Server Admin "Access" Section and groups

Similar Messages

• Impossible to unlock network-admin, services, users and groups

  Hi all,
  it is impossible to unlock network-admin, services, users and groups in gnome.
  Suggestions or ideas?
  Thanks in advance
  Greets

  alessandro_ufms wrote:
  xaiviax wrote:Just fyi, rebuilding system-tools-backends with ABS does not fix issue for me.
  Are you put your login user on group stb-admin, put stbd in DAEMONS on rc.conf and restart the computer?
  yes, although didn't have stbd in DAEMONS before (worked fine), still didn't fix issue.  Been watching this thread, just downgraded package again, works great.  I'd rather not downgrade on principal, but that the only thing that works for me currently, so...

• Server Admin Access

  I have a user who had full remote admin access to her Mac Server from her Mac desktop. We recently changed out her desktop for a new iMac. She no longer has full admin remote access to the server. Did I miss something on the setup of the new machine? She can walk to the server and log in with full admin access, but the remote session does not allow for full admin rights.  Any help would be appreciated.

  Remote access via what? Server.app? Server Admin.app? Remote Desktop?
  What OS(es) were running previously, what OS(es) are running now?
  What admin rights are unavailable (i.e. what can't she do?)

• Hotmail Server Admin Access

  I need access to the hotmail server admin account for my company's domain. We hired someone to set up our domain email accounts [email protected] and now that the person is no longer with the company we don't have any way of logging into the admin to manage/delete/add
  new email addresses to the company's domain. PLEASE HELP!!!

  Hi Lee,
  i guess you mean Office365 and not hotmail?
  If its Officve365 you should post your questions here:
  https://community.office365.com/nb-no/f/default.aspx
  If its Hotmail then you should check here:
  http://windows.microsoft.com/en-us/hotmail/hotmail-help
  For Office365 administration login is: https://portal.office.com/
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

• Accessing username and group name from an external app

  How can I access the user name and group name from an external app..? Where is that stored..?
  Thanks
  Fernando

  Post Author: pvierheilig
  CA Forum: Crystal Reports
  Each BOE document has a unique ID.  Knowing that will allow you to access it via a URL while passing required login credentials as well, if I recall correctly.  However, your very best bet is to review the SDK.

• Access Connections and Group Policy generated network profiles

  Hello,
  We are in the middle of rolling out 3500 T400 machines and are having fits with Access Connections 5.02. We have a default in-house Preferred Wireless Network Profile that is created on each machine via Group Policy. This works fine with AC and everything does what is supposed to do when our users are in our buildings. When our users go offsite, we have nothing but fits with AC and trying to set up any other WAN connections.
  If users set up a new network connection, we are asking them to set it up thru AC. We have had them try using both the "Use Windows to Configure Wireless Network" as well as "IEEE 802.1X Authentication". Once the network connection is set up, for some, the wireless will work for a short period (a week or so) and then will no longer detect network connections.  The user nor the client site has made any changes to the wireless configuration. 
  Others will have a stable connection wirelessly until they connect over VPN – VPN will drop in a few minutes after connection.  They can then sometimes reconnect after a reboot; but the instability is a constant problem.
  It seems to me that the problem could all be traced back to GP enforcement, which occurs every 8 hours when connected to our network. If a user is offline for several days, then connects up to check email or transfer time or whatever, then they are kicked off. If a user connects via VPN, they are kicked off within minutes - again potentially traceable to GP enforcement.
  Has anyone else dealt with this scenario of Preferred Wireless Network policies and Access Connections?
  Thanks!

  Try going back to AC 4.52, which solved the problems i was having with AC5.02 (freezes, BSOD, loss of wireless connections when coming out of standby, GUI problems) on Vista Home Premium.  Scroll down for prevous versions of AC5.02 here:
  http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-67283
   I do not use a VPN system so AC4.52 may not help your 3500 Thinkpads.
  Lenovo (Mark_Lenovo) knows there are problems with AC5.02 for the last three (or more ) months and have stated that AC 5.1 will solve the problems, but it has not been released as far as I know. There are many threads on AC5.02 on this forum and also on thinkpads.com
  the Lenovo Blog site also has an update on AC5.02 ;under "Design Matters" on how they selected the graphics for wireless connections - the responses there offer some suggestions to fix the problems. 
  T60: 6371-CTO, VISTA Home Premium+SP1, 2GB....R51: 1836-Q4U,XP,1GB...600...755CD

• Adobe Media Server Admin Consol Question and buffering

  2 part question
  Under applications and streams for VOD what exactly is cache hits and misses.  also is there an option that if you pause VOD video it will still continue to download to clients computer for people who have slow internet connections Thanks

  The description of those fields can be found here: http://help.adobe.com/en_US/adobemediaserver/adminapi/WSa4cb07693d12388431df580a12a34991eb c-8000.2.3.html#WS5b3ccc516d4fbf351e63e3d11a0d3ed999-7fe5AdminAPI.2.3
  hits
  Number; total number of segment “hits” since the server started.
  misses
  Number; total number of segment misses since the server started.
  And:
  "If requested data is contained in the cache (cache hit), this request can be served by simply reading the cache, which is comparatively faster. Otherwise (cache miss), the data has to be recomputed or fetched from its original storage location, which is comparatively slower. Hence, the greater the number of requests that can be served from the cache, the faster the overall system performance becomes." -- The all knowing Wikipedia

• Who is he? Strange user in server admin access AFP

  Who is that strange user?
  Tnx Gijs (NL)

  It's probably a deleted user.
  Although you know users by their short name, or even their real name, the OS/directory tracks them via a UUID and that's what you're seeing here.
  If the UUID doesn't map back to a current user in the directory then you're going to see the UUID since there's no longer an associated user record. The most likely scenario is that the account has been deleted.

• Server Admin is not showing all users in "Show Users

  I've discovered that a previous upgrade from Tiger to Leopard in 2009 has lead to newer users not be displayed Server Admin 'Show Users and Groups'.  New groups display fine.
  We upgraded again to Snow Leopard a couple of months back and so are running the latest admin tools.
  I really can't pick why these accounts aren't showing so any points would be appreciated.
  Thanks.

  After numerous reinstalls failed to solve this problem, I discovered that on my system, it has to do with using an external monitor (via DVI port). When I drag the Firefox window from my laptop screen to an external monitor, "Show All Bookmarks" is suddenly empty. Dragging the browser window back to the original display (laptop) does NOT fix it. Firefox must be RESTARTED on the original display. When Firefox re-opens, "Show All Bookmarks" functions normally again.
  WORK AROUND: the only way I can view "Show All Bookmarks" on my external monitor is to first open both the browser and "Show All Bookmarks" windows on the original display, drag BOTH windows to the other monitor and be sure to leave the "Show All Bookmarks" library window open in the background. If I forget and close it by accident, the problem happens all over again.

• Unable to initialize LDAP (No LDAP server is configured)show in the admin server of iWS6.0 users and group

  When I goto web server administration in users and group tab it alway show me Unable to initialize LDAP (No LDAP server is configured) Is it cause the effect to use web server because I use iWS with ias .
  If it cause some effect ,Please let me know how to configured LDAP server.

  Run this Command from the Exchange Server
  Net time \\ADServerName /Set
  and confirm the action,
  and then you need to restart the service
  Microsoft Exchange Active Directory Topology Service
  and confirm you are not getting the Error 4001 in the event Viewer.
  Thank you, it resolved my issue after being sweating looking for solution.
  How can I prevent this from happening? I cannot restart services on each server reboot nor lose 5 years of my life!!!
  Sokratis Laskaridis MCP, MCTS, MCITP, Small Business Specialist Netapp ASAP, Symantec STS

• ISE Admin Access Authentication to RADIUS Token Server

  Hi all!
  I want to use an External  RADIUS Token Server for ISE Admin Access Authentication and Authorization.
  Authentication works, but how do I map the users  to Admin Groups? Is there a way  to map a returned RADIUS Attribute  (IETF "Class" or Cisco-AVPair "CiscoSecure-Group-Id") to an Admin Group?
  Thanks in advance,
  Michael Langerreiter

  ISE 1.3 does have an bug: Authentication failed due to zero RBAC Groups.
  Cisco Bug: CSCur76447 - External Admin access fails with shadow user & Radius token
  Last Modified
  Nov 25, 2014
  Product
  Cisco Identity Services Engine (ISE) 3300 Series Appliances
  Known Affected Releases
  1.3(0.876)
  Description (partial)
  Symptom:
  ISE 1.3 RBAC fails with shadow user & Radius token
  Operations > Reports > Deployment Status > Administrator Logins report shows
  Authentication failed due to zero RBAC Groups
  Conditions:
  RBAC with shadow user & Radius token
  View Bug Details in Bug Search Tool
  Why Is Login Required?
  Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
  Bug Details Include
  Full Description (including symptoms, conditions and workarounds)
  Status
  Severity
  Known Fixed Releases
  Related Community Discussions
  Number of Related Support Cases
  Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

• Server Admin 10.5.6 v 1.1 - Server Admin and WGM

  The server admin is clunky and delays of 3 minutes plus to save a new user or delete an old one.
  I have updated on all 4 of my servers but on each of them the About Server Admin reports it as v 10.5.3 and the About WGM reports it a v 10.5.5
  Is there something else to be done.
  Cheers,
  Syd Chesson

  Server Admin and WGM tend to be very slow when DNS forward/reverse resolution is not in place or incorrect. Have you checked that?

• Shared folders (Windows file shares) show access denied and do not prompt for credentials

  Scenario:
  Like other admins, I log on and work as a 'standard user' (usera) with no admin rights anywhere in the domain, to perform admin tasks I have another account (userb) which I authenticate with as and when required. userb has been allocated/delegated permissions
  as required.
  Problem: 
  When trying to connect to shared folders on servers (2008 R2) using a UNC patch via Windows Explorer (Win 7 Ent.), I see an access denied error and do not get an option to supply alternative credentials.
  If I try to connect to the admin shares on the same server (\\server\C$ or \\server\e$) I get an access denied message AND get prompted for credentials. I supply my admin account and gain access as expected.
  If I check share and storage management when attempting to connect, I see that Windows is trying to connect me to each share as usera (which has no access). I understand why I get access denied at this point, but not why it can't just prompt me to supply an
  account that does have access. When trying the admin shares I also see the usera account, but I get a prompt to supply a user who does have access.
  Share permissions on the folders are for example 'Everyone' Full Control.  NTFS permissions are 'userb' has modify (read, execute, list, traverse etc) via a 'Server Admins' AD Universal security group.
  Note: If I do a NET USE from CMD and use the /USER switch, I can access the shares fine. But this is not great for accessing shared folders on the fly from various computers.
  How can I get the other shares on the server to prompt me, rather than just say access denied?
  Many thanks.

  Try to disable guest user from the server
  If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY
  suggestion in a test environment before implementing!

• Manually start RADIUS, Authentication and groups for Cisco ASAs

  I am testing moving a 10.7 server to 10.8.
  We have used RADIUS to authenticate VPN traffic on our Cisco ASAs in the past.  In the past Server Admin allowed for our ASAs to be added manually to the list of devices using the service.  With Server Admin being removed and the limited funtionality of automated addition of Airports to the system I have no GUI method to get our ASAs into the service.  The ability to tell RADIUS which groups are using the service is no longer available in the GUI as well.
  I have found the clients file in /etc/raddb and added our ASAs to the clients list.  I believe I have done this correctly in accordance with the instructions on the freeRADIUS website.
  I need help with:
  1- I was hoping someone knows how to manually tell RADIUS which groups are permitted to use the service.
  2- Can anyone tell me how to turn on RADIUS?  radiusconfig -start appears to only tell the system to keep it on after a restart if i understand the manual page.
  Thanks

  With David's suggestion I was able to get RADIUS running.  The following assumes that you are comfortable with Terminal and would be able to back up any files you edit.  Here is what I did to our fresh installation of 10.8 Server:
  In Terminal enter "sudo radiusd -Xx" which tries to turn RADIUS on and runs it with full logging of activity in the window.  The last line after this entry should be something similar to "Ready to process records."  In our new installtion there were errors relating to "instantiating" sql and the ready message never came.
  In Terminal enter "sudo pico /etc/raddb/radiusd.conf" and authenticate as needed.  Scroll down in the file to the section where there are "instantiate" items.  I commented out the SQL setup, by putting a # before the line that says "sql".  Save the file by pressing Control-O, press return to save in the default location, and press Control-X to get out of the editor.  I redid step number 1 twice and eventually RADIUS was running.  Removing SQL from RADIUS will assure that problems will arise if you plan to use Server.app to add AirPorts to the network in the future.  OS X Server adds its clients in an SQL database according to the programming notes in the .conf files.  I will only be using our Cisco ASAs so SQL is not relevant to our setup.
  Testing the running RADIUS server was easy as well.  In Terminal enter "sudo pico /etc/raddb/users" and authenticate as needed.  This file contains details for users if you wanted to add them manually to the RADIUS server.  For testing purposes I removed the # before a line referring to a user "steve."  I had to get RADIUS restarted to take up the new information about Steve.  I killed the process using Activity Monitor and reran step number 1.
  In Terminal I opened a new tab and entered "sudo radtest steve testing localhost 0 testing123 -t".  You should get back a positive authentication message.  Switching back to the original tab will show the output of the RADIUS server.
  Reverse the entry in step 3 by adding back the # to comment out the line about steve in the users file.
  RADIUS is now running and authenticating against its own users file.
  Now we need to add our ASAs to the RADIUS server so it knows that it can authenticate for them.  In Terminal enter "sudo pico /etc/raddb/clients.conf".  We added lines for our ASAs, following the samples in the code.  The information in the lines we added included a generic name for each ASA or device needing RADIUS type authentication, its IP address, and the shared secret for device authentication.
  Following David's advice from above I created the RADIUS sacl by entering in Terminal "sudo dseditgroup -q -o create -u <admin user> -P <admin password> -n . com.apple.access_radius".  This created the sacl for the service.  Editing of the associated users and groups permitted to use the service was able to be done in Server.  Be sure to select from the View menu "Show system accounts".  Selecting "Groups" from the left margin of the Server window will show all of the SACLs along with any groups you have created.  The RADIUS sacl can then have groups and users added to it.
  To ensure that RADIUS is running and stays running enter the following in Terminal.  First, "sudo radiusd.conf" will start RADIUS without logging in the Terminal window.  Then, "sudo radiusconfig -start" to tell the system to keep it running and also run after a reboot.
  I made no changes to our ASA settings and found that I was able to authenticate the "Steve" user from the RADIUS test in the ASA.  I was also able to authenticate a user which had been added to the "Users" in Server.  It appears that the ASA will be permitted to authenticate Open Directory users without additional setup.
  I now need to set up our user groups to match those we use in our 10.7 server and add them to the RADIUS SACL and we should be set.
  Once I have everything running properly, I will add a post here to close this discussion.
  If anyone can shorten this procedure please let us know what you suggest.
  -Erich

• User and group management

  I just installed an evaluation version of weblogic commerce and personalization server. I understand we can create users and groups and assign users to different groups. But I am wondering who has the privilege to do this, developer or end-user? In paticular, is it possible for a super user (should be end-user) in one group to manager all other users in the same group. This feature would be especially useful for B2B portal because usually we would allow a company administrator manage all users within that company. Thanks in advance.Zhe

  Hi Steve,
  What's the plan to provide ASP support in WLPS in the future ? Is there
  any examples of WLPS that uses a 3rd party user management server (such
  as LDAP)?
  Thanks,
  Leo
  6th Dimension-
  Steve Willcox wrote:
  >
  We only support a single administrator for a 'realm' of users. We don't have an admin permission mechanism on a group of users basis. The feature you are looking for more fits the ASP model and not an enterprise application model.
  However, since WLPS/WLCS uses the WebLogic security realm to access users and groups, you can use a 3rd party user management tool that supports the permissions you are looking for in order to create users and groups. This would require the 3rd party user management tool to have an implementation of the WebLogic Security Realm class that works with this 3rd party user management server.
  Zhe Liu wrote:
  I just installed an evaluation version of weblogic commerce and personalization server. I understand we can create users and groups and assign users to different groups. But I am wondering who has the privilege to do this, developer or end-user? In paticular, is it possible for a super user (should be end-user) in one group to manager all other users in the same group. This feature would be especially useful for B2B portal because usually we would allow a company administrator manage all users within that company. Thanks in advance.Zhe--
  Steve Willcox
  BEA Systems, Inc.
  ECommerce Application Components R&D
  Architect
  mailto:[email protected]
  http://www.bea.com