Radius Server with Active Directory

I have an XSERVE with 10.6.7. It is an OD Master that is also bound to Active Directory.
I am trying to set up the RADIUS service to provide authentication to users on the wireless network.
So far, I have been able to set it up to the point where the wireless access point is attempting to authenticate to the server. The client is asked for user ID and password. I will even see the self-signed certificate on the client. However, I am never able to connect to the wireless system.
I tried using an Air Port Express with all the automatic settings from the server, and got the same results.
I tried authenticating with a local OD test user, and that did not work, either.
When I tried it on my network at home (no Active Directory), the RADIUS server worked exactly as expected.
Is there some other setting that must be modified to make this work with AD?

Here are some links:
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080921f67.shtml
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665d18.shtml

Similar Messages

  • Cannot register radius server in active directory

    Hi All
    What I can't do is to register the RADIUS server to the Active Directory service which is located on the same server and stand alone server same problem  (see screenshot). I've tried to do this as both domain administrator and local administrator.
    How can I fix this problem?
    IT Helpdesk

    Hi,
    Try to use netsh nps add registeredserver
    command. This command is used for adding a Network Policy Server (NPS) to the list of registered servers in Active Directory.
    The NPS server is registered in AD DS when it is added as a member of the RAS and IAS Servers security group.
    For detailed information, please view the link below:
    NPS Server Commands
    http://technet.microsoft.com/en-us/library/cc754758(WS.10).aspx#BKMK_1
    Hope this helps.
    Steven Lee
    TechNet Community Support
    Thank You  working to me ;)
    IT Helpdesk

  • SQL Server 2000\2005 compatibility with Active Directory 2012

    Hi All,
    We are currently using Active Directory 2003 and will be upgrading to AD 2012.  I'm trying to determine if there is any known compatibility issues when running older versions of SQL Server (2000 and 2005) when upgrading to AD 2012.   I've
    read forums from when others went from AD 2003 to AD 2008 and didn't experience any issues.  We have the newer versions of SQL but I'm not too concerned about these.  Any advice would be greatly appreciated?   Has anyone been through
    this process. 
    Thanks,

    Hi CraftsmanRobert,
    Based on my understanding, you used Active Directory 2003, then it would be upgraded to Active Directory 2012. You wanted to run older versions of SQL Server (2000 and 2005) with Active Directory 2012.
    Firstly, there can be a compatibility problem when run older version with Active Directory 2012. SQL Server 2005 (the release version and service packs) and earlier versions of SQL Server are not supported on Windows Server 2012 R2, Windows Server 2012,
    Windows 8.1, or Windows 8. For more information, please refer to this article: How to use SQL Server in Windows and Windows Server environments (http://support.microsoft.com/kb/2681562/en-us).
    Besides, Microsoft doesn’t provide assisted support for SQL Server 2000 and SQL Server 2005 already. Please upgrade the existing instance of SQL Server 2000 and SQL Server 2005 to a new version like SQL Server 2012. You can download SQL Server 2012 Express
    from this link:
    http://www.microsoft.com/en-us/download/details.aspx?id=29062.
    Best regards,
    Qiuyun Yu

  • RoboHelp Server 8/Active Directory

    Hi again,
    After moving my install of RoboHelp Server from our Windows Server 2008 R2 server to an older Windows Server 2003 Web Edition box, I was able to get RoboHelp Server talking to SQL Server 2008 through ODBC.  Now on to the next problem.  I've been trying to configure LDAP authentication against Active Directory, which I can see from a post from NSC_Gillis last August, it looks like there's a problem here.
    My setup now consists of:
    RoboHelp Server 8 installed on Windows Server 2003 Web Edition with Tomcat 6.0.26 and JRE 1.6.20.
    The relevant config section from my <context_name>_server.properties file:
    #To use LDAP authentication , uncomment the following...
    authtype = ldap
    ldapURL = ldap://<subdomain>.<domain>.com:389
    usersearchbase = DC=<subdomain>,DC=<domain>,DC=com
    rolesearchbase = DC=<subdomain>,DC=<domain>,DC=com
    useridkey = uid
    rolename = cn
    rolesearch = member
    DefAdminUid = <UidOfAdmin>
    DefAdminPwd =
    This yields one of ththe following two results when attempting to subsequently log in to the Web Administrator interface:
    Error in LDAP authentication.
    javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0
    Error in LDAP authentication.
    javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 325, v1772
    Both of these errors indicate that when RoboHelp Server is attempting ldap_bind(), that it is doing so with bad credentials. When it comes to Active Directory, these credentials have to be in the form of a valid User Principal Name (UPN) and a password, which given the configuration data above, we're never able to provide one.  And since I've been able to configure Tomcat itself to use a JNDI Realm for authentication successfully against the same said Active Directory, I have to assume RoboHelp Server is attempting to do an anonoymous ldap_bind() which just won't work with Active Directory.
    If someone can provide some guidance at this point, I'd be grateful.
    I admit, for a product that is released only for use on the Windows platform, to include LDAP functionality, but then break it so it won't work with Active Directory, or at least to provide little to no guidance/documentation on how to get it to work, seems patience testing at the least.
    If we cannot get this resolved, we will be forced to review our future use of the RoboHelp/RoboHelp Server products as a whole.
    Thanks,
    Scott

    Hi Scott,
    RoboHelp Server doesn't do an anoymouse LDAP bind. It uses the ldap user id and password provided in the properties file. Please note that for RoboHelp Server configured with LDAP, "DefAdminUid" property in robohelp_server.properties should be set to a valid LDAP user principal and "DefAdminPwd" property should be set to LDAP password of that user principal.
    Regards
    Tulika.

  • Download issue when Windows 7 Pro joins a Windows Server 2008 Active Directory

    Hi,
    I purchased 2 new Dell OptiPlex 3010 desktop computers that came with Windows 7 Professional operating system with SP1. 
    There were no Microsoft updates installed yet.  After I added one of these Dell computers to the Windows Server 2008 Active Directory, I was not able to download several items. 
    Below are several examples:
    1) I downloaded the Norton anti-virus installation file.  This file is not the full installation of Norton; it is more of a file where you execute it and it will download the full installation from the Internet like from their Norton web
    site.  So when I executed this installation file, it does not download the full installation files. 
    It just hung at the screen saying “Downloading” and it will finally stop with an error (don’t remember the error message).
    Note: If I have the full Norton installation file then I am able to install it on this computer with no problems.
    2) I downloaded the Adobe Reader installation file.  This file is not the full installation of Adobe Reader; it is more of a file where you execute it and it will download the full installation from the Internet like from their Adobe web
    site.  So when I executed this installation file, it hung at the downloading part and then it will error out with a “Actionlist Not Found” message.
    Note: If I have the full Adobe Reader installation file then I am able to install it on this computer with no problems.
    3) I installed Microsoft Office 2010 Standard version on this computer. 
    I configured Microsoft Outlook to retrieve emails from my email provider (pop and smtp settings). 
    After configuring Microsoft Outlook, I was able to send emails through Microsoft Outlook successfully (and very quickly), but he was unable to retrieve my emails. The progress bar for the Receiving in the "Outlook Send/Receive Progress" box
    shows no progress. The Progress bar is not moving. There is a message at the bottom of Microsoft Outlook stating "Receiving message 1 of 6 (x.xx KB of x.xx MB)" and it is very slow. My new emails were not being retrieved at all. 
    I tried various pop and smtp servers that was available for my email provider, but all had the same effect.
    4) I can access certain web sites (e.g.
    www.yahoo.com, www.cnn.com) while I cannot access other web sites like
    www.usatoday.com, my web hosting email site.
    Note: I had a Dell computer with Windows XP Professional operating system and this computer does not have any of the above issues.
    The above are only a few examples that I have experienced. 
    If I removed this Dell OptiPlex 3010 computer from the Windows Server 2008 Active Directory then I still experience the same issue.
    So as another test, I setup the other new Dell OptiPlex 3010 with the same Windows 7 Professional OS with SP1. 
    This time, I did not join the Windows Server 2008 Active Directory and I was able to successfully download the full Norton installation files, download the full Adobe Reader installation files, download my emails from Microsoft Outlook 2010, etc. 
    But once I joined this computer to the Windows Server 2008 Active Directory then I am not able to download these files and emails at all.
    It seems like there might be some group policy or a security setting that is preventing these downloads so I disabled the group policy on the Windows Server 2008 AD and Windows 7 Profession OS, but it didn’t resolve the issue.
     I disabled all of the firewall programs on this Windows 7 Professional OS, but it still did not resolve the issue.
    Since the Windows Server 2008 AD did not have DHCP installed, I installed DHCP and setup a scope. 
    Then configured the Windows 7 Professional OS to obtain an IP address, but it didn’t resolve the issue.
    If I move this Windows 7 Professional computer to another network where it did not have any Active Directory; it just had a wireless router serving DHCP then everything works on the Windows 7 Pro computer.
    Any ideas what is the root cause when a Windows 7 Professional computer join a Windows Server 2008 AD?
    Thanks,
    wl_tech

    Hi,
    Could you please tell some information for the AD environment and how it connect to the internet?
    Regarding 3rd party installlers didn't work as expected, please also seek help in their offical website.
    For outlook not receiving emails, could you please take a look in
    Event Viewer and see if there are any special errors logged there?
    And when trying to access the website like
    www.usatoday.com, any special errors IE showed out?
    Best regards
    Michael Shao
    TechNet Community Support

  • Problems with Active Directory and Windows 2003

    Hello,
    I'm using Mac OS X Server 10.4.9 with Active Directory bound to a Windows 2003 Active Directory Domain. I can bind successfully to the domain using the graphical interface. Then in Samba I can access shared directories using Windows users. However, after some time somehow there are problems and Windows users aren't authenticated anymore on the Mac. I've looked at the firewall and there are no denied packets from the Mac. There are two servers in the domain, all clocks are synchronized and domain information is up to date. When I unbind the Mac, I can see the machine account being deleted on both domain servers and created too on both machines when I bind to the domain.
    Problems occur when I try login in using ssh or samba do I think this is a problem with the AD module.
    I turned on debugging messages on DirectoryServices:
    sudo killall -USR1 DirectoryService
    When in Windows, using the Administrator user I try:
    net use \\10.0.0.1 /user:domain\Administrator
    Where 10.0.0.1 is the Mac.
    In the Mac I get from
    tail -f /Library/Logs/DirectoryService/DirectoryService.debug.log |grep ADPlug
    2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:37 CDT - ADPlugin: Searching domain domain.com.mx for User administrator
    2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:37 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:37 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:37 CDT - ADPlugin: Adding Search for Attribute displayName containing DOMAIN\administrator
    2007-06-27 10:48:37 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=DOMAIN\\administrator)), limit 1
    2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:37 CDT - ADPlugin: Searching domain domain.com.mx for User administrator
    2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:37 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:37 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:37 CDT - ADPlugin: Adding Search for Attribute displayName containing domain\administrator
    2007-06-27 10:48:37 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=domain\\administrator)), limit 1
    2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:37 CDT - ADPlugin: Searching domain domain.com.mx for User ADMINISTRATOR
    2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:37 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:37 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:37 CDT - ADPlugin: Adding Search for Attribute displayName containing domain\administrator
    2007-06-27 10:48:37 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=DOMAIN\\ADMINISTRATOR)), limit 1
    2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:37 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
    2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:37 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:37 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:37 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
    2007-06-27 10:48:37 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=administrator)), limit 1
    2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:37 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:37 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:37 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:37 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:37 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=ADMINISTRATOR)(sAMAccountName=ADMINISTRATOR)(dis playName=ADMINISTRATOR)(mail=ADMINISTRATOR)(userPrincipalName=ADMINISTRATOR)(use rPrincipalName=ADMINISTRATOR@*)))
    2007-06-27 10:48:37 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
    2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=ADMINISTRATOR)), limit 1
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
    2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=administrator)), limit 1
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=ADMINISTRATOR)(sAMAccountName=ADMINISTRATOR)(dis playName=ADMINISTRATOR)(mail=ADMINISTRATOR)(userPrincipalName=ADMINISTRATOR)(use rPrincipalName=ADMINISTRATOR@*)))
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
    2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=ADMINISTRATOR)), limit 1
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:38 CDT - ADPlugin: Searching domain domain.com.mx for User administrator
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing DOMAIN\administrator
    2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=DOMAIN\\administrator)), limit 1
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:38 CDT - ADPlugin: Searching domain domain.com.mx for User administrator
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing domain\administrator
    2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=domain\\administrator)), limit 1
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:38 CDT - ADPlugin: Searching domain domain.com.mx for User ADMINISTRATOR
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing DOMAIN\ADMINISTRATOR
    2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=DOMAIN\\ADMINISTRATOR)), limit 1
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
    2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=administrator)), limit 1
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=ADMINISTRATOR)(sAMAccountName=ADMINISTRATOR)(dis playName=ADMINISTRATOR)(mail=ADMINISTRATOR)(userPrincipalName=ADMINISTRATOR)(use rPrincipalName=ADMINISTRATOR@*)))
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
    2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=ADMINISTRATOR)), limit 1
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
    2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=administrator)), limit 1
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Calling GetRecordList Routine
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=ADMINISTRATOR)(sAMAccountName=ADMINISTRATOR)(dis playName=ADMINISTRATOR)(mail=ADMINISTRATOR)(userPrincipalName=ADMINISTRATOR)(use rPrincipalName=ADMINISTRATOR@*)))
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:38 CDT - ADPlugin: Calling AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RealName
    2007-06-27 10:48:38 CDT - ADPlugin: Adding Search for Attribute displayName containing ADMINISTRATOR
    2007-06-27 10:48:38 CDT - ADPlugin: Did DC search with queryFilter = (&(objectCategory=cn=person,cn=schema,cn=configuration,dc=domain,dc=com,dc=mx)( displayName=ADMINISTRATOR)), limit 1
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: 16784372 - Put 0 records in Buffer for AttributeValueSearch
    2007-06-27 10:48:38 CDT - ADPlugin: Calling OpenDirNode
    2007-06-27 10:48:38 CDT - ADPlugin: Opening Specific Node domain.com.mx
    2007-06-27 10:48:38 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:38 CDT - ADPlugin: 16833877 - Calling GetRecordList Routine
    2007-06-27 10:48:38 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:38 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:38 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:38 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:38 CDT - ADPlugin: 16833877 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:38 CDT - ADPlugin: Calling CloseDirNode
    2007-06-27 10:48:42 CDT - ADPlugin: Calling OpenDirNode
    2007-06-27 10:48:43 CDT - ADPlugin: Opening Specific Node domain.com.mx
    2007-06-27 10:48:43 CDT - ADPlugin: Calling GetRecordList
    2007-06-27 10:48:43 CDT - ADPlugin: 16833881 - Calling GetRecordList Routine
    2007-06-27 10:48:43 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-06-27 10:48:43 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-06-27 10:48:43 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=administrator)(sAMAccountName=administrator)(dis playName=administrator)(mail=administrator)(userPrincipalName=administrator)(use rPrincipalName=administrator@*)))
    2007-06-27 10:48:43 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:43 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-06-27 10:48:43 CDT - ADPlugin: Returning 0 Results
    2007-06-27 10:48:43 CDT - ADPlugin: 16833881 - Put 0 records in Buffer for RecordList
    2007-06-27 10:48:43 CDT - ADPlugin: Calling CloseDirNode
    I really don't know what to do. The Windows Event log shows no messages. The link used to work and there have been no changes in the domain servers.
    The key line seems to be:
    2007-06-27 10:48:43 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    But I don't know what that ADSEngine.mm is.
    XServe G5   Mac OS X (10.4.9)  

    Hello.
    Thanks for your reply.
    I tried the net use with a drive letter with and without the /user switch. When I use a domain user domain\user1 I can't connect. When I use a user local to the XServe it works.
    When I use
    net use x: \\10.0.0.1\share /user:domain\user1
    I get prompted for a password, but it doesn't work.
    I checked the firewall and all packets to or from the mac are accepted, no denied or dropped packages.
    I already went through the MS document on fw ports. Before I opened to Kerberos ports the binding failed. No the binding work OK.
    Some users who were authenticated yesterday still can access files using the Windows domain accounts. It's new users trying to connect those who have problems.
    This is what the Samba log.smbd log shows:
    [2007/07/04 14:58:45, 2] /SourceCache/samba/samba-100.7/samba/source/smbd/sesssetup.c:setupnew_vcsession(662)
    setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
    [2007/07/04 14:58:45, 2] /SourceCache/samba/samba-100.7/samba/source/smbd/sesssetup.c:setupnew_vcsession(662)
    setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
    [2007/07/04 14:58:46, 0] /SourceCache/samba/samba-100.7/samba/source/auth/authutil.c:make_server_infoinfo3(1138)
    makeserver_infoinfo3: pdbinitsam failed!
    [2007/07/04 14:58:46, 0] pdbods.c:odssamgetsampwnam(2329)
    odssam_getsampwnam: [0]getsam_recordattributes dsRecTypeStandard:Users no account for 'user1'!
    [2007/07/04 14:58:46, 2] /SourceCache/samba/samba-100.7/samba/source/auth/auth.c:checkntlmpassword(367)
    checkntlmpassword: Authentication for user [user1] -> [user1] FAILED with error NTSTATUS_NO_SUCHUSER
    This is what the DS log shows:
    2007-07-04 14:58:46 CDT - ADPlugin: 16892201 - Calling GetRecordList Routine
    2007-07-04 14:58:46 CDT - ADPlugin: Search Records called in ADSWrapper
    2007-07-04 14:58:46 CDT - ADPlugin: Searching attribute: dsAttrTypeStandard:RecordName
    2007-07-04 14:58:46 CDT - ADPlugin: Locating User with Query (&(objectCategory=person)(|(cn=user1)(sAMAccountName=user1)(displayName=user1)( mail=user1)(userPrincipalName=user1)(userPrincipalName=user1@*)))
    2007-07-04 14:58:46 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-07-04 14:58:46 CDT - ADPlugin: Failed getting credentials at line 2687 in ADSEngine.mm
    2007-07-04 14:58:46 CDT - ADPlugin: Returning 0 Results
    2007-07-04 14:58:46 CDT - ADPlugin: 16892201 - Put 0 records in Buffer for RecordList
    XServe G5   Mac OS X (10.4.9)  

  • Issue with Active Directory User Target Recon

    Hi ,
    I am facing an issue with Active Directory User Target Recon
    My environment is OIM 11g R2 with BP03 patch applied
    AD Connector is activedirectory-11.1.1.5 with bundle patch 14190610 applied
    In my Target there are around 28000 users out of which 14000 have AD account (includes Provisioned,Revoked,Disabled accounts)
    When i am running Active Directory User Target Recon i am not putting any filter cleared the batch start and batch size parameters and ran the recon job .Job ran successfully but it stopped after processing around 3000 users only.
    Retried the job two three times but every time it is stopping after processing some users but not processing all the users.
    Checked the log file oimdiagnostic logs and Connector server logs cannot see any errors in it.
    Checked the user profile of users processed can see AD account provisioned for users
    My query is why this job is not processing allthe users.Please point if i am missing some thing .
    thanks in advance

    Check the connector server load when you are running the recon. Last time I checked the connector, the way it was written is that it loads all the users from AD into the connector server memory and then sends them to OIM. So if the number was huge, then the connector server errored out and did not send data to OIM. We then did recon based on OUs to load/link all the users into OIM. Check the connector server system logs and check for memory usage etc.
    -Bikash

  • Beginners guide to integration with Active Directory?

    Hi (complete beginner to this, but a quick learner)
    I don't know where to start with regards to getting the Macs on our network connecting like the PCs. Currently we have about 100 Macs on 10.4.x that are bound to the AD using Directory Access - users can log in, but that's about as far as integration goes. Their home folders do not "map" to the corresponding folders on the Macs, and we (as administrators) have no control over the Mac network users like we would have the local Mac users.
    I've been asked to look into this issue, and along with creating new modular 10.5.x system builds for all our Macs (different hardware, different software needs, different physical locations), I need to know what the next steps are. I have no experience of using Mac OS X Server or Active Directory. Besides telling me to ask the IT department to hire a Mac professional, what should I be looking into next?
    So far, this is how I think the process goes:
    1) Ensure I have solid modular system builds ready to go for the different macs/different classrooms.
    2) Get an Xserve for IT.
    3) Have Open Directory integrate with Active Directory, so that the same access controls/permissions are applied to the Mac users as they are the Windows users (including Finder access controls, Application controls, folder mapping etc) - *this is where I need guidance*.
    4) Push out the system builds to the Macs on the network
    5) Connect the Macs using Open Directory...
    6) ...
    As you can see, my knowledge kind of peters out towards the end there; is this a realistic undertaking for me (a classroom technician who happens to use Macs - NOT trained in any of this) and the Mac-phobic IT department (who would prefer switching all of our workstations to PC)? Are we going to have to bite the bullet and get some expensive consultants in?

    pisto_grih wrote:
    Hi (complete beginner to this, but a quick learner)
    I don't know where to start with regards to getting the Macs on our network connecting like the PCs. Currently we have about 100 Macs on 10.4.x that are bound to the AD using Directory Access - users can log in, but that's about as far as integration goes. Their home folders do not "map" to the corresponding folders on the Macs, and we (as administrators) have no control over the Mac network users like we would have the local Mac users.
    And that is about as far as the Apple plugin will take you. In order to do more you need to either extend schema (very scary), look at third party products like Centrify (very expensive), or look at getting an OS X Server and implementing the "magic triangle" in which OS X attributes are managed in OD while users, groups, and password are managed by AD.
    I've been asked to look into this issue, and along with creating new modular 10.5.x system builds for all our Macs (different hardware, different software needs, different physical locations), I need to know what the next steps are. I have no experience of using Mac OS X Server or Active Directory. Besides telling me to ask the IT department to hire a Mac professional, what should I be looking into next?
    If you go the route of OS X Server and MCX settings, make life easy on yourself and build one common build. Then limit app access based on your groups. That way you can simplify the number of images you maintain down to one (provided you have appropriate licensing).
    So far, this is how I think the process goes:
    1) Ensure I have solid modular system builds ready to go for the different macs/different classrooms.
    See above. But if you need to, look at InstaDMG
    2) Get an Xserve for IT.
    Yep. But if you are only doing MCX you might want to look for a cheeper alternative. The Xserve can offer some nice additions, including software update server and Netinstall server among others.
    3) Have Open Directory integrate with Active Directory, so that the same access controls/permissions are applied to the Mac users as they are the Windows users (including Finder access controls, Application controls, folder mapping etc) - *this is where I need guidance*.
    Yep. You are on the money.
    4) Push out the system builds to the Macs on the network
    Push huh. Look at Radmind. Then take a summer off to learn it. Then become god.
    5) Connect the Macs using Open Directory...
    Actually, connect the macs to both AD and OD. This will allow authentication and instantiating through AD and management through OD. Works very well.
    6) ...
    As you can see, my knowledge kind of peters out towards the end there; is this a realistic undertaking for me (a classroom technician who happens to use Macs - NOT trained in any of this) and the Mac-phobic IT department (who would prefer switching all of our workstations to PC)? Are we going to have to bite the bullet and get some expensive consultants in?
    It is learnable especially with the summer and available hardware. However, supporting the consulting industry is always nice http://consultants.apple.com
    Hope this helps

  • TFS 2010 with Active Directory 2012 R2

    Are there any known problems using TFS 2010 with Active Directory 2012 R2? Domain controllers are being updated from 2003 to 2012 R2, and the Domain/Forest mode will be set to AD DS Server 2012R2, value=6.
    James Bristow, Software Configuration Manager

    Hi James, 
    Thanks for your post.
    Your AD 2012 R2 will running on your Windows Server 2012 R2 machine, right? Please note that: TFS 2010 not support Windows Server 2012 R2, so you cannot install TFS 2010 Server on this Windows Server 2012 R2 machine. Please refer to this document:
    https://msdn.microsoft.com/en-us/library/dd578592.aspx.
    As far as I know TFS 2010 works fine with AD 2012 R2, so you can install your TFS 2010 another machine and use this AD 2012 R2 Server.
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • LDAP realm with Active Directory

    Hello,
    In the sun one app server admin console i have set the security role to LDAP.
    I have set up security roles in my web.xml such as this:
    <security-role>
    <description>This role represents administrators of the system, see actor administrators</description>
    <role-name>administrators</role-name>
    </security-role>
    ..and mapped the roles to groups in sun-application as follows:
    <security-role-mapping>
    <role-name>administrators</role-name>
    <group-name>CMS_PM</group-name>
    <principal-name>rlancett</principal-name>
    </security-role-mapping>
    My user and group information is stored in Active Directory so I have tried to configure the ldap realm in the admin console to get it working. These are the settings i have put in:
    directory: ldap://earth.tier2consulting.com:389
    base-dn: cn=Users,dc=tier2consulting,dc=com
    jaas-context: ldapRealm
    search-bind-dn: cn=administrator,cn=Users,dc=domain,dc=com
    search-bind-password: ******
    search-filter: sAMAccountName=%s
    I get the error message :javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
    WARNING: va:850)
    FINEST: JAAS authentication aborted.
    INFO: SEC5046: Audit: Authentication refused for [administrator].
    I am pretty stuck on this having looked arounds all the forums:
    Has anyone got sun one app server using Active Directory to get user/group information for security roles?
    Thanks.

    Howdy,
    I don't have a solution to your problem, but maybe this tid-bit will help in debugging with Active Directory error messages. I'm new to AD, so excuse me if everyone already knows this, but...
    The error message you get back from the directory contains an error code in hexidecimal:
    LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
    If you translate '525' from hex to decimal you get '1317' which is the error message you can look up here:
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/system_error_codes.asp
    1317 - ERROR_NO_SUCH_USER - The specified user does not exist.
    It took me a while to find this tip, so I thought I'd share it. Oh, and the easy way to get decimal from hexidecimal is:
    System.out.println( "Here is 525 in decimal: " + Integer.parseInt("525", 16));
    Okay, hope this helps somebody.
    Now it's up to you to find out why it can't find the administrator!
    Craig

  • 10.6 home directory mounting with active directory and open directory integration

    Hi guys i am having some issues in my new mac environment. I have a windows network with an server 2008 active directory. I have just recentlly created a "magic triangle" setup with active directory and open directory. When my users login via windows their home folders mount perfect. When any user logs in to any iMac in the building it does not work. They login perfectly fine, but their home folders do not mount. When i try mounting them manually with smb, i get a prompt for credentials. I am thinking this is my issue, my Single sign on with kerbos is working but for some reason is not logging in correctly. If i type in my credentials with my domain first then my name it works.
    For example DOMAIN\jsmith works, but the way i think the mac and active directory is doing it now is just jsmith without the DOMAIN.
    I feel like this is the problem with the home folders not mounting.
    Can anyone provide some help with this?
    Thanks,
    Dani

    Hi dani190,
    are you using the fully qualified domain name of the network server? ie if your server is bob. and your domain is domain.company.com. then the FQDNS would typically be bob.domain.company.com or bob.company.com.
    If the FQDNS works, then have you checked in the AD to make sure the path to the network home folder uses the FQDNS?
    For the contact search path, did you put the AD at the top the list? (in directory utility)
    Did you set the WINS work group on your client computer to your domain?
    ie:Apple Menu, System Preferences, Network, Active Network Port (ethernet and or airport) , Advanced Button, WINS Tab, set workgroup to the name of your domain. ie domain.company.com and or company.com

  • Integrate NAC Appliance with Active Directory

    We try to implement on our customer, NAC appliance integrating with Active Directory Single sign on.
    The NAC configured with L2 OOB. User first connect to switch and got the authentice Vlan, then the user will be authenticate using their domain account login, if success the user will be mapping to the Vlan assign to them.
    The agent SSO installed on Active Directory is running well, and at the CAS also the service SSO started.
    Let say i've this situation:
    1. User A has been assign to Vlan 15 Employee
    2. User A plug to switch and got dummy vlan and will authenticate using Domain account on AD, If succeded than, the port will be bounce, the user running an cisco agent on background
    3. Now user A has their on Vlan ID 15
    I've created the Authentication server on CAM for the Active Directory, but i've find it's so difficult to config mapping rules between user roles to Active directory. The guidance pdf how to implement NAC i've downloaded from cisco, not mention it how to mapping user roles to Active Directory...
    Has any one has been configured mapping rules user roles to Active directory?

    So you would create a mapping rule against your lookup server like so.
    Say the AD group membership is "Finance"
    for ADSSO you would apply the mapping rule to your LOOKUP Server
    where the expression is
    memberOf contains CN=Finance and apply it to role employee if VLAN 15 is your employee vlan then you would designate vlan 15 in your Employee role under user role configuration
    Now you cant test this with ADSSO with the test auth function so what I like to do is create an AD authentication server and test against that as long as you have some form of mapping configured the auth results will return all memberships for the userename you login with so you can get the syntax exactly right.

  • Sun java directory server and Active Directory

    We are using two different directory servers Sun java directory server and active directory.
    My question is how we can have password synchronization between these two directory servers.
    I have checked Sun Java[TM] System Identity Synchronization for Windows 1 2004Q3
    http://www.sun.com/download/products.xml?id=41537425
    It seems that it's supported platforms is only for solaris and windows , but I have installed my Sun java directory server on linux and obviously it doesn't work for me.
    I would be grateful if anyone can suggest a solution to work around this situation.
    I have checked identity manager , I would like to know that if I can do this using this product.
    http://www.sun.com/software/products/identity_mgr/specs.jsp
    --regards.
    Sara

    Yes RHEL 4 is a supported OS with DSEE 6.0.
    Identity Synchronization for Windows is a part of DSEE that allows synchronization of users, passwords and groups between Sun Directory Server and Active Directory bi-directionally without altering the users environments, ie it does not require that users change their current habits.
    Identity Manager is a complete identity management solution that is targetting enterprise work flow when it comes to user provisioning and de-provisioning, but also allows to build authentication and password change forms that will provision the passwords to many different systems including Sun Directory Server and Active Directory but also IBM mainframes, legacy applications, databases...
    If you are implementing a complete identity management solution, then go with Identity Manager. If you need a lightweight and fast solution for just synchronizing users and passwords between Sun DS and MS AD, Identity Synchronization for Windows should be your choice.
    Regards,
    Ludovic.

  • Best way to integrating mac os x client with Active Directory

    Hi hello
    What is the best way to integrating mac os x client with Active Directory ? i have one Lion Server
    For the Mac client i want Mac use Active Directory for authentification and Lion Server for manage preference.
    Tell me in lion server the magic triangle is it good for what i want do ?? 

    If you have a need now and that need will remain serviceable long enough to justifying the investment, then go with Lion Server and do the Magic Triangle.  This is nothing more than Binding OS X Server to your AD domain and kerberizing services.  Then bind your workstations to AD first, then OD.  Make sure you download Server Admin Tools for Lion.  This gives access to Workgroup Manager.  That is were you will manage your OS X Settings.
    If you are managing more than 50 Macs that need a lot of continued management, then look at JAMF. 

  • OS X Server and Active Directory

    Hi
    I'm trying to use OS X Server 10.5 with Active Directory and have got to the stage where I can view AD users and groups in Workgroup Manager and have authenticated on the domain.
    However, if I try and change a user's password I get "The password could not be set. The action failed because you are not authorized to perform the operation."
    Also, if I try and create an account on the domain I receive the following - "Got unexpected error Error of type eDSNoStdMappingAvailable (-14140) on line 4267 of /SourceCache/WorkgroupManager/WorkgroupManager-319/PMMUGMainView.mm".
    I can delete accounts using Workgroup Manager and have confirm this has worked by checking in AD so can't understand what's going on.
    Any help greatly appreciated!

    You should post your question in the OS X Server forums:
    http://discussions.apple.com/category.jspa?categoryID=96

Maybe you are looking for

  • Dropdown date fields?

    Hi Folks, I'm new to Acrobat, and am trying to do a favour for a friend by making a fillable .pdf. I'm using Windows 7, and using Acrobat 9 Pro Extended. There's quite a few date fields. I'd like a dropdown for them, where the used can scroll and cli

  • Macbook Pro 2011 keyboard Layout

    Hey people, I from Portugal and I am going to study in USA. I would like to buy a macbook pro in New York but I'm not accustomed to USA keyboard layout. Is it possible to buy a macbook pro with portuguese keyboard layout? Thank you

  • Why are the photos so big - 1M?

    The photos are too big for the quality of the camera/lens, around 1M. 100K pictures would be just as good, don't need bigger size because they don't look any better. The proof is if you put them on the computer, then back on the phone via iTunes, it

  • Notifying Related Users in Incident Tickets

    Hey All, What I want to achieve is Notify Affected User and Related Users when Analyst comments in the Incident. So I got the email user subscription working when Analyst adds a comment with the guide below. http://blogs.technet.com/b/antoni/archive/

  • Abdobe Flash Player 10

    Trying to log into a website on Iphone, but it requires Abdobe Flash Player 10. Does it not support Abdobe Flash Player 10? Keeps saying Safari can't download. But it mentions Safari in the system requirements.