User and Group Issue

Similar Messages

• MAJOR Open Directory issue: Can't assign Users and Groups that DO exist!

  Just noticed the following today:
  When doing Get Info -> Permsissions on files/folders located on my File Server share, Owner and Group show as (unknown).
  When I go into WGM -> Sharing, and look at files/folders on File Server share this way, the Owner and Group fields are blank.
  When I attempt to (re)assign an Owner or Group by dragging them from Users and Groups section of WGM, error tells me User or Group no longer exists. These Users and Groups clearly do exist in WGM -> Accounts.
  When I look at files on File Server share via CLI, instead of actual names for Users and Groups, I see their uid and gid's. Chowning via CLI fails as well.
  I've noticed all Users and Groups with this issue are OD.
  Server is xServe G4 DP 1.0 GNz/1 GB RAM/Mac OS X Server 10.4.7 Unlimited. This servers been running fine as an OD Master for months now. ACL's are enabled on this File Server share point. I've always had weird permissions issues, but NEVER the inability to assign OD Users and Groups to files/folders.
  I'm at a loss here, not to mention my wits end.
  Did my OD become corrupted?
  Any and all help would greatly appreciated.
  PowerMac G4 733 MHz   Mac OS X (10.4.6)   512 MB RAM

  When doing Get Info -> Permsissions on files/folders located on my File Server share, Owner and Group show as (unknown).
  This means that the Finder can't find a match in the accounts/groups database for the numeric UID assigned to those files. Either the records associated to those accounts have been deleted, or the database is corrupt. In either case, you should restore a copy of it from backup.
  (15686)

• WLS Users and Groups interface questions / observations

  I'm new to WLS, having just installed OBIEE 11g for the first time. There are some oddities in WLS around setting up Users that I'd like to ask about, to see if I'm just missing something, or if the interface really IS this bad. Please feel free to comment in any way, or to correct any statements that are erroneous. Here goes:
  1. The use of Previous and Next buttons instead of a vertical scroll bar for finding users and groups in their respective lists. What if you have several hundred users, and the one you want to modify starts with the letter 'Z'? That means clicking the Next button several dozen times. (Security Realms … myrealm … Users and Groups … Users) Not only is there no scroll bar, there's no search box either. The only way to get to a user near the end of the alphabetical listing is the Next button. Is that correct?
  2. After adding a new user, what's the next most logical thing to want to do? How about assigning that user to Groups? So why do I have to click Next several times to find that new user in the alphabetical list? I don't see a sortable 'Date Modified' field for the table of users, nor a link to the "Most Recently Added" user. Nor can I assign groups during the same action as creating the user. In the example in #1, I might have to click Next several dozen times to get to the user I just added. Is that correct?
  3. When creating a new User, immediately after clicking New, where is the most likely place that I'd want to go? How about the Name field? Right now, the cursor rests in some indeterminate location. I have to hit the Tab key 14 times, or move the mouse into the Name box and click it. The active cursor position does not default to the Name box when creating a new user. Is that correct?
  4. I don't see a 'Create Like' button for creating Users, so that existing group membership can be easily replicated. I'd like to be able to add a new employee by clicking to highlight an existing user from the same department, clicking a 'Create Like' button, then entering a new user name and password, with all group memberships assigned automatically based on the source user. The same could be said for replicating groups. I don't think that exists. Is that correct?
  5. I don't see a clean way to return to the User list on the page on which I clicked a user name. Imagine that I'm going through my entire list of users one at a time to set an attribute. I click on the user JSMITH and set the attribute. The only way to get back to JSMITH's page and select the next user list is to hit the browser's back button three times, or to click the Users and Groups breadcrumb at the top of the screen and use the Next link multiple times to find that page again. Is that correct?
  6. I don't see a way to bring up a Group and assign Users to it from a list. It appears that the only way to assign a User to a Group is to access a User profile and click Groups. If we're creating a new group that has 200 users selected from a list of 500 users, that could potentially represent somewhere between 5000 and 10000 mouse clicks. It would be much more efficient to be able to bring up a group, then select its members from a list of users. That does not appear to be possible. Is that correct?
  7. It also appears that when assigning groups for Users, the list of Available Parent Groups sorts the lowercase entries after all uppercase entries, so that groups that start with the letter 'a' fall after groups that start with 'Z'. That is not the case with the list of users. The User table uses a case-insensitive sort. Is that correct?
  8. When I want to delete more than one User, and the ones that I want to delete are on different pages, there appears to be no way to select those users from multiple pages at the same time. So, imagine that I have 500 users, and I want to delete two users, one of whom is listed on page 48, and the other on page 50. I would have to click the Next button 47 times to find the first user and delete it. At that point, the interface returns to page 1, and I have to click the Next button 49 times to reach the second user. Is that correct?

  Hi,
  Regarding your first question, you might want to press the "Customize this table" button, then select the maximum allowed amount of rows in "Number of rows displayed per page:" that would resolve some of the problems you're having with the interface. I do think this is not a great graphical tool, and there are some usability issues.
  Regarding the adding of users to groups, it seems the way you describe is the only way of doing it, however you could try using a script instead of the graphical console, the easiest way of making it is adding a user to a group while using the "Record" button on the top of the screen to get a wlst script to use as a model, then create a new script with all new users you want to add/modify.
  Regards,
  Franco.

• Mount usb with fstab, users and groups.

  This is my fstab file.
  UUID=5d0339ca-83ab-4ce6-9dff-ed407fc3c5e0 / ext4 rw,relatime,data=ordered 0 1
  # /dev/sda2
  UUID=75552890-f5f6-4472-bef4-37965baf2dac /home ext4 rw,relatime,data=ordered 0 2
  # samsung1tb
  UUID=15957579-4fa5-4726-815c-d9762f584120 /home/spiritech-ext ext4 rw,relatime,data=ordered 0 2
  # corsair8gb
  UUID=75602c63-1935-4ed9-8401-6dd2a7853878 /home/corsair8gb ext4 rw,users,relatime,noauto 0 0
  my problem is when i mount the usb /home/corsair8gb the users and groups become root. is this normal for usb drives. it does not happen when the samsung1tb is mounted, so was wondering how i can mount the corsair8gb without changing the users and groups of the directory i mount it to???
  NOTE: /home/corsair8gb directory user is myusername and group is users when device is not mounted.

  rebootl wrote:
  Have you tried the option user instead of users? It's not exactly the same.
  Edit: To enforce it you can also set the user/group id by uid=<youruserid>,gid=<yourgroupid> .
  Note that these are numbers, to find them e.g. issue "id" in a terminal.
  ok i will try this way. i did try before. didnt realise it was with codes.

• Huge list of Groups in Users and Groups

  I just upgraded SL to ML. I've been learning and setting things up.
  I use the machine as a standard user and I have a "silent" admin user, too.
  I was wondering if anyone has come across this?  I went into System Preferences and noticed that there was a HUGE list of Groups.  Some had "logical" names like admin server, etc.  The list was super long.  Some of the name were strange, like "umbg"  I have no idea how they got there.  And, searching here, and googling doesn't give me any info.
  I don't know how all these groups got there.  I did not add a single one.
  I did make a mistake, because I deleted them all and then ML made my admin user a standard user and I could not unlock System Preferences, or use my password anywhere.  ugh.
  I tried finding a way to fix it, but I ended up just using Restore from disk utility. no worries, didn't have that much going on, yet.
  Is it normal to have a list of groups that you did not create?  Does ML just create groups in your Users and Groups list??
  How do I take care of it if it happens again?  Can some be deleted?  If so, which ones?  What are they for?
  Thanks for any help with this.

  Okay, I did do the restore.
  And, the groups were not there.
  So, first off, I opened TinkerToolSystem and went through all thes options.  I found one: Show Groups in users and groups.  I made sure it was not checked.  Hopefully, it will not repopulate.
  Then I remembered something.  I did download Onyx.  I was just looking for a way to change something simple.  Mostly, I just looked around, didn't click on buttons, etc.  But, Onyx may have change this setting (or me using Onyx inadvertently).  Whichever, whatever, I've used TinkerToolSystem for years and it's always worked so well.  I think I'm sticking with it and not install Onyx - which I had to go through the Gatekeeper exception deal... so it makes me nervous.
  I'll post back if further issues with this.

• No user and group in console of OBIEE 11g

  Hi,
  I'm facing a problem in OBIEE 11g, after I login the console, in security realms, there is no user and group in it, all services has been started, and it prompt following message:
  This page is not available because the necessary security providers have not been configured, or those configuration changes are pending and not yet activated. Please activate the changes and (if necessary) restart the Admin Server to make this page available.
  thank you!

  Hi Edhiggins
  Iam also facing the same issue i tried to configure the Microsoft Active Directory.Is it necessary to go to the enterprise manage and have to configure the virtualisation =true and user.login.attr ,after completion of all the steps that are needed in the console .I am unable to see weather it was configure successfully or not while i login to the console and there iam seeing the above issue.
  pls  clarify the issue more clearly

• Populating users and groups - design considerations/best practice

  We are currently running a 4.5 Portal in production. We are doing requirements/design for the 5.0 upgrade.
  We currently have a stored procedure that assigns users to the appropriate groups based on the domain info and role info from an ERP database after they are imported and synched up by the authentication source.
  We need to migrate this functionality to the 5.0 portal. We are debating whether to provide this functionality by doing this process via a custom Profile Web service. It was recommended during ADC and other presentation that we should stay away from using the database security/membership tables in the database directy and use the EDK/PRC instead.
  Please advise on the best way to approach(With details) this issue. We need to finalize the best approach to take asap.
  Thanks.
  Vanita

  So the best way to do this is to write a custom Authentication Web Service.  Database customizations can do much more damage and the EDK/PRC/API are designed to prevent inconsistencies and problems.
  Along those lines they also make it really easy to rationalize data from multiple backend systems into an orgainzation you'd like for your portal.  For example you could write a Custom Authentication Source that would connect to your NT Domain and get all the users and groups, then connect to your ERP system and do the same work your stored procedure would do.  It can then present this information to the portal in the way that the portal expects and let the portal maintain its own database and information store.
  Another solution is to write an External Operation that encapsulates the logic in your stored procedure but uses the PRC/Server API to manipulate users and group memberships.  I suggest you use the PRC interface since the Server API may change in subtle ways from release to release and is not as well documented.
  Either of these solutions would be easier in the long term to maintain than a database stored procedure.
  Hope this helps,
  -Akash

• Unable to initialize LDAP (No LDAP server is configured)show in the admin server of iWS6.0 users and group

  When I goto web server administration in users and group tab it alway show me Unable to initialize LDAP (No LDAP server is configured) Is it cause the effect to use web server because I use iWS with ias .
  If it cause some effect ,Please let me know how to configured LDAP server.

  Run this Command from the Exchange Server
  Net time \\ADServerName /Set
  and confirm the action,
  and then you need to restart the service
  Microsoft Exchange Active Directory Topology Service
  and confirm you are not getting the Error 4001 in the event Viewer.
  Thank you, it resolved my issue after being sweating looking for solution.
  How can I prevent this from happening? I cannot restart services on each server reboot nor lose 5 years of my life!!!
  Sokratis Laskaridis MCP, MCTS, MCITP, Small Business Specialist Netapp ASAP, Symantec STS

• User and group names truncated with ls

  Hello,
  When using the 'ls -l' command the resulting list truncates user and group names that are longer than 8 characters.
  Is this a know issue?
  I'm running Mac OS 10.4.10.
  Thanks,
  Anthony

  Jun T. wrote:
  If a program like "ls" wants to know the username corresponding to the uid, it must call a library function of the operating system. But there are two library functions, one gives the correct username and the other truncates the username.
  The basic library function is getpwuid(3) which returns the correct username.
  Hello Jun,
  I ran a search using Xfind (Rixstep) on /bin for 'userfromuid' and /bin/ls was listed as I might of expected.
  Also, /bin/ls was also listed when 'getpwuid' was used as a search Key.
  Peeking further into /bin/ls further with Xstrings (which is Rickstep's "adaptation" of the "strings' tool" ) reveals the string '_ getpwuid'.
  Does this mean that at some point the 'ls' command can call the getpwuid() directly under some circumstances rather than going through userfromuid() which relies on the cache you mentioned?
  The problem is the size of the table; userfromuid() allocates only 8
  characters for each username (the number 8 comes from UT_NAMESIZE in /
  usr/include/utmp.h), and truncates the username if it is longer. This
  may be "fixed" in a future version; or it may not be "fixed" to keep
  backward compatibility. I'm not sure.
  I've heard that utmpx.h has 'UTXUSERSIZE' which is defined as 32. Does not that allow for user and group names larger than 8 characters?
  By the way, I can't find the directory usr/include/utmp.h on my drive.
  Is there a way to reset or redefine this 'UT_NAMESIZE' field to more than 8 characters wherever the userfromuid() function stores it?
  The commands "users", "who", and "w" read the file /var/run/utmp, in
  which truncatd usernames of the currently logged-in users are saved.
  Does some command initially call the function as 'ls', userfromuid(), to result in truncated names being saved in file /var/run/utmp as well?
  I think there are many programs which depend on this fixed-width utmp
  file, so it may not be "fixed" in a future version. "
  I believe there are third party tools which rely on the userfromuid() call which require this bug to be fixed in order to display accurate user and group name data.
  Thanks for your informative reply,
  Anthony

• Server 4.0 can't edit users and groups. All options greyed out.

  I have upgraded the mac mini server from Mavericks to Yosemite and had to update to Server 4.0 and having many issues.
  One issue is I can't edit users and groups. All the options are greyed out.

  Search the System keychain on the server for application passwords with the name "/LDAPv3/127.0.0.1" and delete any you find. Sign out of the Server app and sign back in using the FQDN of the server, not "localhost" or "127.0.0.1".
  Credit for this observation to ASC member Peter Jurg2. See also this discussion.

• Migrating Users and Groups from Windows 2000 server to Windows 2013 Standard.

  OK...let me see if I can get this question out the way I need to....
  I inherited a Windows 2000 Server that's on it's last legs.  We have a new server, a Windows 2013 Standard machine that we just recently purchased.  I need to migrate the users and groups over to the new server, but there are two things that are
  making it difficult:
   The 2000 machine is NOT a Domain Controller
  The 2000 machine is NOT running Active Directory
  This is a file server that hangs onto another network of which I have no control of.  It has its' own IP address and there is NO WAY we can run Active Directory or make it a domain controller.
  I have close to 300 users, groups, and printers to bring over to the new server.  Rather than kill myself doing manual input, is there any other way to do this? 

  Hi,
  When you import the CSV file to new server, you need to create a new user account then import the CSV.
  http://blogs.technet.com/b/heyscriptingguy/archive/2014/10/01/use-powershell-to-create-local-users.aspx
  If you have any issue, i suggest you could ask in PowerShell forums:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverpowershell
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How to import user and group at EPM11.1.2?

  I found a similar topic on this at User & Groups Issue
  But sounds like there is big change a tEPM11.1.2, I didn't find CSSImportExport utility at all.
  Could anyone tell me how to import users and groups from flat file at this version?
  Thanks
  Tony

  You can only use LCM from 11.1.2, it is not really that different format from the CSSImportExport utility.
  I find the best way is to set up a few users and provisioning and then use LCM to export, then you get a good feel to the format of the file.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Custom User and Group classes

  Hi,
  I have a login custom module which does the authentication for my application.
  Till now I was using WLSUserImpl and WLSGroupIpml and everything was working fine.
  Now to make the LoginModule weblogic independent , I replaced the User and Group
  classes with my own classes which extend from java.security.Principal.
  But for some reason this isnt working. Am I missing something obvious.??
  This the exception stack trace which I get
  java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[com.isone.security.providers.authentication.ISOUser@1698cbe,
  com.isone.security.providers.authentication.ISOGroup@9719f4, com.isone.security.providers.authentication.ISOGroup@28ebb4,
  com.isone.security.providers.authentication.ISOGroup@8ab721, com.isone.security.providers.authentication.ISOGroup@fcf06c,
  com.isone.security.providers.authentication.ISOGroup@c7539, com.isone.security.providers.authentication.ISOGroup@1e41830,
  com.isone.security.providers.authentication.ISOGroup@1f01b29, com.isone.security.providers.authentication.ISOGroup@8721bd,
  com.isone.security.providers.authentication.ISOGroup@1b81d4f, com.isone.security.providers.authentication.ISOGroup@8c6e04,
  com.isone.security.providers.authentication.ISOGroup@18aeabe, com.isone.security.providers.authentication.ISOGroup@13968f1,
  com.isone.security.providers.authentication.ISOGroup@18c28a, com.isone.security.providers.authentication.ISOGroup@18bff68,
  com.isone.security.providers.authentication.ISOGroup@2d2da4]
       at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
       at weblogic.security.service.RoleManager.getRoles(RoleManager.java:279)
       at weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:694)
       at weblogic.servlet.security.internal.WebAppSecurity.hasPermission(WebAppSecurity.java:567)
       at weblogic.servlet.security.internal.SecurityModule.checkPerm(SecurityModule.java:134)
       at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:327)
       at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:182)
       at weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:181)
       at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
       at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3539)
       at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)

  And this will explain you why there is no way to do this right now:
  (CR125681 -- although it says 7.0SP1 it is not fixed even in 8.1 SP2 and
  there is no time frame for the fix)
  http://support.bea.com/application?namespace=askbea&origin=ask_bea_answer.jsp&event=link.view_answer_page_clfydoc&answerpage=solution&page=wls/S-21705.htm
  We've had the same issue and even have an open support case and for now
  the only way to workaround the bug is to
  use the WLSUserImpl and WLSGroupImpl classes.
  HTH,
  Dejan
  Pavel wrote:
  See if this will help:
  http://edocs.bea.com/wls/docs81/dvspisec/pv.html
  Pavel.
  "Anil" <[email protected]> wrote:
  I actually extended PrincipalValidatorImpl and returned java.security.Principal
  as the base class.
  But still I got the same exception.
  PaulF <paulf@reply_in_newsgroup.com> wrote:
  On 25 Feb 2004 06:45:50 -0800, Anil <[email protected]> wrote:
  Hi,
  I have a login custom module which does the authentication for my
  application.
  Till now I was using WLSUserImpl and WLSGroupIpml and everything was
  working fine.
  Now to make the LoginModule weblogic independent , I replaced the
  User
  and Group
  classes with my own classes which extend from java.security.Principal.
  But for some reason this isnt working. Am I missing something obvious.??
  This the exception stack trace which I get
  java.lang.SecurityException: [Security:090398]Invalid Subject:
  principals=[com.isone.security.providers.authentication.ISOUser@1698cbe,
  com.isone.security.providers.authentication.ISOGroup@9719f4,
  com.isone.security.providers.authentication.ISOGroup@28ebb4,
  com.isone.security.providers.authentication.ISOGroup@8ab721,
  com.isone.security.providers.authentication.ISOGroup@fcf06c,
  com.isone.security.providers.authentication.ISOGroup@c7539,
  com.isone.security.providers.authentication.ISOGroup@1e41830,
  com.isone.security.providers.authentication.ISOGroup@1f01b29,
  com.isone.security.providers.authentication.ISOGroup@8721bd,
  com.isone.security.providers.authentication.ISOGroup@1b81d4f,
  com.isone.security.providers.authentication.ISOGroup@8c6e04,
  com.isone.security.providers.authentication.ISOGroup@18aeabe,
  com.isone.security.providers.authentication.ISOGroup@13968f1,
  com.isone.security.providers.authentication.ISOGroup@18c28a,
  com.isone.security.providers.authentication.ISOGroup@18bff68,
  com.isone.security.providers.authentication.ISOGroup@2d2da4]
       at
  weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
       at weblogic.security.service.RoleManager.getRoles(RoleManager.java:279)
       at
  weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:694)
       at
  weblogic.servlet.security.internal.WebAppSecurity.hasPermission(WebAppSecurity.java:567)
       at
  weblogic.servlet.security.internal.SecurityModule.checkPerm(SecurityModule.java:134)
       at
  weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:327)
       at
  weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:182)
       at
  weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:181)
       at
  weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
       at
  weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3539)
       at
  weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  I think that you need to extend WLSAbstractPrincipal I think instead
  of
  WLSPrincipal if you aren't going to implement your own
  PrincipalValidator. The default PrincipalValidator is going to expect
  a
  principal that extends WLSAbstractPrincipal.
  PaulF
  Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

• User and Group Externalization from EAS console Fails!!

  Hi All, I am trying to externalize users and groups from EAS and once its done, all the login Id's (including admin and essadmin) fail. We cant log in into the server anymore because the logins are disabled.
  The shared services is running fine and is talking pretty well with Essbase, but the externalization thing is not working.
  The Essbase is on Linux server and shared services is on windows server and all the products are 9.3.1.
  If any one faced a similar problem or have any idea regarding this issue, please let me know ASAP and would highly appreciate that as we will have to move to production soon.
  Message was edited by:
  user639077

  You might want to Try Re-run the Config utility from the Linux-Essbase server and Re-register the Essbase with HSS.
  Start the Essbase in Foreground and check if it is running
  Now log on to the EAS/AAS with default admin/password if you havent changed it :); add your Essbase server using the Super user/Owner of essbase i mean the id..if you are succesful; i would always create a Test user as before Externalisation i can create users at EAS/AAS and then using Admin id ; i will push the Users/groups to the HSS by Externalising.. let me know if that helped you. GUd Luck..
  Sriram

• User and Group Database Migration

  I am installing SecureACS 4.1 from scratch on a new Server. Is there a way for me to migrate the user and groups from a previous 2.4 and 3.0 vs install? there has to be an easier way to create all those groups and users?

  Someone at Cisco decided that from 4.0 onwards they wouldnt upgrade from every previous version any more.
  I think this means you'd have to upgrade the existing server to 3.1 then create a backup.
  NExt install 3.1 on the new server and restore the backup.
  Lastly upgrade the new server to 4.1 and cross your fingers it upgrades smoothly!
  An easier (but less complete) method is simply to run csutil -d on the first server, copy the dump file to the new one and then use csutil -l. HOWEVER... this can cause problems if you're group/user config uses NDGs (eg NDG->DCS command authorisation) because only NDG indexes are in the dump file.
  When you re-create the NDGs on the new server the indexes are likely all be different.
  So in summary only use the csutil route if your just moving very simple groups or users.
  BTW there is an option for csutil to load just the users from a dump file leaving groups untouched (run csutil -x to find out more)
  Darran
  ps we're seeing more people installing ACS (and aaa-reports!) under VMWare - which then makes hardware upgrades a non-issue.