Restrict AFP to use a certain network service?

Similar Messages

• How can I restrict Lion to only allow certain network users to login when bound to an Active Directory?

  Hi,
  I'm trying to find a way to configure which network users can login to a lab of iMacs running 10.7.4. They're being deployed using DeployStudio, and the Macs are bound to an MS Active Directory by a script that runs as part of the workflow. I'd like to have another script run after the AD binding to permit only users in certain AD groups to be able login to them.
  I'm halfway there, in that using dseditgroup I can easily add AD groups or individual users to the relevant group (deseditgroup -o edit -a <domain\\group name> -t group com.apple.loginwindow.netaccounts. After running this I can see the desired groups added to the list in Sys Prefs -> Users & Groups -> Login Options -> Options. However, membership of this group is deemed irrelevant by the fact the radio button above this list for 'Allow these users to log in at login window' is still set to 'All network users' and not 'Only these network users'.
  Does anyone know of a way to enable the 'Only these network users' option via the Terminal/a shell script?
  Thanks,
  Chris

  I tried that, thinking it was exactly what I wanted, but it still sends stuff as SMS (green bubble).

• I want to use Back to my mac. When I try to turn it on, it says "Back to My Mac may be slow because more than one device on your network is providing network services.   Turn off NAT and DHCP on one of the devices and try again." How do I fix this?

  Not sure if I am doing this right. This is my first time in the support community.
  I imagine what I put in my heading was supposed to go in here.
  I want to use Back to my mac. When I try to turn it on, it says "Back to my mac may be slow because more than one device on your network is providing network services. Turn off NAT and DHCP on one of the devices and try again. See the documentation that came with your device for information about turning off network services"
  Does anyone know how I do this? I contacted my ISP (Telus in Canada) and they did not know anything (not that they usually do).

  Why do ISPs insist upon making things so difficult for their customers?
  If you cannot get them to understand that you would prefer to use your own router over their piece of cheap junk, perhaps the information in the following will be useful:
  http://keithbalomben.wordpress.com/2012/03/29/telus-actiontec-v1000h-hacks-and-i nformation/
  Scroll down to DHCP Settings
  You will need to log in with proper "technician" credentials. They are provided in the above link as
  Username: tech
  Password: t3lu5tv
  ... but these may or may not work. Try it, and if you cannot get anywhere at least now you know what to ask Telus to do in return for your business.

• HT4623 Hi. After I updated ios6, I couldn't use my cellular network. It said "could not activate cellular data network - You are not subscribed to a cellular data service". I don't know why. My iphone is 4s

  Hi. After I updated ios6, I couldn't use my cellular network. It said "could not activate cellular data network - You are not subscribed to a cellular data service". I don't know why. My iphone is 4s

  Contact your carrier to ensure data access via their network is provisioned properly for your account and iPhone with the new iOS 6 update installed.

• Getting this message when trying to access our cameras, how to fix? This address is restricted This address uses a network port which is normally...

  Just installed Firefox for my boss, and ran into something I've not seen before. When trying to access our private camera system, that uses specific ports, I got this message: "This address is restricted - This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection."
  Cannot find a setting in Firefox to correct this problem. Please help.

  Hello,
  Can you please check if either of these links help in the resolution of the issue
  # [http://kb.mozillazine.org/Network.security.ports.banned.override Firefox ports override]
  #[http://blog.christoffer.me/post/2012-02-20-how-to-remove-firefoxs-this-address-is-restricted/ Remove Firefox this address is restricted error]
  Thank you

• Creating a simple network services directory using JNDI/LDAP

  I want to create a simple directory of all the local network services.
  For example:
  o=NetworkServices
    ou=Databases
      cn=FooDB
        attributes >> ipAddress, networkAddress, typeService, typeHost, description
      cn=BarDB
     ou=Authentications
      cn=FooAuth
      cn=BarAuth
     ou=Communities
      cn=FooComm
      cn=BarCommIs there a simple schema (DIT) that can service this need?
  I looked a nis.schema, http://usermap.cvut.cz/ldap/nis.schema, and it appears to be overkill for my needs, plus I do not understand all the attributes it defines.
  Thanks

  hi guys,
  I don't know maybe the way i structure the question is wrong.
  The link to the form is going to be on the intranet, the moment anybody is able to logon to his system with his nt userid , he clicks on the form and this form displays his details. i have a database that contain all the staff details but how do i get his nt userid that i'll use to search the database.
  A dot net programmer has been able to get the userid and if by monday i can't get the userid i'll have to go and learn dot net or leave the company.
  Greatest javites, any hint will be appreciated.
  Best Regards

• Limited network service profile using zonecfg

  Is there a zonecfg command that will set a local zone up with the limited network service profile (e.g. disable all remote access services except ssh)?    In the process of creating scripts to create zones using  zonecfg -f zonecfg_command_file, and would like to include this in the zonecfg_command_file  if possible.   Already know how to setup this profile manually after the zone has been installed and pre booting it.
  Thanks,

  Hi Mohammad,
  1. To utilize the KVM, you need to configure the IP management pool - from which the IP addresses are automatically taken from. All IP addresses in the management IP pool must be in the same subnet as the IP address of the fabric interconnect.
  2. If you shut down the blade (that has a service profile associated to it) and move the blade to another slot, the service profile will NOT follow the blade. The service profile will have an configuration error saying that the server resource is unavailable. The blade in the new slot will come up as unassociated.
  Hope this helps to clarify.
  Thanks,
  Michael

• Restrict regular users to use only certain ldm command options

  I would like to restrict regular users to use only certain ldm command options, for example only list, bind/unbind, stop/start
  What is the best practice to do it?
  Thanks

  Solution provided by one of my colleagues:
  Installing sudo and configure sudoers file "User privilege specification" section similar to the following example:
  # User privilege specification
  root ALL=(ALL) ALL
  user1 host1 = /opt/SUNWldm/bin/ldm ls *
  user1 host1 = /opt/SUNWldm/bin/ldm stop *
  user1 host1 = /opt/SUNWldm/bin/ldm stop -f *
  user1 host1 = /opt/SUNWldm/bin/ldm start *
  user1 host1 = /opt/SUNWldm/bin/ldm bind *
  user1 host1 = /opt/SUNWldm/bin/ldm unbind *
  **Note*: asterisk should be at the end of each row. They are not displayed in the posted message...*

• Using .htaccess file to block access from certain networks

  Does anybody have any tips on getting a .htaccess file to work to block access to my Web Access server from certain network ranges on SuSE 10 SP3 with GW 8.0.2.
  It does seem like the file does anything? With Web Access I'm not exactly sure where to put the file. I used to accomplish this using iptables, but I was seeing if I could do the same with .htaccess.
  Thanks!

  Originally Posted by bbilut
  Does anybody have any tips on getting a .htaccess file to work to block access to my Web Access server from certain network ranges on SuSE 10 SP3 with GW 8.0.2.
  It does seem like the file does anything? With Web Access I'm not exactly sure where to put the file. I used to accomplish this using iptables, but I was seeing if I could do the same with .htaccess.
  Thanks!
  You can block a range with the .htaccess file, for example by defining the range as
  Code:
  order allow,deny
  deny from 10.0.
  allow from all
  ...that would block all 10.0.0.0 upto 10.0.255.255 addresses
  You cannot use this file in tomcat, so useless I think... but as Apache is used as frontend for the tomcat webacc application and you might be able to edit the gw conf apache files to include the range denies (which by default can be found in /etc/opt/novell/groupwise/webaccess/gw.conf).
  Maybe this thread might help as there are some examples in howto include denies in the .conf files.
  Deny IP Ranges in httpd.conf Apache Web Server forum at WebmasterWorld
  Do make a backup of you current gw.conf in case it blows up :)
  -Willem

• Track Time Reporting using Att/Abs code 1000 without network/service Order

  Hello Everyone,
  When I run the tcode CADO, it always shows time reported with Att/Abs code 1000 wherever the time is reported against some service order/network number.
  I am specifically interested in those cases where the time is reported against Att/Abs code 1000 but NO service order/network/internal order is mentioned.  Some employees have wrongly reported time using Att/Abs code 1000 without network/service order, as they think that the description "Productive hours" for code 1000 means that this hours will "automatically" get charged to some network/service order.  We want a report to locate these kind of hours.
  We Want to track these hours Reported.
  Sunil
  Edited by: sunilyadav786 on Dec 23, 2009 6:44 AM

  Hi Avisek,
  First of all i Like to thank for your reply.
  As per your answer i have tried for CADO but i dont find any solution it gives hour booked with service order or network No.
  than i have tried CATS_DA for any cost center. This transaction gives me report of all the hour booked against this particular cost center. 
  But one more problem arise in this transaction that this report shows hour booked against different cost center also. where as i have given only one cost center.
  can you help me in this case.

• Whether or not to continue the use of network services when implementing IPv6

  Whether or not to continue use of network services when implementing IPv6

  Hi,
  Which network service do you specify?
  Could you detail your question?
  If you mean how to configure IPv6 in Windows Server, please refer to the link below,
  IPv6 for Microsoft Windows: Frequently Asked Questions
  http://technet.microsoft.com/en-us/network/cc987595.aspx
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Messages won't send on certain networks

  I get this message when trying to send my messages on certain wireless networks.
  The connection to the server “smtp.home.se” on port 25 timed out.
  You can try to send using a different server. All messages will use this server until you quit or change your network settings.
  I would love to know why it doesn't work. Thanks a lot.
  Daniel

  Are these wireless networks paid or free?
  If you are accessing a wireless network at a friend's residence - most, if not all ISPs now block the use of SMTP servers outside of their network on Port 25. Some ISPs allow the use of an authenticated SMTP server only that is outside of their network on Port 25 but block its use regardless.
  These restrictions are in place as part of an overall effort to prevent or reduce spam emanating from the ISP's domain.
  In most situations like this, changing the Port for the SMTP server from 25 to 587 will resolve it. Go to Mail > Preferences > Accounts and under the Account Information tab for the account preferences at the SMTP server selection, select the Server Settings button below.
  Enter 587 in place of 25 in the Server Port field and when finished, select OK to save the changed setting. When exiting Mail preferences, select OK to save the changed account settings if prompted.
  For some wireless access points such as at a Coffee shop or other, etc. which sometimes require payment for access and this SMTP server is authenticated, changing the authentication to None sometimes resolves it.
  Basically, you need to determine the internet service provider for the wireless network being used and their restrictions/requirements for using an SMTP server that is outside of the ISP's network or that isn't provided by that ISP.

• Restrict wireless internet access on certain periods of time

  Hello,
  We need help on setting up a network with some restrictions for the attached clients.
  We're quite new at setting up a network at this size.
  Used devices:
  1x SRP 540 router
  1x SG 300-10P managed switch
  4x AP 541N accesspoint
  What we want to do:
  1. Around 100 laptops and desktop computers need wireless internet access, but some of them on limited times during the day.
  2. Not all wireless devices are allowed on using the wireless network.
  3. There are also wired desktops that don't need restrictions.
  4. We need the possibility to restrict most of the wireless devices to access certain websites or use certain applications on those computers to use internet access during the times that the computers are allowed to access the internet.
  5. We want to restrict the clients for using torrents or other possibilities of downloading illegal content.
  What we were able to do:
  1. The accesspoints (AP 541N) are clustered to achieve 1 large wireless network.
  2. Only mac-adresses that are listed in the accesspoints are capable of using the wireless network. Other mac-adresses are not allowed to use the accesspoints.
  What we tried already:
  1. adding the mac-adresses for the accesspoints to the list of "internet access policy" in the router. Internet access seemed still possible during periods the access wasn't supposed to be possible.
  2. adding the mac-adresses from all clients in this internet access policy seemed useless. Only 10 Internet Access Policies seem to be possible to program. 8 mac-adresses per policy. Knowing there are (at least) two policies needed to restrict a group of 8 macs to access the internet in 24 hours (because blocking the internet from f.e. 22u in the evening to 6 in the morning is not possible because 6 is smaller than 22 - or 10PM).
  Besides, after blocking internet access, we need also to write policies in blocking some websites or keywords.
  Thanks already for your guidelines.
  Wim

  what about the thoughts of radius for authentication which is connected to active directory for your wireless users. Then have those people you must limit access too during the day in their own security group that's only allowed to login to the domain during certain times of the day.
  To limit sites or what they can do on the Internet will require a separate solution for content/URL filtering. Then you can make policies and apply to your security groups in active directory block by category, keyword, and so on.
  This is all great assuming you can get these clients into AD.
  Just a quick thought, hope it helps.
  _dschlicht
  Sent from Cisco Technical Support iPad App

• Log-in message - Network Services Unavailable

  I have been getting the following message upon both my G5 - 10.5.8 and my iMac - 10.6.1 prior to logging in after booting up both machines , both of which are the only two machines upon the same Airport Extreme network.
  *Network Services Unavailable*
  This , for all I know, may well be a perfectly normal message.
  Perhaps it is an indication that I am not running an OS X Server ?
  Whatever, perhaps the problem, as such, could be cosmetically obscured by means of turning on Automatic login.
  Of course, this then leaves the machines open to use by anyone within their vicinity, not my preferred option.

  PART 2:
  Did a complete reinstall and now I'm not even getting an error--login window simply shakes.
  -Running AFP (for user home folders), DHCP, DNS, OD, and Software Update.
  -DNS appears functioning (host, dig, etc all work from my client machine). It is set in the Network Sys prefs.
  -OD lists LDAP server, PW server, and Kerberos are all running, LDAP search base and Kerberos realm are correct. The Kerberize... button does appear in the settings tab (not sure if it should on 10.6...it wasn't there once I Kerberized in 10.5). If I click it and enter the credentials, it doesn't give any confirmation and just comes back up with the credentials box until I hit cancel.
  I have one user in my WGM, besides the admin called "TestStudent". On my client machine, I go to the Login options and just allow specific network users and TestStudent appears in the list, so I'm able to see the directory in some way. It just isn't accepting it as a valid login.
  What other things do I need to check, since it appears to me that everything essential is running properly... I can provide logs if needed.

• Problems with mail and MSNm in certain networks

  Hi,
  I have a problem with my MacBook Air (OS 10.5.5) when connected to certain networks. Compared to my Dell laptop with XP in the same networks, I get the following issues using my Mac:
  - Cannot receive or send mails using Entourage.
  - MSN messenger wont work.
  For both services I get the message that it doesn't seem like I am connected to Internet. The same applications (Outlook instead of Entourage) works well with my Windows laptop.
  In addition to this, the Internet connection with my MBA is really slow.
  I have the same issues with both Wifi and ethernet connection, and both in my University and where I live in a student apartment. However, it works well in a Starbucks for instance.
  If anyone has an answer to my problem, I would really appreciate it!
  Sylta

  I'm not having any problem with Gmail at all.
  What are the specific Incoming and Outgoing server settings for that Gmail account, and what is the exact text of the error message you get, if any? Is this a POP or IMAP account? When did this start happening and what did you do just prior to this problem starting?
  Mulder