Search Results

Search found 20029 results on 802 pages for 'directory permissions'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 127/802 | < Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134  | Next Page >

  • Can't make updates with LDAP from Linux box to Windows AD

    - by amburnside
    I have a webapp (built using Zend Framework - PHP) that runs on a Linux environment which needs to authenticate against Active Directory on a Windows server. So far my webapp can authenticate with LDAPS, but cannot perform any kind of write operation (add/update/delete). It can only read. I have configured my server as follows: I have exported the CA Certificate from my Windows AD server to /etc/opendldap/certs I have created a pem file based on this certificate using openssl I have update /etc/openldap/ldap.conf so that it knows where to look for the pem certificate: TLS_CACERT /etc/openldap/certs/xyz.internal.pem When I run my script, I get the following error: 0x35 (Server is unwilling to perform; 0000209A: SvcErr: DSID-031A1021, problem 5003 (WILL_NOT_PERFORM), data 0 ): Have I missed something with my configuration, which is causing the server to reject making updates to AD?

    Read the article

  • ISC Bind support for GSS-TSIG DDNS Updates?

    - by netlinxman
    First, has anyone EVER configured ISC bind 9.5.0 OR greater with support for GSS-TSIG Dynamic DNS Updates AND gotten it to work? If so, what is the configuration that was used to make that happen? I feel close to having this working. I see that GSS cred passes w/o apparent error during the TKEY negotiation with an Active Directory DC and the BIND DNS server: client 192.168.0.30#52314: query gss cred: "DNS/[email protected]", GSS_C_ACCEPT, 4294967256 gss-api source name (accept) is [email protected] process_gsstkey(): dns_tsigerror_noerror client 192.168.0.30#52314: send But, when the Update is sent, it is refused: client 192.168.0.30#58330: update client 192.168.0.30#58330: updating zone 'example.com/IN': update failed: rejected by secure update (REFUSED) client 192.168.0.30#58330: send Does anyone have this working in the real world?

    Read the article

  • Service Accounts LastLogonTimestamp

    - by Ryan Ries
    In an Active Directory domain, if I configure a Windows service on a domain member computer to start with an AD user account (aka "ye olde service account",) and the then the service stays running but I don't restart the service or reboot the machine for a year... does the LastLogonTimestamp of the service account's user object continue to update? Edit: If you say "it depends on the service," then use MS SQL Server as an example. I set MSSQL Engine to run as contoso\sql-service. Then I leave it alone for a year.

    Read the article

  • reverse nslookup fails for single machine

    - by matt wilkie
    I have a computer on a windows Active Directory network for which reverse dns lookup fails. It doesn't matter which machine runs the lookup. The problem computer is a debian vm on a windows server 2003 host. >nslookup wiki.dept Server: primary.internal.domain.org Address: 192.111.222.44 Name: wiki.dept.internal.domain.org Address: 192.111.111.185 >nslookup 192.111.111.185 Server: primary.internal.domain.org Address: 192.111.222.44 *** primary.internal.domain.org can't find 192.111.111.185: Non-existent domain Contents of /etc/resolv.conf on the debian guest: nameserver 192.111.111.244 nameserver 192.111.222.44 search internal.domain.org What is wrong? how do I get ip-to-name resolution to work for this machine? Thank you.

    Read the article

  • How to execute files on LAN drives in a Windows Domain

    - by matnagel
    We have a very small LAN here, but some peolpe here think we need Active Directory, though nobody knows how to maintain it. I am not in the position to change this. How can I get full access (on Linux it would be "execute" rights) also for files on network drives (the files are just on another machine next room) My account is in the group Administrators on a windows 2003 server Domain Controller. I cannot open simple MS Access 2000 Databases or CHM Files from network drives in the lan How to do that? Some policy setting? I want to change that once. It is useless. We have no distinction between local or network files here. I would have to copy everything to a local drive and then do what I want.

    Read the article

  • AD Users outside the building

    - by gammaRED
    I've never had a customer ask me this, but they keep insisting if they have Active Directory and a Domain, that mobile[road warriors] users will not be able to login to their laptops if they are at home or away from the office. I told them that is would use "cache" creds to do this. Am I right or wrong? I've been told this and found a couple of forums saying the same thing. What is really going on and how are the laptops able to do this?

    Read the article

  • The security database on the server does not have a computer account for this workstation trust relationship

    - by alex
    I have a Server 2008 machine called OTTO I recently, by mistake, booted up an old machine, also called OTTO (the hardware was unstable, so the new one was set up to take it's place) I shut down the old machine, turned it off, and recycled it (it won't ever be back on) Now, whenever i try to log in to the real OTTO with the domain account (mydomain\Administrator) i get the following error: The security database on the server does not have a computer account for this workstation What can I do to fix this? It doesn't appear in active directory any more I've added it, but I'm guessing this had no effect, due to a different SID I can log in as the local administrator however

    Read the article

  • Apache can't access /assets directory (OS X 10.6 Snow Leaopard)

    - by Doug Kaye
    I know this will turn out to be something really stoopid, but I can't find it. Everything was great until I upgraded to OS X 10.6.2 (Snow Leopard) and the supplied Apache 2.2.13. I've replaced all the httpd conf files with my own that were previously working just fine. Everything is great except for one thing: Apache returns a 404 error for any requests to /assets/*. If I rename the directory from 'assets' to anything else, it works fine. I'm going crazy trying to find out why it's sensitive to the string 'assets'. I have no .htaccess files. All permissions have been checked. I've scoured all conf files (including vhosts) for what might cause this and haven't found it. Is there any reason why Apache would treat 'assets' different from anything else? Is there anywhere to check other than conf and .htaccess files?

    Read the article

  • Split DNS clarification

    - by RidableCthulu
    I need some clarification if I understood this correctly. I've been reading about Active Directory and naming my domain, and the reason Microsoft didn't suggest using external public domain was DNS Split. If I understood correctly (and please correct me if I did) in this case I have two Domain Name Servers, both doing the same job, but one of them is internal (in my company i.e.) and the other is a public one. Did I misunderstand this and if I did could somebody explain this to me? I hope this question is not too broad for this site! Cheers.

    Read the article

  • APIPA ip address in server 2003 dns for (same as parent folder record) can anyone suggest why this i

    - by dasko
    have a server 2003 domain controller i have installed active directory integrated dns under the forward lookup zone for domain_name.local i see an APIPA ip address that is set for (same as parent folder) with ip number 169.x.x.x looks like (same as parent folder) Host A 169.x.x.x (apipa subnet range) problem is, from other forums that i have read, that this is due to dual nics and one on that is not getting a dynamic or static ip address BUT... I only have one nic in this server? where could this be coming from and could it mess up other settings or not allowing the DC to be contacted? i am just wondering what symptoms could arise due to the record being there. any help would be greatly appreciated thanks.

    Read the article

  • Why my AD domain doesn't work on my laptop

    - by Frederick Marcoux
    I have installed Windows Server 2008 R2 on a virtual machine with a bridged network card and installed Active Directory. I configured it and when I try to connect my laptop to the domain name, in this case, creationsmicroweb.ca (doesn't exist, don't try, for local only), I can't get connected. My laptop just doesn't see it. I don't know why! There's a resume of my config: Domain Name: creationsmicroweb.ca Forest: new, principal domain controller IP: Fixed (192.168.1.100) DNS Name: none (just for local, I ignored them) NETBIOS name: MICROWEB If someone as found why, please help me! This is for my business that I'm starting and I can't find why it doesn't work!

    Read the article

  • How to get ~/foo from /home/user1/foo?

    - by Claudius
    The Bash prompt supports the \w escape sequence, documented as \w the current working directory, with $HOME abbreviated with a tilde (uses the value of the PROMPT_DIRTRIM variable) Is there any way to get a similar abbreviation for an arbitrary string? That is, is there a general command that does something like the following, provided that HOME=/home/user1 /home/user1 ? ~ /home/user1/a/1 ? ~/a/1 /home/user2/b/2 ? ~user2/b/2 /root ? ~root Sure, I could try something ugly with sed, but that is unlikely to give me the result I want in any case. :-) The movitation behind this is that I would like to keep the titles in the tabs of my terminals as short as possible, hence abbreviate working directories where possible.

    Read the article

  • SharePoint 2010 User Profile Sync - Remove Disabled Users

    - by ScaleOvenStove
    I have SharePoint 2010 set up to sync active directory users and it is working great. I am getting disabled users in the sync though. I have tried what all the blogs say, filter on userAccountControl bit on equals 2 but to no avail, the disabled users are still syncing. I am at a loss on where to look next. My last resort would be to create a ou/folder in AD and move disabled users there and remove that from the sync connector, but I don't really want to go there. Any ideas?

    Read the article

  • Folder Redirection won't load on Windows 7 Machine in Windows 2008 R2 Network

    - by leeand00
    Okay so redirected profiles don't load exactly, but the computer is joined to the network and it won't display any of the users files on their desktop that are in their redirected profile. I know this because we have a Terminal Server and when the user logs in there, her files appear. I checked the users' profile in Active Directory Users and Computers and compared it with a working users profile. When that didn't turn up any differences, I looked at her computer and found that on the Dial-in tab the Network Access Permission wasn't set to Control access through NPS Network Policy like it was on the other machines on the network; so I selected it, ran gpupdate /force on her machine and rebooted. This did not fix the issue. Is there anything else that could be preventing the redirected files on the users desktop from showing up when the user logs in?

    Read the article

  • Windows server 2003 mapping home drive wrong

    - by Sandman2010
    hey all, first question... we have around 30 servers in an Active Directory environment with 600 student computers and 100 staff desktops with XP SP2/3, the win server 2003 has the staff home drives on a NAS and in the last few days after some server updates is now mapping home drives to the \servername\home instead of \severname\home\%username%, its simple to re map the network drive but is annoying. we dont use login script to map home drive but use a VB script for other network drives and if we add the home drive mapping to that it works, but shouldnt the profile option in users AD account map that correctly? which do you all recommend, AD profile mapping or VB Script mapping Home drives? thanks Steven

    Read the article

  • How to add admin users in 389 LDAP, fedora directory server

    - by chandank
    I want to create couple of Admin users who have access to create/delete users on a particular group/Organization Unit. For example, User: uid=testadmin, ou=people, dc=my,dc=net Should have access to create new users/delete users under ou=People,dc=my,dc=net I tried with below ACI but did not work (target = "ldap:///ou=People,dc=my,dc=net")(targetattr = "*") (version 3.0;acl "testadmin Permissions";allow (proxy)(userdn = "ldap:///uid=testadmin,ou=people,dc=my,dc=net");) I am able to add administrative users from the Directory Server console, but this user data is not stored in ldif files and only stored in binary database at /var/lib/dirsrv/slap-ldap/db/. Only problem is these users have full power and I am not sure how to restrict their access.

    Read the article

  • "No such file or directory" when the file is there

    - by Arlaud Agbe Pierre
    I'm trying to run XPDF on a linux (probably red hat) OVH shared server. I've managed to have ftp ssh access and put the 64 bits binaries onto a folder. The problem is : even though the files are there with the right permissions, if I try running it I'm getting a file not found problem (I'm thinking about a missing link..) Long story short : jurisedi@ssh1:~/xpdf$ file pdftotext pdftotext: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), stripped jurisedi@ssh1:~/xpdf$ ./pdftotext -ovh: jurisedi@ssh1:~/xpdf$: No such file or directory Any ideas ?

    Read the article

  • How do I set zone priority in Microsoft DNS?

    - by Justin
    I have a standard small network setup (20 users) on Active Directory. All Windows machines have a primary DNS server as the AD and a secondary DNS server as Google PDNS. I want to setup a DNS entry that exists in real DNS but set it up on our DC so that local requests would route this public domain to a local development machine on the network. I setup the zone in DNS which results in the clients resolving the public FQDN to our internal IP. However, sometimes it still resolves to the "real" value (I check by pinging it). Is there some way to give the zone definition in my DC DNS higher priority? Or will the client that has secondary public DNS always at sometimes have a competing entry for this zone?

    Read the article

  • Can arbitrary email addresses be stored in AD userPrincipalName?

    - by Rob Potter
    I have a web app that is front-ended by ISA, natively authenticating against AD. All users currently log on with sAMAccountName. I would like to allow users to provide a personal email address and be able to authenticate against this instead. From what I understand the AD userPrincipalName is typically used for an internally generated logon name, which by convention, is often their internally generated email address. The web app that I have is web scale (circa 3 million accounts*) and not an internal, corporate app, so the email addresses will be from diverse domains. Can I just set the AD userPrincipalName attribute to the user's email address, and then will ISA natively authenticate against this attribute instead? I heard rumours of AD having a maximum number of domain suffixes that it allows in AD userPrincipalName...? (presumably it catalogues them). [*I realise that AD is not the ideal authentication directory for a user population of this scale.]

    Read the article

  • deploying AV via GPO only to workstations

    - by jeremy
    We have a small (100 machines) Windows domain running Server 2008R2. We use Symantec Endpoint Protection 12.1 I want to have GPO deploy the AV software to client machines automatically, but only to client workstations, not to servers, which run a different software. I've set it up before using a GPO linked to the domain mycompany.local and it works, but it deploys the AV software to ALL machines on the domain, including my servers. I can create an OU in active directory for Servers, and perhaps create one for client machines too, but I'd rather not have to go and move new domain members from the default under Computers into a different folder. How can I use GPO to deploy this AV software only to workstations on our network, and not to servers?

    Read the article

  • Best way to find the computer a user last logged on from?

    - by Garrett
    I am hoping that somewhere in Active Directory the "last logged on from [computer]" is written/stored, or there is a log I can parse out? The purpose of wanting to know the last PC logged on from is for offering remote support over the network - our users move around pretty infrequently, but I'd like to know that whatever I'm consulting was updating that morning (when they logged in, presumably) at minimum. I'm also considering login scripts that write the user and computer names to a known location I can reference, but some of our users don't like to logout for 15 days at a time. If there is an elegant solution that uses login scripts, definitely mention it - but if it happens to work for merely unlocking the station, that would be even better!

    Read the article

  • How do you configure ISC Bind to support GSS-TSIG Updates?

    - by netlinxman
    First, has anyone EVER configured ISC bind 9.5.0 OR greater with support for GSS-TSIG Dynamic DNS Updates AND gotten it to work? If so, what is the configuration that was used to make that happen? I feel close to having this working. I see that GSS cred passes w/o apparent error during the TKEY negotiation with an Active Directory DC and the BIND DNS server: client 192.168.0.30#52314: query gss cred: "DNS/[email protected]", GSS_C_ACCEPT, 4294967256 gss-api source name (accept) is [email protected] process_gsstkey(): dns_tsigerror_noerror client 192.168.0.30#52314: send But, when the Update is sent, it is refused: client 192.168.0.30#58330: update client 192.168.0.30#58330: updating zone 'example.com/IN': update failed: rejected by secure update (REFUSED) client 192.168.0.30#58330: send Does anyone have this working in the real world?

    Read the article

  • Adding a Windows Server 2012 Essentials server to an existing domain, without migrating the AD

    - by TiernanO
    I have an existing Active Directory in house, a mix between a Win2K8R2 and Win2K3 domain, and i would like to test out Windows Server 2012 Essentials BETA on the network. When walking though the install, it gives me the option of a new domain, or migrating from an existing domain. when clicking existing, it tells me i can only have one SBS server running on a domain at a time... So, i dont have any existing SBS servers in house (both are full standard or enterprise editions) but i do plan on keeping at least one of these extra servers running... So, how do i get a 2012 Essentials server to join a domain, and not migrate the existing domain? or if i do migrate, can i still get one of the other boxes to act as secondary controllers?

    Read the article

  • Where can I find a link to download the SP2 of OES2?

    - by Philippe
    Hi, I have a Netware Novell server with an eDirectory and different objects configured. I implemented an OEServer2 SP1 to emulate a DSfW to manage the eDirectory with AD. I join the domain with the Administrator login and I am logged as the Administrator domain. So far, there are no problems. When I open the MMC window on Windows Server 08 and snap in the "Active Directory Users and Computers" I can see all the OUs and objects presented in the Netware N. server. But, when I select some OUs I can have an error, and when I select other I don’t have this error. Error: “Data from XXXXX is not available from Domain Controller OES2.yyyy.local because: The server is unwilling to process the request. Try again later, or choose another DC by selecting Connect to Domain Controller on the Domain context menu.” With XXXX= OU’s name and yyyy.local= domain name and OES2 server name If somebody can upload this SP or post a link to download it... Thank you for your help!

    Read the article

  • Cloning a Windows server with VMWare ESXi without domain membership conflicts

    - by Brad
    We are using VMWare ESXi 3.5, and have found it quite useful for cloning a live server to then use the virtualized version to test/practice software upgrades. The trouble is, when the virtualized version fires up, it registers itself on our domain (Active Directory), causing the original server to no longer be accessible via Windows shares. The fix is to remove the virtualized version from the domain, configuring it to use a workgroup instead, deleting the Computer account in AD, and then removing the real server from the domain and re-adding it. Is there a better procedure? Note, we cannot simply disconnect the virtual network from the virtualized server, as it needs to be connected to the network to actually be removed from the domain.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134  | Next Page >