Search Results

Search found 2907 results on 117 pages for 'ad lds'.

Page 8/117 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • Painfully slow login to AD bound Mac OS X Leopard machine when off home network

    - by GeeBee
    Dear all Just looking for a little help with this problem that seems to trip a lot of people up and is causing me no end of grief. I have a number of fully patched OS X Leopard machines that are bound to my AD (Server 2003). When on the home network, logging in seems swift and works as expected. When users take the machines off site, login can take 5 minutes or more. The user adds correct credentials but the desktop does not appear for a very long time. Outside the office, I have tried logging in using a local Admin account, switching off Airport and then logging in using an AD account. In this situation login is immediate again. It all seems as if Leopard is finding a suitable wireless network, spending far too long looking for the Domain before eventually giving up and using the cached credentials instead. I have read that disabling Bonjour on the machine will stop this problem (i have not yet tested) http://www.macwindows.com/leopardAD.html#111607z ...but I am reluctant to use this "Solution" as I would like to be able to use Bonjour on the local network as well as having AD-bound machines. However, is disabling Bonjour really the only answer? Is there not some time-out setting somewhere that could be amended to stop Leopard spending forever looking for home? Any help would be very gratefully received Thanks Gordon

    Read the article

  • How to find the cause of locked user account in Windows AD domain

    - by Stephane
    After a recent incident with Outlook, I was wondering how I would most efficiently resolve the following problem: Assume a fairly typical small to medium sized AD infrastructure: several DCs, a number of internal servers and windows clients, several services using AD and LDAP for user authentication from within the DMZ (SMTP relay, VPN, Citrix, etc.) and several internal services all relying on AD for authentication (Exchange, SQL server, file and print servers, terminal services servers). You have full access to all systems but they are a bit too numerous (counting the clients) to check individually. Now assume that, for some unknown reason, one (or more) user account gets locked out due to password lockout policy every few minutes. What would be the best way to find the service/machine responsible for this ? Assuming the infrastructure is pure, standard Windows with no additional management tool and few changes from default is there any way the process of finding the cause of such lockout could be accelerated or improved ? What could be done to improve the resilient of the system against such an account lockout DOS ? Disabling account lockout is an obvious answer but then you run into the issue of users having way to easily exploitable passwords, even with complexity enforced.

    Read the article

  • dns in a small network with router and AD domain

    - by Felix
    I have a small office network with router (running OpenWRT), Windows Domain Controller (used to be 2008R2; I just backed it up and upgraded to 2012), about a dozen AD clients (3 server and windows workstation) and several non-AD clients (network printer, PBX). The problem is that the clients can't access servers by name (only by IP). I tried all kind of permutations. Right now domain controller runs DNS server for all desktops; but unless I put an entry in hosts file - I can only get by IP. I have router as DHCP server (since not all devices are on AD); and except for Domain Controller all IP addresses, including "static", are assigned by the router. Most frustrating, some servers sometimes just work! for example, I can often get to the Linux box by name (it is part of Domain using Beyond Trust Integration Services); but I can never get to SQL Server box. Seems like non-domain devices see more names than domain members... This network should be fairly typical; but I couldn't get any guidance about how to set up DNS/DHCP service to make all nodes happy. The closest is this question, but still it's different! Thanks

    Read the article

  • Allow members of a group to be unlocked by a specific account on AD

    - by JohnLBevan
    Background I'm creating a service to allow support staff to enable their firecall accounts out of hours (i.e. if there's an issue in the night and we can't get hold of someone with admin rights, another member of the support team can enable their personal firecall account on AD, which has previously been setup with admin rights). This service also logs a reason for the change, alerts key people, and a bunch of other bits to ensure that this change of access is audited / so we can ensure these temporary admin rights are used in the proper way. To do this I need the service account which my service runs under to have permissions to enable users on active directory. Ideally I'd like to lock this down so that the service account can only enable/disable users in a particular AD security group. Question How do you grant access to an account to enable/disable users who are members of a particular security group in AD? Backup Question If it's not possible to do this by security group, is there a suitable alternative? i.e. could it be done by OU, or would it be best to write a script to loop through all members of the security group and update the permissions on the objects (firecall accounts) themselves? Thanks in advance. Additional Tags (I don't yet have access to create new tags here, so listing below to help with keyword searches until it can be tagged & this bit editted/removed) DSACLS, DSACLS.EXE, FIRECALL, ACCOUNT, SECURITY-GROUP

    Read the article

  • WIF using SAML 2 protocol / Federate AD FS 2.0 with CAS

    - by spa
    I'am are trying to implement a Web SSO with claim based identity using WIF and AD FS 2.0 right now. Right now I have a existing ASP.Net application which delegates authentification to the AD FS 2.0 server and trust issued security tokens. That works just fine. However, in the organization there is an existing JA-SIG Central Authentication Service (CAS) server which supports the SAML 2 protocol. I would like to replace AD FS 2.0 with the existing CAS service. In my understanding WIF uses WS-Federation, which is like a container around a SAML token. Is it possible to use the plain SAML 2 protocol and it's bindings (redirect or POST)? If that is not possible (as I guess), a second alternative might be to use federate identity and federate AD FS 2.0 with CAS. Is that possible? There is little to no information about that on the web. Thanks :-)

    Read the article

  • AD - DirectoryServices: VBNET2.0 - Speaking architecture...

    - by Will Marcouiller
    I've been mandated to write an application to migrate the Active Directory access models to another environment. Here's the context: I'm stuck with VB.NET 2005 and .NET Framework 2.0; The application must use the Windows authenticated user to manage AD; The objects I have to handle are Groups, Users and OrganizationalUnits; I intend to use the Façade design pattern to provider ease of use and a fully reusable code; I plan to write a factory for each of the objects managed (group, ou, user); The use of Attributes should be useful here, I guess; As everything is about the DirectoryEntry class when accessing the AD, it seems a good candidate for generic types. Obligatory features: User creates new OUs manually; User creates new group manually; User creates new user (these users are services accounts) manually; Application reads an XML file which contains the OUs, groups and users to create; Application informs the user about the OUs, groups and users that shall be created; User specifies the domain environment where to migrate the XML input file designated objects; User makes changes if needed, and launches the task operations; Application performs required by the XML input file operations against the underlying AD as specified by the user; Application informs the user upon completion. Linear features: User fetches OUs, groups, users; User changes OUs, groups, users; User deletes OUs, groups, users; The application logs AD entries and operations performed, plus errors and exceptions; Nice-to-have features: Application rollbacks operations on error or exception. I've been working for weeks now to get acquainted with the AD and the System.DirectoryServices assembly. But I don't seem to find a way to be fully satisfied with what I'm doing and always looking for better. I have studied Bret de Smet's Linq to AD on CodePlex, but then again, I can't use it as I'm stuck with .NET 2.0, so no Linq! But I've learned about Attributes, and seen that he's working with generic types as he codes a DirectorySource class to perform the operations for OUs, groups and users. Any suggestions? Thanks for any help, code sample, ideas, architural solution, everything!

    Read the article

  • Refresh a Div that has a Google ad inside it

    - by Abs
    Hello all, I have a div that holds a google ad. My website is mostly AJAX and there is no need for a browser refresh. That means my ads will not refresh either, which isnt ideal, a user staring at one ad all day. So I wanted a way to refresh a particular div on a page. I found many solutions but they didnt work. For example, using JQuery's html function: $("#ads").html("google ad script here"); This managed to refresh the whole page no idea how. I can also make an AJAX request to a HTML page that contains the google ad but I am guessing it will have the same effect as the above attempt. I do not want to use iFrames. Is there any other option open to me? My pea brain can not think of anymore. :) Thanks you for any help. EDIT: It is allowed since I will be initiating the refresh only when a user clicks a link. A prime example is Yahoo Mail - their new AJAX mailbox uses this same method, when a user clicks a link then a new ad is shown.

    Read the article

  • Post Loading ads from Google Admanager

    - by Prem
    I have changed code around to basically load an add the bottom of the page in a hidden div and attached an onload event handler that called document.getElementById(xxx).appendChild() to take the hidden ad and move it into the right spot in my page. This works GREAT.. however when the ad is a text ad it AFTER i move the ad there is nothing in the rendered Iframe. I did tests to see what it looks like before i move it and sure enough the text links load in the IFRAME but the second i do the appendChild call to move the div that contains the ad i seem to loose the contents of the Iframe. Any ideas whats going on <div id="myad" style="display: none;"> GA_googleFillSlot("MyADSlotName"); </div> <script> window.onload = function() { // leader board document.getElementById('adplaceholder').appendChild(document.getElementById('myAd')); document.getElementById('myAd').style.display = ''; </script

    Read the article

  • Cloud Apps and Single Sign-On (AD integration)

    - by Pablo Alvim
    I've been investigating some cloud vendors and the ability to implement single sign-on with them, especially when it comes to AD (Active Directory) integration. So far I've learned that with Azure this is possible through ADFS and the AppFabric Access Control offer. In AWS, since it is possible to create a VPN and see EC2 instances as a natural extension of a private datacenter, I believe implementing SSO would be rather simple (not sure if I'm right on this one... Please correct me if I'm wrong). With App Engine though, even though there is some documentation on AD synchronization (not full integration) for Google Apps, I'm struggling to find out whether AD integration would be possible... Is there any strategy for that? Any bit of information on cloud apps and AD integration will be appreciated!

    Read the article

  • Windows Server 2008 R2 Accessing NFS share without AD or NIS

    - by Jon Rhoades
    I'm trying to mount an NFS share on our NetApp SAN on Windows 2008 R2. Using XP I have no problem mounting this share without a username/NIS/pswd file etc, but the new functionality in 2008 seems to insist on either using AD or an NIS server (to "streamline" Services for NFS MS removed user account mapping) see Technet. When I go to map the share using "map network drive" no combination of "root", no username, no password, my username works. Using the command line mount -o anon \\172... :n or mount -o -u:root \\172... :n either gives me a network error 53 or 67 error Is it possible with 2008 to mount an NFS share without AD or NIS? If so what am I doing wrong? (Security is taken care off by IP address permissions and VLANs)

    Read the article

  • Migrating 2008 AD to Windows SBS 2011 and Forefront TMG 2010

    - by Tong Wang
    Our company has two physical servers: a Dell R710 with 4 NIC and a Dell R410 with 2 NIC. Right now, we have Windows server 2008 R2 installed on R710 with AD setup to host our domain. I am thinking to install both SBS 2011 and TMG 2010 on the other R410 running on Hyper-V. As I am fairly new to Windows Server technology, I'd like to check with you fellow Windows admins and see what is the proper way to install SBS 2011 and TMG 2010 and how to migrate the 2008 AD. Your advice and help will be highly appreciated.

    Read the article

  • Best practice for authenticating DMZ against AD in LAN

    - by Sergei
    We have few customer facing servers in DMZ that also have user accounts , all accounts are in shadow password file. I am trying to consolidate user logons and thinking about letting LAN users to authenticate against Active Directory.Services needing authentication are Apache, Proftpd and ssh. After consulting security team I have setup authentication DMZ that has LDAPS proxy that in turn contacts another LDAPS proxy (proxy2) in LAN and this one passes authentication info via LDAP (as LDAP bind) to AD controller.Second LDAP proxy only needed because AD server refuses speak TLS with our secure LDAP implemetation. This works for Apache using appropriate module.At a later stage I may try to move customer accounts from servers to LDAP proxy so they are not scattered around servers. For SSH I joined proxy2 to Windows domain so users can logon using their windows credentials.Then I created ssh keys and copied them to DMZ servers using ssh-copy, to enable passwordless logon once users are authenticated. Is this a good way to implement this kind of SSO?Did I miss any security issues here or maybe there is a better way ofachieving my goal?

    Read the article

  • VisualSVN Server won't work with AD, will with local accounts

    - by frustrato
    Decided recently to switch VisualSVN from local users to AD users, so we could easily add other employees. I added myself, gave Read/Write privileges across the whole repo, and then tried to log in. Whether I'm using tortoisesvn or the web client, I get a 403 Forbidden error: You don't have permission to access /svn/main/ on this server. I Googled a bit, but only found mention of phantom groups in the authz file. I don't have any of those. Any ideas? It works just fine with local accounts. EDIT: Don't know why I didn't try this earlier, but adding the domain before the username makes it work, ie MAIN/Bob. This normally only works when there are conflicting usernames...one local, one in AD, but for whatever reason it works here too. Kinda silly, but I can live with it.

    Read the article

  • Windows NT workstation on AD domain

    - by Tom
    We run a Windows NT workstation connected to special manufacturing equipment, that everyone is deathly afraid to touch. It has custom software and special cards inside of the machine, making a rebuild impossible. The problem is, we are migrating to an AD domain from an NT domain, and this workstation stills needs access to storage on the network (AD computers). How should I go about doing this, after we get rid of our NT Domain controller? Upgrading to 2000 is not an option (so says management). I know, I know, if it dies we are in trouble. But that's managements choice, we just need to get rid of this NT domain.

    Read the article

  • Remote site AD design (2003)

    - by Boy Mars
    A remote site has about 25 of our 50-ish employees. They have their own AD domain presently (2003) but I want to look at getting them onto the same global domain for ease of access/administration. The remote site has a VPN link but line speeds are very poor. I am already aware of tools like ADMT and have done a few migrations in the past (NT/2003 domains), but this is the first time I have the luxury of designing how this domain is organised. So I'm looking for tips on good AD design; would a remote site be better served as a sub-domain? would this reduce traffic? I am only currently looking at 2003 since only existing machine will be used.

    Read the article

  • LDAP Authentication for multiple AD Domains

    - by TrevJen
    I have 3 full trust domains (2 child and one root). I need to use LDAP to allow authntication for domain users. The trick is that I need the application to use an AD server for the child domain BUT proxy the LDAP query and authentication for the root domain. I see that it maty be possible with AD LDS and some trusts and synching, but it looks pretty hairy and overly complicated. The short of it is: 3 domains (Parent, ChildA, ChildB) My 3rd party app will need to use ChildA domain servers to authenticate either: a. a user in the parent domain or b. a user in the ChildB domain I already have full trusts between all domains, and regular NTLM authentication works fine (unless you are trying to authenticate with LDAP)

    Read the article

  • How a password is transmited to AD Server

    - by erdogany
    My question is how ADSI performs SetPassword operation. According to what I have read ADSI is a COM interface and it has more capabilities than AD provides through LDAP. While you are suppose to update unicodePwd attribute of a personaccount entity through LDAP, ADSI provides you SetPassword call. I know that ADSI & AD provides Kerberos during authentication. So how the password is transmitted to server when SetPassword is called? Is it raw binary unencrypted data? Or does Kerberos comes into play at this call?

    Read the article

  • How to change aging AD password while connected over VPN from Mac

    - by Franek Kuciapa
    I am connecting to the office from mac via VPN, Cisco AnyConnect Secure Mobility Client. I do not know what to do when my AD password on the firm side will age and approach expiration to ensure that my Mac and VPN continue to work afterwards. Is the proper thing to do in this case to connect via VPN and then change the password on Mac via System Preferences, Users & Groups? Will this update the AD on the server side? Will it sync the PointSec as well that is running on the Mac? Or is a better procedure to RDP to a Windows box while connected over VPN and change the password there hoping the Mac will somehow sync up ?? Running Mountain Lion on the Mac.

    Read the article

  • Can't make updates with LDAP from Linux box to Windows AD

    - by amburnside
    I have a webapp (built using Zend Framework - PHP) that runs on a Linux environment which needs to authenticate against Active Directory on a Windows server. So far my webapp can authenticate with LDAPS, but cannot perform any kind of write operation (add/update/delete). It can only read. I have configured my server as follows: I have exported the CA Certificate from my Windows AD server to /etc/opendldap/certs I have created a pem file based on this certificate using openssl I have update /etc/openldap/ldap.conf so that it knows where to look for the pem certificate: TLS_CACERT /etc/openldap/certs/xyz.internal.pem When I run my script, I get the following error: 0x35 (Server is unwilling to perform; 0000209A: SvcErr: DSID-031A1021, problem 5003 (WILL_NOT_PERFORM), data 0 ): Have I missed something with my configuration, which is causing the server to reject making updates to AD?

    Read the article

  • Windows Server 2003 AD User Properties Environment doesn't override end user Remote Desktop Client s

    - by caleban
    Windows Server 2003 Domain Controller and Windows XP workstations: Active Directory Users and Computers/Users/User/Properties/Environment/Client devices Connect client drives at logon Connect client printers at logon Shouldn't the above Terminal Services settings in Active Directory override the end user Remote Desktop client settings? In our environment the end user Remote Desktop Client settings take precedence. If printing is disabled on the client but enabled in the user's AD profile then printing is not available. Is this working by design or can I change something to allow the user environment settings in AD to override the end user settings RDC settings?

    Read the article

  • Samba Server needs to have AD authentication

    - by vivek
    My Linux server is connected to AD via Bind DN and password (without domain joining). It is using sssd for authentication. I am able to ssh and login without any issue. I have a proper setup of uid and guid, etc. .. There is no issue with logging to the linux server. I want the samba service to use AD accounts, but I can't find documentation for how to configure it in this case. Can anyone explain how to configure samba to use active directory for authentication on a system using sssd?

    Read the article

  • Can make the proxy settings invisible when I share my internet connection via wifi?

    - by Neil
    This is probably a long shot... I have an HTC Desire and frustratingly found out after I got it that it doesn't support network proxy settings. We have a wireless network at my office that uses a proxy. My desktop at work runs ubuntu. I was wondering if the following set up would work: Plug a USB Wireless adapter into the desktop that has a working internet connection using the proxy. Setup the wireless adapter as an ad-hoc network Share the internet connection over the ad-hoc network. Make it so that the use of the proxy is invisible to users of the shared network connection. Connect the Android phone to the ad-hoc wireless network and utilise the internet connection. My question is this: Is this possible or should I give up now and not even try? I think I can handle steps 1, 2, 3 and 5. I just have no idea if step 4 even makes sense, let alone is possible. Thanks

    Read the article

  • Encrypt shared files on AD Domain.

    - by Walter
    Can I encrypt shared files on windows server and allow only authenticated domain users have access to these files? The scenario as follows: I have a software development company, and I would like to protect my source code from being copied by my programmers. One problem is that some programmers use their own laptops to developing the company's software. In this scenario it's impossible to prevent developers from copying the source code for their laptops. In this case I thought about the following solution, but i don't know if it's possible to implement. The idea is to encrypt the source code and they are accessible (decrypted) only when developers are logged into the AD domain, ie if they are not logged into the AD domain, the source code would be encrypted be useless. Can be implemented this ? What technology should be used?

    Read the article

  • VisualSVN Server won't work with AD, will with local accounts

    - by frustrato
    Decided recently to switch VisualSVN from local users to AD users, so we could easily add other employees. I added myself, gave Read/Write privileges across the whole repo, and then tried to log in. Whether I'm using tortoisesvn or the web client, I get a 403 Forbidden error: You don't have permission to access /svn/main/ on this server. I Googled a bit, but only found mention of phantom groups in the authz file. I don't have any of those. Any ideas? It works just fine with local accounts. EDIT: Don't know why I didn't try this earlier, but adding the domain before the username makes it work, ie MAIN/Bob. This normally only works when there are conflicting usernames...one local, one in AD, but for whatever reason it works here too. Kinda silly, but I can live with it.

    Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >