Search Results

Search found 21348 results on 854 pages for 'active directory lds'.

Page 7/854 | < Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >

• RPC Server Unavailable When Trying to Join W2003 Server to W2003 Active Directory Domain

  - by Roel Vlemmings

  I have an Active Directory Domain with a Windows 2003 Standard SP2 Server as the DC. When trying to join an additional Windows 2003 Standard SP2 server to the domain I get message "The following error occurred attempting to join the domain 'My Domain'. The RPC Server is unavailable. The computer is actually added to the Active Directory Computers. I can even right-click and Manage it. I can access file shares from the DC on the other server and vice versa. I can ping the DC from this server and ping the server from the DC using the computer name. The time on both server is the same more or less to the second. RPC service is running on both servers. I can join other computers to the domain and there are no other issues with the domain. Windows Firewall disabled on both computers. NetSetup.LOG shows: NetpSetNetloginDomainCache: DSEnumerateDomainTrustsW failed 0x6ba I looked up this WIN32 Error Code: It is RPC_S_SERVER_UNAVAILABLE.

  Read the article

• Password expiration notice for Active Directory

  - by keithosu

  Are there any tools/apps/scripts out there that will do password expiry notification for Windows 2008 Active Directory credentials? This is needed for our web apps that use Active Directory for LDAP authentication. The problem is those apps do not notify you that your password is going to expire when you login. We have many offsite users who do not have machines bound to the AD. So there is no way to let them know to reset their password. I'd like the user to be notified 30,7 and 1 day before it expires. I'd also like our help desk to get an email for the expiring passwords for the week and recently expired passwords. I've looked at oldcmp.exe from link text and that gets me my reports but it does not do the automation that I'm looking for on the individual users.

  Read the article

• Active Directory Problem

  - by Ankur Dholakiya

  Hello All, I have one server 2008 installed with AD, SQL and IIS. Now I am trying to attach different HDD on this server only. I am able to install windows server 2008 r2 64bit on the server, but when I try to install the ActiveDirectory on the server the setup doesn't get completed and keep processing at following level. "Configuring Active directory and local host domains ......." If I attach same HDD on any other PC Active directory setups completes successfully. My server is Xeon quad core with 8GB of RAM. Can any one help the appropriate solution for this?

  Read the article

• Solution to time shifting requirement in Active Directory

  - by MikeR

  Hi, I currently have an active directory that has several child domains (consisting of nothing other than a DC and bespoke application servers) set-up for testing our CRM software, as some of it is date/time sensitive these have been set to dates in the future at some point in the past, which is causing replication errors. I'm working on getting rid of these child domains, but still have a requirement for our testers to be able to time shift. Does anyone know of any solutions that would allow our test environments to have their time changed (always forward), without affecting the production active directory? Is it as simple as creating a separate Forest on the same LAN or would that interfere with my production Forest? Thanks for any advice.

  Read the article

• Network Path not found while joining Active Directory

  - by Chiggins

  So I have an Amazon EC2 box running Windows Server 2008 with Active Directory installed on it. I also have a Windows 7 virtual machine, which is set to use the Active Directory box as its DNS and WINS server. I'm trying to join the virtual machine to the domain, and I'm asked for authentication. I give authentication, wait a minute, and I get an error saying: The following error occurred attempting to join the domain "ad.chigs.me": The network path was not found. How can I fix this so that I'll be able to join the domain?

  Read the article

• Lookup Active Directory entry by implicit UPN

  - by Michael-O

  In our company exists a forest-wide UPN suffix company.com and almost all user accounts have the explicit UPN set to [email protected]. This value is also set in the Active Directory userPrincipalName attribute. Now we have an application where users perform authentication through Kerberos. So we are given the Kerberos principal, i.e. implicit UPN. We'd like to look up that user and retrieve several LDAP attributes. Since iUPN and userPrincipalName do not match anymore, the lookup is not possible. Is there any "official" way to retrieve a mapping from the Active Direcory? My workaround is to perform a LDAP bind against the realm component and search for the sAMAccountName attribute which matches the user id component of the iUPN. Searching for the mere sAMAccountName in the forest is not possible because the value is unique in the domain only.

  Read the article

• Restore "lost" user after Active Directory removal?

  - by Zulgrib

  Is it possible to restore lost users after Active Directory unistallation ? (I forgot to switch users to local users) The computer run Windows Server 2008 R2 Entreprise, and all the registry linked to the user i want to restore seems to still be there, user's folder is still on the harddrive, and useraccount2 still show the user (But flagged as unknown user) Some folders still have rigts set to this lost user, and even the local default Admin account cannot open/delete the folder. (But the real problem here is to find how to recover users account, the folder can be deleted an other way) All users i want te restore was originaly local users, converted to domain users after Active Directory installation. I think that if i can change user's sid (choosing the sid manually) i'll be able to easily recover rights on folders Regards

  Read the article

• Tool/Program/Script/Formula for deciphering Active Directory Connection Strings for 3rd party user i

  - by I.T. Support

  We're using WSFTP, which has an Active Directory Integration module. To populate the user accounts you need to provide a connection string akin to: OU=Users,DC=domain,DC=com CN=Domain Users,OU=Users,DC=domain,DC=com Questions: Is there a Tool/Program/Script/Formula that allows me to decipher how these strings might look based on what I can see in Active Directory Users & Computers? Is there a proper/accepted name for these types of connection strings? I don't even know what to Google to get more information about how to format one properly How would I troubleshoot the connection string if I think it looks correctly formatted, but it isn't working? Thanks!

  Read the article

• Password Self-serve Active Directory via LAMP environment

  - by keithosu

  I would like to be able to change active directory passwords via a Linux/Apache based webpage. This would be a self serve web page for the user. I have SSL-LDAP setup on the Active Directory to make this happen. Is there any project or code out there that will do this? I've looked at this phpadadmin and I cannot get it to work. I think this is for IIS/php/mySQL Another thing to note is I would like the user to authenticate to change their own password. The product/service should not need a privileged account to run. Thanks Keith

  Read the article

• Security Issue with Active Directory

  - by Will McCloskey

  The retard who was on the built-in Administrator login somehow (and this is what I'm guessing being as he is not here and I was not present when this occurred - Supposedly it was an "ACCIDENT") Denied the built-in Administrator account and every other account except for his personal one access to our domain - ie "Example.net" not just active directory or anything. I've been trying for literally 2 hours to find some sort of way to take control of the domain through the built-in Admin account with no success; I can't even open Active Directory. I'm not aloud to open DSA.MSC and there's no way for me to take ownership. Any ideas?

  Read the article

• Convert SQL Query results to Active Directory Groups

  - by antgiant

  Are there any quality products (ideally open source) that allow me to run an arbitrary SQL query that results in 2 columns (username, group name) and they adds that username in AD to a group of that name in AD? If the username doesn't exist it is ignored. If the group name doesn't exist ideally it gets created. Updated for Clarity: I have a MSSQL based system that is the authoritative source for some of the Active Directory Security groups, and their members. I want to be able to to have those Active Directory Security Groups populated by a one-way sync originating from MSSQL. Sadly the MSSQL based system does not have a good API, so I will have to do this with direct SQL calls. Is there anything that does this well?

  Read the article

• Network Path not found while joining Active Directory

  - by Chiggins

  So I have an Amazon EC2 box running Windows Server 2008 with Active Directory installed on it. I also have a Windows 7 virtual machine, which is set to use the Active Directory box as its DNS and WINS server. I'm trying to join the virtual machine to the domain, and I'm asked for authentication. I give authentication, wait a minute, and I get an error saying: The following error occurred attempting to join the domain "ad.chigs.me": The network path was not found. How can I fix this so that I'll be able to join the domain? Thanks!

  Read the article

• Centrally manage Windows 7 computers without Active Directory

  - by Sean W.

  I manage three Windows PCs at home using the principle of least privilege. This means that practically every other day when a new version of Java is released, I have to manually install the update using my administrative credentials on each machine. This is starting to become more work than I had expected. I would love to set up an active directory domain at home, but Microsoft has discontinued Windows home server; its replacement, Windows server 2012 essentials is much more expensive (about $500). Are there any free (preferably as in speech) that would allow me to centrally manage the software installed on each machine in a manner similar to that of active directory? I'd also like to find a way to centrally manage security settings, but I doubt there's an equivalent of group policy. Samba 4 would be an ideal solution, but according to its own developers, it is not yet stable enough for production use.

  Read the article

• Dash (-) in directory listing

  - by Mazzy

  I've Googled around for this to no avail, I'm sure its just something simple but I have not been able to figure this out perhaps because searching in Google or SF for a "-" can be problematic. I had a strange directory listing show up the other day in my git repository within Drupal. Listing my sites directory looks like this: -sh-4.1$ ls -al total 52 drwxr-xr-x 5 (hide) (hide) 4096 Dec 6 16:15 . drwxr-xr-x 24 (hide) (hide) 4096 Dec 11 16:22 .. -rw-rw-r-- 1 (hide) (hide) 24271 Dec 6 15:57 – drwxrwxr-x 4 (hide) (hide) 4096 Sep 17 11:53 all drwxr-xr-x 3 (hide) (hide) 4096 Sep 17 11:54 default drwxrwxr-x 8 (hide) (hide) 4096 Dec 11 17:40 .git -rw-rw-r-- 1 (hide) (hide) 476 Sep 17 11:53 .gitignore -rw-rw-r-- 1 (hide) (hide) 81 Sep 17 11:53 README.md This "-" file cannot be opened and does not appear to be a symlink, although when I execute "cd -" I get this: -sh-4.1$ cd - /home/sites/dev1.(hide).com That is coincidentally or not the users home directory, and the site's root directory. The other strange this is this entry does not show up for any other user browsing this same directory. Nor does it show up for other users period in their Git directories. The entry cannot be removed via RM. Running Centos 6.2 by the way...

  Read the article

• Minimum permissions needed to create a user Home Folder in Windows Active Directory

  - by Jim

  We would like the Help Desk to have the responsibility of creating User Home folders instead of our 2nd level support. The help desk global group is already an Account Operator, so in Active Directory they are able to edit all User Attributes just fine. The problem is figuring out the minimum level of permissions needed on the File Server to create the home share, with out giving them access to everyone home share. So if they open AD Users and Computer, open the properties for a user, and enter \home\users\%username% in the profile tab and then click OK, they get the following error. The \home\users\username home folder was not created because you do not have create access on the server. The user account has been updated with the new home folder value but you must create the directory manually after obtaining the required access right. Right now I have given the Helpdesk group Full Control on the root folder only (no files or subdirectories) The directory is actually created, but the permissions on the newly created folder only show administrators full control, and no permissions for the configured user account. It sure sounds like I'd have to make the helpdesk local admins on the file servers, which is what I'd like to avoid. Especially since the file servers are a large cluster hosting much much more than the entire orgs home share structure.

  Read the article

• Active Directory Child Domain Replication Problems

  - by MikeR

  Hi, I've recently inherited an Active Directory (all DCs Windows 2003) which has been configured with several child domains that are used as test environments for out CRM software. Two of these child domains have been used for testing using dates in the future (2015), throwing them well outside of the Kerberos tolerance for time, and they're flooding my event logs with replication errors such as the following: Description: The attempt to establish a replication link for the following writable directory partition failed. Directory partition: CN=Schema,CN=Configuration,DC=ad,DC=xxxxxxx,DC=com Source domain controller: CN=NTDS Settings,CN=TESTDC001,CN=Servers,CN=SiteName,CN=Sites,CN=Configuration,DC=ad,DC=xxxxxxx,DC=com Source domain controller address: 38e95b2a-35af-4174-84ba-9ab039528cce._msdcs.ad.xxxxxxx.com Intersite transport (if any): This domain controller will be unable to replicate with the source domain controller until this problem is corrected. User Action Verify if the source domain controller is accessible or network connectivity is available. Additional Data Error value: 5 Access is denied. I'd also like to upgrade to Windows 2008 at some point, but wouldn't want to attempt any schema updates while I'm not 100% confident on the replication. I'm guessing my only real solution will be to get rid of these child domains. The child domains are operating as stand alone domains, the DC is up and running and authenticating test users fine. I'm guessing the best solution to this would be to delete the domains (although I'd be happily told otherwise). The clock forwarding appears to have been happening for several years, so I'm assuming I can't just put the clock right (I'm guessing scope for this would be 180days, the same as the tombstone lifetime) With the replication errors would I be able to dcpromo the child domains DC, select it as the last domain controller in the domain and the child domain would be deleted? Or would I be better off treating the domain as an orphaned domain and use Microsoft's instructions to clear up as such. Any advice would be much appreciated.

  Read the article

• Start TLS and 389 Directory

  - by Kyle Flavin

  I'm trying to configure Start TLS on 389 Directory server, but I'm having all sorts of issues. I've been following this doc: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/managing-certs.html which specifies that I should create a certificate for both the directory server and admin server. I've imported the CA cert on both servers. I've tried to use the same server certificate for both. It will not allow me to do so. However, the admin and directory servers reside on the same host. If I generate a new certificate it will need to use the same hostname. I'm not sure if that's valid... Has anyone out there set this up before? Any direction would be helpful. I have multmaster replication set up. From an external client, I'm attempting to do an ldapsearch -ZZ -x -h "myhost" -b "dc=example,dc=com" -D "cn=Directory Manager" -W "", and I'm getting a protocol error.

  Read the article

• PHP scripts run only in webroot directory,and return 500 error in other dirs

  - by a44

  I have uploaded a folder with php scripts and they run only when they are in the webroot directory,Everytime i try to execute php script in some internal dir,i get internal server error,even if it works in the parent directory EDIT:So,i it's apache 2 server,nothing is logged in my error log about the errors in the internal directory , permissions for php file and for the direcory are -rw-r--r-- drwxrwxr-x

  Read the article

• print directory using command prompt

  - by Nrew

  Found this one: http://www.watchingthenet.com/how-to-print-a-directory-tree-from-windows-explorer.html But I don't know how do I do it and save the directory listing somewhere. What I want to do is something like that, but I need an output file. Or at least something that I can see. What I need to do is to print the contents of a directory.

  Read the article

• Information about a file or directory

  - by Tim

  In Linux, the information about a file or directory is stored in its inode. I was wondering what is the data structure for information about a file or directory in Windows 7? How to get the information about a file or directory in Linux and in Windows 7, in terminal and command line window? Is the owner of a file or directory always its creator? Will it be able to change? Is there a creation timestamp for a file in Linux and in Windows 7? How to get it? Thanks and regards!

  Read the article

• Samba with Active Directory - shares are readonly, NT_STATUS_MEDIA_WRITE_PROTECTED

  - by froh42

  I've set a samba server that seems to work, all shares are seemingly exported as readonly, however. The machine is called "lx". When I'm on lx I can run the following command: froh@lx:~$ smbclient //lx/export -UAdministrator Enter Administrator's password: Domain=[CUSTOMER] OS=[Unix] Server=[Samba 3.5.4] smb: \> mkdir wrzlbrmpf NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \wrzlbrmpf smb: \> ls . D 0 Fri Dec 3 19:04:20 2010 .. D 0 Sun Nov 28 01:32:37 2010 zork D 0 Fri Dec 3 18:53:33 2010 bar D 0 Sun Nov 28 23:52:43 2010 ork 1 Fri Dec 3 18:53:02 2010 foo 1 Sun Nov 28 23:52:41 2010 gaga D 0 Fri Dec 3 19:04:20 2010 How can I troubleshoot this? What I did: First I set up a fresh install of Ubuntu 10.10 x64. Second I got kerberos working with the following krb5.conf file: [libdefaults] ticket_lifetime = 24000 clock_skew = 300 default_realm = CUSTOMER.LOCAL [realms] CUSTOMER.LOCAL = { kdc = SB4.customer.local:88 admin_server = SB4.customer.local:464 default_domain = CUSTOMER.LOCAL } [domain_realm] .customer.local = CUSTOMER.LOCAL customer.local = CUSTOMER.LOCAL #[login] # krb4_convert = true # krb4_get_tickets = false I also added winbind to group, passwd and shadow in nsswitch.conf. Seemingly Kerberos works: root@lx:~# net ads testjoin Join is OK root@lx:~# wbinfo -a 'Administrator%MYSECRETPASSWORD' plaintext password authentication succeeded challenge/response password authentication succeeded wbinfo -u and wbinfo -g also spit out a list of users and a list of groups respectiveley. I noted that domain accounts did NOT include a domain and they are in german (as on the SBS 2003 that is the domain server). So I get a "Domänenbenutzer" in wbinfo -u's output not a "CUSTOMER+Domain User" or something similar. I'm not sure anymore what I did to the PAM configuration, but here is what I currently have: root@lx:/etc/pam.d# cat samba @include common-auth @include common-account @include common-session-noninteractive root@lx:/etc/pam.d# grep -ve '^#' common-auth auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass auth requisite pam_deny.so auth required pam_permit.so root@lx:/etc/pam.d# grep -ve '^#' common-account account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so account requisite pam_deny.so account required pam_permit.so account required pam_krb5.so minimum_uid=1000 root@lx:/etc/pam.d# grep -ve '^#' common-session-noninteractive session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session optional pam_krb5.so minimum_uid=1000 session required pam_unix.so session optional pam_winbind.so At some point I joined the linux box into the AD domain. After (manually) creating a home directory on the linux box I can log in using the Adminstrator user with the password taken from AD. Now I run samba with the following setup: [global] netbios name = LX realm = CUSTOMER.LOCAL workgroup = CUSTOMER security = ADS encrypt passwords = yes password server = 192.168.20.244 #IP des Domain Controllers os level = 0 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = Yes winbind enum groups = Yes preferred master = no winbind separator = + dns proxy = no wins proxy = no # client NTLMv2 auth = Yes log level = 2 logfile = /var/log/samba/log.smbd.%U template homedir = /home/%U template shell = /bin/bash [export] path = /mnt/sdc1/export read only = No public = Yes Currently I don't care whether export is exported to everyone or just one user, I want to see somebody WRITING to that directory before I start fiddling with the authentication settings. (Who may access it). As mentioned, accessing the share from smbclient results in this NT_STATUS_MEDIA_WRITE_PROTECTED . Accessing it from windows shows ACLs that look correct (The user may write) - but it does not work, I can only read files not write. The directory to be exported looks like this: root@lx:/etc/pam.d# ls -ld /mnt/ drwxr-xr-x 5 root root 4096 2010-11-28 01:29 /mnt/ root@lx:/etc/pam.d# ls -ld /mnt/sdc1/ drwxr-xr-x 4 froh froh 4096 2010-11-28 01:32 /mnt/sdc1/ root@lx:/etc/pam.d# ls -ld /mnt/sdc1/export/ drwxrwxrwx+ 5 administrator domänen-admins 4096 2010-12-03 19:04 /mnt/sdc1/export/ root@lx:/etc/pam.d# getfacl /mnt/ getfacl: Entferne führende '/' von absoluten Pfadnamen # file: mnt/ # owner: root # group: root user::rwx group::r-x other::r-x root@lx:/etc/pam.d# getfacl /mnt/sdc1/ getfacl: Entferne führende '/' von absoluten Pfadnamen # file: mnt/sdc1/ # owner: froh # group: froh user::rwx group::r-x other::r-x root@lx:/etc/pam.d# getfacl /mnt/sdc1/export/ getfacl: Entferne führende '/' von absoluten Pfadnamen # file: mnt/sdc1/export/ # owner: administrator # group: domänen-admins user::rwx group::rwx group:domänen-admins:rwx mask::rwx other::rwx default:user::rwx default:group::rwx default:group:domänen-admins:rwx default:mask::rwx default:other::rwx My, oh my what am I overlooking? What am I to blind to see?

  Read the article

• Samba with Active Directory - shares are readonly, NT_STATUS_MEDIA_WRITE_PROTECTED

  - by froh42

  I've set a samba server that seems to work, all shares are seemingly exported as readonly, however. The machine is called "lx". When I'm on lx I can run the following command: froh@lx:~$ smbclient //lx/export -UAdministrator Enter Administrator's password: Domain=[CUSTOMER] OS=[Unix] Server=[Samba 3.5.4] smb: \> mkdir wrzlbrmpf NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \wrzlbrmpf smb: \> ls . D 0 Fri Dec 3 19:04:20 2010 .. D 0 Sun Nov 28 01:32:37 2010 zork D 0 Fri Dec 3 18:53:33 2010 bar D 0 Sun Nov 28 23:52:43 2010 ork 1 Fri Dec 3 18:53:02 2010 foo 1 Sun Nov 28 23:52:41 2010 gaga D 0 Fri Dec 3 19:04:20 2010 How can I troubleshoot this? What I did: First I set up a fresh install of Ubuntu 10.10 x64. Second I got kerberos working with the following krb5.conf file: [libdefaults] ticket_lifetime = 24000 clock_skew = 300 default_realm = CUSTOMER.LOCAL [realms] CUSTOMER.LOCAL = { kdc = SB4.customer.local:88 admin_server = SB4.customer.local:464 default_domain = CUSTOMER.LOCAL } [domain_realm] .customer.local = CUSTOMER.LOCAL customer.local = CUSTOMER.LOCAL #[login] # krb4_convert = true # krb4_get_tickets = false I also added winbind to group, passwd and shadow in nsswitch.conf. Seemingly Kerberos works: root@lx:~# net ads testjoin Join is OK root@lx:~# wbinfo -a 'Administrator%MYSECRETPASSWORD' plaintext password authentication succeeded challenge/response password authentication succeeded wbinfo -u and wbinfo -g also spit out a list of users and a list of groups respectiveley. I noted that domain accounts did NOT include a domain and they are in german (as on the SBS 2003 that is the domain server). So I get a "Domänenbenutzer" in wbinfo -u's output not a "CUSTOMER+Domain User" or something similar. I'm not sure anymore what I did to the PAM configuration, but here is what I currently have: root@lx:/etc/pam.d# cat samba @include common-auth @include common-account @include common-session-noninteractive root@lx:/etc/pam.d# grep -ve '^#' common-auth auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass auth requisite pam_deny.so auth required pam_permit.so root@lx:/etc/pam.d# grep -ve '^#' common-account account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so account requisite pam_deny.so account required pam_permit.so account required pam_krb5.so minimum_uid=1000 root@lx:/etc/pam.d# grep -ve '^#' common-session-noninteractive session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session optional pam_krb5.so minimum_uid=1000 session required pam_unix.so session optional pam_winbind.so At some point I joined the linux box into the AD domain. After (manually) creating a home directory on the linux box I can log in using the Adminstrator user with the password taken from AD. Now I run samba with the following setup: [global] netbios name = LX realm = CUSTOMER.LOCAL workgroup = CUSTOMER security = ADS encrypt passwords = yes password server = 192.168.20.244 #IP des Domain Controllers os level = 0 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = Yes winbind enum groups = Yes preferred master = no winbind separator = + dns proxy = no wins proxy = no # client NTLMv2 auth = Yes log level = 2 logfile = /var/log/samba/log.smbd.%U template homedir = /home/%U template shell = /bin/bash [export] path = /mnt/sdc1/export read only = No public = Yes Currently I don't care whether export is exported to everyone or just one user, I want to see somebody WRITING to that directory before I start fiddling with the authentication settings. (Who may access it). As mentioned, accessing the share from smbclient results in this NT_STATUS_MEDIA_WRITE_PROTECTED . Accessing it from windows shows ACLs that look correct (The user may write) - but it does not work, I can only read files not write. The directory to be exported looks like this: root@lx:/etc/pam.d# ls -ld /mnt/ drwxr-xr-x 5 root root 4096 2010-11-28 01:29 /mnt/ root@lx:/etc/pam.d# ls -ld /mnt/sdc1/ drwxr-xr-x 4 froh froh 4096 2010-11-28 01:32 /mnt/sdc1/ root@lx:/etc/pam.d# ls -ld /mnt/sdc1/export/ drwxrwxrwx+ 5 administrator domänen-admins 4096 2010-12-03 19:04 /mnt/sdc1/export/ root@lx:/etc/pam.d# getfacl /mnt/ getfacl: Entferne führende '/' von absoluten Pfadnamen # file: mnt/ # owner: root # group: root user::rwx group::r-x other::r-x root@lx:/etc/pam.d# getfacl /mnt/sdc1/ getfacl: Entferne führende '/' von absoluten Pfadnamen # file: mnt/sdc1/ # owner: froh # group: froh user::rwx group::r-x other::r-x root@lx:/etc/pam.d# getfacl /mnt/sdc1/export/ getfacl: Entferne führende '/' von absoluten Pfadnamen # file: mnt/sdc1/export/ # owner: administrator # group: domänen-admins user::rwx group::rwx group:domänen-admins:rwx mask::rwx other::rwx default:user::rwx default:group::rwx default:group:domänen-admins:rwx default:mask::rwx default:other::rwx My, oh my what am I overlooking? What am I to blind to see?

  Read the article

• Ubuntu software stack to mimic Active Directory auth

  - by WickedGrey

  I'm going to have an Ubuntu 11.10 box in a customer's data center running a custom webapp. The customer will not have ssh access to the box, but will need authentication and authorization to access the webapp. The customer needs to have the option of either pointing the webapp at something that we've installed locally on the machine, or to use an Active Directory server that they have. I plan on using a standard "users belong to groups; groups have sets of permissions; the webapp requires certain permissions to respond" auth setup. What software stack can I install locally that will allow an easy switch to and from an Active Directory server, while keeping the configuration as simple as possible (both for me and the end customer)? I would like to use as much off-the-shelf software for this as possible; I do not want to be in the business of keeping user passwords secure. I could see handling the user/group/permission relationships myself if there is not a good out-of-the-box solution (but that seems highly unlikely). I will accept answers in the form of links to "here is what you need" pages, but not "here is what Kerberos does" unless that page also tells me if it's required for my use case (essentially, I know that AD can speak Kerberos, but I can't tell if I need it to, or if I can just use LDAP, or...).

  Read the article

• Help diagnosing Likewise Open Active Directory authentication problem

  - by purpletonic

  I have two servers which were up until recently authenticating against the companies Active Directory Domain controller. I believe a recent change to the Active Directory administrator password caused the servers to stop authenticating against AD. I tried to add the servers back to the domain using the command: domainjoin-cli join example.com adusername this seemed to work without complaints, but when I try to login via ssh with my domain account, I get an invalid password error. When I run the command: lw-enum-users it prints all of the domain users, and looking up my own account, I see that it is valid and my password hasn't expired. I also ran lw-get-status and received the following: LSA Server Status: Agent version: 5.0.0 Uptime: 0 days 3 hours 35 minutes 46 seconds [Authentication provider: lsa-activedirectory-provider] Status: Online Mode: Un-provisioned Domain: example.com Forest: example.com Site: Default-First-Site-Name Online check interval: 300 seconds \[Trusted Domains: 1\] \[Domain: EXAMPLE\] DNS Domain: example.com Netbios name: EXAMPLE Forest name: example.com Trustee DNS name: Client site name: Default-First-Site-Name Domain SID: S-1-5-24-1081533780-4562211299-822531512 Domain GUID: 057f0239-7715-4711-e64b-eb5eeed20e65 Trust Flags: \[0x001d\] \[0x0001 - In forest\] \[0x0004 - Tree root\] \[0x0008 - Primary\] \[0x0010 - Native\] Trust type: Up Level Trust Attributes: \[0x0000\] Trust Direction: Primary Domain Trust Mode: In my forest Trust (MFT) Domain flags: \[0x0001\] \[0x0001 - Primary\] \[Domain Controller (DC) Information\] DC Name: dc1.example.com DC Address: 10.11.0.103 DC Site: Default-First-Site-Name DC Flags: \[0x000003fd\] DC Is PDC: yes DC is time server: yes DC has writeable DS: yes DC is Global Catalog: yes DC is running KDC: yes [Authentication provider: lsa-local-provider] Status: Online Mode: Local system Anyone got any ideas what might be occurring? Thanks in advance!

  Read the article

• Squid - Active Directory - permissions based on Nodes rather than Groups

  - by Genboy

  Hi, I have squid running on a gateway machine & I am trying to integrate it with Active Directory for authentication & also for giving different browsing permissions for different users. 1) /usr/lib/squid/ldap_auth -b OU=my,DC=company,DC=com -h ldapserver -f sAMAccountName=%s -D "CN=myadmin,OU=Unrestricted Users,OU=my,DC=company,DC=com" -w mypwd 2) /usr/lib/squid/squid_ldap_group -b "OU=my,DC=company,DC=com" -f "(&(sAMAccountName=%u)(memberOf=cn=%g,cn=users,dc=company,dc=com))" -h ldapserver -D "CN=myadmin,OU=Unrestricted Users,OU=my,DC=company,DC=com" -w zxcv Using the first command above, I am able to authenticate users. Using the second command above, I am able to figure out if a user belongs to a particular active directory group. So I should be able to set ACL's based on groups. However, my customer's AD setup is such that he has users arranged in different Nodes. For eg. He has users setup in the following way cn=usr1,ou=Lev1,ou=Users,ou=my,ou=company,ou=com cn=usr2,ou=Lev2,ou=Users,ou=my,ou=company,ou=com cn=usr3,ou=Lev3,ou=Users,ou=my,ou=company,ou=com etc. So, he wants that I have different permissions based on whether a user belongs to Lev1 or Lev2 or Lev3 nodes. Note that these aren't groups, but nodes. Is there a way to do this with squid? My squid is running on a debian machine.

  Read the article

< Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >