[SOLVED]Access shares in Active Directory env w/o asking for pword

Similar Messages

• For OS X: Whenever I have internet access my disk is running continuously for a period of time without any activity on my part.  When I close internet access the disk activity stops.  Who is fishing for data?

  For OS X v5 or 6: Whenever I have internet access my disk is running continuously for a period of time without any activity on my part.  When I close internet access the disk activity stops.  Who is fishing for data?

  Thanks for your reply.  I don't use itunes so that couldn't be it.  Reading about Little Snitch and Hands Off, however,  educated me about the data harvesting in many apps and that when buying from the AppStore one will more likely get Apps with benign data harvesting.

• I have never had to enter a password to access mail. However, recently, I keep being asked for password on my ****** address. Only on my macbook. (which, btw, has a version number the drop down doesn't offer as a choice. I had to putt 9.4)

  I have never had to enter a password to access mail.
  However, recently, I keep being asked for password on my ***** address.
  Only on my macbook. (which, btw, has a version number your drop down doesn't offer as a choice. I had to putt 9.4)
  When I look up the account the "password" is a long string of gobbledygook. Something I would never do.
  But when I attempt to use that pw I still can't get in.
  I have no trouble accessing that email account on my mac mini. Just on the macbook.
  <Edited by Host>

  Maiko,
  I'm confess I'm still trying to get a handle on your problem. You do a fantastic job of describing it ... but I'm just trying to picture it accurately in my head.
  I think, were I in your shoes, I'd begin by looking at what the debug page has to say for the specific destination in which you're interested in fixing. In other words, I'm not clear on where, exactly, this destination points ...
  Destination illinois.edu.1945806043
  Is that your site, or the division within your site that you want to fix? "Normally", you do not need to specify a site handle to get to your site within your transfer CGI ... if you say "uillinois.edu", it's enough to transfer your users to iTunes U ... but every site still has a handle, and you could, if you wanted to, actually specify it in your transfer CGI. For example, this:
  Destination uic.edu.1139051993
  is for my entire site ... it's my site handle. Whereas this:
  Destination uic.edu.1991288441
  is for a division within my site ... but it's impossible to tell the difference between "site" and "division" from just the handle (I mean, if I didn't say "this is a site" and "this is a division", there'd be no way for you to know). So when I look at your creds and permissions on your debug page, I can't quite tell if they give you download access for your site, or for the specific division you want to fix. If you could open the debug page with your division as destination (or confirm that that's what we're looking at), it'd rule out some things.

• I have Adobe Photoshop CS4 and have just upgraded my Mac operating system to Yosemite with the newest version of Java 2014 running. When I try to access Photoshop from Bridge or directly open it asks for a Legacy Version of Java 6. As I am a pensioner I c

  I have Adobe Photoshop CS4 and have just upgraded my Mac operating system to Yosemite with the newest version of Java 2014 running. When I try to access Photoshop from Bridge or directly open it asks for a Legacy Version of Java 6. As I am a pensioner I cannot afford an upgrade does anyone know of a work-around for this problem?

  Hi Daddyfred,
  CS4 Photoshop has not been tested on Yosemite. But still you can try the Java 6 update using the below link.
  http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase6-419 409.html
  Thank you for posting on Adobe Forums.

• When trying to access the internet on my Macbook a message asking for my WAP password comes up. Someone said look in my keychain but I don't know what I am looking for.

  When trying to access the internet on my Macbook a box asking for my Wap password before I can access my network comes up. I have looked in keychain but cannot find and info. Pleas help.

  Please reset my iTunes account so I can purchase thru iTunes it Saids to contact u
  The message you are quoting says to contact iTunes Support, not this user-to-user discussion forum.
  But anyway, see this document on how to find the credit card security code:
       How to find the security code on a credit card - Support - Apple
  It is on the back of your card:

• Unable to access server files shares with Active Directory Users

  Quick breakdown of my issue.
  I have setup a Yosemite file server running the latest version of Yosemite and Server.
  File sharing in Server.app is enabled and shares have been created
  The server is bound to my company's Active Directory and you can directly login to the computer via AD credentials.
  The big issue is this, unless the user has directly walked up to my server and logged into it at least once, they cannot authenticate to the file shares via their AD credentials.
  For example: Administrator (me) I can login and access all file shares without issue.
  Jane Smith (SMITH) who has actually walked up to my server and logged in via her AD credentials, can also access all file shares. (That she has access to)
  John Doe (JDOE) who has not logged into the server in anyway, cannot authenticate to the server file shares  at all (even though I have granted him permission) He just gets an "Access Denied" message.
  I have gone into Directory Utility and changed the search order to give AD priority and this still doesn't resolve the problem.
  We have unbound the server from AD and added in back again and still not able to resolve.
  If you open Server.app and go to add someone from AD to a file share, it finds the AD user quickly and everything looks right. but still unable to authenticate to the server if they haven't directly logged into it before?
  All of the documentation and google articles I have found say my server is setup correctly, any help would be greatly appreciate it!
  Thanks in advance!

  I figured this out. In Mountain Lion Server, it doesn't matter if you give the user rights to a shared file or folder, if the user doesn't have access the File Sharing service, they can't get it. I had to find the specific users in the Server app under the AD in the Users tab, and give them rights to the File Sharing service. I think you can do this for a whole AD group as well, but I haven't tried.

• Oracle VDI 3.3 Directory access with Windows2008 Active Directory

  Hi
  can some body help me to solve this issue?
  I install oracle VDI 3.3 and I configure Windows2008 Active Directory for authentification.
  I made some test in command line
  kinit -v user
  and I received the message "Authenticated to Kerberos v5"
  but when I tried to create a company to do another configuration I receive the following error:
  Unable to Connect to User Directory
  Failed to connect, no servers available.
  BR

  I am in the same situation and have tried everything. I am using VDI 3.4 and able to authenticate using knit command but cannot setup up my company.
  AD is 2011 Small Business Server and the domain is domain.local
  Any help would be appreciated. Thanks

• Mac OS X Server File Shares and Active Directory Users

  About ready to pull my hair out on this one...
  We have a department that only uses Macs. At the moment, it's a hodgepodge of different setups. We were able to convince the department to standardize, and purchase a Mac Mini Server. To keep things a bit simpler, we are setting up their department shares on the server as well.
  To make my life simpler (or so I thought...) I decided to bind the OS X Server to our AD, and use the AD users/groups to allow access to the shares. The OS X Server app lists all of our AD user and groups, and I can apply them to the shares, however, when we try to access the share, it fails.
  I don't think the server is talking to our AD correctly.
  I can login to the Mac Server with my network account, my network account works for accessing Server.app, but nothing I've tried will allow our Mac or Windows clients to access the shares with the AD credentials. The log file comes up with:
  mccsrvrmac.mcc.local smbd[441]: check_account - [7]: [permission denied] pam_acct_mgmt
  Also seeing this:
  mccsrvrmac.mcc.local kdc[57]: Asked for LKDC, but there is none
  A bit of background: We added this Mac to the domain once before, realized that the HDDs weren't setup in a RAID config, so wiped it and reinstalled. I did remove the computer account before rebinding.
  Any help is appreciated!

  I figured this out. In Mountain Lion Server, it doesn't matter if you give the user rights to a shared file or folder, if the user doesn't have access the File Sharing service, they can't get it. I had to find the specific users in the Server app under the AD in the Users tab, and give them rights to the File Sharing service. I think you can do this for a whole AD group as well, but I haven't tried.

• Weblogic with Active Directory Authentication provider problem: DN for user ....: null

  I have a java application (SSO via SAML2) that uses Weblogic as a Identity Service Provider. All works well using users created directly in Weblogic. However, I need to add support for Active Directory. So, as per documentation:
  - I defined an Active Directory Authentication provider
  - changed it's order in the Authentication Providers list so that it comes first
  - set the control flag to SUFFICIENT and configured the Provider Specific; here's the concerned part in config.xml:
  <sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">
          <sec:name>MyOwnADAuthenticator</sec:name>
          <sec:control-flag>SUFFICIENT</sec:control-flag>
          <wls:propagate-cause-for-login-exception>true</wls:propagate-cause-for-login-exception>
          <wls:host>10.20.150.4</wls:host>
          <wls:port>5000</wls:port>
          <wls:ssl-enabled>false</wls:ssl-enabled>
          <wls:principal>CN=tadmin,CN=wl,DC=at,DC=com</wls:principal>
          <wls:user-base-dn>CN=wl,DC=at,DC=com</wls:user-base-dn>
          <wls:credential-encrypted>{AES}deleted</wls:credential-encrypted>
          <wls:cache-enabled>false</wls:cache-enabled>
          <wls:group-base-dn>CN=wl,DC=at,DC=com</wls:group-base-dn>
  </sec:authentication-provider>
  I configured a AD LDS instance(Active Directory Lightweight Directory Services) on a Windows Server 2008 R2. I created users and one admin user "tadmin" which was added to Administrators members. I also made sure to set msDS-UserAccountDisabled property to FALSE.
  After restarting Weblogic I can see that the AD LDS's users and groups are correctly fetched in Weblogic. But, when I try to connect with my application, using Username:tadmin and Password:<...> it does not work.
  Here's what I see in the log file:
  <BEA-000000> <LDAP Atn Login username: tadmin>
  <BEA-000000> <authenticate user:tadmin>
  <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
  <BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)>
  <BEA-000000> <DN for user tadmin: null>
  <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
  <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
  <BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)>
  <BEA-000000> <DN for user tadmin: null>
  <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://10.20.150.4:5000 ldapVersion:3 bindDN:"CN=tadmin,CN=wl,DC=at,DC=com"}>
  <BEA-000000> <javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User tadmin denied
    at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:229)
    at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  So, I tried to look why do I have: <DN for user tadmin: null>. Using Apache Directory Studio I reproduced the ldap search request used in Weblogic and, sure enough, I get no results. But, changing the filter to only "(&(cn=tadmin)(objectclass=user))" (NOTICE, no userAccountControl), it works; here's the result from Apache Directory Studio:
  #!SEARCH REQUEST (145) OK
  #!CONNECTION ldap://10.20.150.4:5000
  #!DATE 2014-01-23T14:52:09.324
  # LDAP URL     : ldap://10.20.150.4:5000/CN=wl,DC=at,DC=com?objectClass?sub?(&(cn=tadmin)(objectclass=user))
  # command line : ldapsearch -H ldap://10.20.150.4:5000 -x -D "[email protected]" -W -b "CN=wl,DC=at,DC=com" -s sub -a always -z 1000 "(&(cn=tadmin)(objectclass=user))" "objectClass"
  # baseObject   : CN=wl,DC=at,DC=com
  # scope        : wholeSubtree (2)
  # derefAliases : derefAlways (3)
  # sizeLimit    : 1000
  # timeLimit    : 0
  # typesOnly    : False
  # filter       : (&(cn=tadmin)(objectclass=user))
  # attributes   : objectClass
  #!SEARCH RESULT DONE (145) OK
  #!CONNECTION ldap://10.20.150.4:5000
  #!DATE 2014-01-23T14:52:09.356
  # numEntries : 1
  (the "[email protected]" is defined as userPrincipalName in the tadmin user on AD LDS)
  As you can see, "# numEntries : 1" (and I can see as result the entry "CN=tadmin,CN=wl,DC=at,DC=com"  in Apache Directory Studio's interface); if I add the userAccountControl filter I get 0.
  I've read that the AD LDS does not use userAccountControl but "uses several individual attributes to hold the information that is contained in the flags of the userAccountControl attribute"; among those attributes is msDS-UserAccountDisabled which, as I said, I already set to FALSE.
  So, my question is, how do I make it work? Why do I have "<DN for user tadmin: null>" ? Is it the userAccountControl ? If it is, do I need to do some other configuration on my AD LDS ? Or, how can I get rid of the userAccountControl filter in Weblogic?
  I didn't seem to find it in config files or in the interface: I only have "User From Name Filter: (&(cn=%u)(objectclass=user))", there's no userAccountControl.
  Another difference I noticed is that, even though in Weblogic I have set ssl-enabled flag to false, in the logs I see ldaps and not ldap ( I'm not looking to setup something production-ready and I don't want SSL for the moment ).
  Here are some other things I tried but did not change anything:
  - the other "msDS-" attributes were not set so I tried initializing them to some value
  - I tried other users defined in AD LDS, not tadmin
  - in Weblogic I added users that were imported from AD LDS in Roles and Policies> Realm Roles > Global Roles > Roles > Admin
  - I removed all userAccountControl occurrences that I found in xml files in Weblogic (schema.ms.xml, schema.msad2003.xml)
  Any thoughts?
  Thanks.

  I managed to narrow it down: the AD LDS does not support the userAccountControl.
  Anyone knows how I can configure my Active Directory Authentication Provider in Weblogic so that it does not implicitly use userAccountControl as filter?
  <BEA-000000> <getDNForUser search("CN=wl,DC=at,DC=com", "(&(&(cn=tadmin)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)> 

• MS Active Directory 2008 as UME datasource for AS Java

  Hello,
  We are running SAP EP on top of a SAP AS Java using LDAP certification, so users
  from MS Active Directory 2003 domain are trusted by the Portal
  I've now a problem with the version upgrade of MS Active Directory from 2003 to 2008,
  it seems only SAP AS ABAP supports MS AD 2008, and our instance is JAVA only
  Note 983808 - "Certified LDAP servers" also confirm this
  Do you know if AD 2008 is supported, if any note has been released about this and
  any document to help me wiith this issue?
  thanks in advance!
  Rafael

  Hi Patrick, thanks for the answer
  I checked the note and it refers about Windows 2008 and a scenario with SSO, that's not our case.
  We just have AD as a LDAP UME datasource, users must still pass user and password which
  is then checked and then login is authorized
  you mentioned AD 2008 is supported for Netweaver AS Java, could you send me any document
  or note with procedures or anything for configuring it ?
  kind regards,
  Rafael

• PowerShell Script Get the User's Active Directory Fully Qualified Login Name for Specific Locked Out Accounts

  I have a script which displays locked out accounts. It works great.
  I'd like to display the fully qualified Active Directory Login Name instead of the LastName, First Name:
  Example: Davis, Susan
  Want instead: Domain\Susan.Davis
  I'd also like to include an additional filter to look for only Domain\Susan.Davis OR Domain\Robin.Givens
  Here is my script:
  $objDomain = New-Object System.DirectoryServices.DirectoryEntry
  $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
  $objSearcher.SearchRoot = $objDomain
  $objSearcher.PageSize = 1000
  $objSearcher.Filter = "(&(objectClass=User)(lockoutTime>=1))"
  $colProplist = "name","samaccountname"
  foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i) | out-null}
  $colResults = $objSearcher.FindAll()
  foreach ($objResult in $colResults) {
  $domainname = $objDomain.name
  $samaccountname = $objResult.Properties.samaccountname
  $user = [ADSI]"WinNT://$domainname/$samaccountname"
  $ADS_UF_LOCKOUT = 0x00000010
  if(($user.UserFlags.Value -band $ADS_UF_LOCKOUT) -eq $ADS_UF_LOCKOUT) {
  $objResult.Properties.name
  John
  John

  Sorry, I should have mentioned that the cmdlets I'm using are part of the Active Directory module. You'll need to install the RSAT (Win7+) to use them.
  If you'd rather stick with your DirectorySearcher methods instead of moving to the AD module, you can adjust your output by using something like this instead:
  if(($user.UserFlags.Value -band $ADS_UF_LOCKOUT) -eq $ADS_UF_LOCKOUT) {
  "$domainname\$($objResult.Properties.samaccountname)"
  $domainname might not be what you're expecting, just FYI.
  As for filtering, you can add to the if statement and check for your known usernames only.
  Don't retire TechNet! -
  (Don't give up yet - 12,700+ strong and growing)

• HT204053 I have iPad 2 and recently changed my Internet Service Provider and email address. I have created a new Apple I.D. and password but when I try to access or open my iPad 2 I am asked for the password for my previous email address.

  I have iPad 2 and recently changed my Internet Service Provider and email address. When I switch on the iPad I am asked for my password for
  my previous providerwhich when entered is not acceptable. I am told to create a new passord but this only changes the password for my current
  address. I am now unable to access iPad and I need to know how to circumvent this.

  Roger, thank you.  I wish I had sent out this question a month ago, when I committed the folly of creating another apple id with my alternate email address.  Since then, I had realized that I didn't seem to need it, hence today's post.
  So now what do I do?  Is there anyway to delete that unecessary apple id?
  And it is even worse than that...the secondary address listed currently in our apple id is a mobile me one that my husband created, but never uses, never checks, and probably doesn't even remember the password for. 

• I recently changed my email address and switched it to my primary address on my Apple ID account.  It works in iTunes, but when I open up iCloud, my old ID shows and I can't access it to change anything.  Can't ask for email change for password

  I recently changed my email address and updated my Apple ID name to the new address.  It worked for iTunes and apps, but when I bring up iCloud, my old ID name shows.  I can'tr access it to change it since my security questions don't work and when I request an email to change password, it says it sent one but I do not receive anything.  Just need to klnow how to change my Applle ID on iCloud if I can't access the old one.  I'm afraid if I delete the account and open a new one, I'll lose all of my calendar. 

  If you have 'Find My iPad' activated on the iPad it will cause this problem. You will have to contact Support for help. Go to https://expresslane.apple.com ; select 'More Products and Services', then 'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Lost or forgotten Apple ID password' and click 'Continue'.

• Citrix remoter access to work won't work, it keeps asking for Cocoa Java Plug-in, but this should already exist?

  Helpdesk at work is helpless.  My citirx connection to access work remotely connects fine, but when I try to login further it says that my browseer doesn't have Cocoa Java Plug-in.  I've updated the software and have downloaded the update for Safari 10.6.  But it stops.  It also asks if JVM 1.4.1 or later is installed.  I've updated that too.

  You don't have a Mac Pro (*65lb tower) but a notebook.
  There is a support page and setup wizard to help plus links to support articles and community.
  you may have to rebuild mail index or see if you can export, (re)move the existing mail folder and setup a new one and import old mail. Mail does and can have its issues for sure.
  Mail support and Setup Wizard
  http://www.apple.com/support/mail
  MacBook Series Forums
  https://discussions.apple.com/community/notebooks?view=discussions
  Mac OS X Forum
  https://discussions.apple.com/community/mac_os?view=discussions 
  http://www.apple.com/support/macbookpro

• HT3702 trouble activating card on itunes keeps asking for correct security code

  what am i doing wrong if i'm putting in security code and it tells me different

  Contact your your account information, make sure it matches what you have on your card statement. If everything's matching, contact your bank.