Re: Macos-x-server Digest, Vol 66, Issue 2

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: Macos-x-server Digest, Vol 66, Issue 2

The Mac OS X Server Mailing List mailing list
I'm reading this as well...

A Michael Piper
Piper's MacMind
'Enlightened Support'
[hidden email]
http://www.macmindonline.com
10 Sintsink East Port Wash. 11050
516-439-5330

On Oct 4, 2014, at 3:00 PM, [hidden email] wrote:

> Send Macos-x-server mailing list submissions to
> [hidden email]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.apple.com/mailman/listinfo/macos-x-server
> or, via email, send a message with subject or body 'help' to
> [hidden email]
>
> You can reach the person managing the list at
> [hidden email]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Macos-x-server digest..."
>
>
> Today's Topics:
>
>   1. Re: 10.8: Doing web-site authentication against Active
>      Directory and Open Directory (OS X Server Mail List)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 03 Oct 2014 23:58:00 +0100
> From: OS X Server Mail List <[hidden email]>
> To: OS X Server Mail List <[hidden email]>
> Subject: Re: 10.8: Doing web-site authentication against Active
> Directory and Open Directory
> Message-ID:
> <[hidden email]>
> Content-Type: text/plain; charset=us-ascii
>
> I'm glad they let it run on, a sense of the old crew still battling against the Establishment in these very different days from last century.
>
>
> Mike Matthews, Managing Director, Lineal Software Solutions Ltd
>
> Apple Reseller, Microsoft Partner, SQLWorks Business Partner
> phone: 01271 375999 | web: lineal.co.uk | email: [hidden email]
>
>
>
> On 3 Oct 2014, at 19:06, OS X Server Mail List <[hidden email]> wrote:
>
>> Hi Simon.
>>
>> Have you tried: http://support.apple.com/kb/HT200248
>>
>> Surprised Apple's letting this list linger on after declaring it dead, and that people still come here.
>> Well, here I am, never unsubscribed.
>>
>> On Jul 16, 2014, at 10:52 AM, "Slavin, Simon" <[hidden email]> wrote:
>>
>>> Dear list,
>>>
>>> I have a 10.8 server which runs various web sites.  This server is used only as FileSharing, Web and Wiki server, and all other services are turned off.
>>>
>>> Our setup previously was that we were using only Open Directory (hosted on another 10.8 server) for authentication.  My web server had a setting for access which, if I recall correctly, said "Authenticated Users" and if I used that for a site, web pages on that site put up the expected banner and accepted anyone with a account in the Open Directory server.
>>>
>>> We have now added Active Directory to the list, and the Directory Utility and binding of the web server computer have had an Active Directory host added to the Search Policy.  Network Account Server now shows up as 'Multiple'.  Server.app shows accounts from both servers.  Accounts from the AD server show up as expected in the directory editor.  I have ordered the servers with the AD server at the top, so it should be trying the AD server first, and only if it fails looking at the Open Directory server.
>>>
>>> However, the Active Directory accounts do not seem to be accessed by whatever is checking for users who can access my web site.  It still seems to be checking only for accounts on the Open Directory server.  Even if I set 'Who Can Access' explicitly to just a group of users on the AD server (ignoring the OD server entirely) it still does not authenticate correctly for AD users, claiming
>>>
>>> mod_digest_apple: Unable to authenticate for URI "/[whatever]" from user "[an AD account]" for realm "[private realm folder]"
>>> mod_digest_apple: Authentication failed (details unavailable)
>>>
>>> Does anyone have any idea what's wrong ?  Are the details available in some other log ?
>>>
>>> I note that the log entry came from mod_digest_apple.  Should this still correctly handle AD accounts ?  I can't see anywhere to change what types of password it allows.
>>>
>>> Access using accounts on the OD server does continue to work when I set the access group to a group on the OD server.
>>>
>>> Any help would be greatly appreciated.
>>>
>>> Simon
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Macos-x-server mailing list      ([hidden email])
>>> Help/Unsubscribe/Update your Subscription:
>>> https://lists.apple.com/mailman/options/macos-x-server/macosxforme%40gmail.com
>>>
>>> This email sent to [hidden email]
>>
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Macos-x-server mailing list      ([hidden email])
>> Help/Unsubscribe/Update your Subscription:
>> https://lists.apple.com/mailman/options/macos-x-server/mike.matthews%40lineal.co.uk
>>
>> This email sent to [hidden email]
>
>
>
>
>
> ------------------------------
>
>
> _______________________________________________
> Macos-x-server mailing list
> [hidden email]
> https://lists.apple.com/mailman/listinfo/macos-x-server
>
> End of Macos-x-server Digest, Vol 66, Issue 2
> *********************************************



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]