[SOLVED] Does my system allow remote login through SSH?

Similar Messages

• Starting a remote login through ABAP

  Hello!
  First of all, I am a beginner in ABAP :).
  Now the question - I have registered a remote R/3 system in SM59 and the remote login works. Is it now possible to start the remote login for that particular system through an ABAP program? If so how do I do it?
  Any links to tutorials, articles or code examples will also of course be helpful..
  Bye!
  Sameer

  hi
  see the below links
  MM links:
  http://www.sapgenie.com/abap/tables_mm.htm
  http://www.sap-img.com/sap-download/sap-tables.zip
  http://www.allsaplinks.com/material_management.html
  http://www.training-classes.com/course_hierarchy/courses/2614_SAP_R_3_MM_Invoice_Verification_-_Rel_4_x.php
  http://www.sapfriends.com/sapstuff.html
  SD links
  detailed business flow of SD MODULE INCLUDING all major tables and field
  Need material regarding the Genereal Business Flow of SD, MM, PP, FISL & CO
  http://www.sap-basis-abap.com/sapsd.htm
  http://www.sapgenie.com/abap/tables_sd.htm
  http://help.sap.com/saphelp_46c/helpdata/en/8c/df293581dc1f79e10000009b38f889/frameset.htm
  Check these pdfs:
  SD Workflow:
  http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMSD/BCBMTWFMSD.pdf
  http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMLO/BCBMTWFMLO.pdf
  rewards points if helpful
  regards
  sreeni

• System preferences remote login address naming HELP PLEASE

  Hello,
  This problem is driving me crazy... Enabling Remote Login (under Sharing Preferences) gives me a note that "To log in to this computer remotely, type ssh [email protected]". The problem is the part of the address named "wrongname".  I have no idea where it is picking this up. I've gone back under the networking preferences and confirmed it's not coming from there. The netbios name by the way is "CARLS-MACBKPRO1". Enabling file sharing gives me the same "wrongname". Any idea where this is coming from and how do I fix it?
  Running 10.7.3 on a Macbook Pro.
  Thanks in advance.
  Carl

  The question is how are you trying to connect to the server? and where are you testing from?
  You say you can 'log-in to the Mac-Mini from the internal network', but what protocol are you using?
  The ports you've opened are for web (80), FTP (21) and SSH (22), so if you're using any other protocol (e.g. AFP for file sharing), it won't work.
  So, you need to decide what protocol you want to use and forward the appropriate ports. For example, if you do want to use AFP to transfer files, you'll need to open port 548.
  An alternative is to just use port 22 and use SSH tunneling to tunnel other protocols over a secure connection (normal AFP, web, etc. traffic is not secure and tunneling these protocols over an SSH connection provides an enhanced level of security.

• Remote login via ssh and public keys

  I'm not exactly a UNIX expert, but I need to be able to remote login to my PowerBook. The problem with enabling ssh is that as soon as I'm on campus, all kinds of nefarious hosts try brute force attempts to crack my password. I've heard that public/private key logins are the answer, and I've managed to get the public key in the right place on my PowerBook (the private key resides on my iPhone, from which I'll be logging in). But I have two questions:
  1) How do I disable logins via user/password?
  2) When I use my private key, I'm asked to enter the password for the key -- ssh isn't properly storing that password. I've checked permissions, but how can I get ssh to store that password, as it should?

  1) In Sharing > Remote Login, do I still need an account listed to be able to use ssh logins with a public key? I ask because currently (i.e. password authentication enabled), when no accounts are listed, login via public key doesn't work. In other words, an account has to be listed for public key logins to work.
  Yes you still need an account name to login to that computer. However you don't need to specify an account in the sharing preferences. You can lock down the security further by limiting which user accounts can login via ssh.
  by default if you don't specify a username when you login it will use the username of the device your logging in from. So to use an alternative login name you would use
  ssh [email protected]
  whereas john can be anyname or your choosing.
  Put another way: if turn off password authentication for ssh in sshd_config, how should Sharing > Remote Login be configured?
  If you turn off password authentication you still need to allow your user account to login via ssh in the sharing preferences or you can allow all.
  2) According to that MacOS X Hints article:
  "Leopard has now a built-in support for SSH authentication with public keys.
  OSX has been able to use ssh public key authentication since day 1 of the beta release of osx. It is not new to leopared it has been around for years.
  Just open Terminal and ssh to your public-key-enabled server. A Keychain window appears, proposing you to enter the pass phrase, and then remembering it in your keychain. "
  I have not used this functionality as I don't use any passwords for ssh logins.
  They're talking about the password associated with the key. But on second thought, that password is being saved on the client, not the server, right?
  I am sure this is the case.

• Remote login through a web service

  Can you set up a login process in a CFC so it can be used
  remotely through a
  web service? I would like to have my members be able to have
  their clients
  login to a section of my web site through their own web site.
  Is there anyplace I can find an example of this?
  Wally Kolcz
  Developer / Support

  <cfcomponent>
  <cffunction name="CLogin" access="remote"
  returntype="string">
  <cfargument name="username" type="string"
  required="true">
  <cfargument name="password" type="string" required="true"
  <cfset
  MM_redirectLoginSuccess="
  http://www.softproofs.com/clientarea/index.cfm">
  <cfset
  MM_redirectLoginFailed="index.cfm?login=failed">
  <cfquery name="MM_rsUser"
  datasource="#Request.MainDSN#">
  SELECT username,password,priv FROM clients WHERE
  username=#argument.username# AND password=#argument.password#
  </cfquery>
  <cfif MM_rsUser.RecordCount NEQ 0>
  <cftry>
  <cflock scope="Session" timeout="30" type="Exclusive">
  <cfset Session.MM_Username=#argument.username#>
  <cfset Session.MM_UserAuthorization=MM_rsUser.priv[1]>
  </cflock>
  <cfif IsDefined("URL.accessdenied") AND false>
  <cfset MM_redirectLoginSuccess=URL.accessdenied>
  </cfif>
  <cflocation url="#MM_redirectLoginSuccess#"
  addtoken="no">
  <cfcatch type="Lock">
  <!--- code for handling timeout of cflock --->
  </cfcatch>
  </cftry>
  </cfif>
  <cflocation url="#MM_redirectLoginFailed#"
  addtoken="no">
  <cfelse>
  <cfset MM_LoginAction=CGI.SCRIPT_NAME>
  <cfif CGI.QUERY_STRING NEQ "">
  <cfset MM_LoginAction=MM_LoginAction & "?" &
  XMLFormat(CGI.QUERY_STRING)>
  </cfif>
  </cfif>
  </cffunction>
  </cfcomponent>

• Using SYSTEM Application to Login through a BSP Application

  I configured SSO2 on our server following the steps mentioned in using the SYSTEM application for logon POST. Now, the popup requesting username and password does not pop up. But I have another problem. I am not able to enter Service Users here. It is accepting only Dialog Users. Can you please help me out, as I thought service users were for using WAS based applications.
  Thank you

  Hi Gladson
  I did test with a service user with basic authentication on a WAS 6.40 system (without using system login page to check whether service user can log in) successfully. now to use the system login page SSO2 needs to be configured without that i cannot use system login page. sso2 is being configured, i will have to wait till it finishes to test it.
  However if Dezo is saying thats it not supported, it should be right as he is from SAP
  Regards
  Raja

• How do I disable password based login for ssh

  Before upgrading to Mountain Lion I had setup my computer to allow remote login via SSH. Now that I have upgraded I can no longer login to my computer via SSH without specifying a password.  How do I get back to not having to supply a password to login?
  I created a user named `remotepair` and generated a RSA ssh key. I had setup password-less login to this user by adding the public keys of those who login to the ~/.ssh/authorized_keys file and the following settings in /etc/sshd_config
  Protocol 2
  PubkeyAuthentication yes
  PermitRootLogin no
  PasswordAuthentication no
  PermitEmptyPasswords no
  ChallengeResponseAuthentication no
  AllowUsers remotepair
  I also created a question on ServerFault about other issues I have with SSH. I solved the issue by doing a PRAM reset.
  Since my settings are no longer working for password-less login, how do I enable password-less login to my Mountain Lion enable Mac?

  Output for ssh -vvv [email protected]
  OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
  debug1: Reading configuration data /Users/jjasonclark/.ssh/config
  debug1: Reading configuration data /usr/local/Cellar/openssh/5.9p1/etc/ssh_config
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to home.jjasonclark.com [50.47.10.153] port 22.
  debug1: Connection established.
  debug3: Incorrect RSA1 identifier
  debug3: Could not load "/Users/jjasonclark/.ssh/id_rsa" as a RSA1 public key
  debug1: identity file /Users/jjasonclark/.ssh/id_rsa type 1
  debug1: identity file /Users/jjasonclark/.ssh/id_rsa-cert type -1
  debug1: identity file /Users/jjasonclark/.ssh/id_dsa type -1
  debug1: identity file /Users/jjasonclark/.ssh/id_dsa-cert type -1
  debug1: identity file /Users/jjasonclark/.ssh/id_ecdsa type -1
  debug1: identity file /Users/jjasonclark/.ssh/id_ecdsa-cert type -1
  debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7
  debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH*
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_5.9
  debug2: fd 3 setting O_NONBLOCK
  debug3: load_hostkeys: loading entries for host "home.jjasonclark.com" from file "/Users/jjasonclark/.ssh/known_hosts"
  debug3: load_hostkeys: found key type RSA in file /Users/jjasonclark/.ssh/known_hosts:20
  debug3: load_hostkeys: loaded 1 keys
  debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-e xchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14
  -sha1,diffie-hellman-group1-sha1
  debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],ecd
  [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
  debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.
  liu.se
  debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.
  liu.se
  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha
  1-96,hmac-md5-96
  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha
  1-96,hmac-md5-96
  debug2: kex_parse_kexinit: none,[email protected],zlib
  debug2: kex_parse_kexinit: none,[email protected],zlib
  debug2: kex_parse_kexinit:
  debug2: kex_parse_kexinit:
  debug2: kex_parse_kexinit: first_kex_follows 0
  debug2: kex_parse_kexinit: reserved 0
  debug2: mac_setup: found hmac-md5
  debug1: kex: server->client aes128-ctr hmac-md5 none
  debug2: mac_setup: found hmac-md5
  debug1: kex: client->server aes128-ctr hmac-md5 none
  debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
  debug2: dh_gen_key: priv key bits set: 125/256
  debug2: bits set: 510/1024
  debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
  debug1: Server host key: RSA 80:b1:a1:11:8f:73:3a:bf:29:04:e9:70:18:d8:d5:cd
  debug3: load_hostkeys: loading entries for host "home.jjasonclark.com" from file "/Users/jjasonclark/.ssh/known_hosts"
  debug3: load_hostkeys: found key type RSA in file /Users/jjasonclark/.ssh/known_hosts:20
  debug3: load_hostkeys: loaded 1 keys
  debug3: load_hostkeys: loading entries for host "50.47.10.153" from file "/Users/jjasonclark/.ssh/known_hosts"
  debug3: load_hostkeys: found key type RSA in file /Users/jjasonclark/.ssh/known_hosts:20
  debug3: load_hostkeys: loaded 1 keys
  debug1: Host 'home.jjasonclark.com' is known and matches the RSA host key.
  debug1: Found key in /Users/jjasonclark/.ssh/known_hosts:20
  debug2: bits set: 475/1024
  debug1: ssh_rsa_verify: signature correct
  debug2: kex_derive_keys
  debug2: set_newkeys: mode 1
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: expecting SSH2_MSG_NEWKEYS
  debug2: set_newkeys: mode 0
  debug1: SSH2_MSG_NEWKEYS received
  debug1: Roaming not allowed by server
  debug1: SSH2_MSG_SERVICE_REQUEST sent
  debug2: service_accept: ssh-userauth
  debug1: SSH2_MSG_SERVICE_ACCEPT received
  debug2: key: /Users/jjasonclark/.ssh/id_rsa (0x7fbb53c14d60)
  debug2: key: /Users/jjasonclark/.ssh/github (0x7fbb53c15600)
  debug2: key: /Users/jjasonclark/.ssh/id_dsa (0x0)
  debug2: key: /Users/jjasonclark/.ssh/id_ecdsa (0x0)
  debug1: Authentications that can continue: publickey,password
  debug3: start over, passed a different list publickey,password
  debug3: preferred publickey,keyboard-interactive,password
  debug3: authmethod_lookup publickey
  debug3: remaining preferred: keyboard-interactive,password
  debug3: authmethod_is_enabled publickey
  debug1: Next authentication method: publickey
  debug1: Offering RSA public key: /Users/jjasonclark/.ssh/id_rsa
  debug3: send_pubkey_test
  debug2: we sent a publickey packet, wait for reply
  debug1: Authentications that can continue: publickey,password
  debug1: Offering RSA public key: /Users/jjasonclark/.ssh/github
  debug3: send_pubkey_test
  debug2: we sent a publickey packet, wait for reply
  debug1: Authentications that can continue: publickey,password
  debug1: Trying private key: /Users/jjasonclark/.ssh/id_dsa
  debug3: no such identity: /Users/jjasonclark/.ssh/id_dsa
  debug1: Trying private key: /Users/jjasonclark/.ssh/id_ecdsa
  debug3: no such identity: /Users/jjasonclark/.ssh/id_ecdsa
  debug2: we did not send a packet, disable method
  debug3: authmethod_lookup password
  debug3: remaining preferred: ,password
  debug3: authmethod_is_enabled password
  debug1: Next authentication method: password
  [email protected]'s password:

• Computer freezes when screen is locked and login through ARD

  I have a couple of various mac labs across a campus and I've been dealing with a fun little problem. All the macs are bound to Active Directory, running ARD 3.2, some are OS X 10.4 and some 10.5, but they all do the same thing. When doing some maintenance I like to lock the screens to prevent users from seeing the screen and interrupting the work. The problem is that I lock the screens, then use an auto-login Unix script to login to all of the computers at once. My ARD admin client displays that all the computers are inactive and when I look at the computers face to face they are frozen on the locked screen. The only solution is the manually shut down each computer because I have no control over them through ARD.
  The same thing seems to happen if I login to the computers, then freeze the screen and try to logout. The logout process does the same thing and locks up the computer.
  Anyone else been having this little issue or a possible solution other than just waiting until after the computers are logged on, then locking the screens?

  Has anyone submitted this as a bug to Apple, yet?
  I've got the same issue, but if you've allowed 'Remote Login' in Sharing, you can then ssh in to the machine and kill the lock and user you tried to log in with before the 'ARD Not Active' status change. Save's you a trip across campus...
  I've found that it's the logging in or out, as previously mentioned that is causing the failure. Observing machines has no ill effects.
  I also found that if i control the machine, log in, and then use the 'Lock screen while i control' button in the window top, it works fine - AS LONG AS you click it again before you log out of the remote machine. A workaround that has gotten me through until now.

• What is the best way to remotely login to another Mac?

  My mother & I recently decided to take the plunge from the PC world to Apple world.  I have an MBP w/ OS X 10.8.2, and she has the same w/o the recent OS upgrade (10.7.?).  While we're both still at the bottom of the learning curve, I'm a little further ahead and am constantly running over to her place to trouble shoot/assist her with the transition.  I've been researching ways to remotely login to her computer and am now more confused than when I started.  Can anyone point me in the right direction?  I basically want to be able to login to her system and takeover as if I were on site.  And, while I don't know if my research, thus far, has brought me any closer to a solution, it has raised a few questions:
  1)  Do I simply want to go with 3rd party sofware like Logmein and will the free versions be sufficient or are they just trial offers?
  2)  Or is ARD my best option and am I right in assuming we'd each have to pony up the $80 for installs on both MBPs?
  3)  Some of the discussions talk about much more expensive ARD fees with multiple licenses.  Am I correct in assuming these are meant for network administrators and wouldn't be necessary for my purposes?
  4)  I noticed a free VCN version available from the App Store but came accross posts which seem to indicate possible security issues.  Are these valid concerns and does ARD address them?
  5)  Will I run into problems because we're using different OSs?
  6)  I attempted to follow instructions for an "ssh" remote login that I found by doing a search of 'remote login' under the Apple Support.  But when a password was requested, I didn't seem to be able to enter one into the command line.  Again, I'm new to Macs, but the cursor didn't move when I entered characters, so I was left wondering whether characters were being entered or whether this is Appple's '*****' feature used to guard passwords.  Either way, after 3 attempts, my efforts were repeatedly terminated.  Unfortunately, I'm not even sure I was entering a valid password as the article I'm referring to didn't specify how to set a password.  I used a VCN password I had set up under the Remote Management option in the Sharing utility under System Preferences.  I'm assuming this was the password they were looking for but couldn't be 100% sure as the instructions I followed were not related to "ssh" logins nor were they from Apple Suppot.  Anyway, is this "ssh" login worth pursuing and does it function independently or does it only work in conjuction with ARD?  If it is a stand alone solution, where can I go for better guidance?  The Apple Support link I used was:  http://support.apple.com/kb/PH1112.
  7)  Being recovering Windows users, we both have MS Office for Mac 2011 which has MS's Remote Desktop Connection app.  But from reviewing a few posts, it looks like that comes with it's own set of issues.  It also kind of defeats the purpose as I'm trying to wien myself off of MS.  But if someone out there has experience and suggests this as the "ultimate" solution, I'm willing to listen.
  I know I've babbled on quite a bit and I don't actually expect anyone to take the time to answer all of my questions.  But I'm hoping I might get a collective answer, and more importatnly, I'm really hoping to narrow the field and get generally guidance on the best Mac-to-Mac remote login solution.  Thanks in advance for any advice.

  Hi gregory,
  It is a big subject, and the following article sets out various options.
  http://www.macworld.com/article/1152611/remoteaccesintro.html

• Can't Set Remote Login OFF via Send Unix Command systemsetup

  Trying to use the System Setup->Remote Login template in ARD to turn off Remote Login (SSH) in Sharing panel of System Preferences on Mac that is administered through Apple Remote Desktop.
  In Apple Remote Desktop (ARD), I select the client machine, then choose "Send Unix Command..." from the "Manage" menu. In resultant window, I pick "System Setup->Remote Login (SSH) from the "Template" drop down box in the upper right. That populates the upper window with Unix commands. I edit/change the "on" to "off" and tell the dialog to Run command as User: root, then click on "Send" button.
  Progress bar goes forever with no change.
  I can turn off Remote Login via ARD by controlling each client machine via an ARD WINDOW, then navigating to the Sharing Preference pane, but that process is tedious when performing for multiple client Macs.
  Strange, but I CAN use the "Send Unix Command..." outlined above to turn ON Remote Login, and get the status of Remote Login ("systemsetup -getremotelogin"). Just can't turn OFF Remote Login (quickly/efficiently).
  man systemsetup suggests I need to write the command as "setremotelogin -f off" but that failed with an improper command syntax error.
  Thoughts?

  It’s waiting for you to type a confirmation. If you run this command on the command line normally, you’ll see the message:
  Do you really want to turn remote login off? If you do, you will lose this connection and can only turn it back on locally at the server (yes/no)?
  Use this command instead:
  systemsetup -f -setremotelogin off

• HT1461 Remote Login and sharing

  We are trying to remote login and shareing with network computers and have not been successful. Any help would be greatly appreciated.

  Lots of people have been successful, so it does work.
  Can you explain where you want to share from and to (local, across the Internet, via VPN, etc...)
  Can you tell us what you tried.
  Sharing within the same network is a easy as enabling System Preferences -> Sharing
  Remote Login for ssh
  Screen Sharing for, well screen sharing
  File Sharing
  Sharing across the Internet is best done using iCloud and Back-to-my-Mac, assuming you are running Lion 10.7.2 (or newer).
  If you do not have that version with all Macs involved, or you are using mixed systems, then we need to know what.
  The least troublesome across the Internet screen sharing and file transfer would be TeamViewer.com, and it is cross platform..
  Once you give us more details, we can tailor the advise to your needs.

• System allows IM posting while warehouse inventory document activated

  We are in the process of counting inventory, and have warehouse inventory documents created and activated via LX16.
  However, it is possible to post a goods issue or scrap on the Inventory Managment side, but the warehouse transfer order is blocked as expected.
  Why does the system allow a IM material posting to occur if a warehouse count sheet is activated for the bin?

  The continuous Inventory functionality is designed that way so without stopping the inventory process you can to the Physical.see the following documents
  There are laws that require you to perform a physical inventory at least once during each fiscal year for each storage bin. This physical inventory should check whether the book inventory balance or target stock amount in the system matches the actual stock that physically exists in the storage bin.
  In continuous inventory, you distribute the physical inventory for all storage bins over the course of the fiscal year, and can carry out inventories at different times as you require. This means that you can include the warehouse stock by material type and material quantity that exists on the closing key date, even without a simultaneous physical inventory (annual inventory) from the records in the Warehouse Management system (WMS).
  For this reason, continuous inventory has the following advantages over annual inventory, which takes place on a key date at the end of the fiscal year:
  The effort and costs for the inventory is not concentrated on a certain day or days but is distributed over the entire year. You can better plan the workforce in the warehouse.
  You can carry out the inventory at idle times in the warehouse.
  Because of the lower inventory efforts at the end of the fiscal year, you can concentrate on creating year-end closing reports.

• SMB through SSH tunnel

  I'm having trouble setting up samba access over an SSH tunnel. If I forward port 139 on my machine to port 139 on the server, like so,
  ssh -L 139:localhost:139 user@server
  and then connect from the finder with Go -> Connect to Server and enter "smb://localhost/username" it works great. Moreover, if I do "smbclient -L localhost -U username" I get (with names changed to protect the innocent):
  Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
  Sharename Type Comment
  IPC$ IPC IPC Service (Myservername)
  username Disk Home Directories
  Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
  Server Comment
  Workgroup Master
  OATESNET MYSERVERNAME
  That's great. However, I need to in fact be running a samba server on my local machine as well as accessing a remote one --- therefore, I can't forward from port 139 on my local machine because it conflicts with my local samba server (actually, I can, and it appears to be a crapshoot whether my local server or the remote server through SSH gets the connection. Weird. But that's a different story).
  So, I try and forward from a different port, say 52187. So I create my tunnel:
  ssh -L 52187:localhost:139 username@server
  Now I try and connect through the Finder. I get error:
  "The Finder cannot complete the operation because some data in "smb://localhost:52187/username" could not be read or written. (Error code -36)."
  Hmm. Let's try and diagnose from the console. I type:
  smbclient -L localhost -U username -p 52187
  It connects to the remote server, but only partially. I get the following output:
  Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
  Sharename Type Comment
  IPC$ IPC IPC Service (Myservername)
  username Disk Home Directories
  Error connecting to 127.0.0.1 (Invalid argument)
  Connection to localhost failed
  NetBIOS over TCP disabled -- no workgroup available
  Weird. Note that this is with my local Samba server not running. Now, if I try and run smbclient with the local server running, I get a different error:
  Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
  Sharename Type Comment
  IPC$ IPC IPC Service (Myservername)
  username Disk Home Directories
  session setup failed: NTSTATUS_LOGONFAILURE
  NetBIOS over TCP disabled -- no workgroup available
  Weirder --- so I look in the log files for the local Samba server (/var/log/samba/log.smbd). There are two new messages from the exact time when I tried to contact my remote server:
  [2007/06/20 17:35:08, 0] /SourceCache/samba/samba-100.7/samba/source/smbd/server.c:main(789)
  smbd version 3.0.10 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2004
  [2007/06/20 17:35:08, 0] pdbods.c:odssamgetsampwnam(2329)
  odssam_getsampwnam: [0]getsam_recordattributes dsRecTypeStandard:Users no account for 'username'!
  Note that 'username' is not a user on my local machine. I'm not sure what would happen if it were.
  What looks like is happening to me is that the samba client is in fact contacting the server on the port that I give, but then trying to initiate some other communication (authentication?) on the default port, 139. That's why when I'm forwarding from port 139 it all works fine. That's also why I get a different error message and stuff in my local logs when the local server is running --- the samba client is contacting the remote server for part of the transaction and the local server for another part. When the local server isn't running, it just can't contact anyone and gets confused.
  The question is, how can I make the samba client consistently use the port I tell it to use? Am I missing something?
  -Andrew
  PS -- why is it that I can have both a local samba server running on port 139 and an SSH tunnel that forwards from that port at the same time? Does it have to do with what interfaces their bound on? As in, the SSH server is only bound on the loopback interface, while the Samba server is only bound on my ethernet card? That's the only explanation I could think of.

  well, I'm not doing a smb mount and have never tried to do an smb mount; only an afp mount. I'm very fortunate that I have Macs at work and home, and all authorized users to my computer are Mac users.
  I'm running OS 10.4.9 and have been doing this (afp over ssh) throughout all iterations of 10.4.x and most if not all iterations of 10.2.x up through 10.2.8 on two older computers, a 2001 Quicksilver and a 2002 Quicksilver as the servers, and using them as the clients as well along with two Powerbook G4s as clients. Also, my kids (if you call ages 20-26 "kids") afp mount via ssh tunneling as well, from an iBookG4 and iMac G5s, also running 10.4.9.
  I gotta ask a dumb question or two or three or four:
  • When you ssh, obviously you have the ssh port (only) forwarded through your router and/or modem at home, right?
  • Do you have your Mac's (the one you are trying to use as the server) firewall turned on or off? And if on, what ports/services do you have turned on in Sys Prefs Sharing? (and if off, what services are turned on?) Windows Sharing is on?
  • If you turned on personal file sharing in your "server" Mac, do you have another Mac that you could try to ssh into, tunneling port XXXX:localhost:548 then from Finder, ⌘k to localhost:XXXX, just to see if that at least works?
  • highly unlikely to make a difference, but when you ⌘k to smb://localhost:XXXX, does it help to leave off the "/username" that you had reported in preious posts as appending onto the servername?
  One last-minute comment/suggestion: There is a shareware/donationware program called sharepoints that looks pretty cool; you can check that your mount points on your server are indeed smb shared or not (as a side note, if you are so inclined, you can create additional mount points other than just users' home directories, too). I am totally clueless as to how one, from the unix command line or maybe from the NetInfo manager, might do this, so if you would be treading new ground here yourself in this regard, this program might be of some value to you.

• Allow log on through Remote Desktop Services Group Policy for Domain Controllers

  Hello,
  We want to allow our Helpdesk Operators to be able to connect to Domain Controllers with the Remote Desktop Services. This is by default not allowed but according to many sites, it should be able to configure by using a Group Policy.
  We made a new Group Policy with the setting 'Allow log on through Remote Desktop Services' and 'Allow log on locally' (as an extra for testing) and applied Security Filtering to only use it for a specific Security Group. Our test user is a member of this
  security group and should be able to access the Domain Controllers now. However this isn't working.
  The error message we receive upon trying to connect:
  The connection was denied because the user account is not authorized for remote login.
  For troubleshooting, we also applied the Security Group for that setting in the Default Domain Controllers Policy but that doesn't seem to work either. We want to avoid customization on our Default Domain Controllers Policy but this was just a test case
  for solving our problem.
  What should we do to solve our problem?
  I hope to hear from you soon.
  Thanks in advance.

  Hi, I just found out what the problem was. This site helped me alot:
  http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx
  In my case, I had the group added to the Allow Logon Through Remote Desktop Services but was not added to the Builtin\Remote Desktop Users group. After knowing this I made some changes to our situation and are now using the builtin\Remote Desktop Users group
  rather than a new self made Security Group. I also added the Remote Desktop Users to the Allow Logon Through Remote Desktop Service in the Default Domain Controllers Policy as this is not done by default. By default only the Domain Administrators are able
  to logon through remote desktop services.
  You do not need the 'Log on Locally' permission within the Group Policies.
  In short:
  Add the desired users/groups to the 'Builtin\Remote Desktop Users' security group.
  Add the 'Builtin\Remote Desktop Users' security group to the 'Allow Logon Through Remote Desktop Services' within the 'Default Domain Controllers Policy'.
  Thank you anyway for the fast reply.
  Have a nice day!

• Not able to change normal login password through ssh root login remotely

  I am able to login to serverb from servera as root user without password
  as i have set the ssh key authentication between the two servers
  ==============================================================
  bash-3.00# hostname
  servera
  bash-3.00# ssh serverb
  Sun Microsystems Inc. SunOS 5.9 Generic May 2002
  You have new mail.
  root@serverb # hostname
  serverb
  root@serverb #
  ==============================================================
  i am also able to execute remote commands from servera to serverb
  through ssh as root :
  ==============================================================
  bash-3.00# ssh serverb "hostname ; date ; uptime;id -a "
  serverb
  Friday December 11 16:52:10 GMT 2009
  4:52pm up 258 day(s), 2:24, 1 user, load average: 0.12, 0.07, 0.06
  uid=0(root) gid=1(other) groups=1(other),0(root),2(bin),3(sys),4(adm),5(uucp),6(mail),7(tty),8(lp),9(nuucp),12(daemon),1001(srsncadm
  bash-3.00#
  ==============================================================
  But when i try to change a normal users login password it give me the following
  error even as root user, can someone please let me know why it preventing
  from a normal login password change though ssh even for a superuser account
  =============================================================
  bash-3.00# ssh serverb passwd testuser
  Permission denied
  bash-3.00#

  You cannot "ssh passwd username" remotely, for one thing. Remember, the passwd command is going to ask for input from the terminal.
  Also, look into the pfexec man page because you might need to change roles in order to change the password on the remote system.