Sun 7210 Storage System - SFTP and Active Directory

Good Afternoon
I have recently acquired a Sun 7210 Storage System which I have joined to my Microsoft Windows Active Directory domain. I have also specified the required LDAP Directory Service details under the Configuration tab. I am fairly sure these are correct as I can add a Directory user to the Users part of the device.
What I am having problems with is having my Windows A/D users connect to their shares via either HTTPS or SFTP. They are able to use the shares fine with CIFS and/or NFS.
The only user that can connect with SFTP and HTTPS it the local "root" user on the appliance.
Do people know if Directory users are able to use SFTP and HTTPS to access shares?
My current O/S on the 7210 is 2009.04.10.1.1,1-1.9.
Thanks in advance for any advice/help.
regards
Stephen Meatheringham
College of Asia & the Pacific
Australian National University
E: [email protected]

Stephen,
I ran into this same issue yesterday with SFTP. Unfortunately the answer is that the storage system does not authenticate to AD for local logins (for which FTP, SFTP, HTTP qualify). I placed a support call yesterday to Sun on this matter and was given this information as well as the fact that there are no current plans to do so.
You have taken the functionality one step further by "tricking" the system into using AD as LDAP. I'm not sure it's truly compatible, but that was my next step as well. I was also going to experiment with creative id maps to see if I could make it work. Unfortunately, I've found that if you take the system too far from it's designed use, strange things can happen. I'm not sure that is a chance I want to take with home directories or other "secure" information.
Let me know how you fare and I'll do likewise.
Eric

Similar Messages

  • Sun java directory server and Active Directory

    We are using two different directory servers Sun java directory server and active directory.
    My question is how we can have password synchronization between these two directory servers.
    I have checked Sun Java[TM] System Identity Synchronization for Windows 1 2004Q3
    http://www.sun.com/download/products.xml?id=41537425
    It seems that it's supported platforms is only for solaris and windows , but I have installed my Sun java directory server on linux and obviously it doesn't work for me.
    I would be grateful if anyone can suggest a solution to work around this situation.
    I have checked identity manager , I would like to know that if I can do this using this product.
    http://www.sun.com/software/products/identity_mgr/specs.jsp
    --regards.
    Sara

    Yes RHEL 4 is a supported OS with DSEE 6.0.
    Identity Synchronization for Windows is a part of DSEE that allows synchronization of users, passwords and groups between Sun Directory Server and Active Directory bi-directionally without altering the users environments, ie it does not require that users change their current habits.
    Identity Manager is a complete identity management solution that is targetting enterprise work flow when it comes to user provisioning and de-provisioning, but also allows to build authentication and password change forms that will provision the passwords to many different systems including Sun Directory Server and Active Directory but also IBM mainframes, legacy applications, databases...
    If you are implementing a complete identity management solution, then go with Identity Manager. If you need a lightweight and fast solution for just synchronizing users and passwords between Sun DS and MS AD, Identity Synchronization for Windows should be your choice.
    Regards,
    Ludovic.

  • Cucm 9.1.2 and Active Directory(Windows Server 2003 Standart Edition SP2)

      Hello!
     Can CUCM 9.1.2 support an integration with Active Directory(Windows Server 2003 Standart Edition SP2)? How do I have to write down LDAP Manager Distinguished Name? I can find supporting only Active Directory 2003 in documentations without reference to Operation System.

    Yes, it is possible.
    Check this how-to if you have any doubts about the process.
    http://blog.ipexpert.com/2010/04/28/cucm-and-active-directory-integration/
    http://www.markholloway.com/blog/?p=1189

  • Step by step process to create domain name and active directory in windows 7 64 bit

    Step by step process to create domain and active directory in windows 7 64 bit
    I work in an organization
    I want to create a domain name SBBYDP and make it server for other computers
    I want that, all users’ have a personal account while they use any computer from this organization, even they use any computer from this network they use their own account to login to network.
    And this may be in Active directory option.
    I installed windows 7 professional edition 64 bit
    Can any person help me? Step by step process, I always thanks full all of you

    Hi,
    You must use the Windows Server platform system for the AD service, you can refer the following KB first:
    Active Directory
    http://technet.microsoft.com/en-us/library/bb742424.aspx
    AD DS Deployment Guide
    http://technet.microsoft.com/zh-cn/library/cc753963(v=ws.10).aspx
    Hope this helps.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Looking for successful auth debug between cisco 1113 acs 4.2 and Active Directory

    Hello,
    Does anyone have a successful authentication debug using cisco 1113 acs 4.2 and Active Directory?  I'm not having success in setting this up and would like to see what a successful authentication debug looks.  Below is my current situation:
    Oct  6 13:52:23: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:23: TPLUS: processing authentication start request id 444
    Oct  6 13:52:23: TPLUS: Authentication start packet created for 444()
    Oct  6 13:52:23: TPLUS: Using server 110.34.5.143
    Oct  6 13:52:23: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
    Oct  6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: socket event 2
    Oct  6 13:52:23: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
    Oct  6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 26 (0x1A)
    Oct  6 13:52:23: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
    Oct  6 13:52:23: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
    Oct  6 13:52:23: T+: user: 
    Oct  6 13:52:23: T+: port:  tty515
    Oct  6 13:52:23: T+: rem_addr:  10.10.10.10
    Oct  6 13:52:23: T+: data: 
    Oct  6 13:52:23: T+: End Packet
    Oct  6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: Would block while reading
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:23: TPLUS(000001BC)/0/READ: read entire 28 bytes response
    Oct  6 13:52:23: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
    Oct  6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
    Oct  6 13:52:23: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:10, data_len:0
    Oct  6 13:52:23: T+: msg:  Username:
    Oct  6 13:52:23: T+: data: 
    Oct  6 13:52:23: T+: End Packet
    Oct  6 13:52:23: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:23: TPLUS: Received authen response status GET_USER (7)
    Oct  6 13:52:30: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:30: TPLUS: processing authentication continue request id 444
    Oct  6 13:52:30: TPLUS: Authentication continue packet generated for 444
    Oct  6 13:52:30: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
    Oct  6 13:52:30: T+: Version 192 (0xC0), type 1, seq 3, encryption 1
    Oct  6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 15 (0xF)
    Oct  6 13:52:30: T+: AUTHEN/CONT msg_len:10 (0xA), data_len:0 (0x0) flags:0x0
    Oct  6 13:52:30: T+: User msg: <elided>
    Oct  6 13:52:30: T+: User data: 
    Oct  6 13:52:30: T+: End Packet
    Oct  6 13:52:30: TPLUS(000001BC)/0/WRITE: wrote entire 27 bytes request
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:30: TPLUS(000001BC)/0/READ: read entire 28 bytes response
    Oct  6 13:52:30: T+: Version 192 (0xC0), type 1, seq 4, encryption 1
    Oct  6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
    Oct  6 13:52:30: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
    Oct  6 13:52:30: T+: msg:  Password:
    Oct  6 13:52:30: T+: data: 
    Oct  6 13:52:30: T+: End Packet
    Oct  6 13:52:30: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:30: TPLUS: Received authen response status GET_PASSWORD (8)
    Oct  6 13:52:37: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:37: TPLUS: processing authentication continue request id 444
    Oct  6 13:52:37: TPLUS: Authentication continue packet generated for 444
    Oct  6 13:52:37: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
    Oct  6 13:52:37: T+: Version 192 (0xC0), type 1, seq 5, encryption 1
    Oct  6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
    Oct  6 13:52:37: T+: AUTHEN/CONT msg_len:11 (0xB), data_len:0 (0x0) flags:0x0
    Oct  6 13:52:37: T+: User msg: <elided>
    Oct  6 13:52:37: T+: User data: 
    Oct  6 13:52:37: T+: End Packet
    Oct  6 13:52:37: TPLUS(000001BC)/0/WRITE: wrote entire 28 bytes request
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 33bytes data)
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:37: TPLUS(000001BC)/0/READ: read entire 45 bytes response
    Oct  6 13:52:37: T+: Version 192 (0xC0), type 1, seq 6, encryption 1
    Oct  6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 33 (0x21)
    Oct  6 13:52:37: T+: AUTHEN/REPLY status:7 flags:0x0 msg_len:27, data_len:0
    Oct  6 13:52:37: T+: msg:  Error during authentication
    Oct  6 13:52:37: T+: data: 
    Oct  6 13:52:37: T+: End Packet
    Oct  6 13:52:37: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:37: TPLUS: Received Authen status error
    Oct  6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: timed out
    Oct  6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: No sock_ctx found while handling request timeout
    Oct  6 13:52:37: TPLUS: Choosing next server 101.34.5.143
    Oct  6 13:52:37: TPLUS(000001BC)/1/NB_WAIT/46130160: Started 5 sec timeout
    Oct  6 13:52:37: TPLUS(000001BC)/46130160: releasing old socket 0
    Oct  6 13:52:37: TPLUS(000001BC)/1/46130160: Processing the reply packet
    Oct  6 13:52:49: TPLUS: Queuing AAA Authentication request 444 for processing
    Oct  6 13:52:49: TPLUS: processing authentication start request id 444
    Oct  6 13:52:49: TPLUS: Authentication start packet created for 444()
    Oct  6 13:52:49: TPLUS: Using server 172.24.5.143
    Oct  6 13:52:49: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
    Oct  6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: socket event 2
    Oct  6 13:52:49: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
    Oct  6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 26 (0x1A)
    Oct  6 13:52:49: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
    Oct  6 13:52:49: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
    Oct  6 13:52:49: T+: user: 
    Oct  6 13:52:49: T+: port:  tty515
    Oct  6 13:52:49: T+: rem_addr:  10.10.10.10
    Oct  6 13:52:49: T+: data: 
    Oct  6 13:52:49: T+: End Packet
    Oct  6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: Would block while reading
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 43bytes data)
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
    Oct  6 13:52:49: TPLUS(000001BC)/0/READ: read entire 55 bytes response
    Oct  6 13:52:49: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
    Oct  6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 43 (0x2B)
    Oct  6 13:52:49: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:37, data_len:0
    Oct  6 13:52:49: T+: msg:   0x0A User Access Verification 0x0A  0x0A Username:
    Oct  6 13:52:49: T+: data: 
    Oct  6 13:52:49: T+: End Packet
    Oct  6 13:52:49: TPLUS(000001BC)/0/46130160: Processing the reply packet
    Oct  6 13:52:49: TPLUS: Received authen response status GET_USER (7)
    The 1113 acs failed reports shows:
    External DB is not operational
    thanks,
    james

    Hi James,
    We get External DB is not operational. Could you confirm if under External Databases > Unknown User           Policy, and verify you have the AD/ Windows database at the top?
    this error means the external server might not correctly configured on ACS external database section.
    Another point is to make sure we have remote agent installed on supported windows server.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289013
    Also provide the Auth logs from the server running remote agent, e.g.:-
    AUTH 10/25/2007 15:21:31 I 0376 1276 External DB [NTAuthenDLL.dll]:
    Attempting Windows authentication for user v-michal
    AUTH 10/25/2007 15:21:31 E 0376 1276 External DB [NTAuthenDLL.dll]: Windows
    authentication FAILED (error 1783L)
    thanks,
    Vinay

  • ### How to make integration between UCCX and Active Directory##

    Hello,
    I want to know what is the right procedure to perform a right integration between the UCCX and the Active Directory?
    Waiting Yours Reply,,,,
    Thanks a lot......

    What version?
    Assuming a current version (5.0 and higher): there is NO direct integration between CCX and Active Directory. The CCX server must not be joined to a domain.
    CCX uses UC Manager End Users for synchronized usernames and passwords. If UC Manager is synchronized with an LDAP source, such as Active Directory, then this will carry forward to CCX. CCX would pass authentication requests to CCX through AXL. UCM would perform the LDAP authentication and inform CCX of the success/failure.

  • Difference between Windows NT domain registry and Active Directory registry

    What are the difference(s) ?

    Frank, thanks for your response :)
    I want WebSphere Application Server to take advantage of a directory service. There are multiple options available for a directory service. 
    In my configuration the requirement is to make WebSphere Application server to use Microsoft's Active Directory. 
    While I was going through (WebSphere) documentation, I see following note.
    " With Windows NT domain registry support for Windows 2000 and 2003 domain
    controllers, WebSphere Application Server only supports Global groups that are the Security type. It is recommended that you use the Active Directory registry support rather than a Windows NT domain registry if you use Windows 2000 and 2003 domain controllers
    because the Active Directory supports all group scopes and types. The Active Directory also supports a nested group that is not support by Windows NT domain registry. The Active Directory is a centralized control registry."
    You can find the above note in this link (somewhere after 7th line)
    http://www-01.ibm.com/support/knowledgecenter/SSAW57_7.0.0/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/csec_localos.html?cp=SSAW57_7.0.0%2F3-11-5-1-0-0
    Does it mean that they are recommending to use Active Directory over Windows NT (which is an older approach) with windows server 2000 or windows server 2003 because Active directory is
    advanced ?
    I was under the impression that, Active Directory was started with Microsoft Windows Server 2003 and Windows NT registry was used till Windows 2000 server.
    After going through above links, 
    Windows NT registry in an old method. However, it is compatible with Windows Server 2000 and Windows server 2003 but it is recommended to use Active directory with Windows Serve 2003 as it is more advanced. And the same is recommended in WebSphere documentation
    (I am aware that support for Windows Server 2000 is over and only extended support is available for Windows Server 2003 however this is to clear doubt). Is my understanding correct ? And does windows server 2000 also support both i.e we can use either Windows
    NT registry or Active directory and similarly, Either of them (Windows NT or Active Directory) could be used with Windows Server 2003 ?
    And if I got it correct, Is Windows NT and Active Directory, both directory service offering from Microsoft? While NT being an old method and Active Directory being a new/advanced approach ?

  • Configuration Help - Sun Java Directory 5.2 and Active Directory Sync

    Don't know what I am skipping... but I get stuck with no Domain Controllers showing up in the pick list, when configuring an Active Directory Resource.
    I am using DS 5.2.P4 on Windows 2003 Sp1 server, along with Indentity synchronization for windows (ISW) 1 2004Q3 SP1.
    I have the installtion manaul and can not get past step 6 of creating an Active Directory Source, becuase no Domain Conroller show up in the pick list, nor can I specify one. I have verified that one of the Domain Controllers is configured as Single Master Operations Role in the AD.
    Any help on this matter would be greatly appreciated.
    Thanks,

    nebiyou1 wrote:
    1. Is Messaging Server 5.2 compatible with Sun Java Directory Server 6.3?This is obviously not a tested (or supported) combination. That being said I'm not aware of any particular issues with MS5.2 and DS6.3.
    If Yes, any documents on how to migrate Messaging Server from pointing to Directory Server 5.2 to 6.3?No.
    2. Can Messaging Server 5.2 p 2 run on Solaris 10?Yes. However you need to upgrade to 5.2hf2.18 (last hotfix released) to address known Solaris 10 issues e.g.
    5108758 Dispatcher incorrectly determines Solaris 10 version
    You can get a copy of iMS5.2hf2.18 from Sun support.
    Regards,
    Shane.

  • 10.4.6 and Active Directory Problem - Volume cannot be found??

    I have bound six 10.4.6 to active directory. All went sweet with no problems. I have "force local home folder" off in Directory Access for AD. I can login to the Mac no problem using any user account from AD. If I login with a user the first time all goes well. The desktop icons show and the home directory is that of the users network home folder and can browse it. All good until I log out and login again. I get the desktop icons but the users home directory give the error "The Volume for %username% Cannot be found" when trying to access. I can browse the network to the user home folder without having to authenticate. The server (2003) shows no login errors, all looks fine. I have upgraded one Mac to 10.4.7 but made no differnce.
    I have installed "services for Mac and Appletalk" on the server but from what I have been told this shouldn't need to be installed but I did as I was getting no where anyway.
    Any ideas?
    PowerPC   Mac OS X (10.4.6)  

    Hi Chris!
    Before I comment, I want to define a couple of things. A "Mac home folder" stores a user's files (Documents, Library, etc.). This home folder can be stored locally on the workstation or it can be stored on a server. A "Windows home folder" is defined in a user's Active Directory account and can be used as the Mac home folder or simply as a network user folder for storage.
    While the idea of a network-based Mac home folder is nice, it can be clunky simply because the entire user experience is dependent on network speed and/or good file synchronization between your server and workstation. As someone who works in a group supporting about 300 Macs, I suggest enabling local home folders and not using a network-based Mac home folder.
    Next, File Services for Macintosh (AFP protocol) built into Windows Server will not support network-based Mac home folders. This is a dead end. You can install a third party product from Group Logic called ExtremeZ-IP, which does support network-based home folders over AFP.
    Therefore, what's happening in your network is that the network-based Mac home folders are being mounted via the SMB protocol, which uses Windows style file sharing. SMB in Mac OS X is good for limited use but I wouldn't recommend it for extensive use, which would include network-based Mac home folders.
    Here's what I suggest for your AD settings: 1.) Enable local home folders. 2.) Connect via SMB. This will keep your users' Mac home folders local to the machine but if their Windows network home folder is properly defined in their AD account settings then these should automatically mount on the Desktop via SMB at login.
    If you can get your Windows home folders to mount automtically on the users' Desktops then you can experiment with synchronization. After logging in, each user can visit Apple menu --> System Preferences... --> Accounts and the synchronization options will be available. A user can synchronize all or part of his local Mac home folder to his mounted Windows home folder.
    Hope this helps! bill
    1 GHz Powerbook G4   Mac OS X (10.4.7)  

  • OBIEE 11G with Single Sign-On and Active Directory

    Hi guys,
    Release Version: Oracle Business Intelligence 11.1.1.5.0
    Patch applied: 11.1.1.5.0 BP3 (Patch 13832750)
    OBIEE Server operating system: Windows Server 2008 SP2 (32-bits Operating System).
    We are trying to configure Single Sign-On according to TechNote_WNA_SSO_AD_V4.0.doc.
    Our krb5login.conf:
    com.sun.security.jgss.krb5.initiate {
    com.sun.security.auth.module.Krb5LoginModule required
    principal="[email protected]"
    keyTab=cgdkobi2.keytab
    useKeyTab=true
    storeKey=true
    debug=true
    com.sun.security.jgss.krb5.accept {
    com.sun.security.auth.module.Krb5LoginModule required
    principal="[email protected]"
    keyTab=cgdkobi2.keytab
    useKeyTab=true
    storeKey=true
    debug=true
    We generate de keytab file:
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.24\bin\ktab.exe -k cgdkobi2.keytab -a [email protected]
    Password for [email protected]:XXXXXXX
    Done!
    Service key for [email protected] is saved in cgdkobi2.keytab
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\kinit -k -t cgdkobi2.keytab cgdkobi2
    New ticket is stored in cache file C:\Users\cgdkobi2\krb5cc_cgdkobi2
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\klist -k -t cgdkobi2.keytab
    Key tab: cgdkobi2.keytab, 1 entry found.
    [1] Service principal: [email protected]
    KVNO: 1
    Time stamp: Mar 15, 2013 10:34
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>klist
    Current LogonId is 0:0x406163f5
    Cached Tickets: (0)
    We re-start the services and logon into analytics web and SSO doesn't work but there's not an error. It runs successfully with and Active Directoy user and password. Seems like SSO wasn't enabled, but I checked is enabled.
    Any suggestion?
    Thanks in advanced

    Follow the posts : OBI 11.1.1.6.SSO and You are not currently signed in to Oracle BI Server" for OBIEE 11.1.1.6 SSO do the troubleshooting mentioned there.
    Also check your logs for error like the one below:
    [2012-03-09T16:42:36.000-05:00] [OBIPS] [NOTIFICATION:1] [] [saw.securitysubsystem.checkauthentication.runimpl] [ecid: 6c98b5cce1f24814:2a613331:135f95fbdff:-8000-0000000000005b7a,0:1:1] [tid: 5932] Authentication Failure.
    Odbc driver returned an error (SQLDriverConnectW).
    State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
    [nQSError: 43113] Message returned from OBIS.
    [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)[[
    If you are getting this when you login to OBIEE :      You are not currently signed in to Oracle BI Server"
    then you need to apply this patch : 13553428 QA:BLK:DELIVER TO CORP. OID LDAP USERS FAILED WITH IMPERSONATOR DOES'NT EXIST. 11.1.1.6.0 Generic Platform (American English) General Oracle BI Suite EE Apr 5, 2012 799.4 KB
    Let us know the updates. Hope this helps. Mark if it does.!
    Thanks,
    SVS

  • Applre Remote Desktop and Active Directory

    Hi
    How does one remote desktop into a Mac that in bound to Microsofts Active Directory ?
    It will not accept any username/password if bound, but if unbound it connects first go.
    Suggestions ?

    Have you looked into extending the Active Directory schema to support Mac OS X? Given the problems I'm having with AD Mobile Accounts, I don't even want to think about modifying the AD schema yet; and I doubt I'd get approval in the best of circumstances. But it may be useful for what you're trying to do.
    See "Best Practices: Integrating Mac OS X with Active Directory" (April 2007) at
    http://images.apple.com/itpro/pdf/ADBest_Practices2.0.pdf
    {quote}Extend the AD schema to handle management.
    By adding 38 attributes and 10 classes to the AD schema, your AD system can support all Mac OS X management policies. Just use the normal Mac OS X management tools and target the AD domain.{quote}
    Message was edited by: Robert Racansky
    Message was edited by: Robert Racansky

  • Open directory and Active directory

    Hello everyone.
    I am from a school in london. We currently have 8 servers (7 running Server 2003 and a recently installed Mac server running os x server 10.5)
    We have recently installed new macs into our media room and need them to be set up to work with the current domain setup.
    what we wish to do is to run the media centers computers through the Mac server but get the existing domain information from the Active directory server running windows. As i have not set up a mac server before I am having certain difficulties doing this. The first time we set up the active directory on the mac server we could log into the mac computers but could not change any of the policies to different groups to allow or deny certain applications from running. Everytime i go to save a policy for a certain group we get the error message
    "Error while saving record "Finchley\Level 1@ Error -14140
    Im guessing this is because we are trying to save that to the active directory and not onto the mac server so how can we Map the active directory to the Macs open directory so that we can customize the mac group policies?
    Sorry if that didnt make alot of sense im typing abit fast
    Thanks

    Have you been here?
    http://docs.info.apple.com/article.html?path=DirectoryAccess/1.8/en/c7od45.html
    It should be straight forward, depending on how your AD accounts are setup.
    Unfortunately, I currently see a bug in the system which is often causing the home directory share to fail to mount when I use the AD plug-in in its default configuration. I'm pleading with Apple to fix this soon.
    If you use the plug-in in "true network home" fashion, by unchecking the 'force local home' option, then you should avoid this annoying bug. This method however requires plenty of network bandwidth and space for your entire Mac home folder.

  • Re: single log-on (SSO) using Windows 2000 and Active Directory

    Hi Honggo,
    Its possible to see all the Active Directory users in WLS6.1 by
    configuring the ldap realm.
    You can use any of the username/password in ldap but you still have to
    login again.
    However the concept of single sign on across operating system and WLS
    might not work in WLS6.1. WLS 7.0 allows you to write code that
    supports these kind of things better.
    honggo wrote:
    anybody know how to use windows 2k authentication
    (implemented by Active Directory)
    to support SSO in WebLogic Server?
    What I mean is I want to login once and only once
    in win2000 and somehow weblogic server know
    who is currently logon and impose some Access Control
    many regards in advance
    honggo

    Replying again because it didn´t seem to work last time.
    Could you be more specific? What code do I have to write to achive single sing on across Windows and WLS 8.1?
    Regards
    Mauricio Hurtado
    Banco de Mexicio

  • Route mail and Active Directory Sites and Services configuration

    Folks,
    I have a problem in the internal email routing. My network is spread across various regions and the branch offices are connected together in a mpls network (full mesh). Every region has its own Exchange Server with all roles installed and the smtp connection
    to the outside world is linked to two Exchange servers in the headquarter server farm.
    The problem is that internally I often see emails going across the Exchange Servers in the branch offices where there is low bandwidth (from 3 to 5 Mbps), thus email are sent first to these servers instead of going immediately to the Exchange hosting
    the mailboxes of the intended recipients. This happens also with inbound emails.
    This causes slowness in the email system and sometimes also the network with these branch offices suffers from packet loss or very high latency.
    I know that Exchange is a site-aware application and uses the Active Directory topology for message routing and to communicate with the services that are running on other Exchange 2013 computers. For this reason I have checked the Active Directory Sites
    and Services and surprisingly I have found that there are no sites, no subnets, nothing has been defined but the default settings, included the Inter-Sites transport which contains the default DEFAULTIPSITELINK.
    Apart from the fact that clients use logon servers which are not supposed to use in the far remote offices, I am concerned of changing the Exchange Infrastructure whilst the email system is running and I would like to ask your opinion about my next steps:
    1) Create subnets for every office
    2) Create sites and then link them to the subnets done in point 1
    3) Delete the DEFAULTIPSITELINK and create new site links based on the costs (network speed) in order to determine the best routing server. I have 5 remote offices with 5 different network bandwidth, so I'll have to create 5 IP site links: high cost for
    link with slow network, low cost for fast network.
    4) (Optional) Configure the Exchange-specific cost using the Set-AdSiteLink cmdlet to the AD IP site links created previously
    Apart from the valid questions on why the previous Exchange Administrator have forgotten to set up the Active Directory (Topology) Sites and Services...
    ...And why have chosen to install all Exchange Roles to each server when there was no reason to do that (there are two servers connected to the external smtp gateways in the headquarter, so in my opinion the Exchange Servers in the remote branch offices
    should have had only the mailbox and the cas role)...
    As a matter of fact, my idea is to go further and create the sites,subnets and the ip site link. If I still notice a wrong email flow, I can configure an ad-hoc Exchange-specific cost using the Set-AdSiteLink cmdlet. Does this sound reasonable to you guys
    or I am taking the wrong decisions?
    Thanks

    Thank you very much for your link. This is exactly the page I have read just before posting my question here. It is not easy for me to understand why this has been setup this way by a Microsoft certified engineer.
    There are specific rules to follow when Active Directory and Exchange are located in multiple sites and I am not a skilled Exchange Administrator... he keeps saying that it is correct and also tells that if I go forward with my ideas there is the
    risk to increase the level of complexity. I prefer more complexity than default setting, and as a consequence of that, connectivity problems!
    Hopefully everything goes well. I will post my results here once I have done the changes
    Regards

  • ITunes U and Active Directory

    Hello All,
    We would like to have iTunes U podcasts available based on a user's course and role info. Furthermore, we are looking to have Active Directory provide this info. I am currently researching possibilities and have discovered two potential solutions:
    1) Group membership
    2) Extend the Active Directory schema
    a) Do you recommend one over the other, or have you successfully implemented an alternative?
    b) Is there any step by step documentation available on a successful implementation?

    We're using eDirectory rather than Active Directory, but we're having much the same discussion. I think it's a question of what you'd ultimately like to do with iTunes.
    Right now, I'm doing simple authentication against eDirectory, checking to make sure the user has a valid username and password, and then determining what group they belong in: Student, Faculty or College (the last of which is a catch all for those not belonging to the first two groups). Most of the content is identical, but I expect to post different welcome messages and how to's to the home page based on groups, particularly the Student ("how do I get my club's content into iTunes?") and Faculty ("How do I use this with my courses?") roles.
    This authentication is handled via Perl, using Perl's LDAP functions to retrieve directory information and then build credentials based on that. I have an example version of that script; if anyone would like a copy, please e-mail me off-list at newquisk (at) lafayette.edu.
    That's good for big groups and even smaller ones, depending on how you've got your directory set up (for example, we have a group for our department that we're using to distribute department-specific materials). But I think it breaks down at the course level which is why we're looking to extend eDirectory to support the eduCourse object class (and while we're at it, eduPerson).
    The goal here would be able to have a person's course information and roles for those courses in LDAP and then use that to authenticate against iTunes and other web-based applications (in particular, Moodle). We expect to populate these fields based on regular imports from our administrative system.
    We're at the beginning of that process, and have just started experimenting with expanding our eDirectory schema. I'm in the process of looking for schools that have implemented the eduCourse and eduPerson object classes so that we can get a better idea of what an operational system looks like.
    I hope this helps,
    Ken Newquist
    Lafayette College

Maybe you are looking for

  • Difference between IS NULL and = NULL

    Hello Guys, In 10gR2 what is the difference between IS NULL and = NULL Thanks, Imran

  • How to use enviroment variables in JSP code?

    I�m developing a web server with JSP�s, and I need to move the application to others computers. I need to access to a directory, but I don�t know it because the user can install the Application in the directory he wants. So I need to access to that d

  • Can't install latest Flash player 10.1 for Opera 10.53

    Hi all Having a weird problem installing Flash Player 10.1.53.64. Flash is only installed partially, differently from earlier versions. OS: Windows XP SP 3 (32bit) Browser: Opera 10.53 old Flash player version: 10.0.45.2 I tried updating my Flash pla

  • Nvidia 7800 GT Operating Temps

    Is it bad that my Nvidia 7800GT graphics card is running at 103 c/217 f consistently? I really dont want to go into the apple store my applecare just literally ran out.

  • Bizarre bug in Camera Raw 7.3 or Adobe Algorithms??? Grayed out areas of the image

    When converting raw files from Nikon D600 using CR 7.3 parts of the image appear grey and save that way. Converting to TIFF using Adobe DNG Converter didn't help but viewing and saving to TIFF in Preview showed none of the artifacts. Very bizarre and