The padlock under 'Directory Utility' isn't functioning
Hello everyone.
I am the only one who will use my MacBook (running 10.6.2), and my account is 'admin'.
If I need to enable the root user, I know I should go to:
(1) System Preferences
(2) Accounts
(3) Login Options
(4) Network Account Server: Join...
(5) Open Directory Utility...
(6) Edit --> Enable Root User
But between the processes (5) & (6), I previously have to click the lower left padlock in order to make changes.
But now, the padlock is always open. So I locked it, and it is locked at THIS moment.
After restarting my Mac, the padlock is open again, how come??
Thanks in advance!
*I think I have to re-type my message again in order to make my situation clear: *
Hello everyone.
I am the only one who will use my MacBook (running 10.6.2), and my account is 'admin'.
(I have an only account called 'Michael' and it is set as 'admin')
If I need to enable the root user, I know I should go to:
(1) System Preferences
(2) Accounts
(3) Login Options
(4) Network Account Server: Join...
(5) Open Directory Utility...
(6) Edit --> Enable Root User
But between the processes (5) & (6), it SEEMS that I have to click the lower left padlock in order to make changes initially.
But now, no matter how many times I lock the padlock, when I log out and log in again, the lock is open again.
But when I lock it, yes it is locked, but just at THIS moment.
After restarting or log out my Mac, the padlock is open again, how come??
(I have a 'fresh back-up' after the clean installation of Snow Leopard 10.6.2 and iLife '09 on my external FireWire HD, and I boot into it to check whether I have to click the lower left padlock in order to make changes. I find that between the processes (5) & (6), there is no need for me to type my password in order to unlock the padlock.)
Thanks in advance!
Similar Messages
-
I want to put an icon in the dock, for Directory Utility or it's Yosemite heir. Can't see it in Core Services. Is it now a hidden file? Spare me the lecture on the evils of the root user please. My usual idea is to enable root temporarily.
Hi Robert,
Hmmm, I'm still seeing it in my System > Library > CoreServices > Applications.
You can also try the steps in this article, which still apply.
OS X Mavericks: Enable and disable the root user
Take care,
Nubz -
The padlock symbol isn't appearing when I proceed to enter my credit card details
I've noticed since updating firefox to the current version, the secure padlock symbol isn't appearing when I purchase something online. I have made one transaction like this but am now concerned my details aren't safe! Please could you advise me
In Firefox 4 you no longer have the Status bar that showed the padlock in previous Firefox versions.<br />
The padlock only shows that there is a secure connection and doesn't guarantee that you are connected to the right server.<br />
So you might still be connected to the wrong server if you make a typo in the URL and someone has claimed that mistyped URL.<br />
The functionality of the padlock has been replaced by the [[Site Identity Button]] on the left end of the location bar.<br />
See also:
* http://www.dria.org/wordpress/archives/2008/05/06/635/
* https://support.mozilla.com/kb/Site+Identity+Button
You can use this extension to get a padlock on the location bar.
*Padlock: https://addons.mozilla.org/firefox/addon/padlock-icon/ -
I have an external hard drive from my time capsule that stopped working on me. I am attempting to access the data with a hard drive reader on my MAC. I am able to see the drive in disk utility and under system info USB. But I am unable to access the data and it does not show on the desktop when connected.
Ok if disk utility was able to verify the drive I doubt there is any problem.. are you trying to open a TM backup??
You need to mount the sparsebundle then check the actual info inside the bundle.
Don't use disk warrior.. if the disk has verified then unless you deliberately deleted files there is nothing that is going to do.
Pondini has a lot of stuff about getting access to the sparsebundle.
http://pondini.org/TM/17.html
But if you have copied info to the TC that is now gone.. and the disk is ok.. I am not sure.. the TC will not have deleted the files itself. -
Trouble getting the default user directory under Windows XP
I m trying to get the default user directory under windows XP SP3.
To do so, I'm using
System.getProperty("user.home");
I was expecting to get a path like "C:\Documents and Settings\user", nstead of that I get "C:\Documents and Settings\user\Destop".
I checked the %USERPROFILE% and %HOMEPATH% window's environment variables and both of them are correctly set ( set to "C:\Documents and Settings\user").
Is there any way to get the right path other than using : System.setProperty("user.home", "C:\\Documents and Settings\\user"); ?Thanks WalterLaan,
The System.getenv("USERPROFILE") method will, at least, fix the problem under win XP.
I guess i'll have to write a more refined method to be able to deploy my application under differents OSes.
Regards. -
I have tried to transfer Mail from iMac to Macbook pro. It isn´t functioning, the program always hang up. Mac OS 10.9.4.
Tried how? Using what? Step-by-step details and the results you get along way should elicit a cogent response.
iMac refurb (27-inch Mid 2011), OS X Mavericks (10.9.4), SL & ML, G4 450 MP w/Leopard, 9.2.2 -
Directory Utility keeps telling me the name and password do not match
Installed Leopard Server on my Mini a few days ago, and I enabled Open Directory server.
Added the server in my home network with directory utility on my laptop, and it works perfect both when I'm on the local network, and when I'm elsewhere.
Tried doing the same at my Leopard iMac at work today. Finds the server just fine, but when trying to configure my machine locally I get an error message during Authentication that simply says "The name and password you entered for the user account on the server do not match".
Now. I KNOW the username and password is correct. And I have the same username and password on this machine (both the long name, and the short one).
So what am I doing wrong here?Christian,
I've experienced similar issue recently. The most likely solution will be to delete the user and recreate it using same uid and username. I'm going to look for other solutions prior to that. -
How do I close the Directory Utility Window?
The Directory Utility window was opened and I have not been able to close it.
Upon restarting, a pop-up message reads that the window must close in order to complete the operation.
Only the minimize (yellow) button is available for click and the Systems Preference window is closed.Click on Tools.
-
How do I recreate the "System Administrator" entry in Directory Utility. It was accidentally deleted.
If you see this article: http://www.stupidlittleblog.com/2011/technology/apple/mac-os-x-lion/mac-os-x-lio n-root-user-sigin-error/#.To_DWOsb6jV
I was having the same root user password login problem.
So I followed the instructions in it, but instead of deleting "AuthenticationAuthority" setting for System Administrator, I accidentally deleted the whole "System Administrator".
Therefore, I'll need to recreate the "System Administrator" entry in the Directory Utility. Maybe you can send me a screen capture of the System Administrator settings so I can try to recreate it. Or else if you know how I can recreate is (maybe from Terminal command line), it will be appreciated.
Thanks. -
Question
I just downloaded FF4 and now the "SEARCH" tab located at the center of my home page isn't functional. I uninstalled and reinstalled but the result is the same.I think what I did was right clicked on the toolbar when I went to the tab and properties to find out the name of it. I then opened the extensions and add-ons and found what it was there (I don't remember the extension)., You will find the mess involves the homepage tab you have. Click on your tool bar for customization and put the home page away. This doesn't remove it but it will stop bing from showing up. Instead, my tabs now go to a Google page but I can't put in a homepage. Instead I bookmarked Google to my menu bar and when I open a tab I just click that! Cheaper than a trip to a computer vet.
The only option you will have is to remove google, but if you do, you loose all your goodies. Though I did not try this myself, I fear saving your tabs,bookmarks , etc. will store with it, whatever this bing thing is. Hope this helps -
I face issue 16 in my iPad it is not working I connected it to the MAC to update or restore i face the same issue the iPad under Guarantee but in my country their isn't representative for Apple can you help me ??
Resolve iOS update and restore errors - Apple Support
and
iPhone 4 restoring error (16) -
The padlock icon is no longer visible for any site that requires a login
One of the main principles of Human Computer Interaction [HCI] is that there should be immediate visibility to the system's status. Forcing the user to "click" the identity site key and try to locate the lock-pad encryption icon is poor design. The icon has become a default standard expectation of the INTERNET user community across browsers. Internet Explorer, of which, I'm not a fan - has done away with a bottom bar, yet retained the padlock in the top right of the menu bar [it is conditionally displayed only when the site is secure]. Firefox has made a fundamental UI mistake, and amazingly trumped by the generally inferior Microsoft team. Don't follow the FF team and parrot the propaganda - 'yea we screwed up but you can determine the same thing by taking several extra steps- because we are FF team and you are just the peon users". Death of the open source community?
-
Hello All
Can someone please help me with the following questions,
J
1:
I have a CA whose CA certificate has an Issuance (aka certificate) Policy.
Next I created a CSR for a WEBServer certificate, I created the CSR by first creating a .inf (request file) containing the usual including the following
[RequestAttributes]
CertificateTemplate=WebServer
OID=1.3.6.1.5.5.7.3.1
IssuancePolicy="My Certificate Policy"
OID=1.3.6.1.4.145389.1.1.1
Turned the above into a CSR (base64 encoded) then submitted and retrieved the relevant certificate from the CA
If I open the certificate flat file the resultant certificate has the relevant Issuance Policy listed under the section
‘This certificate is intended for the following purposes’
So all good so far
Next I install the certificate to the WEB Site and bind it etc. When I go the WEB Site e.g.
Https://TestSite the certificate works and the traffic is encrypted etc… e.g. click on the padlock in Internet Explorer provides the expected information, but when I click on View Certificate via this padlock symbol; in Internet
Explorer the certificate come up OK but under
‘This certificate is intended for the following purposes’
It does not show my issuance policy e.g. just the standard application policy for a WEBServer cert.
If I then look under the details/extensions tab of the certificate it does show certificate policy under the certificate policies extension, so looks OK from the extensions tab, but policy does not show up under ‘This certificate is intended for the following
purposes’ when certificate is viewed via padlock on IE but does show up if I open the certificate flat file (either original certificate file or copy to file then view certificate as a flat file).
The OID for the policy is registered in both active directory and local OID databases.
So the question is why do I not see the issuance policy when viewing cert via padlock in IE but does when viewing flat file.
I am using IE 11.x
When doing the same thing from Chrome browser the certificate policy does show up OK, therefore is this a possible bug with IE 11.x
Thanks All
AAnotherUser__
AAnotherUser__Hello Brian
Thanks for the reply,
The OID is in the Issuing CA Certificate (online CA) e.g. was part of the CAPolicy.inf file when installing the Issuing CA. The OffLine Root and OffLine Policy CA have the All Issuance Policy set in their CA Certificates.
briefly as mentioned above when opening the cert (.cer) as a flat file by double clicking on it you can see the Issuance Policy listed as expected. When viewing the same cert via Internet Explorer (v11.x) PadLock > View Certificate it shows the Application
Policy, but not the Issuance Policy (e.g. in the general tab) but does show the Issuance Policy under Extensions Tab. If I use Chrome, click on the PadLock > View Certificate it does show the Issuance Policy (as it always does when opening the flat
file).
Therefore was kind of wondering if a Bug in IE, when doing a CertUtil -f -urlfetch -verify Cert.Cer it passed all tests and shows it was validated against the Issuance Policy OK, therefore perhaps bug in IE
No big deal, just wanted to know if any one else saw this or was another explanation
Thank you
AAnotherUser__
AAnotherUser__ -
Okay a little backstory here because I'm trying to eliminate or identify what I feel might be a bug in OS X Mountain Lion and Mavericks. Just FYI, I'm not our institution's AD admin, I just have rights to bind and query for this and that, but I can't make changes or really investigate our AD domain server/s:
So we're an educational institution with lots of adjuncts that come and go each year. Recently in August, I had about 5 cases where these adjuncts couldn't log in because of a cryptic "login failed" error. I have my macs setup to create mobile accounts without confirmation. I don't want ANY syncing going on just local user accounts created, but something in the profile creation process demands access to their network home folder. Well these 5 users were brand spanking new and somehow didn't have permissions to their own network home folders that everyone else hasn't had a problem with before. I had our admins fix the permissions, and they were able to login thereafter. Our admins are still looking for what might have caused this, but still don't know....
Recently I've been testing the same AD bind script I've always used on Mavericks. It's a simple bash "dsconfigad" customized for our institution. It seems to work successfully but on the login screen I get no usual "arrow" that allows me to back out and click "Other" and login to AD. I reseated the Ethernet cord and checked the AD configuration in Directory Utility - it was all set correctly as per the script parameters. When I clicked OK and exited out to the login screen, the Other option was working correctly. I was able to login with my own credentials just fine.
I needed to tweak my image a little so I wiped and reloaded the machine with the new image (nothing relevant to binding and users was changed). Got the same "no arrow" issue and tried the same steps, which again worked after some monkeying around. I tried to login with my credentials - failed. Now I get "The home folder for user 'my username' isn't located in the usual place or can't be located." I went into a local user admin account and tried to add my home folder manually, nogo. I logged onto a windows machine and tried to mount the same home folder in Windows - access denied - this is the SAME type of thing that ended up happening to my adjuncts. I don't know if they are related but it's certainly a strange coincidence.
How could testing AD binds change my home folder permissions, or possibly even corrupt the folder altogether? The network share/home folder that our macs smb communicate with as per the bind settings are on a windows server (to the best of my knowledge). My guess previously with the adjuncts error is that despite the fact that I don't need or want the profiles created to sync, the default options turns this on for mobile accounts even though it doesn't select any actual folders for syncing, but because it still tries some sort of "handshake" or something initially, first logins fail without network home folder permissions. Now it seems like something in the initial profile creation process might actually be corrupting the network home folder or changing its permissions.
I would post the bind script but I'm not sure it's relevant, as another mac admin in a different area ran into the same error with one of his new users and he bound manually, not with a script.
I'm kind of new to this sysadmin stuff, so does anyone have any ideas or suggestions to track down the cause of this and possibly fix it? The network share admin can fix my permissions, but if I could break it when it was working once, I foresee this happening again.Here's the script I used previously that is not connecting to AD "completely" that causes the errors mentioned (I'm replacing institution info with "xxx"):
echo -n "This computer needs to be renamed and bound to Active Directory. Please enter the XXX Inventory Number from the affixed XXX label on the machine: "
read userinput
echo -n "Enter the XXXAdmin password (you will still be asked to enter this for system configuration changes): "
read -s xxxpassword
scutil --set ComputerName $userinput
scutil --set LocalHostName $userinput
# Active Directory Bind Script For OS X Client
# Modified by Wade Wei according to previous popular bind script
# Adapted for xxx by xxx
echo "Binding to Active Directory…"
echo -n "Enter AD admin username: "
read adusername
echo -n "Enter AD admin password (please wait after password submitted, do not press any keys): "
read -s adpassword
#Basic parameters
computerid=$userinput
fqdn="ad.xxx.edu"
username=$adusername
password=$adpassword
#Advanced parameters
alldomains="enable"
localhome="enable"
protocol="smb"
mobile="enable"
mobileconfirm="disable"
useuncpath="enable"
user_shell="/bin/bash"
admingroups="domain admins,enterprise admins,xxx,xxx"
namespace="domain"
packetsign="require"
packetencrypt="require"
localuser="XXXAdmin"
localpassword=$xxxpassword
# Bind to AD
echo "Binding to AD - do not interrupt…"
dsconfigad -add $fqdn -username $username -password "$password" -computer $computerid -force -packetencrypt $packetencrypt -localuser $localuser -localpassword $localpassword
sleep 5
#Configure advanced options
echo "Configuring AD for Mac OS X…"
dsconfigad -localuser $localuser -localpassword $localpassword -alldomains $alldomains -localhome $localhome -groups "$admingroups" -mobile $mobile -mobileconfirm $mobileconfirm -namespace $namespace -packetsign $packetsign -useuncpath $useuncpath -protocol $protocol -shell $user_shell -nopreferred
Can anyone tell me if I need to update the script for Mavericks, and how? Or should this be working and the bug is in Mavericks itself? -
EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility
Hello everyone,
Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
Here's what happens:
1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
http://discussions.apple.com/thread.jspa?messageID=5967023
http://discussions.apple.com/message.jspa?messageID=5982070
these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
Thanks,
AndrewHard to tell what is happening without looking at the application
source, knowing what OS & hardware you're using etc. You might want to
try running with different JVM versions to see if it's actually the VM
that is the problem. If you have a support contract with BEA you could
ask support to help you diagnose this.
Regards,
/Helena
Ayub Khan wrote:
I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
seems to happen on loading the machine..the performance progressively gets worse
and after a couple of seconds, all the threads stop responding. I checked the
heap, cpu and the idle threads in the execute queue and there is nothing there
to trigger alarms...there are quite a few idle threads still and the heap and
the cpu utilization seem OK. On doing a thread dump, Is see that all the other
threads seem to be in a state where they are waiting for data from LDAP and it
is basically read only data that they are waiting on.
Does anyone know what it is going on and help point me in the right direction.
-Ayub
Maybe you are looking for
-
I has an iphone4 that i last backed up in July. I got a new 5s when i activated the 5s i forgort to first update the Iphone4. I went back and updadted the iphone 4. Now how do I get that info over to the iphone 5s.
-
Data Execution Prevention - disabling?
I find this DEP option quite annoying, but I can't seem to find where to disable it, if anyone could help me, it would be appreciated. thnx on advance.
-
Sudden death on Intel iMac 2.8 GHz
I bought a new off-the-shelf iMac 2.8 GHz three days ago. Since then, the machine has suddenly died three times. No kernel panic, no gray shades coming down, no other warning--the screen just instantly goes black. After the first incident, it started
-
How to upgrade from 10.6.3 to 10.6.8?
To work with the latest iTunes, I need to upgrade the 10.6.3 OS (that I just upgraded from Tiger) on my iMac to 10.6.8. Where to I go to do that?
-
24P footage in a 29.97 timeline
Hey everyone, I just received a final cut pro session from a client that needed mastering. The entire edit is a group of nested sequences, all with footage that was shot 24P (non adv) on a panasonic DVX100 and was brought into FCP using 29.97 (no 24P