Server Admin Access

Similar Messages

• Server Admin "Access" Section and groups

  Hi all,
  I read some posts about using the ACL in the server manager to control who can do what and I found exactly what I need...letting blog people have an account but not be allowed to log into my AFP share to do damage.
  My problem is that when I go to put in my "admin" and "HTTP users groups" into the ACL allowed list, they won't show up. I know in Server Admin and Workgroup Manager you have to turn on hidden system users/groups to see them, and I have them on, but I can't see them in this particular view. Does anyone have a work around so I can set up these lists?
  Thanks!

  Spoke with our Apple rep and found a solution here:
  http://www.bombich.com/mactips/scripts.html
  The last script on the page allows for setting ACLs to groups.
  What it actually seems to do is to create a new group called "* access" where ** is the service in question (afp, ftp, loginwindow, etc). It gets an ID from 500 forward, which makes it a user level group, which the server can see. It also gains a name like com.apple.access_*.
  From there, it places the users/groups you define in the script into the group membership, and then applies it to the ACL.
  All in all, it works very well, and I highly suggest it.
  X Serve   Mac OS X (10.4.7)  

• Hotmail Server Admin Access

  I need access to the hotmail server admin account for my company's domain. We hired someone to set up our domain email accounts [email protected] and now that the person is no longer with the company we don't have any way of logging into the admin to manage/delete/add
  new email addresses to the company's domain. PLEASE HELP!!!

  Hi Lee,
  i guess you mean Office365 and not hotmail?
  If its Officve365 you should post your questions here:
  https://community.office365.com/nb-no/f/default.aspx
  If its Hotmail then you should check here:
  http://windows.microsoft.com/en-us/hotmail/hotmail-help
  For Office365 administration login is: https://portal.office.com/
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

• Who is he? Strange user in server admin access AFP

  Who is that strange user?
  Tnx Gijs (NL)

  It's probably a deleted user.
  Although you know users by their short name, or even their real name, the OS/directory tracks them via a UUID and that's what you're seeing here.
  If the UUID doesn't map back to a current user in the directory then you're going to see the UUID since there's no longer an associated user record. The most likely scenario is that the account has been deleted.

• How can I block Server Admin from accessing a server?

  I've got a G5 FTP server running Server 10.5.7 that sits outside our firewall. Oddly I find that I can enter the IP and login info via Server Admin and voila - I have access. All sharing services are off and all remote access services in System Prefs are off. I want this system totally locked down except for the FTP server app I run. What do I need to kill to prevent access via Server Admin? Or anything else for that matter?
  My concern is that via Server Admin someone could really mess things up and of course turn on services that would grant them full access.
  Thanks

  Oh sorry - I put this in the wrong category.
  I'll duplicate this in the 10.5 section

• Server Admin not connecting to Leopard Server when accessing via VPN

  Hi everyone,
  Recently, as the title suggests, Server Admin (or Server Preferences, for that matter) would not connect to my remote server via VPN. I'm quite sure that the server is working nicely, as the users (both of them lovely young ladies with considerable charms, which makes on-site support quite interesting, if distracting) didn't call me to complain, and I can login via SSH with no problems.
  The server is a Mac Mini, connected to an Airport Extreme (gigabit N), which in turn connects to our ADSL modem, if that helps any.
  Now, I did tinker around a bit with the settings before this happened, so I think it's probably my fault (well, I started my "career" of administering this server a week ago, what do you expect), so I suppose I may have inadvertently limited access to a service required for Server Admin and Server Preferences to function.
  If anyone could tell me which services are absolutely necessary for Server Admin to function, or at least where to start looking, I'd be immensely grateful. I didn't yet go on site to try and wrestle the whole thing from there, as the travel costs are non-trivial, so I'd rather do it remotely, if at all possible.

  This is exactly the difficulty I am having with a 10.5.4 Intel xserve. I have established a VPN connection that connects me to my business LAN, and I know it has carried out the connection because there are a number of things I can access properly that are not available on the public internet. For instance, my LOM ports are restricted to my business LAN, and when I connect to the server via VPN I can access teh LOM ports and using server monitor. However, when I try to use Server Admin, nothing works. It won't connect. I too am confused. All traffic to the xserve is allowed via the business LAN. I thought all traffic was supposed to be routed to the VPN server when connected via a VPN. If this is the case, shouldn't Server Admin work? When I go on site and connect my computer directly to the business LAN, I have no difficulty using Server Admin.

• Using Windows Network Policy Server to authenticate Prime Infrastructure 1.2 admin access

  Dear all,
  How can I authenticate admin access to the Prime infrastructure 1.2 using AAA mode RADIUS with Windows Network Policy Server as RADIUS server? I find some information using ACS as RADIUS server but cannot find how to for Windows NPS.
  I try to configure the NPS but an error prompted when logging in to PI using an account in the NPS server, "No authorization information found for Remote Authenticated User. Please check the correctness of the associated task(s) and Virtual Domain(s) in the remote server"
  Thanks for your help.
  Dennis

  Ok, I was able to resolve this over the weekend.  The actual fix is a little complicated.  You can find the full explination here: http://technologyordie.com/windows-nps-radius-authentication-of-cisco-prime-infrastructure
  The basics are that Prime (1.3 is the version I am using at this point) expects two AV pairs from radius.  They are as as follows:
  NCS:role0=Admin
  NCS:virtual-domain0=ROOT-DOMAIN
  "Admin" is the name of the group you would like your users to have access at and "ROOT-DOMAIN" is the name of the domain you would like them to have access to.
  For TACACS+ I suspect the AV Pairs are going to be the same but I have not been able to test that.

• Cant Access Server Admin and Server Preferences anymore

  After upgrading to the latest Mac OS X 10.6.5 Version and/or changing Admin Password (I dont know the reason yet) I dont have access to my Server Admin and Server Preferences while I still can use my Workgroup Manager including Directory Admin (driadmin) and System Preferences. My Client Macs cant access Filesharing services and timemachine backup service anymore on the server, too. Other Services like MyEyeTV, Wuala, iTunes are working fine on the server and can be used by my Client MACs in my LAN.
  How could I proceed to fix this issue?
  What I have tried so far:
  I have tried to access my Server Admin thru the Client Mac mini using Server Admin App.
  I checked the OS Version: Mac OS X Server 10.6.5 (10H575)
  I checked the Server Admin Version: 10.6.5 (328.4)
  I also reinstalled the latest MAC OS X Server Update 10.6.5
  I still have root access. (Verified by DataQuest Engineer)
  Used also 127.0.0.1 Address to Access the Server.
  Is there a more elegant way to fix this issue than reinstall the server?

  ... well uninstalling "Hands Off!" Application solved the problem.
  Also if I assumed that i disabled this application, it was still active.

• ISE Admin Access Authentication to RADIUS Token Server

  Hi all!
  I want to use an External  RADIUS Token Server for ISE Admin Access Authentication and Authorization.
  Authentication works, but how do I map the users  to Admin Groups? Is there a way  to map a returned RADIUS Attribute  (IETF "Class" or Cisco-AVPair "CiscoSecure-Group-Id") to an Admin Group?
  Thanks in advance,
  Michael Langerreiter

  ISE 1.3 does have an bug: Authentication failed due to zero RBAC Groups.
  Cisco Bug: CSCur76447 - External Admin access fails with shadow user & Radius token
  Last Modified
  Nov 25, 2014
  Product
  Cisco Identity Services Engine (ISE) 3300 Series Appliances
  Known Affected Releases
  1.3(0.876)
  Description (partial)
  Symptom:
  ISE 1.3 RBAC fails with shadow user & Radius token
  Operations > Reports > Deployment Status > Administrator Logins report shows
  Authentication failed due to zero RBAC Groups
  Conditions:
  RBAC with shadow user & Radius token
  View Bug Details in Bug Search Tool
  Why Is Login Required?
  Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
  Bug Details Include
  Full Description (including symptoms, conditions and workarounds)
  Status
  Severity
  Known Fixed Releases
  Related Community Discussions
  Number of Related Support Cases
  Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

• Error access ATG Dynamo Server Admin

  Hello all,
  I am Runnig ATG 10.1.2 with weblogic 10.3. on window server 2008
  once i have install ATG Commerce Reference Store Installation and Configuration base on this guid
  http://docs.oracle.com/cd/E36434_01/CRS.10-1-2/ATGCRSInstall/html/s0206configuringyourdatabaseconnectio01.html
  I was able to :
  log into :
  --> Web logic Admin http://localhost:7001/console/
  --> access the Business Control Center http://localhost:7103/atg/bcc
  but i have got error when i have try to To access ATG Dynamo Server Admin
  --> http://localhost:7103/dyn/admin
  Error 500--Internal Server Error
  javax.servlet.ServletException: Can't find component: /atg/dynamo/servlet/adminpipeline/AdminHandler
       at atg.nucleus.servlet.NucleusProxyServlet.initServlet(NucleusProxyServlet.java:194)
       at atg.nucleus.servlet.NucleusProxyServlet.service(NucleusProxyServlet.java:234)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3732)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  Also,
  when I try to To access the ATG Store storefront http://localhost:7003/crs/storeus
  the page was up, but the store product date,category and other data are empty!
  *I did install and configure ATG products using the CIM by the above guid.
  Please advice
  Thank you all for your help
  Joseph
  Edited by: 999970 on Apr 14, 2013 12:26 PM
  Edited by: 999970 on Apr 14, 2013 12:38 PM

  It looks that you haven't selected DafEar.Admin in your module list to build the ear.
  And regarding the crs, you might not have imported the crs data.
  Check if you have data in cata/catb dcs_product/dcs_sku tables.
  May be you might need to run CMS.
  Peace
  Shaik

• WGM vs Server Admin and Leopard server access

  I am able to access my Leopard xserve through my firewall using Server Admin tool, but not when I try with WGM.Message is..."host unknown" ...."host unreachable." What is the difference? Not a problem with ARD either ....mmmmm. Can someone shed some light on the experience? Thanks, J Langloi

  By filtering, (if I may), he meant restricting. IE: If you're going to do this, you absolutely need to have the Firewall restrict what external IPs are allowed access, rather than making those ports wide open to anyone and everyone.
  But, it's pretty much industry-standard/ standard-practice to disallow connections across a company firewall to internal servers, except via VPN. (And by this I am excluding servers that are intended to be public-facing but are still appropriately firewalled).
  In rare cases where VPN is not a readily-available option, it is possible to connect to both Server Admin and Workgroup Manager over ssh, but I don't suggest going that route without absolutely securing ssh in every possible way (has minor typos I wish I could fix but nothing that confuses the vital info): http://discussions.apple.com/thread.jspa?messageID=7082312

• Remote Server Admin not working from outside of network for 1 server

  Our company recently changed ISPs and I had to change our two 10.4 server's IP addresses. We have a mail server (intel xserve) and a file/web server (quicksilver g4). Both servers have two network cards in them. The problem is two-fold:
  1- I can successfully manage the Xserve machine locally on our network and from my home. However, I can only manage the Quicksilver g4 server locally. Any kind of external access is not even acknowledged.
  2- I'm not sure if I missed any steps when changing IP addresses for these server-based computers. Also, I'm not sure if I correctly set our dns names to the correct IP address.
  For some background, this is the exact IP update process I used for each server:
  Quicksilver G4 (file/web server) - Installed network card #2 and configured it with the new Public IP in the "System Preferences/Network" panel. In Server Admin I set our website to use the new public IP address. (network card #2 has no firewall device in between it and the internet.)
  Then, I configured the default network card #1 to a static, yet private IP address that's behind our DLink firewall device with the rest of our network.
  Intel Xserve (e-mail server) - Network card #1 was the only one setup before our network change. It had a static, public IP address. When we changed ISPs, I configured network card #2 to the new static, public IP address supplied to us by the new ISP in the "System Preferences/Network" panel. This new IP address is where all email traffic currently gets pointed to. (All mail is successfully sent and delivered.) Until our former ISP gets shutdown, I still have network card #1 configured to the older static public IP address. After the old ISP is shut off, I plan on changing network card #1 to a static, private address.
  Any assistance would be greatly appreciated.
    Mac OS X (10.4.8)  

  What should I check in AD?  I am by no means an expert with AD.
  Yes, I am using the same client OS.
  I am talking about RDP over the internet, like from home to the office.  We have a static IP assigned to the router from ISP.  A static internal IP assigned to the server on the LAN.  And the router port forwards 3389 to the assigned IP. 
  It was working fine before we reinstalled Server 2012.  These are the steps I took when reinstalling:
  1. format drive and install OS
  2. rename the server
  3. install SQL server
  4. Install TFS and SharePoint
  5. Add Active Directory role and promote to Domain Controller
  6. Add domain users
  7. Enable remote access on the server and add users to remote access list

• Server Admin 10.6 managing a 10.5.8 server

  I'm hopeful someone can point out my error here.
  I've been running the new 10.6 version of Server Admin on my 10.6 Macbook to mange my 10.5.8 server, and for a while everything seemed fine. When I'm accessing the server remotely (i.e. my client is not on the same LAN as the server) then it is working fine. An d initially this was also true when I was on the same LAN.
  But in the last couple of days, and I don't think I changed anything on the server or client machine that might have impacted on this, Server Admin is reduced to a snail's pace when I try to connect to my server, but only when on the same LAN. This clearly suggests to me that DNS may be the issue, but I've looked at it again and again and can't spot anything out of the ordinary.
  While it's not critical (when I'm on the LAN I can fire up Server Admin 10.5 on the server itself and work directly, but it is really annoying me nonetheless.
  Regards
  Graham

  I'm hopeful someone can point out my error here.
  I've been running the new 10.6 version of Server Admin on my 10.6 Macbook to mange my 10.5.8 server, and for a while everything seemed fine. When I'm accessing the server remotely (i.e. my client is not on the same LAN as the server) then it is working fine. An d initially this was also true when I was on the same LAN.
  But in the last couple of days, and I don't think I changed anything on the server or client machine that might have impacted on this, Server Admin is reduced to a snail's pace when I try to connect to my server, but only when on the same LAN. This clearly suggests to me that DNS may be the issue, but I've looked at it again and again and can't spot anything out of the ordinary.
  While it's not critical (when I'm on the LAN I can fire up Server Admin 10.5 on the server itself and work directly, but it is really annoying me nonetheless.
  Regards
  Graham

• Help needed restricting users admin access to devices using ACS 4.2

  I have users that access the network via a VPN client to a PIX 515 which authenticates to the ACS (using the default group for unknown users) which uses an external Active Directory Database.
  The problem I have is that as the ACS authenticates these users, it now allows them admin access to the PIX. How do I restrict access? I have looked at NARs using the 'All AAA clients, *, *' approach but that just stops their VPN access. ( I have a separate group called 'PIX ACCESS' which will contained only defined users for admin access).
  Incidentally I have other devices on the network which are AAA clients, in particular Nortel switches. I can set the group settings for that RADIUS set up to 'Authenticate Only' (RADIUS Nortel option) and that works fine, I was expecting the ACS to have a similar setting for TACACS+.
  So how do I allow the unknown users to authenticate to their AD database but restrict them admin access to the AAA clients?

  Very common problem. I've solved it twice over the last 6 years with ACS. I'm sketchy on the details. But here goes. First option to explore is using RADIUS for VPN access, then TACACS on all the Cisco switches and PIX firewall. That would make it alot easier. I think that with TACACS, you can build a NAR based on TCP port number instead of IP address....
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a0080858d3c.shtml
  So you'd have a group with 3-4 Administrators that can access PIX CLI, and another group of VPN users that can't access the PIX but can VPN in. So on the VPN group, put a NAR that restricts access to SSH/Telnet TCP ports?
  This comes up everytime I install an ACS server, (every 2-3 years), and it's always a trick.
  Please let me know if this works for you. And if it doesn't, let us know how you fixed it. I think I can get back into the ACS I last did this with and take a look, but I'd have to call up and make a special trip.

• Server: Mail configuration of Server Admin not showing ANY Accounts

  I have an LDAP directory for my accounts and in the Server Admin GUI, under the Mail configuration, I am not showing any accounts. Currently mail services not working and I have tried to reconstruct the db to no avail.
  I the POP log im gettting ...
  Aug 10 14:03:29 mail pop3[24233]: DBERROR: critical database situation
  In the Mail Access log ...
  Aug 10 14:04:56 mail lmtpunix[29548]: DBERROR: critical database situation

  How about more info?
  Did you ever have a working setup? Accounts?
  How did you try to reconstruct?
  Check /var/log/mailaccess.log and post some more info for a process number (number in square brackets)