Search Results

Search found 4461 results on 179 pages for 'availability groups'.

Page 44/179 | < Previous Page | 40 41 42 43 44 45 46 47 48 49 50 51 | Next Page >

How to make security group in one forest show up in another forest?

- by Jake

I have two Win2k8 forests which I do maintenance on. The two forests have full 2 way external, non transitive trust with each other. I have a folder in forest X, domain countryX.mycompany.com accessible ONLY by the global security group named $group. In forest Y, domain countryY.mycompany.com, countryY\user1, countryY\user2 etc needs to have access to the folder. The natural instinct is to put user1, user2 etc into the $group. However, none of the methods for adding user to group works as it appears that the AD cannot find the groups in the other forest. Question: 1.How to make forests see each other's security groups and be able to add? 2.In practice, what is the recommended way to achieve the user access to the folders/files in another forest?

Read the article
Active directory integration not working properly with winbind and samba

- by tubaguy50035

I'm trying to get my linux box to use active directory authentication. I believe I have almost everything setup correctly. I'm able to issue wbinfo -g and wbinfo -u and see all the groups and users respectively. Brief intro to my setup: The username I use on my linux box to do admin things is nick. My active directory username is nwalke. They have two different passwords. I am able to log in to the box with nick and that user's password and I'm also able to login as nwalke with nwalke's password. The curious bit: Upon creating the active directory user's home directory, I run a script that requires root access. This is to setup some system wide things like a samba share for them. When I log in as nwalke, I enter my nwalke password and it succeeds. I'm then greeted with [sudo] password for nick:. If I enter my nwalke password here, it says Sorry, try again.. If I enter nick's password, it says Sorry, user nick is not allowed to execute scriptname as root. If I do groups as nwalke, I see that magically my user has been given the group nick. Now, I accidentally thought that nick had a UID of 100, not 1000. So originally in my smb.conf I had idmap uid 1000-10000. The only thing I can think of, is that I logged in with nwalke while that was still set and now I'm just being presented with a UID of 1000 forcing linux to think I'm nick. I'm not really sure where to go from here. Like I said, I'm fairly certain active directory is communicating with my server properly, but something must not be mapped right on the linux side. Any thoughts? Here is my smb.conf: [global] security = ads netbios name = hostname realm = COMPANY.COM password server = adshost.company.com workgroup = COMPANY idmap uid = 10000-90000 idmap gid = 10000-90000 winbind separator = + winbind enum users = no winbind enum groups = no winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes Let me know if more information about something is required.

Read the article
Allow certain users to access a specific directory?

- by animuson

I'm trying to figure out how to allow certain users who are also me to access a directory of files that I want to use for all of my users. I'm using cPanel and I used WHM to create three separate accounts. The files I want to use are on account1 in the directory /home/account1/public_html/source/engines and I want the directory /home/account2/public_html/source/engines to use the same exact files without having to upload them to both places every time I change them, so I created a simple symbolic link and added account2 to the group account1 (while still keeping its own group as the primary). It still gives me a Permission Denied error though. Is there any way I can grant account2 and other accounts that I create for myself access to those files? I don't want them to be global to all users because I don't want my hosted users to be able to access them, only my users. groups account1 returns account1 : account1 groups account2 returns account2 : account2 account1 /home/account1/public_html/source/engines and all its files belongs to account1:account1 Any other information you might need just ask.

Read the article
What are good Usenet account providers, both free and paid?

- by alok

I used to access newsgroups via the Berlin university's facilities - they provided free acccounts, but that stopped a few years ago. Since then I have been using Google groups to access newsgroups but it's not the same thing as accessing Usenet via a newsreader like Pan. If any of you still access newsgroups via news readers, where is your account? Please mention if it's free or paid, if paid, how much do you pay, as well as how satisfied you are with the service. Edit: While binaries may be a reason to have a Usenet account, that's not the motivation for me. It is the ability to use the newsreader client features that Google groups doesn't provide.

Read the article
LDAP :Failed to find add in mandatory or optional attribute list

- by Manju Prabhu

I am trying to import an ldif file which has following content- DN: cn=myUser,cn=Users,dc=us,dc=oracle,dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetorgperson objectclass: orcluser objectclass: orcluserV2 cn: myUser givenname: myUser mail: myUser orclsamaccountname: myUser sn: myUser uid: myUser userpassword:: somepassword dn: cn=Administrator,cn=Groups,dc=us,dc=oracle,dc=com objectclass: person changetype: modify add: uniquemember uniquemember: cn=myUser,cn=Users,dc=us,dc=oracle,dc=com When I do this, LDAP throws follwing error javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find add in mandatory or optional attribute list.]; remaining name 'cn=Administrator,cn=Groups,dc=us,dc=oracle,dc=com' The user gets imported, but it is not added to the group(Group exists). What am i missing ?

Read the article
Volume group disappeared, LVs still available

- by Ben

I've run into an issue with my KVM host which runs VMs on a LVM volume. As of last night the logical volumes are no longer seen as such (I can't create snapshots of them even though I have been for months now). Running any scans all result in nothing being found: [root@apollo ~]# pvscan No matching physical volumes found [root@apollo ~]# vgscan Reading all physical volumes. This may take a while... No volume groups found root@apollo ~]# lvscan No volume groups found If I try restoring the VG conf backup from /etc/lvm/backups/vg0 I get the following error: [root@apollo ~]# vgcfgrestore -f /etc/lvm/backup/vg0 vg0 Couldn't find device with uuid 20zG25-H8MU-UQPf-u0hD-NftW-ngsC-mG63dt. Cannot restore Volume Group vg0 with 1 PVs marked as missing. Restore failed. /etc/lvm/backups/vg0 has the following for the physical volume: physical_volumes { pv0 { id = "20zG25-H8MU-UQPf-u0hD-NftW-ngsC-mG63dt" device = "/dev/sda5" # Hint only status = ["ALLOCATABLE"] flags = [] dev_size = 4292870143 # 1.99902 Terabytes pe_start = 384 pe_count = 524031 # 1.99902 Terabytes } } fdisk -l /dev/sda shows the following: [root@apollo ~]# fdisk -l /dev/sda Disk /dev/sda: 6000.1 GB, 6000069312512 bytes 64 heads, 32 sectors/track, 5722112 cylinders Units = cylinders of 2048 * 512 = 1048576 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x000188b7 Device Boot Start End Blocks Id System /dev/sda1 2 32768 33553408 82 Linux swap / Solaris /dev/sda2 32769 33280 524288 83 Linux /dev/sda3 33281 1081856 1073741824 83 Linux /dev/sda4 1081857 3177984 2146435072 85 Linux extended /dev/sda5 1081857 3177984 2146435071+ 8e Linux LVM The server is running a 4 disk HW RAID10 which seems perfectly healthy according to megacli and smartd. The only odd message in /var/log/messages is the following which shows up every couple of hours: Jun 10 09:41:57 apollo udevd[527]: failed to create queue file: No space left on device Output of df -h [root@apollo ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 1016G 119G 847G 13% / /dev/sda2 508M 67M 416M 14% /boot Does anyone have any ideas what to do next? The VMs are all running fine at the moment apart from not being able to snapshot them. Updated with extra info It's not a lack of inodes: [root@apollo ~]# df -i Filesystem Inodes IUsed IFree IUse% Mounted on /dev/sda3 67108864 48066 67060798 1% / /dev/sda2 32768 47 32721 1% /boot pvs, vgs & lvs either output nothing or "No volume groups found".

Read the article
LDAP (slapd) creating users with access to specific trees

- by Josh

I am setting up a CentOS server with Virtualmin and Postfix, and I am trying to use LDAP to store unix users, groups, Postfix aliases and virtual domains. I am following the instructions from Webmin's site. I have created an LDAP domain and configured Postfix to fetch Aliases and Virtual Domains from LDAP, but in order to do so I had to configure postfix to authenticate with the master LDAP account, cn=Manager,dc=mydomain,dc=com. This seems like a terrible idea because that account has access to the Users and Groups, which postfix does not need access to. How can I create a new LDAP account for Postfix which only has access to the LDAP trees Postfix needs?

Read the article
Funky mail sorting and grouping in Outlook 2007

- by laurie

In outlook 2007 I group mails in a folder by subject with mails in each subject group sorted by Received date (newest to oldest) This works fine; I tick 'Subject' and 'Show in groups' in the context menu of the folder's table header. Life is good. But the subject groups in the mail folder are sorted alphabetically. I would like the group which has the newest mail to be the first group. Similar to how the arrange by 'Conversation' works Can this be done? I'm not averse to an add-in/macro type solution if anyone can point me at examples of implementing custom sorting in Outlook

Read the article
Strip X Window System from OpenRD (Fedora core 8)

- by disown

I just got myself an OpenRD Client embedded box with an old Fedora 8 on it. Runs like a charm, only problem is that the default install has X on it, which I would like to remove in order to free up some space. I found a similar post here on the same topic, but yum groupremove doesn't work in my case, yum grouplist returns nothing, so I presume that no groups are defined. I don't know if this is because fedora 8 didn't have any groups, or because the OpenRD build is special in some way. In any case, I would like some tips on which package(s) to remove in order to remove an as big chunk of X as possible. Thanks in advance.

Read the article
How can I get vim to set an ACL on its swap files?

- by thsutton

I use vim on an OS X Snow Leopard Server machine. A number of the directories I work in have ACLs (so that various groups of users can access them over AFP) that are inherited. For some reason, when I'm working in one of these directories, vim cannot read it's own swap files. It can create them fine but can't read them which, for some reason, makes it display the "swap file already exists" message (and no, the swap file does not already exist). vim -r lists the newly created swap file as "[cannot be read]". The owner and group are correct and the permissions are 0600, and the ACLs on the swap file and the file I'm editing are identical (as disclosed by ls -le and compared with diff). groups returns the same thing whether invoked from my login shell or via :! in vim. Has anyone encountered (and hopefully resolved) a problem like this before?

Read the article
Is it safe to delete "Account Unknown" entries from Windows ACLs in a domain environment?

- by Graeme Donaldson

It's not uncommon to see entries in Windows ACLs (NTFS files/folders, registry, AD objects, etc.) with the name "Account Unknown (SID)". Obviously these are because of old AD users or groups which at some point had permissions manually configured on the relevant object and have since been deleted. Does anyone know if it is safe to remove these "Account Unknown" ACEs? My gut feeling is that it should be just fine, but I'm wondering if anyone has any past experiences where doing this has caused trouble? Normally I just ignore these, but the company I'm working at now seems to have an abnormal number of these, most likely due to past admins' inexperience with AD/Windows and assigning permissions to user accounts rather than groups in all sorts of weird places. FWIW, our environment is not complex, a single domain forest, 4 DCs in 3 sites, with all network connectivity and replication healthy, so I'm certain that these "Account Unknown" entries are really old accounts, and not just because of some failure to resolve the SID to a human-readable name.

Read the article
What settings need to be changed to allow EC2 instances to use Amazon's Route 53 for DNS?

- by ks78

I have a number of Amazon EC2 instances, all running Ubuntu, which I'd like to configure to use Amazon's Route 53. I setup a script, following Shlomo Swidler's article, but ran into script-related issues, which were answered here. Now, I have the script working, but my instances are still not able to access Route 53's DNS. By this I mean, they are not able to resolve hostnames to IP addresses. My instances are currently configured with the DNS server IP address Amazon pushes out to them by default, does that need to be changed when using Route 53? I'm also IP-restricting my instances using the Security Groups. Could that be the problem? Is there a certain IP address or port I should open to allow communication with Route 53? It seems that DNS requests should be originating from my instances so the Security Groups shouldn't be an issue, but I've been wrong before. If anyone has any ideas, I'd really appreciate it.

Read the article
OSX chown problems after creating users with dscl

- by RandomInsano

Alright, so I've made a user and a group using dscl as follows: dscl . -create /Users/deadline dscl . -create /Groups/deadline dscl . -append /Groups/deadline GroupMembership deadline Now I'm trying to chown things like so: mkdir /tmp/stuff chown deadline:deadline /tmp/stuff But the problem is that it sets the user and group to nobody instead of this user 'deadline'. What magic voodoo property do I need to add to the user and group to have it set the unix permissions properly? Also, why must Apple hate me and my Unix background :(

Read the article
Can you have a WMI query for GPO Filter based on user's OU?

- by Jordan Weinstein

I'm wondering if there is a way to have a WMI query check the OU of the user logging on. I'd like a GPO (linked to Citrix servers OU) to apply only to users if the user is in a certain OU - this is for Citrix so the overly obvious answer of - well just link it to the OU the user is in does not apply. This also cannot be done using security groups because a long time ago those started to get used as Distribution Groups also and now too many are widely inaccurate. Lastly I need to apply this to the entire GPO as there are more than just group policy preferences included so I can't use the item-level targeting feature either. But my OUs are accurate so I'd like to use those if I can. I'd like a WMI query filter to say, apply GPO if user is member of OU 'x' that doable?

Read the article
Squid throws error, The requested URL could not be retrieved

- by Supratik

Sometimes I am getting the following error The requested URL could not be retrieved While trying to retrieve the URL: http://groups.google.com/ The following error was encountered: Unable to determine IP address from host name for groups.google.com The dnsserver returned: Refused: The name server refuses to perform the specified operation. This means that: The cache was not able to resolve the hostname presented in the URL. Check if the address is correct. Your cache administrator is root. What could be the reason for the above error ? Regards Supratik

Read the article
Windows 7 taskbar items not grouping properly

- by Joel in Gö

I don't understand the Windows 7 taskbar behaviour. For some programs it will not group the running instances, or will groups some of them but not all. I have set taskbar items to "always combine", but this has not helped. It seems to possibly be two issues: with an app that has a different taskbar icon when running than for its launcher; and for VisualStudio, when starting by double clicking a project it groups separately from when starting the IDE from the .exe. Is there any way to force the items to combine? I quite like the Win7 taskbar, and would like it to work consistently...

Read the article
Full Access user removed from NTFS Share

- by TJ

I don't know how it happened but for some reason one of the sub folders in the Network shares (call the share Market and the sub folder Support) no longer has any groups or users with full permissions on the share. The Market top level has users and groups with these permissions and everything is set up for folder inheritance but it's not inheriting permissions from the top level and only has modify permissions for the single group that is in the Access List for the sub folder Support. I can see items in the sub folder but I can not add, edit, or delete permissions to the Support folder. What are my options so I can once again manage permissions?

Read the article
Active Directory Profile Slows down machine

- by boburob

I have a strange issue with an Active Directory profile. When the user logs onto a machine with his profile, the whole machine becomes incredibly slow and unresponsive, with programs hanging and taking an age to load everything. If I log into the same machine with any other profile nothing happens. I took a look at his original profile, any start up programs, login scripts, etc and could not see what could be causing this. The machine is not running out of memory or CPU. Nothing strange is appearing in the event log and I can see nothing running under his profile which may cause this. So I created the user a new profile to test this on and exactly the same thing happens on the first login. The only thing which would of been carried across is the security groups the user is assigned to, yet I have other users with the same groups who do not experience these issues so I am now at a complete loss on where to go next!

Read the article
Samba does not reload user group members

- by xato

I am running a simple samba server setup where users connect to a share which contains folders for specific user groups. The folders are chmod 2770, so only users which are in the correct group can read/write in them. The problem is that if I change group memberships (i.e. remove user from group / add user to group; changes are in sync between clients and server!) samba does not automatically reload the group memberships for the user, so they can still write to groups that they are no longer a member of etc. I either have to reconnect to the share or to restart samba to apply the changes. Is there any way to prevent group caching and/or enable group membership reload in samba? My smb.conf: https://gist.github.com/anonymous/ca7c10a3b3e2168d7a03

Read the article
mini-dinstall chmod 0600 changes file: Operation not permitted

- by V. Reileno

I'm getting "Operation not permitted" in the mini-dinstall.log everytime a new debian package has been uploaded on the custom debian repository using dput. The deb file is installed successfuly but the changes file remains in the incoming folder. I can not use a post-install script when the changes file can not be processed. How can I fix this problem? Traceback (most recent call last): File "/usr/bin/mini-dinstall", line 780, in install retval = self._install_run_scripts(changefilename, changefile) File "/usr/bin/mini-dinstall", line 826, in _install_run_scripts do_chmod(changefilename, 0600) File "/usr/bin/mini-dinstall", line 193, in do_chmod do_and_log('Changing mode of "%s" to %o' % (name, mode), os.chmod, name, mode) File "/usr/bin/mini-dinstall", line 176, in do_and_log function(*args) OSError: [Errno 1] Operation not permitted: '/srv/debian-repository/mini-dinstall/incoming/debian-repository_1.3_amd64.changes' The mini-dinstall permissions: ls -lad incoming/ drwxrws--- 2 mini-dinstall debian-repository-uploader 4096 Jun 6 11:45 incoming/ ls -la incoming/debian-repository_1.3_amd64.changes -rw-rw---- 1 uploader-user debian-repository-uploader 1322 Jun 6 11:43 incoming/debian-repository_1.3_amd64.changes groups uploader-user uploader-user : uploader-user adm users debian-repository debian-repository-uploader puppet-client-updater groups mini-dinstall mini-dinstall : mini-dinstall debian-repository-uploader Cheers and thanks V.

Read the article
Delegation Permissions to admins in Active Directory/Taskpads

- by user1569537

I am trying to provide taskpads to few admins to operate on few tasks delegated to them at OU level.I ran into the following problem; lets say i delegated access to the admin on OU X and which is ability to modify groups such as sample group X1 , he must be able to add any users from OU X to the group X1. The issue here is while testing i found out the admin can do the above but also can add a user Y1 from the OU Y(which he doesnt have delegated permissions) to the group X1.What am i missing? how to restrict admin from adding users out of OU to the groups he has modify access to? Please ask me if any more details/clarification required.

Read the article
Can a Mac Mini Server and XCode be used for multiple students?

- by twerdster

I'm not an administrator but Ive been given the task of finding out whether this is possible. The scenario is like this: At our university we are offering a course in basic iPhone programming for between 4 to 8 groups of students. We have a few iPads, iPods and iPhones but only two Mac Minis. We want to enable the students to work on XCode in the lab (and from home if possible) without buying 8 Mac Minis. Is this possible to do using a Mac Mini Server? If so how would it work if 2 or more groups want to use XCode simultaneously and to debug their programs on devices simultaneously?

Read the article
How do I update the memberOf attributes of existing objects after adding the OpenLDAP Reverse Group Membership Maintenance overlay?

- by mss

This is a follow-up to this question: I added the memberof overlay to an existing OpenLDAP 2.4 server. Now I want to update the existing user objects. For new group memberships, the memberOf attribute is updated correctly. But I have a bunch of existing groups which aren't updated automatically. I could remove all users from their groups and re-add them to make sure these entries are in sync. Since this is a Univention Corporate Server which does a lot of magic when you modify the LDAP, I don't want to risk breaking my directory. Is there a way to trick the overlay to update these operational attributes?

Read the article
Restricting Internet Access with Group Policy

- by The Woo

In a Windows Server 2003 environment, does anyone know a way of restricting internet access with groups and group policy?

Read the article
Prompt for user group when logging into OSX domain

- by mattdwen

When a user is a member of more than one group, when logging in to a 10.6 machine, it shows a prompt asking for what group to apply settings for. We're using the groups to mount different shares, e.g. Production and Accounts, based on user membership. Often, a user is a member of more than one group, and needs all the drives available. The Open Directory server is running 10.6 also. Is there a way to skip this prompt and apply settings for all groups. I can foresee that there may be conflicts between group settings, but perhaps a priority can be set too? Or is this totally the wrong way to go about this?

Read the article

< Previous Page | 40 41 42 43 44 45 46 47 48 49 50 51 | Next Page >