Problems with OSX 10.8 (Mountain Lion) – links to Canon Support Site with Drivers and Software with install tips

After spending several hours sorting out Canon Pixma OSX problems here are my thoughts:
Canon 860 Series (Pixma 868) Printer Problems with OSX 10.8 (Mountain Lion) – links to Canon Support Site with Drivers and Software with install tips
Problem:
- New imac and MacBook Pro 2012 (OSX 10.8.2) had a problem using Canon Pixma 868 printer on network and would not scan or print using Canon Pixma software (Pixma MP Navigator 2.1 & Photo Print), which has advanced scanning and photo printing functions.
- When I connected the canon printer to my imac, OSX 10.8.2 automatically downloaded and installed drivers for Canon 860 series printer. I could then add the new printer (select ‘apple menu’ / ‘system preferences’ / ‘print and scan’ / “+”) and printer would work while connected via USB but could not get to print or scan over network wifi.
- The original Canon 860 Series CD does not work with 10.8 and the manual / online instructions did not make sense (as based on CD install).
Solution:
1) Install Canon Printer Drivers and Software (from official Canon site)
Go to canon support site, review FAQ, then download and install following Pixma 860 Series software & drivers for OSX 10.8 (links see below). The version I downloaded is in brackets but check for updated version. Full instructions are below.
Canon 860 Series Drivers & Software for OSX 10.8 Mountain Lion:
The base software and drivers needed for using Canon 860 Series on Mac OS X 10.8 (USB) are
1 Printer Driver
(Canon MX860 series CUPS Printer Driver Ver. 10.67.1.0 (03-Aug-2012))
2 Scanner Driver
(Canon MX860 series Scanner Driver Ver. 14.11.4a (03-Aug-2012))
3 Network Tool
(Canon IJ Network Tool Ver. 4.1.0 for Intel Mac (27-Dec-2012)
Canon Software for using advanced printing and scanning functions (while connected to network)
4 Solution Menu
(Canon Solution Menu Ver. 1.4.1 (27-Jul-2012 ))
5 MP Navigator EX
(Canon MP Nav EX Ver. 2.1.3 (02-Auf-2012))
6 Easy-PhotoPrint EX
(Canon Easy-PhotoPrint EX Ver. 4.1.6 (21-Jan-2013 ))
Canon Support (HK) – check your local site
http://www.canon.com.hk/en/download/main/index.do
Select Product and drivers from support site eg http://support-hk.canon-asia.com/
1. Choose a product category
Multifunctional Printers
2. Choose a product series
Pixma
3. Choose a product model
Pixma MX868
4. Choose type of document
Downloads or FAQ
If you have problems installing the software under 10.8, see the FAQ on Canon site. You will need to allow software installs from “unidentified developers by using “Control” Key or by changing your system preferences)
2) Check Canon Printer and Software Working while connected via USB
Once you have downloaded and installed drivers and software and restarted computer, check that the printer and Canon Pixma software (Pixma MP Navigator 2.1 & Photo Print) are working via USB. Open the Canon IJ Network Tool App (Applications / Canon Utilities /IJ Network Tool / Canon IJ Network Tool App) and make sure you can see the Canon MX 860 series (xx.xx.xx.xx.xx.xx) and that it shows the correct SSID Wifi settings (under the Canon IJ Network Tool App ‘Setup menu’). This is normally done as part of the automatic install but worth double checking
3) Add new network printer using ‘apple menu’ / ‘system preferences’ / ‘print and scan’ / “+”).
After you have checked USB printing turn off printer, unplug the USB cable and shutdown the Canon IJ Network Tool App.
Then turn the printer back on and wait 30s. Then add a new printer using ‘apple menu’ / ‘system preferences’ / ‘print and scan’ / “+”). Once you select “+” (add new printer), wait 10-30s for the Wifi Networked Canon MX 860 Series printer to appear in the new window eg Canon MX 860 series (xx.xx.xx.xx.xx.xx) (Kind: “Canon IJ Network”)
DO NOT ADD THE MX 860 SERIES BONJOUR SCANNER (the Bonjour Scanner is the built-in software, is not needed and often appears first on the add printer list). The Canon scanner can be accessed used through the MP Nav EX Ver. 2.1.3 software (which has much better functions)
You will now have two Printer Canon MX860 (USB) and Canon MX860 (Wifi / Network). Set the Canon MX860 (Wifi / Network) as default and test print and scan
If the Wifi Networked Canon MX 860 Series printer does not appear, check the printer and make sure that the printer can see the wifi network. On the printer select Menu / Settings / Device Settings / Lan Settings / WLAN Setting List. It should say WLAN Active, identify the SSID and have an IP address
If the printer can not see the Wifi Network, plug the USB cable back in, then open the Canon IJ Network Tool App (Applications / Canon Utilities /IJ Network Tool / Canon IJ Network Tool App). Make sure you can see the Canon MX 860 series (xx.xx.xx.xx.xx.xx) and that it has your SSID settings (under setup), if it has this info, restart the computer and the printer and try again

Hi, thaks for response, meant to post as a discussion (not question), wanted to save others time if they get the same problem

Problem with installation and activation

Hi, I have a problem with the installation of Adobe Muse.
I had a free 30-days trial, when it was over I bought the product ($ 13 per month),
I installed the program again and I see the same window with the finished Trials
and it requires a serial number and does not allow to enter the program.
I installed the program on your PC wife without any problems, but I can not install it on a laptop.
I have a laptop with Windows 8 operating system.
What I've done:
1. Uninstalled the free program,
2. check the connection to the Internet,
3. has installed a new program from the official website adobe.com,
4. Remove the line for the activation of the hosts file and resave the file,
5. turned off the brandmower,
6. rebooted.
I can't get support for a 3 days, is it the most terrible support I've ever seen? I dunno
Please help me at [email protected]

I guess this stuff helps me
http://helpx.adobe.com/creative-suite/kb/cs5-cleaner-tool-installation-problems.html
2014-08-07 20:07 GMT+07:00 Дмитрий Броский <[email protected]>:
thanx
>
2014-08-07 18:18 GMT+07:00 Prabhakar.Kumar <[email protected]>:
problem with installation and activation created by Prabhakar.Kumar
>> <https://forums.adobe.com/people/Prabhakar.Kumar> in *Help with using
>> Adobe Muse CC* - View the full discussion
>> <https://forums.adobe.com/message/6619532#6619532>
>>

Problem with the product activation adobe acrobat 9 standard.

I have a problem with the product activation adobe acrobat 9 standard.
It is a failed hard disk to the pc and was not able to deactivate the license adobe.
Now I replaced the hard drive and reinstalled the software but it tells me that all licenses are used.
Is it possible to unlock the licenses in use?
Thank you.

Adobe can unlock licenses, this is a normal thing for them to do. You must contact them directly, there is no trick or other way.

Graphic problem with OSX Lion - freezing all windows

I try to define my graphic problem with OSX Lion. Simply if you have set for example hot cornes and switch between desktop, all windows etc. the move of switchng windows i chopping and freezing. I dont idea why, but it hapennig since I installed Windows 7 via bootcamp. But the problem is still here after I remove Windows. Cleaning cash doesnt work. Can anybody help me please?

No, it's not Lion. It may be something you installed. If you just bought it you could also take it back to the Apple Store and they may be able to help.

Having problems with OSX and mail with the servers?

Having problems with OSX and the mail servers? Seems to be happening more and more?

Hello,
Who is your eMail provider, the part after the @ sign?
In Mail's Window Menu, choose Connection Doctor, any red dots for status, if so what is the message?
Then click the Show Details button & Check again.
Open Keychain Access in Utilities, use Keychain First Aid under the Keychain Menu item, then either check the Password under that item, change it, or delete it and start over.
You may have multiple entries.
Open Keychain Access in Utilities, enter the part after the @ sign in the search bar, hit enter
The Password rejection can confuse people since it's a catch all meaning...
This Password, Username, Authentication method... is not recognized on this Port to this Server, more than one entry in Keychain for each in/out entry, or a server end problem.
If using a browser to login via WebMail works it's not Name or Password, but one of the other ones.
The receiving email ports are:
IMAP is port 143
IMAP-SSL is port 993
POP is port 110
POP-SSL is port 995
Outgoing ports are...
SMTP and SMTP-SSL is on ports 25, 587 and 465. Port 587 has to be SSL, and port 465 is enforced TLS-wrapped and is generally used by Outlook users.

Error when synchronising data with Active Directory - URGENT

Hi,
We are currently running on ECC 6, and have a CUA implemented. I am attempting to synch my user data on the CUA with the Active Directory, I'm only updating the SAP database and not writing back to AD.
I have mapped the fields in LDAPMAP, and using the find function through transaction LDAP I'm able to read the data for the relevant fields so the AD user id does have the correct read access to AD
However when I run the RSLDAPSYNC_USER program, the user is created but only the Surname field is populated. Does someone perhaps now what could cause this problem?
Thanks in advance
Sujeet

I think I know what you're problem may be.. There is a hard limit or 1000 results for a LDAP search against active directory. And I think you're hitting this limit. One way to test is to narrow your search to one small OU with only 10 users in the OU.
This setting can be changed at the controller and is called "MaxValRange". here's a link to more info <a href="http://support.microsoft.com/kb/315071">http://support.microsoft.com/kb/315071</a>
Before you make this change on your domain controller I'd try narrowing the search to a single OU first.

Import DNG Hang Problem with OSX not with Win 7

I installed LR4 on both my Mac Pro and Win7 machines for comparison purposes and have encountered a problem with importing files and converting to DNG format with OSX that is not present with Win7.
OSX machine
first gen Intel MAC Pro + 8GB memory multiple disks OSX 10.7.2
Win7 Machine - latest set of MS patches installed
Sandy Bridge Processor I5 2500K + 8GB memory multiple disks
On both machines:
I am importing 12 test images taken with my Nikon D300 and using a Kingston USB card reader
Copying to a data only disk that does not contain the catalog
Convert to DNG with copy to a sub-directory
Renaming the files to DSC_0001.DNG sequence format
Standard Previews
Dont import suspected duplicated enabled
No develop settings
Metadata with a simple copyright statement
OSX seemed to import the 12 DNG's ok as they all showed up on the Library grid screen... but the import seemed to hang before completion and no CPU was being consumed - this was prior to the previews being generated
I waited for 10 minutes with no CPU activity and then cancelled the Lightroom task, at that point LR4 generated the previews and everything looks fine, I can modify the DNG images and everything seems normal with them
With Win7 everything went as expected and completed in under 1 minute
I have screen shots available and I can reproduce this behaviour consistently on OSX

UPDATE - Further testing
I tried to import the images into LR3 and it worked fine on OSX (I don't have LR3 on WIN7)
However when under LR4 the hanging problem also occurs if I do a straight copy as well (ie: Dont convert to DNG format)

How can you delopy NIDaq 8.3 with Windows 200x Active Directory.

We are developing our own in-house measurement application that is built with LV 8.2. It requires NI Daq 8.3 to be installed as well. I need to deploy this to anywhere from 30-60 computers now and many more as we expand in the future.
I know I probably could use the Setup.exe with some switches for a silent install however the two problems are:
I have to write a script for each computer or go to each computer.
Future compters will need to be manually touched as well.
We may need to uninstall in the future for newer deployments and that cannot be done easily with this method while in AD I just have to click a few things and then it is deployed.
I currently deploy apps like Office, Solidworks, Acrobat Reader, and a whole host of others with Active Directory by just adding the MSI file for these apps to the AD Container's Group Policy. I see on the NI Daq CD there are tons of subfolders and most have their own MSI file. I have attempted to see if I could just deploy these in order by just attaching these MSI files to the Group Policy, but AD tells me that "none" of these MSI files I have tried so far are valid MSI files because they have no deployment info in them.

Hello Jordan,
If I understand you correctly, you are trying to push the installation of the DAQmx driver as well as your LabVIEW application out to several machines from a server. Ideally you do not want to take your installer do each machine individually, and you also would not want to have to write a script.
Unfortunately your options may be limited to the features provided by your IT tools. You mentioned that you are using Active Directory to push out other software packages using their msi files. While I am not familiar with this particular software, is there any other way to install software remotely using this tool? Basically, I am looking for another method by which you can configure this tool to run the Setup.exe silently on computers of your choice. It may be worth your time to look into the documentation of this tool to determine if this is at all possible. Please post back and let us know what you are able to find out. Thanks!
Mike D.

Mega problem with OSX - XP - VISTA sharing

hello.
first of all i want to say that i am not network-guru (so you could see some silly stuff here =) but also i am not /basic/ user (i know how to plug a cable properly =) and i was trying to google my problem for a few days and finally i will try to find help here...
i have few machines with various operating systems;
osx 10.5.4
windows vista home premium
windows vista ultimate
windows xp sp2
there are 10 machines and all of them share at least 1 directory or disk over the network. all windows are set up to map network drives (also one disk from osx) and osx is connecting to windows drives through standard smb:// protocol.
now... i am aware of all the problems with sharing stuff between osx and win, especially in my case, so my first question would be:
is there any GOOD tutorial how to set up such network properly??
i have seen few of them but seems that there are problems occurring again (i guess mostly because of vistas :P)
for example;
i want one of my osx to share TWO DISKS and TWO FOLDERS.
in osx preferences i set up everything correctly in sharing and users (btw, guest account is disabled on ALL machines!) but when i log in (from any machine) i can see ALL DISKS plus TWO SHARED FOLDERS plus MY USER'S FOLDER and everything is accessible and writable etc... after few restarts and trying to disable/enable file sharing, clearing caches and such stuff on osx, i tried to edit smb.conf from /etc and also from /var/db and by default option in [homes] part which says 'browseable' is set to NO... i tried to change 'read only = no' to YES and changed 'com.apple: show admin all volumes = yes' to NO and after that some strange happened... (i will not emphasize reboot points of ALL computers but it was done after each step =)
xp machines could see TWO DISKS, ONE FOLDER, MY USER'S DIR
vista machines could see TWO DISKS, ONE FOLDER (different than xp), MY USER'S DIR
osx could see ALL DISKS, TWO FOLDERS, MY USER'S DIR
EVERYTHING was writable.
if i would click to browse one of those disks on osx i could see everything inside but if i go back to the root of that computer, disk would instantly DISAPPEAR and become unaccessible from that pc. same on others.
now i left smb.conf files in default setting so everybody can see everything and everything is writable. =( after googling 'smb.conf' combinations i have seen that some people have completely different setups... how could i know which one is right for my osx?
generally my second question is: WHAT SHOULD I DO TO MAKE EVERYTHING WORKS FINE?
i hope you understood my problem because i am little bit lost in all this...
in addition there are my smb.conf files
/etc/smb.conf
; Configuration file for the Samba software suite.
; ============================================================================
; For the format of this file and comprehensive descriptions of all the
; configuration option, please refer to the man page for smb.conf(5).
; The following configuration should suit most systems for basic usage and
; initial testing. It gives all clients access to their home directories and
; allows access to all printers specified in /etc/printcap.
; BEGIN required configuration
; Parameters inside the required configuration block should not be altered.
; They may be changed at any time by upgrades or other automated processes.
; Site-specific customizations will only be preserved if they are done
; outside this block. If you choose to make customizations, it is your
; own responsibility to verify that they work correctly with the supported
; configuration tools.
[global]
debug pid = yes
log level = 1
server string = Mac OS X
printcap name = cups
printing = cups
encrypt passwords = yes
use spnego = yes
passdb backend = odsam
idmap domains = default
idmap config default: default = yes
idmap config default: backend = odsam
idmap alloc backend = odsam
idmap negative cache time = 5
map to guest = Bad User
guest account = nobody
unix charset = UTF-8-MAC
display charset = UTF-8-MAC
dos charset = 437
vfs objects = darwinacl,darwin_streams
; Don't become a master browser unless absolutely necessary.
os level = 2
domain master = no
; For performance reasons, set the transmit buffer size
; to the maximum and enable sendfile support.
max xmit = 131072
use sendfile = yes
; The darwin_streams module gives us named streams support.
stream support = yes
ea support = yes
; Enable locking coherency with AFP.
darwin_streams:brlm = yes
; Core files are invariably disabled system-wide, but attempting to
; dump core will trigger a crash report, so we still want to try.
enable core files = yes
; Configure usershares for use by the synchronize-shares tool.
usershare max shares = 1000
usershare path = /var/samba/shares
usershare owner only = no
usershare allow guests = yes
usershare allow full config = yes
; Filter inaccessible shares from the browse list.
com.apple:filter shares by access = yes
; Check in with PAM to enforce SACL access policy.
obey pam restrictions = yes
; Make sure that we resolve unqualified names as NetBIOS before DNS.
name resolve order = lmhosts wins bcast host
; Pull in system-wide preference settings. These are managed by
; synchronize-preferences tool.
include = /var/db/smb.conf
[printers]
comment = All Printers
path = /tmp
printable = yes
guest ok = no
create mode = 0700
writeable = no
browseable = no
; Site-specific parameters can be added below this comment.
; END required configuration.
/var/db/smb.conf
# Configuration options for smbd(8), nmbd(8) and winbindd(8).
# This file is automatically generated, DO NOT EDIT!
# Defaults signature: a13310200e774008e7f854700000293c480000
# Preferences signature: 200e4bd28a0b1e026490000552000000
# Configuration rules: $Id: rules.cpp 32909 2007-08-17 23:07:40Z jpeach $
# Server role: Standalone
# Guest access: never
# NetBIOS browsing: not a master browser
# Services required: org.samba.smbd org.samba.nmbd
[global]
security = USER
auth methods = odsam
netbios name = Azriel
workgroup = group
dos charset = 437
server string = Azriel
ntlm auth = yes
lanman auth = no
max smbd processes = 10
log level = 1
use kerberos keytab = yes
com.apple: lkdc realm = LKDC:SHA1.5587265F45481D473800CE75CE481F5A07475F59
realm = LKDC:SHA1.5587265F45481D473800CE75CE481F5A07475F59
map to guest = Never
domain master = no
preferred master = no
enable disk services = yes
enable print services = no
wins support = no
[homes]
comment = User Home Directories
browseable = no
read only = no
create mode = 0750
guest ok = no
com.apple: show admin all volumes = yes
[global]
thanks for ANY help!

somebody? something? anyhing? please! =)

Problem authenticating user in Active Directory cross domain

Hi,
We have two different AD servers serving our London and Tokyo networks. My application runs in London network but used by both London and Tokyo users.
The two ADs have domain trust setup between them. I have groups defined in London AD to which users from both the London and Tokyo ADs are assigned.
'm trying to connect to London AD using the "users credentials" and retrieve the groups they are assigned to.
I can connect to the London AD using any of the London user and I could retrieve the groups. But when I use a Tokyo user credentials to connect using the London AD server 'm getting Security exception with a code indicating "User Not Found".
The code I use which is very basic is given below . The code below run as such gives me the following error,
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece.
If I change in the code below, Provider URL to Tokyo AD Server URL then it works but I can't use that due to security restrictions. As per the Windows Team the domain trust should allow me to connect/bind to the London AD Server with the Tokyo credentials.
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "london ldap server url");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.REFERRAL, "follow");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
env.put(Context.SECURITY_CREDENTIALS, "password");
env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");
ctx = new InitialLdapContext(env, null);
I would like to know how to authenticate a user in a cross domain Active Directory environment. I read in one of the blogs that the "simple bind" will not work for cross domain user authentication. Unfortunately the blogger didn't mention what would work :( . Any help is much appreciated.
Please bear with me if my query is a naive one and point me in the right direction.
Thanks
Jothi

Hi Praveen,
to avoid losing data when user objects are moved to new locations in the LDAP server, it is possible to configure the User Management Engine to use the value of a specific unique attribute as part of the unique ID instead of the distinguished name.
For this, you have to change the following UME properties:
For user objects: ume.ldap.unique_user_attribute=<attributename>
For account objects: ume.ldap.unique_uacc_attribute=<attributename>
For group objects: ume.ldap.unique_grup_attribute=<attributename>
Be aware that the attribute (i.e. cn or uid) must be unique in the configured user/group path.
Please read SAPNote 777640 for more information regarding this problem and the way to change the UME properties.
Best regards,
Robert

10.4 client problem with OSX Server 10.5.8

I have an late 2009 X_server with OSX 10.5.8 running, have binding to AD and enabled system as OD master. I have added an ad user to an od group and set a prefernce in the DOC to add the Group folder to the doc.
On my MBP mostly all goes well except for a question mark for ther group folder. But on an old G4 tower I'm testing with it just prompts me about not being assigned to a group and gives the option to apply settings. but the settinsg never take place. Has any had this problem before? Thanks in advance. Art

I've got the Audiotron working again. I found some info on basically opening the entire share to guest access. Reference this thread: http://discussions.apple.com/thread.jspa?threadID=392697
I tried changing "encrypt passwords" (global section) to "no" and that didn't help. Then I added this to the music share and everything works. Probably not the best security solution, but I'm behind a firewall.
In /etc/smb.conf added for the music share:
public = yes
only guest = no
writable = no
printable = no
(I still left "encrypt passwords = no" in the global section. I'm not sure if that made a difference or not.)

EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

Hello everyone,
Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
Here's what happens:
1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
http://discussions.apple.com/thread.jspa?messageID=5967023
http://discussions.apple.com/message.jspa?messageID=5982070
these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
Thanks,
Andrew

Hard to tell what is happening without looking at the application
source, knowing what OS & hardware you're using etc. You might want to
try running with different JVM versions to see if it's actually the VM
that is the problem. If you have a support contract with BEA you could
ask support to help you diagnose this.
Regards,
/Helena
Ayub Khan wrote:
I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
seems to happen on loading the machine..the performance progressively gets worse
and after a couple of seconds, all the threads stop responding. I checked the
heap, cpu and the idle threads in the execute queue and there is nothing there
to trigger alarms...there are quite a few idle threads still and the heap and
the cpu utilization seem OK. On doing a thread dump, Is see that all the other
threads seem to be in a state where they are waiting for data from LDAP and it
is basically read only data that they are waiting on.
Does anyone know what it is going on and help point me in the right direction.
-Ayub

Printing problem with OSX 10.9.4 Mac Pro

I just bought a MAC A retina display with OSX 10.9.4, but it can not print. I use a canon Printer MX 397 Series (Fax/Print/Copy/Scan), after following all the instruction given by The Help Menu and from Internet, still can not works, I already updated the software that I just downloaded from canon website, but it did not work.
This printer works very well with my other laptop using windows OS.
I did not know what went wrong with my MAC, somebody please help me to solve this problem.
The only thing that work was The scanner, but still the doc was nowhere to found

Try resetting the printing system.
OS X Mavericks: Reset the printing system

Portal Password Reset - Active Directory - Urgent

Friends
We are using SAP Portal 6.0 SP 18. The Portal UME data source has been configured with Microsoft ADS.
Now we have an requirement to change the user Password in the Active Directory from the Portal.
How can we achieve this...? I am OK even to do some development for this.
Please let me know the mechanism.

You can use the UME API to change your own password on a Microsoft Active Directory server, but before that please see the SAP note 876938. Also please see the SAP note 613577, this note have an attachment, it is very helpful. Useful blog <a href="https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/1789">User management API in WebDynpro</a> for how to use UME API's.
Regards,
Nitin

Problems with OSX ja Active Directory (urgent!)

Similar Messages

Maybe you are looking for