[SOLVED] setfacl for unknown user (modify possible, remove fails)

Similar Messages

• ASA enable authentication for AD user by ACS TACACS fails

  In order to authorize command on ASA8.x for different users, I have to put 'aaa authentication enable console TACACS' into ASA configuration, and in ACS - user setup - TACACS+ enable password - Use separate password, I set an enable password.
  It works fine for ACS local users, they are able to get into priv EXEC mode by entering 'enable' command and use my pre-set password, however, the password doesn't work for AD user.
  So, how to setup enable authorization for AD user?
  Or is there a way to drop a user directly into level 15 on ASA just like it on router?
  below is the debug info.(I'm sure the password is the one I set in ACS)
  LABASA1(config)# AAA API: In aaa_open
  AAA session opened: handle = 884
  AAA API: In aaa_process_async
  aaa_process_async: sending AAA_MSG_PROCESS
  AAA task: aaa_process_msg(d45bd5c8) received message type 0
  AAA FSM: In AAA_StartAAATransaction
  AAA FSM: In AAA_InitTransaction
  Initiating authentication to primary server (Svr Grp: TACACS)
  AAA FSM: In AAA_BindServer
  AAA_BindServer: Using server: 192.168.1.221
  AAA FSM: In AAA_SendMsg
  User: fostco\user1
  Resp:
  callback_aaa_task: status = -1, msg =
  AAA FSM: In aaa_backend_callback
  aaa_backend_callback: Handle = 884, pAcb = d5b193e0
  aaa_backend_callback: Error:
  Incorrect password.
  AAA task: aaa_process_msg(d45bd5c8) received message type 1
  AAA FSM: In AAA_ProcSvrResp
  Back End response:
  Authentication Status: -1 (REJECT)
  AAA FSM: In AAA_NextFunction
  AAA_NextFunction: i_fsm_state = IFSM_PRIM_AUTHENTICATE, auth_status = REJECT
  AAA_NextFunction: authen svr = TACACS, author svr = <none>, user pol = , tunn pol =
  AAA_NextFunction: New i_fsm_state = IFSM_DONE,
  AAA FSM: In AAA_ProcessFinal
  AAA FSM: In AAA_Callback
  user attributes:
  None
  user policy attributes:
  None
  tunnel policy attributes:
  None
  Auth Status = REJECT
  aaai_internal_cb: handle is 884, pAcb is d5b193e0, pAcb->tq.tqh_first is d441d1d8
  AAA API: In aaa_close
  AAA task: aaa_process_msg(d45bd5c8) received message type 3
  In aaai_close_session (884)

  I have run into a similar situation. I just want to authenticate via TACACS to enable mode in an ssh session. After using the "aaa authentication enable console TACACS LOCAL" command on the ASA, the ACS server rejects the password.
  I have tried everything I can think of on the ACS as far as "TACACS+ enable password" using both a windows database or a separate password, and PIX/ASA command sets. I cannot go into enable mode unless I set the ASA to LOCAL authentication, which just uses the globally defined enable password.

• [SOLVED] Question for Zsh users

  hello
  i've been using Zsh for a while ( i love it ) but i got 2 problem a 1 question.
  when i install something like rtorrent , when i am going to execute it i can complete the " rtorrent " command with tab , i put rtor[TAB] and it didn't show the rest or complete, this only happens with program that i recently installed ( in this sesion)
  another problem is that when i use the kill program , i normaly press [Tab] to see a list of the running program, but i only see the programs that i run, there is a way to see all the programs there are in execution by all users? ( i am a kind of sistem admin )
  and the question is , is reccomendable to use Zsh like the Root Shell? it can break something?  because when i used FreeBsd the encorauge the users to don't change the SHELL of the ROOT user.
  that all, GRACIAS DE ANTEMANO!.
  ooppz , this is my .zshrc
  export HISTFILE=~/.zsh_history
  export HISTSIZE=50000
  export SAVEHIST=50000
  export CFLAGS="-pipe -march=athlon64 -O2"
  export CXXFLAGS="-pipe -march=athlon64 -O2"
  autoload -U compinit promptinit
  compinit
  promptinit
  # This will set the default prompt to the walters theme
  prompt walters
  zstyle ':completion:*' menu select
  # key bindings
  bindkey "\e[1~" beginning-of-line
  bindkey "\e[4~" end-of-line
  bindkey "\e[5~" beginning-of-history
  bindkey "\e[6~" end-of-history
  bindkey "\e[3~" delete-char
  bindkey "\e[2~" quoted-insert
  bindkey "\e[5C" forward-word
  bindkey "\eOc" emacs-forward-word
  bindkey "\e[5D" backward-word
  bindkey "\eOd" emacs-backward-word
  bindkey "\e\e[C" forward-word
  bindkey "\e\e[D" backward-word
  bindkey "^H" backward-delete-word
  # for rxvt
  bindkey "\e[8~" end-of-line
  bindkey "\e[7~" beginning-of-line
  # for non RH/Debian xterm, can't hurt for RH/DEbian xterm
  bindkey "\eOH" beginning-of-line
  bindkey "\eOF" end-of-line
  # for freebsd console
  bindkey "\e[H" beginning-of-line
  bindkey "\e[F" end-of-line
  # completion in the middle of a line
  bindkey '^i' expand-or-complete-prefix
  alias ls='ls --color=auto -F'
  Last edited by slacknatcher (2009-07-08 22:10:18)

  slacknatcher wrote:when i install something like rtorrent , when i am going to execute it i can complete the " rtorrent " command with tab , i put rtor[TAB] and it didn't show the rest or complete, this only happens with program that i recently installed ( in this sesion)
  Invoke this to regenerate the completion cache for $PATH:
  rehash
  slacknatcher wrote:another problem is that when i use the kill program , i normaly press [Tab] to see a list of the running program, but i only see the programs that i run, there is a way to see all the programs there are in execution by all users? ( i am a kind of sistem admin )
  Try to add this to your .zshrc:
  zstyle ':completion:*:*:kill:*' command 'ps -u$USER -o pid,%cpu,tty,cputime,cmd'
  slacknatcher wrote:and the question is , is reccomendable to use Zsh like the Root Shell? it can break something?  because when i used FreeBsd the encorauge the users to don't change the SHELL of the ROOT user.
  I've used zsh as the root $SHELL for several years on both Arch, Debian, Gentoo, and FreeBSD. I've not encountered any issues.
  Last edited by shagrat (2009-07-08 20:24:45)

• Endeca : multi invoice pay throwing correct error for internal user but it is failing to throw the same error for external user

  Hi,
  1) Internal User expected exception:
  Exception: Payments,apply credits,disputes and print are not supported when multiple customer/currency transactions are selected
  2) External User is throwing below error instead of throwing above exception.
  Error
    You are trying to access a page that is no longer active.
    The referring page may have come from a previous session. Please select Home
     to proceed.
  found this MACCHECK from fnd logs of external user payment.
  MACCHECK: . Parameter failing validation is :mode. The parameter mode with value MultiPay could not be recognized as part of Server's response on the previous request.  Incoming URL is : /OA_HTML/OA.jsp?page=/oracle/apps/ar/irec/endeca/webui/EndecaDummyPG . Current URL is : /OA_HTML/OA.jsp?page=/oracle/apps/ar/irec/endeca/webui/OIREndecaCustHomePG&akRegionApplicationId=222&_ti=1125493452&oapc=10&retainAM=Y&addBreadCrumb=N&oas=6-LL4ndIUFLX-2zjQAQD6A.. . Referer URL is : https://<hostname>:4443/endeca/web/ar/customer?doAsUserLanguageId=en_US&languageId=en_US . HTTP Request Method is : POST
  can someone please help.
  Thanks,
  RRS

  Well, I compared my classpath between my windows batch file and the
  makefile (that comes with the samples installation) on Solaris and realized
  that I am using different sets of jars.
  So, I removed the extra jars from the makefile to narrow down the
  problem. If I remove the /opt/SUNWam/lib/servlet.jar from the makefile,
  I can reproduce this problem on the Solaris box as well.
  When I include this servlet.jar on my windows machine the program works!
  Only jars I have in my classpath are amclientsdk.jar and servlet.jar which
  I have copied from my installation (/opt/SUNWam/lib) on the Solaris box.
  Just the same way, by copying the am_services.jar, saaj-api.jar, and jaxm-api.jar,
  from the Solarix box to the windows machine,
  I am also able to pull the assertions from the Access Manager.
  I installed Sun Java Enterprise System 2005Q1 on a Solaris 10 machine.
  During the installation, I configured to install the Access Manager
  in Sun Application Server.
  Why do I need to have different set of jars on the windows machine
  for the Access Manager client SDK ?
  Could you please point me to a download link where I could download
  the correct Windows Access Manager Client SDK for
  Sun Java System Access Manager 6.0 (Sun JES 2005Q1)?
  Thanks.

• "Resend" option is not working for specific user. "The Operation Failed" Exchange 2010 Outlook 2013

  Hi Everybody. I have a weird one for you.
  I have a user that gets an "operation failed" message whenever trying to use the "resend" option on any email (It's the one right under recall). I had tested up and down on her machine. Exchange 2010 Outlook 2013
  Ran in safe mode, recreated her profile, disabled virus scanning, repaired office. (weird, the font just changed sizes on me)
  After all of this I tested on other computers, other users seem to be able to "resend" just fine. However her account does not work on any computer I try, internal or external to the network.
  It looks more like a profile issue.
  She's a very active archivist, so she only has 486MB of space used by her mailbox.
  It's well under quota.
  It's been really puzzling me.
  MCSE 2003, Exchange. MCTS Vista, 7. Administrator of awful, neglected website http://timssims.net

  Hi Timssims,
  Since there is only one user in the org has this issue, it seems an issue on the Outlook client side.
  I suggest asking Outlook Forum for help so that we can get more professional suggestions.
  For your convenience:
  https://social.technet.microsoft.com/Forums/office/en-US/home?forum=outlook
  However I also have some suggestions for your reference:
  1. If this issue occur on Cached Mode, I suggest turning to Online Mode for testing.
  2. Please also paste the detailed error message if "operation failed" is not the
  complete information.
  3. If still not works after perform operations above (including suggestions from Outlook Forum), I suggest re-creating a new mailbox for the specific user just as Martin suggested.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Cannot remove Unknown User

  Hi just noticed in (OS X Mountain Lion) System Preferences, Sharing, Screen Sharing: I have a 'Unknown User' and too 2 'Unknown User' in the Remote Login.
  See screen shots... got any ideas? (note clicking "–" does not remove the "Unknown User" they are stuck, hence my posting)
  thanks

  I had the same problem and i solved it (for Remote Login)
  1) First remove all users that can be remove from GUI
  2) shows the configuration of users
  sudo dscl  . -read /Groups/com.apple.access_ssh
  example result:
  AppleMetaNodeLocation: /Local/Default
  GeneratedUID: 2F60778C-0931-47A4-B656-DBE07ACD843F
  GroupMembers: 3D7C31B1-DEDE-4A5A-AAA8-CDD55645DC75
  GroupMembership: youraccoutname
  PrimaryGroupID: 404
  RealName:
  Remote Login ACL
  RecordName: com.apple.access_ssh
  RecordType: dsRecTypeStandard:Groups
  3) remove the group GroupMembers that the user is unknown
  sudo dscl  . delete /Groups/com.apple.access_ssh GroupMembers 3D7C31B1-DEDE-4A5A-AAA8-CDD55645DC75
  4) Go to System preference (dock) and see the result
  excuse my bad english.
  Ciao,
  Andrea.
  concretenz wrote:
  Hi just noticed in (OS X Mountain Lion) System Preferences, Sharing, Screen Sharing: I have a 'Unknown User' and too 2 'Unknown User' in the Remote Login.
  See screen shots... got any ideas? (note clicking "–" does not remove the "Unknown User" they are stuck, hence my posting)
  thanks

• How do I completely disable initial "Checking Compatibility of Add-ons" pop-up for all users on a Citrix server where the FireFox was upgraded to 29.0.1

  I have a set of Citrix servers, we need to upgrade the FireFox on them to 29.0.1
  When I have done this, and a user runs FireFox, now the users are being presented with a pop-up "Checking Compatibility of Add-ons" which delays the start of FireFox.
  I need to prevent this so users just see FireFox start up without any delays.
  I have installed the add-on that re-enables extensions.checkCompatibility and tried various ways of implementing it like pref("extensions.checkCompatibility", false);
  However we seem to have a situation where the add-on that enables the setting is not loaded yet so the setting is not implemented.
  How do I solve this for all users?

  You can try to set the browser.startup.homepage_override.mstone pref to ignore on the about:config
  *http://kb.mozillazine.org/browser.startup.homepage_override.mstone
  You can use a mozilla.cfg file in the Firefox program folder to specify new (default) values and possibly lock prefs.
  Place a local-settings.js file in the defaults\pref folder where also the channel-prefs.js file is located to specify using mozilla.cfg.
  pref("general.config.filename", "mozilla.cfg");
  These functions can be used in the mozilla.cfg file:
  defaultPref(); // set new default value
  pref(); // set pref, but allow changes in current session
  lockPref(); // lock pref, disallow changes
  See:
  *http://kb.mozillazine.org/Locking_preferences
  *http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/
  *http://mike.kaply.com/2014/01/08/can-firefox-do-this/

• Outlook 2013 on terminal server Search failes for all users

  we have a small comany with a new Windows 2012 Fileserver and Terminal Server.
  Office 2013 is installed and we use Office 365 - Exchange Online as our mailserver.
  We use Outlook with the Cached Exchange Mode ON. We have shared our mailboxes with our collegues.
  Indexstatus is complete for all the users.
  So far the information i have.  
  I suspect wrong permissions on the Windows Search Folders are the cause of my problems but where can i find the Windows Search Folders which are indexed (and shoot be accesable for the users).

  Winnie, thank you for your answer. 
  1. Make sure indexing is complete. ==> Index is complete
  2. Make sure Indexing Options are configured correctly ==> Indexing Options are configured correctly for the administrator, Outlook
  isn't configured in de Indexing options for the users (that might be the problem i guess)
  3. Make sure Outlook data is included in indexing==>
  Outlook Data is included in indexing
  See screenshots below:
  First screenshot are the Indexing Options as configured for the users, the seconde one are the indexing options for the administrator. I suspect there is my problem, but can't find the solution the solve this for the users.

• Toolbox software for Win7 makes your wireless radio fail

  I have a problem with my X60 Lenovo and the new toolbox software for windows 7.
  After installing this new toolbox for windows7 the wireless radio turnes off and cannot be turned on ever again.
  Only restoring a backup made just before installing the toolbox solved the problem. All other possible solutions failed. One other solution: Also you can go back to a recovery point made bij windows to remove the toolbox. Because as already said: even uninstalling the toolbox program (remove program) doesn't help, too.
  I like the 'old' productivity center much more than the toolbox. The toolbox starts up slow and adds not really new features. My advice: don't install the toolbox. Just a waste of MB of your harddisk.
  Marten

  Since purchasing the unit I was unable to use it in my home network, as it wouldn't work across subnets. I have a secure wireless Zone which issues different IP Addresses from my internal network range. Following a number of unsuccessful emails to tech support, I gave up and threw it back in the box. I recently moved house and installed another wireless lan for the music blaster to work, however cannot find the initial install cd, and have been unsuccessful finding the download anywhere for it. Did anyone ever manage to find the software, or has it been archi'ved due to it's failings?Come on Creative, I have been using your products successfully for over 0 years, but?this is by far the worst!

• O365-Update/Modify Service plan assignment by PowerShell for a user of an AccountSku without removing existing service plans

  For example: user has Windows Azure Directory Rights and SharePoint Online (Plan 2) service plans of Enterprisepack AccountSKU. I am trying to assign Office 365 proplus and Office online, service plan for that user without removing Windows
  Azure Directory Rights and SharePoint Online (Plan 2) plans. Is it possible using PowerShell?
  >$licenses = (Get-MsolUser -UserPrincipalName [email protected]).Licenses
  > $licenses[0].servicestatus
  ServicePlan                                                
  ProvisioningStatus
  YAMMER_ENTERPRISE                                          
  Disabled
  RMS_S_ENTERPRISE                                           
  Success
  OFFICESUBSCRIPTION                                         
  Disabled
  MCOSTANDARD                                                
  Disabled
  SHAREPOINTWAC                                              
  Disabled
  SHAREPOINTENTERPRISE                                        Success
  EXCHANGE_S_ENTERPRISE                                       Disabled
  >$entOption = New-MsolLicenseOptions -AccountSkuId domain:ENTERPRISEPACK -DisabledPlans YAMMER_ENTERPRISE, MCOSTANDARD,  EXCHANGE_S_ENTERPRISE
  >Set-MsolUserLicense -UserPrincipalName [email protected] -AddLicenses domain:ENTERPRISEPACK -LicenseOptions $entOption  #Giving me invalid AccountSKU error

  Hi Rayhan,
  Is it possible for you to give me the full error & your account SKU numbers. you can for sure do this via powershell we just need to make sure your passing through the correct AccountSKU and I'd like to check over the commands that your using if possible
  Send via PM if you require assistance still as appreciate this is rather an old thread now from MAY.
  Thanks,
  James.

• The report server has encountered a configuration error. Logon failed for the unattended execution account. (rsServerConfigurationError) Log on failed. Ensure the user name and password are correct. (rsLogonFailed) Logon failure: unknown user name or bad

  The report server has encountered a configuration error. Logon failed for the unattended execution account. (rsServerConfigurationError)
  Log on failed. Ensure the user name and password are correct. (rsLogonFailed)
  Logon failure: unknown user name or bad password 
  am using Windows integrated security,version of my sql server 2008R2
  I have go throgh the different articuls, they have given different answers,
  So any one give me the  exact soluction for this problem,
  Using service account then i will get the soluction or what?
  pls help me out it is urgent based.
  Regards
  Thanks!

  Hi Ychinnari,
  I have tested on my local environment and can reproduce the issue, as
  Vaishu00547 mentioned that the issue can be caused by the Execution Account you have configured in the Reporting Services Configuration Manager is not correct, Please update the Username and Password and restart the reporting services.
  Please also find more details information about when to use the execution account, if possible,please also not specify this account:
  This account is used under special circumstances when other sources of credentials are not available:
  When the report server connects to a data source that does not require credentials. Examples of data sources that might not require credentials include XML documents and some client-side database applications.
  When the report server connects to another server to retrieve external image files or other resources that are referenced in a report.
  Execution Account (SSRS Native Mode)
  If you still have any problem, please feel free to ask.
  Regards
  Vicky Liu
  Vicky Liu
  TechNet Community Support

• Firefox crashes for unknown reason lately, so I removed it and reinstalled it. How can I put my Favorites (bookmarks) back into the newly installed FireFox???

  Firefox crashes a few times when I was on Facebook and with email, also watching dramas online. Most of the time due to Adobe Flash and I did submit crash report. Later it crashes for unknown reason while I have email and Facebook on different tabs -- when I was on the tab of email, it looks system hang and not responding. This happened to my laptop that uses Windows Vista as I noticed. I don't remember it ever happens to my desktop that uses Windows XP.
  It's pretty annoying of such known crash, but before removing Firefox, I did try to update all add-ons or plugins and it looks like doesn't work out. After updating for couple times and it still crashed like that, I removed Firefox and reinstall it.
  '''Now I want to know how to put the shortcuts from my Favorite folder into the newly installed FireFox's bookmarks.''' I didn't backup the bookmarks by using Firefox. I even went to Firefox help for instructions, but it only mentions how to merge/input the bookmarks from other browsers. Please note the version I've removed and inrestalled is the same -- 3.6.13.

  It is possible that there is a problem with the files sessionstore.js and sessionstore.bak in the Firefox Profile Folder.
  Delete the sessionstore.js file and possible sessionstore-##.js files with a number and sessionstore.bak in the Firefox Profile Folder.
  *Help > Troubleshooting Information > Profile Directory: Open Containing Folder
  *http://kb.mozillazine.org/Profile_folder_-_Firefox
  Deleting sessionstore.js will cause App Tabs and Tab Groups and open and closed (undo) tabs to get lost, so you will have to create them again (make a note or bookmark them).
  *http://kb.mozillazine.org/Multiple_profile_files_created
  You can use this button to go to the Firefox profile folder:
  *Help > Troubleshooting Information > Profile Directory: Open Containing Folder

• How do I remove (unknown) user in permissions & sharing, please?

  I re-installed OS X with archive install.  I am reinstalling preferences, etc... using Time Machine and my archived Previous System folder.  However, many folders are marked and I have an (unknown) user with Read&Write Priveleges in Sharing & Permissions for files within 'Previous System' folders.  I am unable to remove (unknown) with - and I have no option for setting 'No Access' to this user.
  How do I remove (unknown) user with Read&Write Priveleges in Permissions?
  Using Terminal,  I have ascertained that my uid=501
  Macintosh:~ symone$ ls -ladeO /Previous\ Systems.localized/Previous\ System\ 1/Users/symone/Library/Audio
  drwx------+ 5 502  staff  - 170  8 Sep  2011 /Previous Systems.localized/Previous System 1/Users/symone/Library/Audio
  0: group:everyone deny delete
  Macintosh:~ symone$ id
  uid=501(symone) gid=501(symone) groups=501(symone),98(_lpadmin),81(_appserveradm),79(_appserverusr),80(admin)

  Hmmm, doesn't sound good for your drive.
  Check the S.M.A.R.T. status of the drive in Disk Utilty by highlighting the Drive & looking at the bottom of the window.
  Could be many things, we should start with this...
  "Try Disk Utility
  1. Insert the Mac OS X Install disc, then restart the computer while holding the C key.
  2. When your computer finishes starting up from the disc, choose Disk Utility from the Installer menu at top of the screen. (In Mac OS X 10.4 or later, you must select your language first.)
  *Important: Do not click Continue in the first screen of the Installer. If you do, you must restart from the disc again to access Disk Utility.*
  3. Click the First Aid tab.
  4. Select your Mac OS X volume.
  5. Click Repair Disk, (not Repair Permissions). Disk Utility checks and repairs the disk."
  http://docs.info.apple.com/article.html?artnum=106214
  Then try a Safe Boot, (holding Shift key down at bootup), run Disk Utility in Applications>Utilities, then highlight your drive, click on Repair Permissions, reboot when it completes.
  (Safe boot may stay on the gray radian for a long time, let it go, it's trying to repair the Hard Drive.)
  If perchance you can't find your install Disc, at least try it from the Safe Boot part onward.

• How to remove the option "Set as default background..." from the right-click menu on a picture, for all users.

  Hi! I would like to know if there is any possibility to remove the option "Set as default background..." from the right-click menu on a picture, for all users. I know that's possible to edit userContent.css or userChrome.css, but this concerns only a profile at a time and being in a domain, I would like to set this for all people using Firefox.
  Can it be possible to edit a mozilla.cfg file to get the same result?
  Thank you in advance for help and tips.

  AFAIK then there is no way to do that system wide. You can only do that via userChrome.css or an extension like the Menu Editor per profile .You can install extensions globally, but the user will have to enable them anyway. That is not required for userChrome.css code.

• Is it possible to reset password for any user using abap program

  Hi friends,
  Is it possible to reset password for any user using abap program by specifying client number and user id. in selection screen.
  if any code for that to reset password please mail me.
  Thanks & Regards,
  Yogesh

  Hello Yogesh,
  Yes you can reset the password for any body using ABAP Code. But for that you really don't need any client number.
  If this process is on regular basis, then recommended is to use BAPI for changing the user details Otherwise BDC also works fine.
  => Function Module - BAPI_USER_CHANGE
  Call this in the program for resetting the password.
  => CALL TRANSACTION 'SU01' USING InternalTable
  This will be executed in the BDC of SU01 transaction recording. Use the Password Change button in the application toolbar of transaction while recording.
  Hope this helps.
  PS If the answer solves your query, plz close the thread by marking it solved and rewarding each reply.
  Regards