Search Results

Search found 4884 results on 196 pages for 'ad hoc distribution'.

Page 52/196 | < Previous Page | 48 49 50 51 52 53 54 55 56 57 58 59  | Next Page >

  • ActiveSync devices causing accounts to lockout

    - by Abdullah
    When a user changes his account password for whatever reason (read: expired), and the old password is stored in his mobile device connected through EAS. This will cause his account almost immediately - as it should according to the lockout policy defined in the AD. It was easy to figure out that part. The hard part is keeping it from happening. I looked everywhere. Nothing. Basically there are four parts to the puzzle: the EAS device, the TMG (ISA) server, the EAS protocol and finally the AD. None of them have a way to stop the EAS device from failing to authenticate. So I figured I'll have to come up with a clever workaround. And the only thing I could come up with is to create a group for all EAS users and exclude them from the lockout policy, which obviously defeats the whole purpose of the policy, or to educate the users to update their devices with the new passwords, which is impossible. The question: Can you think of any other way to prevent EAS from locking out the accounts? Environment: Mostly iOS devices all through EAS. TMG 2010. Exchange 2007. AD 2008 R2.

    Read the article

  • NetApp FAS 2040 LDAP Win2k8R2

    - by it_stuck
    I am trying to get my FAS2040 to action user lookups using LDAP, below is the filer configuration options: filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base.group ldap.base.netgroup ldap.base.passwd ldap.enable on ldap.minimum_bind_level anonymous ldap.name domain-admin-account ldap.nssmap.attribute.gecos gecos ldap.nssmap.attribute.gidNumber gidNumber ldap.nssmap.attribute.groupname cn ldap.nssmap.attribute.homeDirectory homeDirectory ldap.nssmap.attribute.loginShell loginShell ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup ldap.nssmap.attribute.memberUid memberUid ldap.nssmap.attribute.netgroupname cn ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple ldap.nssmap.attribute.uid uid ldap.nssmap.attribute.uidNumber uidNumber ldap.nssmap.attribute.userPassword userPassword ldap.nssmap.objectClass.nisNetgroup nisNetgroup ldap.nssmap.objectClass.posixAccount posixAccount ldap.nssmap.objectClass.posixGroup posixGroup ldap.passwd ****** ldap.port 389 ldap.servers ldap.servers.preferred ldap.ssl.enable off ldap.timeout 20 ldap.usermap.attribute.unixaccount unixaccount ldap.usermap.attribute.windowsaccount sAMAccountName ldap.usermap.base ldap.usermap.enable on output of nsswitch.conf: hosts: files dns passwd: ldap files netgroup: ldap files group: ldap files shadow: files nis Error Message(s): [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for dc1.colour.domain.LOCAL. [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using DNS site query (site). [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using generic DNS query. Could not get passwd entry for name = <random user> the filer can ping the FQDN of dc1 the filer can ping the IP of dc1 the filer cannot ping "dc1" I'm not sure where I'm going wrong, so any pointers would be great.

    Read the article

  • Cannot Change "Log on through Terminal Services" in Local Security Policy XP from Server 2008 GP

    - by Campo
    This is a mixed AD environment, Server 2003 R2 and 2008 R2 I have a 2003 AD R2 and a 2008 R2 AD. GPO is usually managed from the 2008 R2 machine. I have a RD Gateway on another server as well. I setup the CAP and RAP to allow a normal user to log on to the departments workstation. I also adjusted the GPO for that OU to allow Log on trhough Remote Desktop Gateway for the user group. This worked on my windows 7 workstation. But unfortunately the policy is a different name in XP "allow log on through Terminal Services" I can get through right into the machine but when the log on actually happens to the local machine i get the "Cannot log on interactively" error. This is set in (for the local machine) Secpol.msc Local Security Policy "user rights assignment" but is controlled by the GPO in Computer Configuration Policies Security Settings Local Policies "User Rights Assignment" Do I simply need to adjust the same setting on the same GPO but with a server 2003 GP editor? Feel like that could cause issues... Looking for some direction. Or if anyone has run into this issue yet. UPDATE Should this work? support.microsoft.com/kb/186529 Still seems like I will have the issue as the actual GP settings for Log on through Terminal Services is still different between Server 2008 R2 and 2003 R2.... Another Thought: Should I delete the GPO made for the department and remake it with the 2003 R2 server? I have no 2008 specific settings as the whole department runs XP other than myself. If that's a solution I will move my computer out of the department as a solution... Thoughts?

    Read the article

  • Linux Distro for Beginners

    - by XLR3204S
    Well... I know that's the question arising all over the Internet, but I couldn't find an answer to suit me after googling for quite some time. I'd like to get a Linux distribution, and start learning using the CLI. I'm looking for a distribution already having GNOME installed, as I'll be using Linux-Command.org as my learning resource, and I'm not very familiar with CLI-based web browsers. I'd mainly like to get to know my way around a UNIX-based system, and then I think I'd like to pick up a CLI-only distribution, and start doing more complex stuff. I've tried Ubuntu, Fedora Core, OpenSolaris and FreeBSD (the last two aren't linux distros, I know). Ubuntu and FC are fine, they do come with Firefox, but I'm not really sure they're meant for learning purposes. OpenSolaris was OK as well, but I haven't got to play with it enough. FreeBSD 7.2 did not want to install itself on my 13" MacBook Pro, it generated a kernel panic everytime while copying the files to the disk. So to sum this up, I'm trying to learn Linux, and I'm willing to invest time into this (that is, not giving up when the first problems arise). I also have intermediate knowledge of C++, if it helps, and I'm also using the CLI-vim to write small C++ CLI-based programs, so text editing should be any problem. And... speaking of Macs, how am I going to be limited if I try to learn how to use UNIX-based systems using the OS X Terminal? It uses bash 3.2, isn't this the same shell as the one found on most of the Linux machines? How does the fact that OS X is based on FreeBSD 4.4, if I'm not mistaking, affect this? Thanks in advance, and hopefully, I'll have a starting point ASAP.

    Read the article

  • Possible DNS issue?

    - by durilai
    I am having an issue, which I think stems from DNS. I have 2 servers. Server 1 is AD server with DNS, which was automatically configured when installing AD. The second server is a web server that is part of the domain, but it is not AD nor any other role. I can remote desktop in from server 1 using internal IP address, but when I attempt to connect from any other computer it fails, the computer can connect to server 1. I am able to ping both servers, as well as nslookup both using their FQDN. I am also able to telnet to port 3389. Any help is appreciated UPDATE I do not think it is DNS anymore, but not sure what it is. The remote desktop connects and I get to the login prompt, but when I start to enter credentials it disconnects. I then am unable to reconnect. If I wait for about 10 minutes it will allow me to repeat, but with the same results. UGH!!!

    Read the article

  • Domain authentication over OPEN wireless pre-logon (Windows 7 Pro) - No logon servers avail

    - by Shadow00Caster
    I have a plethora of laptops that are joined to an AD domain. I have an enterprise wireless system setup, the users of these laptops will be using an OPEN unsecured SSID which will ultimately have a captive portal that uses Radius-AD auth and firewall rules to allow access pre-captive portal auth to the proper ip's/ports of DC's etc for auth etc. I already have other laptops/users connecting to another SSID with 802.11x and SSO, all works perfectly pre-logon etc. My problem is with this open network, for some reason I cannot get the machines to auth to AD. The laptops connect to the wireless network, I confirm this on the controller and can ping the laptop at startup. I sharked the wires on the 2 DC's that these machines auth to, I can see a DNS SOA update from a laptop im testing with and can ping that test laptop from both DC's. When I try to logon, "There are currently no logon servers available to service the logon request." The shark shows no incoming connections to either DC even though the laptop is connected and pingable. Any help is greatly appreciated.

    Read the article

  • can't figure out why apache LDAP auth fails

    - by SethG
    Suddenly, yesterday, one of my apache servers became unable to connect to my LDAP (AD) server. I have two sites running on that server, both of which use LDAP to auth against my AD server when a user logs in to either site. It had been working fine two days ago. For reasons unknown, as of yesterday, it stopped working. The error log only says this: auth_ldap authenticate: user foo authentication failed; URI /FrontPage [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server], referer: http://mysite.com/ I thought perhaps my self-signed SSL cert had expired, so I created a new one for mysite.com, but not for the server hostname itself, and the problem persisted. I enabled debug-level logging. It shows the full SSL transaction with the LDAP server, and it appears to complete without errors until the very end when I get the "Can't contact LDAP server" message. I can run ldapsearch from the commandline on this server, and I can login to it, which also uses LDAP, so I know that the server can connect to and query the LDAP/AD server. It is only apache that cannot connect. Googling for an answer has turned up nothing, so I'm asking here. Can anybody provide insight to this problem? Here's the LDAP section from the apache config: <Directory "/web/wiki/"> Order allow,deny Allow from all AuthType Basic AuthName "Login" AuthBasicProvider ldap AuthzLDAPAuthoritative off #AuthBasicAuthoritative off AuthLDAPUrl ldaps://domain.server.ip/dc=full,dc=context,dc=server,dc=name?sAMAccountName?sub AuthLDAPBindDN cn=ldapbinduser,cn=Users,dc=full,dc=context,dc=server,dc=name AuthLDAPBindPassword password require valid-user </Directory>

    Read the article

  • Adding 2008 Server to 2008 Domain

    - by Phillip
    Hello, I'm trying to create a lab for testing before I deploy solutions, I'm no experienced IT Administrator, and therefore I come here for help. I'm running 2 Virtual Servers on the same machine on a local connection between those two. They'are able to ping each other. Their names is TSDATA1 and TSDATA2 where TSDATA1 is the Domain Controller. I am able to ping between those two, on both "ping TSDATA1" and "ping 10.0.0.1" which is the IP address of TSDATA1. The IP address of TSDATA2 is 10.0.0.2. I'm trying to join the domain with TSDATA2 both I'm getting this error when trying: Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt. The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain tsdata.local: The error was: "DNS name does not exist." (error code 0x0000232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.tsdata.local Common causes of this error include the following: The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses: 10.0.0.1 One or more of the following zones do not include delegation to its child zone: tsdata.local local . (the root zone) For information about correcting this problem, click Help. I've figured out it has something to do with DNS lookup, but I have no clue what to do. Can anyone help?

    Read the article

  • Windows Share authentication from Active Directory Linux login

    - by Kenny
    I'm using Active Directory to log into RHEL. To do this, I followed the steps outlined here: http://www.markwilson.co.uk/blog/2007/05/using-active-directory-to-authenticate-users-on-a-linux-computer.htm I'd like to be able to read data from Windows Servers shared folders without being prompted for a password. On Windows I log into an AD domain, and when I access windows file shares on a server on the LAN (also part of the AD domain) my I can just access them with no authentication step. I've used SMBclient on Linux to access these shares, but it asks for my password. I would like to be able to script access to the data on the shares, but I can't if there's a password prompt in the way. Well, I could, but it's not how I want to do it. Now, since I'm logged in using my active directory username & password, can't I just access the shares without jumping that extra hoop? I know I can mount the share using something like: //192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw 0 0 but access will depend who is logged in... each user logging in should have their own unique AD access privelages. Thanks for reading!

    Read the article

  • Windows Share authentication from Active Directory Linux login

    - by Kenny
    Hi, I'm using Active Directory to log into RHEL. To do this, I followed the steps outlined here: http://www.markwilson.co.uk/blog/2007/05/using-active-directory-to-authenticate-users-on-a-linux-computer.htm I'd like to be able to read data from Windows Servers shared folders without being prompted for a password. On Windows I log into an AD domain, and when I access windows file shares on a server on the LAN (also part of the AD domain) my I can just access them with no authentication step. I've used SMBclient on Linux to access these shares, but it asks for my password. I would like to be able to script access to the data on the shares, but I can't if there's a password prompt in the way. Well, I could, but it's not how I want to do it. Now, since I'm logged in using my active directory username & password, can't I just access the shares without jumping that extra hoop? I know I can mount the share using something like: //192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw 0 0 but access will depend who is logged in... each user logging in should have their own unique AD access privelages. Thanks for reading!

    Read the article

  • vCenter 5.1 SSO Configuration option not available in Web Client?

    - by goober
    Problem I just finished separately installing vCenter Server 5.1. I installed the components separately but on the same machine using a local SQL 2008 R2 DB (not SQL express). Everything appears to be working correctly with the exception of SSO. It doesn't find the AD server. This is to be expected (see below) but I don't know how to fix it. Potential Leads / Steps taken During the install of SSO, I was logged on as a local administrator (waiting on central IT dept to create a service account). As a result, I received a message saying that SSO wouldn't be able to automatically locate the AD. (fair eonugh) After I read up on it a little bit, I believed I could go into the SSO Configuration option in the Web client, like so: However, what I actually see is: I also notice that the "SSO Users and Groups" entry is not there. Betting that has something to do with it as well. Question How can I get the "Configure" Option to show up for SSO? Overall goal: How can I manually enter the AD server in this scenario while logged in as a local administrator? References VMWare vCenter 5.1 Installation: Part 9 (Optional SSO Configuration) [Derek Seaman's Blog] (used the image of correct configuration menu)

    Read the article

  • Active directory Kerberos OSX problems

    - by Temotodochi
    I'll try to keep this short, but informative. I'm currently unable to bind OSX lion (10.7.4) machines to our AD. OSX kerberos (heimdal) is unable to locate the KDC service. However i can bind linux & windows machines to the AD without any problems in the same network AD controls the domain DNS and all the relevant _kerberos._tcp.x.domain.com and _kpasswd SRV DNS records are there and resolve fine when tried from OSX machines. Defined ports are open for service and manually accessible from OSX. When i try kinit in the OSX, i can get the first auth through (wrong passwords fail instantly), but when supplied with correct password, kinit fails after some waiting with "unable to reach KDC". All machines run NTP and have correct time. During testing, network is not firewalled between the machines Linux and windows machines have no problems whatsoever I have tried with and without /etc/krb5.conf - OSX by default does not need it in the krb5.conf i used a working config from one of our linux machines. dsconfigad fails with simple "connection failed to the directory server" I'm a bit baffled with this. OSX is like the KDC is nowhere to be found and at the same time my test machines with windows 7 and some linux (centos 6 & debian 6) machines have no problems whatsoever. Same network, same configurations. I'm missing some vital piece of configuration somewhere, and i can't find out what it is.

    Read the article

  • Active Directory Child Domain Replication Problems

    - by MikeR
    Hi, I've recently inherited an Active Directory (all DCs Windows 2003) which has been configured with several child domains that are used as test environments for out CRM software. Two of these child domains have been used for testing using dates in the future (2015), throwing them well outside of the Kerberos tolerance for time, and they're flooding my event logs with replication errors such as the following: Description: The attempt to establish a replication link for the following writable directory partition failed. Directory partition: CN=Schema,CN=Configuration,DC=ad,DC=xxxxxxx,DC=com Source domain controller: CN=NTDS Settings,CN=TESTDC001,CN=Servers,CN=SiteName,CN=Sites,CN=Configuration,DC=ad,DC=xxxxxxx,DC=com Source domain controller address: 38e95b2a-35af-4174-84ba-9ab039528cce._msdcs.ad.xxxxxxx.com Intersite transport (if any): This domain controller will be unable to replicate with the source domain controller until this problem is corrected. User Action Verify if the source domain controller is accessible or network connectivity is available. Additional Data Error value: 5 Access is denied. I'd also like to upgrade to Windows 2008 at some point, but wouldn't want to attempt any schema updates while I'm not 100% confident on the replication. I'm guessing my only real solution will be to get rid of these child domains. The child domains are operating as stand alone domains, the DC is up and running and authenticating test users fine. I'm guessing the best solution to this would be to delete the domains (although I'd be happily told otherwise). The clock forwarding appears to have been happening for several years, so I'm assuming I can't just put the clock right (I'm guessing scope for this would be 180days, the same as the tombstone lifetime) With the replication errors would I be able to dcpromo the child domains DC, select it as the last domain controller in the domain and the child domain would be deleted? Or would I be better off treating the domain as an orphaned domain and use Microsoft's instructions to clear up as such. Any advice would be much appreciated.

    Read the article

  • Can I use IIS to do ActiveDirectory single-sign-on for another website?

    - by brofield
    I'm trying to add Active Directory single-sign-on support to an existing SOAP server. The server can be configured to accept a trusted reverse-proxy and use the X-Remote-User HTTP header for the authenticated user. I want to configure IIS to be the trusted proxy for this service, so that it handles all of the Active Directory authentication for the SOAP server. Basically IIS would have to accept HTTP connections on port X and URL Y, do all the authentication, and then proxy the connection to a different server (most likely the same X and Y). Unfortunately, I have no knowledge of IIS or AD (so I am trying my best to learn enough to build this solution) so please be gentle. I would assume that this is not an uncommon scenario, so is there some easy way to do this? Is this sort of functionality built into IIS or do I need to build some sort of IIS proxy program myself? Is there a better option for getting the authentication done and the X-Remote-User HTTP header set than requiring IIS? Update: For example, what I am trying to create is: [CLIENT] [IIS] [AD] [SOAP-SERVER] 1. |---------------->| 2. |<--------------->|<---------->| 3. |--------------------------->| 4. |<---------------------------| 5. |<----------------| 1. POST to http://example.com/foo/bar.cgi 2. Client is not authenticated, so do authentication 3. Once validated, send request to server (X-Remote-User: {userid}) 4. Process request, send response 5. Forward response to client I need to know how to configure IIS to do the automatic authentication of the user using AD, and then to proxy the request to the actual server, sending the userid in the X-Remote-User HTTP header.

    Read the article

  • Linux And NTFS Permissions

    - by VGE IT
    Trying to restrict a folder within a directory created in linux filesystem. I have changed the permissions to: root rwx, a special active directory group rwx and all others r. Upon doing so, people that are not in the special AD group can access the directory and modify files. Upon doing so the group changes to "Domain Users" when the user modifies documents within the directory. I have to manualy change the documents default group back to my AD group. I have tried to create another AD group and modify permissons to deny write access. When doing so through windows explorer, the settings seem to take affect until I go back in a look at permissions for the restricted group. No permissions show when I view for the second time. Please assist. Samba share properties [MyShare] comment = "blah blah blah" browseable = yes guest ok = no read only = no path = /xxx/xxxxx/ create mask = 0640 directory mask = 0750 admin users = @"domain\Domain Admins", @"domain\group A", @"domain\group B" valid users = @"domain\Domain Admins", @"domain\group A", @"domain\group B" nt acl support = Yes inherit acls = yes inherit owner = yes inherit permissions = yes

    Read the article

  • Error setting up Data Protection Manager 2010 Agents / Network "Unauthenticated" in network settings

    - by Bowsa
    I'm not sure if the two are connected but i suspect they are. Basically I'm tring to setup Data Protection Manager 2010 on a fresh install of Server 2008 R2 in a SBS 2003 domain. Everything went fine until trying to install agents across the network. Upon clicking add, i get the following error message: Unable to connect to the Active Directory Domain Services Database. Make sure that the DPM server is a member of a domain and that the controller is running. Also verify that there is network connectivity between the DPM server and the domain controller. ID: 7 As usual (worryingly) the MSDN support for 2010 products is nearly non existant, clicking the error ID simply gives a page not found error. So after 2 days of Googling and trying various fixes (DNS settings, adding permissions to AD objects, rejoining the domain and many more) I thought I'd ask here in the hope that someone out there may have had this issue before. Any help greatly appreciated! Some further info: Firewalls are disabled on the Server 2008, SBS, and client machines. Manually installing and adding the client in also fails, as the DPM server tries to contact the DC first. Edit: I tried creating a new protection group instead, and it gives a different error upon adding the machines: Following machines are not found in AD: COMPUTERNAME.COMPANYNAME.LOCAL Is there a certain directory structure it follows in AD?

    Read the article

  • CloudFront for dynamic content CDN

    - by Elad Lachmi
    I would like to use CF as a CDN for my entire site, including static and dynamic content. I have been using CF for static content for a while and I am very happy with the results. I am now doing POC of putting the web server completely behind CF. For the dynamic content I created a new distribution and set the origin to be my web server. Right now I'm looking to test the solution, so I have the web server on the original domain and the CF distribution on the amazon domain. This works with the exception of HTTPS urls and POST requests. For HTTPS requests, I see the requests are forwarded to the original site domain for now, but how will CF handle them when I move the distribution to the www cname? What configuration changes should I make so that CF forwards HTTPS requests to the origin? For POST requests, I want the post to be made to the origin server. Can I set this up in CF? Finally, the site has membership. Can I configure CF to pull all content from the origin if the user is logged in? Sorry for the long question. I'm a little lost and documentation for dynamic CF is still kind of scarce. Thank you!

    Read the article

  • Pip installs on Archlinux fails to build egg

    - by stmfunk
    I was trying to install nltk on my Archlinux server but it repeatedly fails with the following error output /usr/lib/python3.3/distutils/dist.py:257: UserWarning: Unknown distribution option: 'entry_points' warnings.warn(msg) /usr/lib/python3.3/distutils/dist.py:257: UserWarning: Unknown distribution option: 'zip_safe' warnings.warn(msg) /usr/lib/python3.3/distutils/dist.py:257: UserWarning: Unknown distribution option: 'test_suite' warnings.warn(msg) usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...] or: setup.py --help [cmd1 cmd2 ...] or: setup.py --help-commands or: setup.py cmd --help error: invalid command 'bdist_egg' /tmp/pip_build_root/nltk/distribute-0.6.21-py3.3.egg Traceback (most recent call last): File "./distribute_setup.py", line 143, in use_setuptools raise ImportError ImportError During handling of the above exception, another exception occurred: Traceback (most recent call last): File "", line 16, in File "/tmp/pip_build_root/nltk/setup.py", line 23, in distribute_setup.use_setuptools() File "./distribute_setup.py", line 145, in use_setuptools return _do_download(version, download_base, to_dir, download_delay) File "./distribute_setup.py", line 125, in _do_download _build_egg(egg, tarball, to_dir) File "./distribute_setup.py", line 116, in _build_egg raise IOError('Could not build the egg.') OSError: Could not build the egg. ---------------------------------------- Cleaning up... Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_root/nltk Storing complete log in /root/.pip/pip.log This error is also occurring for matplotlib buts thats the only other library I found it to fail on so far. pyyaml installs fine. The install works perfectly under virtualenv on my mac which is using python 2.7 but the server is using python 3.3. Any help is appreciated.

    Read the article

  • Redeploy using Active Directory

    - by Noam Gal
    I am trying to use group policy to deploy our msi through AD. For some strange reason, when I overwrite the msi with a newer version, and then go to the policy, and click on "Redeploy Application", the application gets uninstalled on the users' machines, and all reg keys, binaries and shortcuts are gone from them. The "Add/Remove Programs" still contain the application entry. I have managed to create a minimal vdproj that does nothing but write its current Product Version to a registry key, and created two versions of it (1.0.0 and 1.1.0). I still face the same problems when using this msi in my AD environment. I did check that my Package Codes and Product Codes are different for both versions, and that the Upgrade Codes are identical. I also checked the RemovePreviousVersion to true. Checking with some other msi (firefox 3.0.0 and 3.6.3) I downloaded from a site specifically for AD deploy, it worked just as expected (first installing the 3.0.0, then I over-written the msi, and clicked on "Redeploy", and the users got 3.6.3 after the next log-off-log-on). What am I missing here?

    Read the article

  • AFP/SSH stopped working on OS X Server

    - by churnd
    I have 3 Mac OS X servers all bound to AD, all configured in the Golden Triangle setup. All 3 are completely separate from each other in terms of services, but all reside on the same internal network and are all bound to the same Active Directory domain. Two are 10.5.x (latest updates) and one is 10.6.3. Last weekend, all 3 simultaneously stopped allowing Active Directory users access to certain services, specifically AFP & SSH. SMB still works fine on all 3. I asked the AD admin if anything changed, and he said "Yes, we made a change to user accounts to toughen up security", and suggested I use [email protected] instead of just username. This still didn't work. I have completely removed one of my servers from AD, and re-joined, but this didn't work either. I can do kinit from command line and get a Kerberos ticket. sudo klist -ke shows all services are configured to use the correct Kerberos principles. I have been scavenging the logs for any useful info. The AFP log just shows that I'm connecting and disconnecting. The DirectoryService.log shows stuff about misconfigured Kerberos hashes, but my research is showing that's not uncommon. /var/log/system.log isn't showing anything useful that I can see. I'm not sure where to go from here. Any help/ideas appreciated.

    Read the article

  • Disabling LDAP Signing on Windows PDC in Local Policy

    - by Golmaal
    I just tripped over my own feet it seems. Playing around on a Windows 2008 R2 server (set up as domain controller), I was intrigued by certain warning event (event id 2886) which says: "To enhance the security of directory servers, you can configure both Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS) to require signed Lightweight Directory Access Protocol (LDAP) binds." So I thoughtlessly did some Googling and set the relevant policies which enforce LDAP signing. Now I don't remember but I may have done that using Local Policy. Now I have setup a pfsense box which must authenticate AD users via LDAP. While the firewall can communicate over secure channel, it is difficult to manage the same for other packages such as Squid and SquidGuard. So now I have to disable i.e. undo those policy changes. The problem is that they are greyed out! The policies in question are LDAP server signing and LDAP client signing. I don't remember what I did but when I access these policies from Local Policy editor on the server, they are set to "Require Signing" and are greyed out. The same policies can still be set via Default Domain Controller option in Group Policy editor. So how can I reset these greyed out policies? Thanks

    Read the article

  • How can I create a simple Exchange 2010 backup solution?

    - by bduncanj
    I'm sure this question's been asked a dozen times in one form or another, however after much searching, there doesn't appear to be an obvious simple recovery solution for a single Exchange box. We're using Exchange 2010 on a single server, the server hosts the AD and nothing else on the network uses the AD. The intent is to run this server as you would an externally hosted Exchange server - access only via HTTP (RPC mode or OWA) - all other ports blocked. I've a daily backup running, using Windows Server 2008 volume shadow service to backup the Exchange data to an external hard disk. My question is, how do I perform a bare metal recovery of this server? 1) Do I need to be explicitly including the active directory information in this nightly backup, or will it be there by virtue of the fact that this system is the primary AD server and the Windows backup service knows this? 2) I understand I can re-install Server 2008 onto my new hardware (in the case of hardware failure) and then run Exchange 2010 setup.exe with a /recover argument, referencing the backup volume. 3) It is acceptable to have some downtime during this recovery process. But is there anything else I should be aware of? Thanks! Duncan

    Read the article

  • CIFS Mounting Permissions

    - by malco
    I have an issue that I;m going round in circles with, I hope you can help. The Set up: Server 1 (CIFS Client) - CentOS 6.3 AD integrated uing Samba/Winbind & idmap_ad Server 2 (CIFS Server) - CentOS 6.3 AD integrated uing Samba/Winbind & idmap_ad All users (apart from root) are AD authenticated and this, including groups, etc works happily. What's working: I have created a share on Server 2: [share2] path = /srv/samba/share2 writeable = yes Permissions on the share: drwxrwx---. 2 root domain users 4096 Oct 12 09:21 share2 I can log into a Windows machine as user5 (member of domain users) and everything works as it should, for example: If I create a file it shows the correct permissions and attributes on both the MS and the Linux sides. Where I Fall Down: I mount the share on Server 1 using: # mount //server2/share2 /mnt/share2/ -o username=cifsmount,password=blah,domain=blah Or using fstab: //server2/share2 /mnt/share2 cifs credentials=/blah/.creds 0 0 This mounts fine, but.... If I log su, or log onto server 1 as a normal user (say user5) and try to create a file I get: #touch test touch test touch: cannot touch `test': Permission denied Then if I check the folder the file was created but as the cifsmount user: -rw-r--r--. 1 cifsmount domain users 0 Oct 12 09:21 test I can rename, delete, move or copy stuff around as user5, I just can't create anything, what am I doing wrong? I'm guessing it's something to do with the mount action as when I log onto server2 as user5 and access the folder locally it all works as it should. Can anyone point me in the right direction?

    Read the article

  • 85 Hz on old/new driver looks the same like 75 Hz on previous one?

    - by jon
    I have old philips 107T5 CRT and Nvidia graphics card. I used old Nvidia driver (but it wasn't 'legacy' one when I installed it) for few years but recently I decided to install other Linux distribution. I used 75 Hz refresh rate and 1024x768 resolution on my previous distribution. After I installed the new distribution I had to install a Nvidia driver so I downloaded one from the Nvidia site (this time only legacy supported my card so I downloaded legacy and installed it). It wasn't automatically updating xorg.conf but I had my previous xorg.conf copy and I used it. When I run X I could only choose 85 and 75 Hz, 85 was checked as default. And now what shocks me: that default 85 Hz looks identically like 75 Hz on previous driver looked (at least to me). I tried 75 Hz out of curiosity and it's too bright, hurts, etc. But on the previous driver 75 Hz wasn't hurting my eyes. Why is it different? It's the same number after all, so it should always give the same results, right? That's my first question. Second question: Is 85 Hz OK for that monitor model? Would it break it? I tried to find the optimal refresh rate for this model but couldn't find it.

    Read the article

  • cause for mysql crash

    - by user1322092
    A cron job automatically restarted my mysql database. What's the cause for the crash, or can you suggest how to resolve or monitor. I would REALLY appreciate your input. 120715 14:38:58 mysqld started 120715 14:38:58 InnoDB: Started; log sequence number 0 411137570 120715 14:38:58 [Note] /usr/libexec/mysqld: ready for connections. Version: '5.0.95' socket: '/var/lib/mysql/mysql.sock' port: 3306 Source distribution 120715 15:14:21 [Note] /usr/libexec/mysqld: Normal shutdown 120715 15:14:23 InnoDB: Starting shutdown... 120715 15:14:25 InnoDB: Shutdown completed; log sequence number 0 411166467 120715 15:14:25 [Note] /usr/libexec/mysqld: Shutdown complete 120715 08:14:25 mysqld ended 120715 08:14:26 mysqld started 120715 8:14:26 InnoDB: Started; log sequence number 0 411166467 120715 8:14:26 [Note] /usr/libexec/mysqld: ready for connections. Version: '5.0.95' socket: '/var/lib/mysql/mysql.sock' port: 3306 Source distribution 121212 09:15:32 mysqld started InnoDB: The log sequence number in ibdata files does not match InnoDB: the log sequence number in the ib_logfiles! 121212 9:15:58 InnoDB: Database was not shut down normally! InnoDB: Starting crash recovery. InnoDB: Reading tablespace information from the .ibd files... InnoDB: Restoring possible half-written data pages from the doublewrite InnoDB: buffer... 121212 9:17:28 InnoDB: Started; log sequence number 0 554145193 121212 9:17:57 [Note] /usr/libexec/mysqld: ready for connections. Version: '5.0.95' socket: '/var/lib/mysql/mysql.sock' port: 3306 Source distribution

    Read the article

< Previous Page | 48 49 50 51 52 53 54 55 56 57 58 59  | Next Page >