User Groups Don't Match
I noticed today that when I am logged into my system as me "carlos", I get a different response between the following two commands:
[carlos@tuna ~]$ groups
audio users
and
[carlos@tuna ~]$ groups carlos
audio optical users
Aren't they the same thing? I am logged in as 'carlos' when I run the same two commands so wouldn't I expect to see the same results twice?
Have you added or removed yourself from these groups without logging out?
Edit: Droog got there first!
Last edited by loafer (2010-06-01 18:16:55)
Similar Messages
-
Account name and user folder don't match
Hi,
So I don't know how to change my 'User Folder' name to match my Account name.
The name of my user folder, 'sickjestrer4', was the Apple ID I entered when I first registered my Mac. And it became the name of the folder automatically.
My account name, however, is my real name, Jack XXXXX.
I want the two to match and both be called 'Jack XXXXX'.
I've tired a few things unsuccessfully and am turning here for some help.
I attached some links to a few photos that might help for clarity.
http://img96.imageshack.us/img96/1655/titlerc.jpg
http://img176.imageshack.us/img176/1291/accountk.jpg
Any help would be appreciated.
ThanksYour username on your home folder is always taken from the short name. You can change the short name of your account by right clicking on the user within the accounts pane in System Preferences and selecting Advanced Options. However this is not a smart move. It can be a complicated and painstaking process moving all required aspects and settings to the new short named account.
-
Sharing Only Accounts don't show in Users & Groups
Hi,
I've done a fresh install of Maverick yesterday.
And I created a "Sharing Only" account so I can access my iMac from another PC (so it doesn't show up at logon time)
When I went back in Users and Groups this morning, my newly "Sharing Only" account had gone.
So I thought I'd forgotten it and tried to create it again: to my surprise at creation time, Mac OS reports: "Name is used by another user", when in fact it's not listed in the left sidebar (I can only see my accout and the guest account)
I tried the same with a "Standard user" and all is fine.
I tried with a second "Sharing Only" account and it disappeared too (after a logoff)
I've found this article: http://support.apple.com/kb/TS4404 but I don't wanna screw up my fresh install
Can anyone help?here also the same ... totally fresh out of the box Mac Mini with update to 10.9.2 ... create a share only user called "conf_share", add this user to a existing share ... go back to the User & Groups and paaaaaaaaaaaaaaaaaaaaaaaahhh it's disappear (but still existing of course)
I found this "hint" but this is only usefull if you want to delete this user without going crazy... this hint will convert the sharing only user to a standard user
Just type the following two commands in terminal:
Quit and reopen System preferences and the sharing account will show up:
sudo dscl . create /Users/root GeneratedUID FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000
and then:
sudo dscl . create /Users/accountname UserShell /bin/bash
Replace "accountname" in the commands above with the missing account name. -
Migration Assit , PC to MAC - The migration was successful, but I don't know where the files are. It says they're under a different user, 'owner' . I tried to access via sys pref/system/users&groups, but it asks for a password for owner which I don't have. What must I do to access my files?
My experience is with MS PC's I'm new with the MAC Book Pro.Then, see if this works:
Mac OS X 10.6 Help- If you forget your administrator password
If you are running Lion or Mountain Lion you may need to do the following to access the same utility:
Boot to the Recovery HD:
Restart the computer and after the chime press and hold down the COMMAND and R keys until the menu screen appears. Alternatively, restart the computer and after the chime press and hold down the OPTION key until the boot manager screen appears. Select the Recovery HD and click on the downward pointing arrow button.
When the menubar appears select Terminal from the Utilities menu. Enter resetpassword at the prompt and press RETURN. Follow instructions in the dialog window that will appear.
Or see Reset a Mac OS X 10.7 Lion Password and OS X Lion- Apple ID can be used to reset your user account password. -
Frm-41826: Cannot replace group; columns don't match LOV
Hi-
I am Oracle ERP developer.
frm-41826: Cannot replace group; columns don't match LOV
this message absolutely don't know .
please help me.If it is being created programatically, you may want to do a find on some of these key words..
CREATE_GROUP_FROM_QUERY
POPULATE_GROUP
SET_LOV_PROPERTY
They should all be within the same section of code, see what is going on in there.. The code may be trying to use a record group the LOV is not designed for ? -
We migrated from 2010 to 2013 and are in a claims world now. We encountered strange issues where workflows could not be completed because of allegedly insufficient permissions. "Checking permissions" in _layouts/user.aspx resulted that the
user has no permissions. We wondered why as we knew he is member of a universal group which is member of a SharePoint group which has full control. We double and triple checked that and all group memberships were correct.
We then heard of the STS and that memberships of users is cached in a token. We asked the above user to login and suddenly check permissions results full control granted through AD group membership. A few days later, the same problem occured.
Would it really be possible that users have to login regularly within the WindowsTokenLifetime of STS that SharePoint can get his permissions granted through AD universal group memberships?
One further thing: It seems the STS is running on all SharePoint servers. We have 4 web frontend servers behind a load balancer. Does it mean the user has to login on each server once to get the permissions from all SharePoint servers?
Why can't SharePoint read out AD memberships if there is no STS token cache?
Our Active Directory in on 2008R2 Level on 2012R2 servers.
Thanks in advance
AndreasSharing a folder does give others access to it, but it does not change the permissions of the files inside. Other users can probably read everything, but they can't modify files that they do not own unless the owner of those files has changed the permissions to allow it, or other steps have been taken to provide additional access such as the use of an Access Control List (ACL).
Apple doesn't include a GUI utility for manipulating ACLs, so your choices are to use a third-party utility such as TinkerTool System (not free) or the Terminal application. The Drop Box folder in your user's Public folder has an ACL entry that gives access to change just about everything on files that are dropped there, so a Terminal example that sets similar permissions for everyone (a particular user group can also be used) would be:
1. copy and paste the folowing into the Terminal window (there is a trailing space):
chmod -R +a "everyone allow list,add_file,search,delete,add_subdirectory,delete_child,chown,file_inherit,directory_inherit"
2. drag the desired folder into the Terminal window (this copies the path)
3. press return
Note that ACL entries only work on items that have been created in the folder - not moved there - so you should use option drag to make a new copy in the shared folder. -
Ldap schema extension to control which users / group are imported
Hello,
would like to have your opinion:
would it be a good idea to implement ldap schema extensions to control
which users / group are imported and controlled from ldap in a ldap
mastered installation?
e.g. we could implement the following schema extension for users:
attributetype ( 1.3.6.1.4.1.<iana-org-id>.1.1 NAME ( 'BogusisBeehiveUser' )
DESC ''
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
# BogusinetOrgPerson
# The BogusinetOrgPerson is derived from inetOrgPerson
objectclass ( 1.3.6.1.4.1.<iana-org-id>.1
NAME 'BogusinetOrgPerson'
DESC 'RFC2798: Internet Organizational Person, plus Bogus Extensions'
SUP inetOrgPerson
STRUCTURAL
MAY (
BogusisBeehiveUser )
Then we could control the inclusion in beehive by simply switching
BogusisBeehiveUser on or off.sure; that's pretty much what is talked about in the Install Guide for LDAP Integration under the "inclusion and exclusion" section, about here:
http://download.oracle.com/docs/cd/E14897_01/bh.100/e14830/ldap.htm#CHDEFFJF
that doesn't go into the specifics of how you might want to design your objectClass schemas, though, as beehive is agnostic to that.
If you don't want to provision all users that match a certain existing rule (like everyone under dn=foo, or everyone where userType=employee), then adding a new attribute and building the profile inclusion rule around it is a valid thing to do.
richard -
Member Lists Don't Match & Unable to Delete Member
In the Oracle Beehive online URL (https://beehiveonline-apex.oracle.com) there is a list of my groups. When I select one by clicking "View group members", I see a member I wish to delete. However, that member is "verified", so to delete the instructions are to use the Beehive online Admin tool (https://beehiveonline.oracle.com/BOLAdmin.html). In that location I see the group, but the group lists don't match between the two locations. The group member I want to delete is "verified" in the first web site, but does not exist in the 2nd.
How do I delete this group member?Hi,
The groups should match unless someone has deleted the user from the group using the previous version of the delete user - it did not propagate into the APEX app the way the new one does.
If the user is not in the group in the BOLAdmin tool and not in the associated workspaxce they have probably been removed and if you let me know the name of the user I will tidy up the APEX app.
If the 2 viewsof the group are very different send me the details of the group name offline and I will see why they are so different - [email protected]
Phil -
Trash and user group help!
why do i need to type in password when i delete things? how do i remove it?
and i can't delete items directly from the dock as well. like opening from the downloads folder and dragging the file to trash. i have to bring open up Finder and delete from the folder directly.
another issue is that am i able to remove the gues user from my start up screen? i've already disabled it from the user groups but i still see it in my login screen.
one last problem, is it a norm to have current leakage for the MBP? i've been having frequent shocks from the 2 bottom corners of it when i plug it in to a power source. i bought it from an authorized retailer and using it in the country where i've gotten it from. i've just gotten my mbp about 3 weeks back.
thanks for replying my queries!Hi,
Yeah in ACS 3.1 its under the Shared Profile Components page. In ACS 4.1 its directly under the user groups or under SPC page.
You need to check the box for "define ip based access restriction" and deny access for all other groups to the wireless access points network device group.
ACS 3.X)
1. Denied Calling/Point of access restrictions
2. AAA Clients =UPS_PDU (Power Supplies)
3. Port = just put a * for all
4. Src IP address = just put a * as well
SUBMIT to SAVE
Create a second one for the other group like so:
1. Denied Calling/Point of access restrictions
2. AAA Clients =Routers_Switches
3. Port = just put a * for all
4. Src IP address = just put a * as well
Click submit to save it.
Go to the ACS User groups section and select the Network Administrators Group " that don't need access to the UPS's" and apply the NAR you created to that group. Do the same for the other grouping.
(ACS 4.X)
Go directly under the "user groups" and create the NAR under there. No need to go under the Shared Profile Components section
Hope this helps and let me know if you need further assistance or explanation.
Craig -
OIM 9.1.0.2 - User group permission
Hi experts,
IHAC that need to configure some user groups in order to perform just specifics activities. We have configured the user groups but with no sucess.
1) Group that should see/track all the opened requests.
Given all request permission. (The requests don´t appear)
2) Group that should disable Resource from user thru User Detail -> Resource Profile.
Given all resource objects permission. (Error message: No permission)
3) Group that create/manage Attestation.
Given all attestation permission. (The attestation is created, but it doesn´t appear to delegated user)
Any tip on how to set the correct permission?
Brgs,Hi,
I was looking for the same questions! One of them I could make it to work...
About quetion #3, some steps:
1. Create a group with name, lets say: AttestationManagers
2. Give the following permissions:
Attestation Requests
Attestation Process Tasks
Attestation Data
Attestation Process Definitions
Attestation Process Administrator
3. Make the users responsable of attestation process part of group: AttestationManagers
4. Create an attestation process and in the last field: Process Owner, put AttestationManagers
5. Click: "Run Now"
6. This attestation should appear to the user responsable of it.
You can find an explanation about the attestation process in the following link: http://download.oracle.com/docs/cd/E14049_01/doc.9101/e14057/attestation.htm#insertedID1 and about the Process Owner, the point 15.1.1 in the above link.
I hope it helps!
Regards. -
How to only synchronize one specific LDAP user group with SAP?
Hi,
Hopefully this is the correct forum to post this in. I want to have continuous one-way synchronization of users from my LDAP server to my SAP central system. I've started configure in SAP using transaction SM59 and LDAP. Can I somewhere set that only one specific LDAP user group shall be transferred to SAP (they do not need to be assigned to any specific group, profile, role in SAP) - or should this be done on the LDAP server side (or is it at all possible)?
Correct me if I'm wrong, but the User Group field in the report RSLDAPSYNC_USER only concerns SAP user groups right? This would therefore not be sufficient since I want to select the users to synchronize based on user groups in the directory.
Thanks, OscarWe've used a repository constant to specify the LDAP filter for reading users / groups from the LDAP target.
E.g. LDAP_FILTER_USERS (&(objectCategory=person)(objectClass=user))
Then we also have a constant for the LDAP_STARTING_POINT
For our AD Group Initial Load we filter according to these settings:
LDAP_FILTER_GROUPS = (objectclass=group)
LDAP_STARTING_POINT_GROUPS = ou=IDMManagedGroups,ou=Groups,dc=cfstest,dc=le,dc=ac,dc=uk
The above example only reads AD groups starting at the specified OU
Then in a Job From LDAP Pass the LDAP URL looks like this:
LDAP://%$rep.LDAP_HOST%:%$rep.LDAP_PORT%/%$rep.LDAP_STARTING_POINT_GROUPS%?*?SUB?%$rep.LDAP_FILTER_GROUPS%
I hope this helps
Paul -
HT4798 How do I gain access to Users & Groups preferences when I cannot even log in.
I only have one apple ID linked and I cannot reset my password via the pop up box and cannot access the user groups as I cannot even log in.
Can anyone help.
Thanks
MattReset Password
OS X 10.6 Snow Leopard
Follow the instructions in second and third boxes.
Reset Password using Recovery HD
OS X 10.7 Lion /10.8 Mountain Lion
Follow the instructions in the first and third boxes.
http://pondini.org/OSX/Password.html
Note
Keychain
I don't remember my original (former) account password
https://support.apple.com/kb/HT1631 -
I'm trying to check in changes to TFS using VS2013. When I hit the submit button, TFS returns the following error, "TF14002: The identity {domain} \ {oldaccount} is not a member of the Team Foundation Valid Users group."
Background: my account name has been changed to {newaccount} from {oldaccount}. And when the sys-admins changed my account name they did not update my computer itself, so I'm still using C:\Users\{oldaccount}. I can't believe that would make a difference
but you never know....
When I first started working at this company I'm almost certain I set up my TFS Workspace with my old account. But I thought I deleted all that stuff related to my old account and reset everything to my new account (Workspaces and TFS server). My lead tech
has even shown me the account mgmnt screen with my new account name. And I've been able to check out items with my new account name.
I performed the following steps to try to "clean out" TFS:
• I copied all of my changed files to a back-up location.
• I undid all changes in TFS (note that TFS has been allowing me to check out files to edit).
• I deleted the TFS entry in Credential Manager per a suggestion online.
• I deleted my Workspace.
• I even deleted my TFS server.
• I Rebooted my computer.
• I reconnected to the TFS server.
• I rebuilt my Workspace.
• I restored my changed files from my back-up location.
At this point I tried checking-in my changes again but got the same error message as above.
Next, I deleted everything in this folder:
C:\Users\ ...\AppData\Local\Microsoft\Team Foundation\5.0\Cache
... but I'm still seeing the error.
Also, we'd been informed that a number of us need to downgrade from "Ultimate" to "Professional". I did my downgrade to VS2013 Pro (after the steps above) but I am still seeing the same error.
A comment on another question
here suggested that I shelve my changes without preserving changes locally, then un-shelve and attempt to check-in. This also did not work, I could shelve my changes and un-shelve, but doing so did not fix the original problem.
Note that I do NOT have access to the TFS server itself - much less permissions to perform any sort of admin on it (and I don't know the person who would) - but might there be a table in the TFS database that still has an entry for my old account that could
be joining to my computer name &/or new account name when TFS goes to look up my account info when I check in my changes? I am getting desperate for an answer!
Any suggestions?
Thanks,
D. KelleyHi D. Kelley,
Thanks for the details. Based on your description, you might need to change or update the SID for users. Try identity command to change the username if you never use the new username in TFS. Check this page for more information about
identities command in this
page.
You can also check the table "tbl_Identity" in the tfs_configuration database to see if the new user exists, or it has the old user. Another option is have a check on other machines to see if it works fine. Refer to links below for more information:
https://social.msdn.microsoft.com/Forums/en-US/93568425-a877-4d21-8497-1adc4561b6d3/unable-to-check-in-code-to-tfs-due-to-tf14002-the-identity-old-user-name-is-not-a-member-of-the?forum=tfsversioncontrol
https://social.msdn.microsoft.com/Forums/en-US/acc56859-624f-41bc-b698-cbb5e0b8f525/cant-check-in-code-the-identity-devoldusername-is-not-a-member-of-the-team-foundation-valid?forum=tfsversioncontrol
Best regards,
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Mass creation of common folders for different user groups
Hello Experts,
We are using Portal 7.0 SP12 and we have 10 different user groups created in Portal.
Based on this group structure, we need to create two common folders in each of the user's personnel documents in KM.
Is there is any way to achieve this kind of requirement ?
Can we do mass creation of these two common folders which will be assigned to all of the groups. This needs to be done in user's personnel documents and not in Public documents.
Any help in this context would be highly appreciated. points assured.
Thanks in advance,
Anil Kumar.For every user a folder is created in userhome. One approach is to capture this folder creation event and create the folder structure you need. You need to develop a portal service which will listen to events from userhome repository.
1. Capture folder creation event for user home
2. Create the folder structure you want in this event handler
Check this documentation on how to do this.
https://media.sdn.sap.com/html/submitted_docs/nw_kmc/howto/rf/client_api/rf_client_api.html
Regards,
Prasanna Krishnamurthy -
ISE / Active Directory: issue to get users group
Hello,
We have a strange issue:
- ISE 1.2 patch 8
- no WLC, autonomous AP
In authentication, we check Wireless IEEE 802.11 (radius) and cisco-av-pair (ssid), then we use AD.
We have 3 SSIDs, so 3 rules, one DATA, one GUEST, one for TOIP.
In one more rules to grant authentication from APs to register in WDS: user in local database.
In authorization, we check cisco-av-pair (ssid) and AD user group, then we permit access.
(so 3 rules), and one more to authorise the internal base for WDS.
We have something strange:
- sometimes users can connect but later they can't: in the logs, the authorization rejects the user because the AD Group is not seen.
Exemple:
1- OK:
Authentication Details
Source Timestamp
2014-05-15 11:43:19.064
Received Timestamp
2014-05-15 11:43:19.065
Policy Server
radius
Event
5200 Authentication succeeded
All the GROUPS of user are seen:
false
AD ExternalGroups
xx/users/admexch
AD ExternalGroups
xx/users/glkdp
AD ExternalGroups
x/users/gl revue écriture
AD ExternalGroups
xx/users/pcanywhere
AD ExternalGroups
xx/users/wifidata
AD ExternalGroups
xx/informatique/campus/destinataires/aa informatique
AD ExternalGroups
xx/informatique/campus/destinataires/aa entreprises et cités
AD ExternalGroups
xx/informatique/campus/destinataires/aa campus
AD ExternalGroups
xx/users/aiga_creches
AD ExternalGroups
xx/users/admins du domaine
AD ExternalGroups
xx/users/utilisa. du domaine
AD ExternalGroups
xx/users/groupe de réplication dont le mot de passe rodc est refusé
AD ExternalGroups
xx/microsoft exchange security groups/exchange view-only administrators
AD ExternalGroups
xx/microsoft exchange security groups/exchange public folder administrators
AD ExternalGroups
xx/users/certsvc_dcom_access
AD ExternalGroups
xx/builtin/administrateurs
AD ExternalGroups
xx/builtin/utilisateurs
AD ExternalGroups
xx/builtin/opérateurs de compte
AD ExternalGroups
xx/builtin/opérateurs de serveur
AD ExternalGroups
xx/builtin/utilisateurs du bureau à distance
AD ExternalGroups
xx/builtin/accès dcom service de certificats
RADIUS Username
xx\cennelin
Device IP Address
172.25.2.87
Called-Station-ID
00:3A:98:A5:3E:20
CiscoAVPair
ssid=CAMPUS
ssid
campus
2- NO OK later:
Authentication Details
Source Timestamp
2014-05-15 16:17:35.69
Received Timestamp
2014-05-15 16:17:35.69
Policy Server
radius
Event
5434 Endpoint conducted several failed authentications of the same scenario
Failure Reason
15039 Rejected per authorization profile
Resolution
Authorization Profile with ACCESS_REJECT attribute was selected as a result of the matching authorization rule. Check the appropriate Authorization policy rule-results.
Root cause
Selected Authorization Profile contains ACCESS_REJECT attribute
Only 3 Groups of the user are seen:
Other Attributes
ConfigVersionId
5
Device Port
1645
DestinationPort
1812
RadiusPacketType
AccessRequest
UserName
host/xxxxxxxxxxxx
Protocol
Radius
NAS-IP-Address
172.25.2.80
NAS-Port
51517
Framed-MTU
1400
State
37CPMSessionID=b0140a6f0000C2E15374CC7F;32SessionID=radius/189518899/49890;
cisco-nas-port
51517
IsEndpointInRejectMode
false
AcsSessionID
radius/189518899/49890
DetailedInfo
Authentication succeed
SelectedAuthenticationIdentityStores
AD1
ADDomain
xxxxxxxxxxx
AuthorizationPolicyMatchedRule
Default
CPMSessionID
b0140a6f0000C2E15374CC7F
EndPointMACAddress
00-xxxxxxxxxxxx
ISEPolicySetName
Default
AllowedProtocolMatchedRule
MDP-PC-PEAP
IdentitySelectionMatchedRule
Default
HostIdentityGroup
Endpoint Identity Groups:Profiled:Workstation
Model Name
Cisco
Location
Location#All Locations#Site-MDP
Device Type
Device Type#All Device Types#Cisco-Bornes
IdentityAccessRestricted
false
AD ExternalGroups
xx/users/ordinateurs du domaine
AD ExternalGroups
xx/users/certsvc_dcom_access
AD ExternalGroups
xx/builtin/accès dcom service de certificats
Called-Station-ID
54:75:D0:DC:5B:7C
CiscoAVPair
ssid=CAMPUS
If you have an idea, thanks so much,
Regards,To configure debug logs via the Cisco ISE user interface, complete the following steps
:Step 1 Choose Administration > System > Logging > Debug Log Configuration. The Node List page appears, which contains a list of nodes and their personas.
You can use the Filter button to search for a specific node, particularly if the node list is large.
www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_logging.html#wp1059750
Maybe you are looking for
-
Can't figure out problem with new PC
Hi all, I just built my first PC and everything's running pretty well with the exception of some lag and freezing. My mouse and keyboard sometimes lag behind my true movement. The mouse does this more often and will lag behind for a second before i
-
Is there any possible way to run PPC applications on Mountain Lion?
THrough any kind of emulation or something?
-
GET A TERMS OF CONTRACT THROUGH ACCOUNT DOCUMENT
Hellow Gurus, I would like to take this opportunity to say thank you for everybody for all contribuitions. I will ask a help again to ask how i can get the terms stored and accounted in a contract using only the account document (Number of FI). I nee
-
Simple OAM questions (I think): Possible to delete users and groups?
Hi, I was wondering if, using the OAM admin, is it possible to delete a user? Same question regarding a group? For users, it seems like I can deactivate a user, but can't delete using the OAM admin? Thanks, Jim
-
Proper codec to retain Alpha for lower thirds etc..??
From Motion, I've been trying to create a QT version of my motion graphics with Alpha to retain transperancy. But it always merges with black background. I verify by trying to lay it back over a still, and of course it goes black. I've tried Export u